lib/types: check paths in pathWith with hasStorePathPrefix

This permits usage of content‐addressed derivations and has the added benefit of checking normalised paths.
2025-06-09 19:13:26 +03:00 · 2025-03-05 14:45:36 +01:00 · 2025-03-05 14:45:36 +01:00 · 931f464581
commit 931f464581
parent bf790d1a7f
2 changed files with 11 additions and 1 deletions
--- a/lib/tests/modules/pathWith.nix
+++ b/lib/tests/modules/pathWith.nix
@ -58,6 +58,9 @@ in
  pathInStore.ok1 = "${storeDir}/0lz9p8xhf89kb1c1kk6jxrzskaiygnlh-bash-5.2-p15.drv";
  pathInStore.ok2 = "${storeDir}/0fb3ykw9r5hpayd05sr0cizwadzq1d8q-bash-5.2-p15";
  pathInStore.ok3 = "${storeDir}/0fb3ykw9r5hpayd05sr0cizwadzq1d8q-bash-5.2-p15/bin/bash";
+  pathInStore.ok4 = "/1121rp0gvr1qya7hvy925g5kjwg66acz6sn1ra1hca09f1z5dsab"; # CA derivation
+  pathInStore.ok5 = "/1121rp0gvr1qya7hvy925g5kjwg66acz6sn1ra1hca09f1z5dsab/bin/bash"; # CA derivation
+  pathInStore.ok6 = /1121rp0gvr1qya7hvy925g5kjwg66acz6sn1ra1hca09f1z5dsab; # CA derivation, path type
  pathInStore.bad1 = "";
  pathInStore.bad2 = "${storeDir}";
  pathInStore.bad3 = "${storeDir}/";
--- a/lib/types.nix
+++ b/lib/types.nix
@ -669,7 +669,14 @@ let
            check =
              x:
              let
-                isInStore = builtins.match "${builtins.storeDir}/[^.].*" (toString x) != null;
+                isInStore = lib.path.hasStorePathPrefix (
+                  if builtins.isPath x then
+                    x
+                  # Discarding string context is necessary to convert the value to
+                  # a path and safe as the result is never used in any derivation.
+                  else
+                    /. + builtins.unsafeDiscardStringContext x
+                );
                isAbsolute = builtins.substring 0 1 (toString x) == "/";
                isExpectedType = (
                  if inStore == null || inStore then isStringLike x else isString x # Do not allow a true path, which could be copied to the store later on.