Unverified Commit 57a30e4c authored by r-vdp's avatar r-vdp
Browse files

specialisation: limit the allowed characters in specialisation names 

Since the systemd boot counting PR was merged, dashes in specialisation
names cause issues when installing the boot loader entries, since dashes
are also used as separator for the different components of the file name
of the boot loader entries on disk.

The assertion avoids this footgun which is pretty annoying to recover
from.
parent 5d06d0d8

nixos/modules/system/activation/specialisation.nix

+18 −1
Original line number Diff line number Diff line 
{ config, lib, pkgs, extendModules, noUserModules, ... }:

{ config, lib, extendModules, noUserModules, ... }:



let

  inherit (lib)

    attrNames

    concatStringsSep

    filter

    length

    mapAttrs

    mapAttrsToList

    match

    mkOption

    types

    ;
@@ -73,6 +77,19 @@ in 
  };



  config = {

    assertions = [(

      let

        invalidNames = filter (name: match "[[:alnum:]_]+" name == null) (attrNames config.specialisation);

      in

      {

        assertion = length invalidNames == 0;

        message = ''

          Specialisation names can only contain alphanumeric characters and underscores

          Invalid specialisation names: ${concatStringsSep ", " invalidNames}

        '';

      }

    )];



    system.systemBuilderCommands = ''

      mkdir $out/specialisation

      ${concatStringsSep "\n"

nixos/tests/nixos-rebuild-specialisations.nix

+33 −0
Original line number Diff line number Diff line
@@ -71,6 +71,32 @@ import ./make-test-python.nix ({ pkgs, ... }: { 
        }

      '';



      wrongConfigFile = pkgs.writeText "configuration.nix" ''

        { lib, pkgs, ... }: {

          imports = [

            ./hardware-configuration.nix

            <nixpkgs/nixos/modules/testing/test-instrumentation.nix>

          ];



          boot.loader.grub = {

            enable = true;

            device = "/dev/vda";

            forceInstall = true;

          };



          documentation.enable = false;



          environment.systemPackages = [

            (pkgs.writeShellScriptBin "parent" "")

          ];



          specialisation.foo-bar = {

            inheritParentConfig = true;



            configuration = { ... }: { };

          };

        }

      '';

    in

    ''

      machine.start()
@@ -116,5 +142,12 @@ import ./make-test-python.nix ({ pkgs, ... }: { 
      with subtest("Make sure nonsense command combinations are forbidden"):

          machine.fail("nixos-rebuild boot --specialisation foo")

          machine.fail("nixos-rebuild boot -c foo")



      machine.copy_from_host(

          "${wrongConfigFile}",

          "/etc/nixos/configuration.nix",

      )

      with subtest("Make sure that invalid specialisation names are rejected"):

          machine.fail("nixos-rebuild switch")

    '';

})