[Nix-dev] eval or in-place expression execution
Luca Bruno
lethalman88 at gmail.com
Fri Jul 11 10:04:31 CEST 2014
On 11/07/2014 09:46, Sergey Mironov wrote:
> Hi. I need to do non-trivial string calculations (encrypt the password
> with openssl) which AFAIK can't be written in Nix at the moment.
> That's why I think about Nix `eval` equivalent. I wonder if it goes
> against Nix concepts or not? My implementation looks like the
> following:
>
> encryptPassword = salt: pass : let
> p = runCommand "encryptPassword" {} ''
> printf '"%s"\n' `${openssl}/bin/openssl passwd -1 -salt ${salt}
> ${pass}` > $out
> '';
> in
> import p; # <=== (1)
>
> It works but note the `import' expression. I tried builtins.readFile
> instead of it in previous attempt but failed: Nix issued [error:
> string `... (1)' cannot refer to other paths] error. What is the
> reason of such a difference between readFile and import?
readFile is plain reading the contents of the file. import parses the
file as a nix expression.
However putting plain passwords in nix configurations is not a good
thing. It's better if you write the password already encrypted in a
file, and read it with readFile.
Best regards
More information about the nix-dev
mailing list