mirror of
https://github.com/nix-community/home-manager.git
synced 2024-12-14 11:57:55 +00:00
home-manager: verify username and home directory
The generation activation script should be run by the user specified in `home.username` and `home.homeDirectory`. If some other user runs the activation script, then files may end up in the wrong place or with the wrong owner. This commits adds a check early in the activation script that verifies that the running user match the user in the configuration. Fixes #4019
This commit is contained in:
parent
bec196cd9b
commit
6a19225683
4 changed files with 39 additions and 10 deletions
|
@ -8,7 +8,7 @@ msgid ""
|
|||
msgstr ""
|
||||
"Project-Id-Version: Home Manager\n"
|
||||
"Report-Msgid-Bugs-To: https://github.com/nix-community/home-manager/issues\n"
|
||||
"POT-Creation-Date: 2023-04-11 22:44+0200\n"
|
||||
"POT-Creation-Date: 2023-05-27 09:08+0200\n"
|
||||
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
||||
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
||||
"Language-Team: LANGUAGE <LL@li.org>\n"
|
||||
|
|
|
@ -704,6 +704,9 @@ in
|
|||
|
||||
${builtins.readFile ./lib-bash/activation-init.sh}
|
||||
|
||||
checkUsername ${escapeShellArg config.home.username}
|
||||
checkHomeDirectory ${escapeShellArg config.home.homeDirectory}
|
||||
|
||||
${activationCmds}
|
||||
'';
|
||||
in
|
||||
|
|
18
modules/lib-bash/activation-init.sh
Normal file → Executable file
18
modules/lib-bash/activation-init.sh
Normal file → Executable file
|
@ -88,6 +88,24 @@ function setupVars() {
|
|||
fi
|
||||
}
|
||||
|
||||
function checkUsername() {
|
||||
local expectedUser="$1"
|
||||
|
||||
if [[ "$USER" != "$expectedUser" ]]; then
|
||||
_iError 'Error: USER is set to "%s" but we expect "%s"' "$USER" "$expectedUser"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
function checkHomeDirectory() {
|
||||
local expectedHome="$1"
|
||||
|
||||
if ! [[ $HOME -ef $expectedHome ]]; then
|
||||
_iError 'Error: HOME is set to "%s" but we expect "%s"' "$HOME" "$expectedHome"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
if [[ -v VERBOSE ]]; then
|
||||
export VERBOSE_ECHO=echo
|
||||
export VERBOSE_ARG="--verbose"
|
||||
|
|
|
@ -8,7 +8,7 @@ msgid ""
|
|||
msgstr ""
|
||||
"Project-Id-Version: Home Manager Modules\n"
|
||||
"Report-Msgid-Bugs-To: https://github.com/nix-community/home-manager/issues\n"
|
||||
"POT-Creation-Date: 2023-04-11 22:44+0200\n"
|
||||
"POT-Creation-Date: 2023-05-27 09:08+0200\n"
|
||||
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
||||
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
||||
"Language-Team: LANGUAGE <LL@li.org>\n"
|
||||
|
@ -33,7 +33,7 @@ msgstr ""
|
|||
msgid "No change so reusing latest profile generation %s"
|
||||
msgstr ""
|
||||
|
||||
#: modules/home-environment.nix:625
|
||||
#: modules/home-environment.nix:627
|
||||
msgid ""
|
||||
"Oops, Nix failed to install your new Home Manager profile!\n"
|
||||
"\n"
|
||||
|
@ -49,7 +49,7 @@ msgid ""
|
|||
"Then try activating your Home Manager configuration again."
|
||||
msgstr ""
|
||||
|
||||
#: modules/home-environment.nix:658
|
||||
#: modules/home-environment.nix:660
|
||||
msgid "Activating %s"
|
||||
msgstr ""
|
||||
|
||||
|
@ -81,26 +81,34 @@ msgid ""
|
|||
"and trying home-manager switch again. Good luck!"
|
||||
msgstr ""
|
||||
|
||||
#: modules/lib-bash/activation-init.sh:101
|
||||
#: modules/lib-bash/activation-init.sh:95
|
||||
msgid "Error: USER is set to \"%s\" but we expect \"%s\""
|
||||
msgstr ""
|
||||
|
||||
#: modules/lib-bash/activation-init.sh:104
|
||||
msgid "Error: HOME is set to \"%s\" but we expect \"%s\""
|
||||
msgstr ""
|
||||
|
||||
#: modules/lib-bash/activation-init.sh:119
|
||||
msgid "Starting Home Manager activation"
|
||||
msgstr ""
|
||||
|
||||
#: modules/lib-bash/activation-init.sh:105
|
||||
#: modules/lib-bash/activation-init.sh:123
|
||||
msgid "Sanity checking Nix"
|
||||
msgstr ""
|
||||
|
||||
#: modules/lib-bash/activation-init.sh:112
|
||||
#: modules/lib-bash/activation-init.sh:133
|
||||
msgid "This is a dry run"
|
||||
msgstr ""
|
||||
|
||||
#: modules/lib-bash/activation-init.sh:116
|
||||
#: modules/lib-bash/activation-init.sh:137
|
||||
msgid "This is a live run"
|
||||
msgstr ""
|
||||
|
||||
#: modules/lib-bash/activation-init.sh:122
|
||||
#: modules/lib-bash/activation-init.sh:143
|
||||
msgid "Using Nix version: %s"
|
||||
msgstr ""
|
||||
|
||||
#: modules/lib-bash/activation-init.sh:125
|
||||
#: modules/lib-bash/activation-init.sh:146
|
||||
msgid "Activation variables:"
|
||||
msgstr ""
|
||||
|
|
Loading…
Reference in a new issue