stored group_info in nixInfo and used to verify the trusted users

juspay · Dec 13, 2023 · cc1cf1d · cc1cf1d
1 parent 83746cc
commit cc1cf1d
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 11 deletions.
diff --git a/crates/nix_health/src/check/trusted_users.rs b/crates/nix_health/src/check/trusted_users.rs
@@ -15,21 +15,35 @@ impl Checkable for TrustedUsers {
     ) -> Vec<Check> {
         let val = &nix_info.nix_config.trusted_users.value;
         let current_user = &nix_info.nix_env.current_user;
+        let group_info = &nix_info.group_info;
         let result = if val.contains(current_user) {
             CheckResult::Green
         } else {
-            let msg = format!("User '{}' not present in trusted_users", current_user);
-            let suggestion = match nix_info.nix_env.os.nix_system_config_label() {
-                Some(conf_label) => format!(
-                    r#"Add `nix.trustedUsers = [ "root" "{}" ];` to your {}"#,
-                    current_user, conf_label,
-                ),
-                None => format!(
-                    r#"Set `trusted-users = root {}` in /etc/nix/nix.conf and then restart the Nix daemon using `sudo pkill nix-daemon`"#,
-                    current_user
-                ),
+            let mut out = None;
+            for x in val {
+                if x.contains(&String::from("@")) && group_info.contains(&x[1..]) {
+                    out = Some(CheckResult::Green);
+                    break;
+                }
+            }
+            let r = match out {
+                Some(i) => i,
+                _ => {
+                    let msg = format!("User '{}' not present in trusted_users", current_user);
+                    let suggestion = match nix_info.nix_env.os.nix_system_config_label() {
+                        Some(conf_label) => format!(
+                            r#"Add `nix.trustedUsers = [ "root" "{}" ];` to your {}"#,
+                            current_user, conf_label,
+                        ),
+                        None => format!(
+                            r#"Set `trusted-users = root {}` in /etc/nix/nix.conf and then restart the Nix daemon using `sudo pkill nix-daemon`"#,
+                            current_user
+                        ),
+                    };
+                    CheckResult::Red { msg, suggestion }
+                }
             };
-            CheckResult::Red { msg, suggestion }
+            r
         };
         let check = Check {
             title: "Trusted Users".to_string(),

diff --git a/crates/nix_rs/src/info.rs b/crates/nix_rs/src/info.rs
@@ -1,5 +1,6 @@
 //! Information about the user's Nix installation
 use serde::{Deserialize, Serialize};
+use tokio::process::Command;
 
 use crate::{config::NixConfig, env::NixEnv, version::NixVersion};
 
@@ -10,6 +11,7 @@ pub struct NixInfo {
     pub nix_version: NixVersion,
     pub nix_config: NixConfig,
     pub nix_env: NixEnv,
+    pub group_info: String,
 }
 
 impl NixInfo {
@@ -18,10 +20,18 @@ impl NixInfo {
         let nix_version = NixVersion::from_nix(nix_cmd).await?;
         let nix_config = NixConfig::from_nix(nix_cmd).await?;
         let nix_env = NixEnv::detect().await?;
+        let output = Command::new("groups")
+            .arg(&nix_env.current_user)
+            .output()
+            .await
+            .unwrap();
+        let group_info = &String::from_utf8_lossy(&output.stdout);
+
         Ok(NixInfo {
             nix_version,
             nix_config,
             nix_env,
+            group_info: (&group_info).to_string(),
         })
     }
 }