misc/specialisation: escape specialisation name #6422
Merged
+7
−1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The check failure seems to have nothing to do with my PR (nushell is failing because of a hash mismatch). |
ambroisie
reviewed
Feb 10, 2025
ToborWinner
force-pushed
the
fix-specialisation-name-escaping
branch
from
7b88538 to
4e4565a
Compare
|
I'm pretty new to PRs, so I don't know if I resolved the conversation properly (I don't think it gave you the contribution? Not sure how I should have handled that), so let me know if I did anything wrong. Thank you for the suggestion. |
ToborWinner
force-pushed
the
fix-specialisation-name-escaping
branch
from
4e4565a to
1d8c783
Compare
ambroisie
approved these changes
Feb 10, 2025
ToborWinner
force-pushed
the
fix-specialisation-name-escaping
branch
from
7346d2d to
1d8c783
Compare
|
I pushed no changes, I just wanted the tests to pass after the nushell test was fixed. |
The specialisation name is included in home.extraBuilderCommands without being properly escaped and checked. This commit fixes that.
rycee
force-pushed
the
fix-specialisation-name-escaping
branch
from
1d8c783 to
5525569
Compare
|
Thanks for the contribution! Merged to master now 🙂 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The specialisation name is included in home.extraBuilderCommands without being properly escaped and checked. This commit fixes that.
Description
The specialisation name is currently not escaped when included in the command to create the symlink in home.extraBuilderCommands. This PR properly escapes it and adds an assertion to ensure it does not contain a forward slash.
This PR, for example, prevents people from running commands through the specialisation name:
After rebuilding, the test.txt file is present in the built derivation:
❯ cat .local/state/home-manager/gcroots/current-home/test.txt testNote: specialisation.nix was probably implemented by copying how it works in nixpkgs, which currently has the same problem. I will probably submit a PR in nixpkgs later too.
Checklist
Change is backwards compatible.
Code formatted with
./format.Code tested through
nix-shell --pure tests -A run.allor
nix build --reference-lock-file flake.lock ./tests#test-allusing Flakes.Test cases updated/added. See example.
Commit messages are formatted like
See CONTRIBUTING for more information and recent commit messages for examples.
If this PR adds a new module
Maintainer CC