From 486b066025dccd8af7fbe5dd2cc79e46b88c80da Mon Sep 17 00:00:00 2001 From: toborwinner <102221758+ToborWinner@users.noreply.github.com> Date: Sun, 9 Feb 2025 21:32:30 +0100 Subject: [PATCH] specialisation: escape specialisation name The specialisation name is included in home.extraBuilderCommands without being properly escaped and checked. This commit fixes that. --- modules/misc/specialisation.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/modules/misc/specialisation.nix b/modules/misc/specialisation.nix index dc5f78e14..01e889426 100644 --- a/modules/misc/specialisation.nix +++ b/modules/misc/specialisation.nix @@ -71,10 +71,16 @@ with lib; }; config = mkIf (config.specialisation != { }) { + assertions = map (n: { + assertion = !lib.hasInfix "/" n; + message = + " in specialisation. cannot contain a forward slash."; + }) (attrNames config.specialisation); + home.extraBuilderCommands = let link = n: v: let pkg = v.configuration.home.activationPackage; - in "ln -s ${pkg} $out/specialisation/${n}"; + in "ln -s ${pkg} $out/specialisation/${escapeShellArg n}"; in '' mkdir $out/specialisation ${concatStringsSep "\n" (mapAttrsToList link config.specialisation)}