movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-10 03:23:29 +03:00
Code Issues Projects Releases Packages Wiki Activity

nixos/specialisation: escape and restrict specialisation names (#405393)

Browse source
This commit is contained in:
Ramses 2025-05-17 19:47:05 +02:00 committed by GitHub
commit 139080c304
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 11 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

12
nixos/modules/system/activation/specialisation.nix
View file

@ -10,6 +10,8 @@
let let
inherit (lib) inherit (lib)
concatStringsSep concatStringsSep
escapeShellArg
hasInfix
mapAttrs mapAttrs
mapAttrsToList mapAttrsToList
mkOption mkOption
@ -84,10 +86,18 @@ in
}; };
config = { config = {
assertions = mapAttrsToList (name: _: {
assertion = !hasInfix "/" name;
message = ''
Specialisation names must not contain forward slashes.
Invalid specialisation name: ${name}
'';
}) config.specialisation;
system.systemBuilderCommands = '' system.systemBuilderCommands = ''
mkdir $out/specialisation mkdir $out/specialisation
${concatStringsSep "\n" ( ${concatStringsSep "\n" (
mapAttrsToList (name: path: "ln -s ${path} $out/specialisation/${name}") children mapAttrsToList (name: path: "ln -s ${path} $out/specialisation/${escapeShellArg name}") children
)} )}
''; '';
}; };