0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00

[Backport release-25.05] nixos/specialisation: escape and restrict specialisation names (#408069)

This commit is contained in:
Ramses 2025-05-17 22:39:49 +02:00 committed by GitHub
commit ce3af7849d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -10,6 +10,8 @@
let
inherit (lib)
concatStringsSep
escapeShellArg
hasInfix
mapAttrs
mapAttrsToList
mkOption
@ -84,10 +86,18 @@ in
};
config = {
assertions = mapAttrsToList (name: _: {
assertion = !hasInfix "/" name;
message = ''
Specialisation names must not contain forward slashes.
Invalid specialisation name: ${name}
'';
}) config.specialisation;
system.systemBuilderCommands = ''
mkdir $out/specialisation
${concatStringsSep "\n" (
mapAttrsToList (name: path: "ln -s ${path} $out/specialisation/${name}") children
mapAttrsToList (name: path: "ln -s ${path} $out/specialisation/${escapeShellArg name}") children
)}
'';
};