Commit 1b2b3e1e authored by toborwinner's avatar toborwinner Committed by github-actions[bot]
Browse files

nixos/specialisation: escape and restrict specialisation names 

Prevent the specialisation names from containing a forward slash.
Also escape them to allow for spaces in specialisation names.

(cherry picked from commit 2b9fc0cc)
parent dba34617

nixos/modules/system/activation/specialisation.nix

+11 −1
Original line number Diff line number Diff line
@@ -10,6 +10,8 @@ 
let

  inherit (lib)

    concatStringsSep

    escapeShellArg

    hasInfix

    mapAttrs

    mapAttrsToList

    mkOption
@@ -84,10 +86,18 @@ in 
  };



  config = {

    assertions = mapAttrsToList (name: _: {

      assertion = !hasInfix "/" name;

      message = ''

        Specialisation names must not contain forward slashes.

        Invalid specialisation name: ${name}

      '';

    }) config.specialisation;



    system.systemBuilderCommands = ''

      mkdir $out/specialisation

      ${concatStringsSep "\n" (

        mapAttrsToList (name: path: "ln -s ${path} $out/specialisation/${name}") children

        mapAttrsToList (name: path: "ln -s ${path} $out/specialisation/${escapeShellArg name}") children

      )}

    '';

  };