movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-15 22:19:17 +03:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #333952 from r-vdp/specialisation-name-regex

Browse source 
specialisation: limit the allowed characters in specialisation names
This commit is contained in:
Florian Klink 2024-08-12 13:30:54 +03:00 committed by GitHub
commit fc35704bc8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 52 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

19
nixos/modules/system/activation/specialisation.nix
View file

@ -1,10 +1,14 @@
{ config, lib, pkgs, extendModules, noUserModules, ... }: { config, lib, extendModules, noUserModules, ... }:
let let
inherit (lib) inherit (lib)
attrNames
concatStringsSep concatStringsSep
filter
length
mapAttrs mapAttrs
mapAttrsToList mapAttrsToList
match
mkOption mkOption
types types
; ;
@ -73,6 +77,19 @@ in
}; };
config = { config = {
assertions = [(
let
invalidNames = filter (name: match "[[:alnum:]_]+" name == null) (attrNames config.specialisation);
in
{
assertion = length invalidNames == 0;
message = ''
Specialisation names can only contain alphanumeric characters and underscores
Invalid specialisation names: ${concatStringsSep ", " invalidNames}
'';
}
)];
system.systemBuilderCommands = '' system.systemBuilderCommands = ''
mkdir $out/specialisation mkdir $out/specialisation
${concatStringsSep "\n" ${concatStringsSep "\n"

2
nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py
View file

@ -65,7 +65,7 @@ class Entry:
# Matching nixos*-generation-$number*.conf # Matching nixos*-generation-$number*.conf
rex_generation = re.compile(r"^nixos.*-generation-([0-9]+).*\.conf$") rex_generation = re.compile(r"^nixos.*-generation-([0-9]+).*\.conf$")
# Matching nixos*-generation-$number-specialisation-$specialisation_name*.conf # Matching nixos*-generation-$number-specialisation-$specialisation_name*.conf
rex_specialisation = re.compile(r"^nixos.*-generation-([0-9]+)-specialisation-([a-zA-Z0-9]+).*\.conf$") rex_specialisation = re.compile(r"^nixos.*-generation-([0-9]+)-specialisation-([a-zA-Z0-9_]+).*\.conf$")
profile = rex_profile.sub(r"\1", filename) if rex_profile.match(filename) else None profile = rex_profile.sub(r"\1", filename) if rex_profile.match(filename) else None
specialisation = rex_specialisation.sub(r"\2", filename) if rex_specialisation.match(filename) else None specialisation = rex_specialisation.sub(r"\2", filename) if rex_specialisation.match(filename) else None
try: try:

33
nixos/tests/nixos-rebuild-specialisations.nix
View file

@ -71,6 +71,32 @@ import ./make-test-python.nix ({ pkgs, ... }: {
} }
''; '';
wrongConfigFile = pkgs.writeText "configuration.nix" ''
{ lib, pkgs, ... }: {
imports = [
./hardware-configuration.nix
<nixpkgs/nixos/modules/testing/test-instrumentation.nix>
];
boot.loader.grub = {
enable = true;
device = "/dev/vda";
forceInstall = true;
};
documentation.enable = false;
environment.systemPackages = [
(pkgs.writeShellScriptBin "parent" "")
];
specialisation.foo-bar = {
inheritParentConfig = true;
configuration = { ... }: { };
};
}
'';
in in
'' ''
machine.start() machine.start()
@ -116,5 +142,12 @@ import ./make-test-python.nix ({ pkgs, ... }: {
with subtest("Make sure nonsense command combinations are forbidden"): with subtest("Make sure nonsense command combinations are forbidden"):
machine.fail("nixos-rebuild boot --specialisation foo") machine.fail("nixos-rebuild boot --specialisation foo")
machine.fail("nixos-rebuild boot -c foo") machine.fail("nixos-rebuild boot -c foo")
machine.copy_from_host(
"${wrongConfigFile}",
"/etc/nixos/configuration.nix",
)
with subtest("Make sure that invalid specialisation names are rejected"):
machine.fail("nixos-rebuild switch")
''; '';
}) })