Skip to content

Commit

Permalink
Merge pull request #333952 from r-vdp/specialisation-name-regex
Browse files Browse the repository at this point in the history
specialisation: limit the allowed characters in specialisation names
  • Loading branch information
flokli authored Aug 12, 2024
2 parents c67d90d + d38257b commit fc35704
Show file tree
Hide file tree
Showing 3 changed files with 52 additions and 2 deletions.
19 changes: 18 additions & 1 deletion nixos/modules/system/activation/specialisation.nix
Original file line number Diff line number Diff line change
@@ -1,10 +1,14 @@
{ config, lib, pkgs, extendModules, noUserModules, ... }:
{ config, lib, extendModules, noUserModules, ... }:

let
inherit (lib)
attrNames
concatStringsSep
filter
length
mapAttrs
mapAttrsToList
match
mkOption
types
;
Expand Down Expand Up @@ -73,6 +77,19 @@ in
};

config = {
assertions = [(
let
invalidNames = filter (name: match "[[:alnum:]_]+" name == null) (attrNames config.specialisation);
in
{
assertion = length invalidNames == 0;
message = ''
Specialisation names can only contain alphanumeric characters and underscores
Invalid specialisation names: ${concatStringsSep ", " invalidNames}
'';
}
)];

system.systemBuilderCommands = ''
mkdir $out/specialisation
${concatStringsSep "\n"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ def from_path(cls: Type["Entry"], path: Path) -> "Entry":
# Matching nixos*-generation-$number*.conf
rex_generation = re.compile(r"^nixos.*-generation-([0-9]+).*\.conf$")
# Matching nixos*-generation-$number-specialisation-$specialisation_name*.conf
rex_specialisation = re.compile(r"^nixos.*-generation-([0-9]+)-specialisation-([a-zA-Z0-9]+).*\.conf$")
rex_specialisation = re.compile(r"^nixos.*-generation-([0-9]+)-specialisation-([a-zA-Z0-9_]+).*\.conf$")
profile = rex_profile.sub(r"\1", filename) if rex_profile.match(filename) else None
specialisation = rex_specialisation.sub(r"\2", filename) if rex_specialisation.match(filename) else None
try:
Expand Down
33 changes: 33 additions & 0 deletions nixos/tests/nixos-rebuild-specialisations.nix
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,32 @@ import ./make-test-python.nix ({ pkgs, ... }: {
}
'';

wrongConfigFile = pkgs.writeText "configuration.nix" ''
{ lib, pkgs, ... }: {
imports = [
./hardware-configuration.nix
<nixpkgs/nixos/modules/testing/test-instrumentation.nix>
];
boot.loader.grub = {
enable = true;
device = "/dev/vda";
forceInstall = true;
};
documentation.enable = false;
environment.systemPackages = [
(pkgs.writeShellScriptBin "parent" "")
];
specialisation.foo-bar = {
inheritParentConfig = true;
configuration = { ... }: { };
};
}
'';
in
''
machine.start()
Expand Down Expand Up @@ -116,5 +142,12 @@ import ./make-test-python.nix ({ pkgs, ... }: {
with subtest("Make sure nonsense command combinations are forbidden"):
machine.fail("nixos-rebuild boot --specialisation foo")
machine.fail("nixos-rebuild boot -c foo")
machine.copy_from_host(
"${wrongConfigFile}",
"/etc/nixos/configuration.nix",
)
with subtest("Make sure that invalid specialisation names are rejected"):
machine.fail("nixos-rebuild switch")
'';
})

0 comments on commit fc35704

Please sign in to comment.