movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-09 19:13:26 +03:00
Code Issues Projects Releases Packages Wiki Activity

nixos/specialisation: escape and restrict specialisation names (#405393)

Browse source
This commit is contained in:
Ramses 2025-05-17 19:47:05 +02:00 committed by GitHub
commit 139080c304
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 11 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

12
nixos/modules/system/activation/specialisation.nix
View file

@ -10,6 +10,8 @@
let
inherit (lib)
concatStringsSep
escapeShellArg
hasInfix
mapAttrs
mapAttrsToList
mkOption
@ -84,10 +86,18 @@ in
};
config = {
assertions = mapAttrsToList (name: _: {
assertion = !hasInfix "/" name;
message = ''
Specialisation names must not contain forward slashes.
Invalid specialisation name: ${name}
'';
}) config.specialisation;
system.systemBuilderCommands = ''
mkdir $out/specialisation
${concatStringsSep "\n" (
mapAttrsToList (name: path: "ln -s ${path} $out/specialisation/${name}") children
mapAttrsToList (name: path: "ln -s ${path} $out/specialisation/${escapeShellArg name}") children
)}
'';
};