files: make sure the target file name is escaped

The previous implementation would allow variables to sneak into the
file names. This commit makes sure the resulting target file path
exactly matches the expected path.
This commit is contained in:
Robert Helgesson 2020-08-29 18:22:03 +02:00
parent 209fb62d49
commit 4fe5afa755
No known key found for this signature in database
GPG key ID: 36BDAA14C2797E89
3 changed files with 25 additions and 6 deletions

View file

@ -316,12 +316,15 @@ in
} }
'' + concatStrings ( '' + concatStrings (
mapAttrsToList (n: v: '' mapAttrsToList (n: v: ''
insertFile "${sourceStorePath v}" \ insertFile ${
"${v.target}" \ escapeShellArgs [
"${if v.executable == null (sourceStorePath v)
then "inherit" v.target
else builtins.toString v.executable}" \ (if v.executable == null
"${builtins.toString v.recursive}" then "inherit"
else toString v.executable)
(toString v.recursive)
]}
'') cfg '') cfg
)); ));
}; };

View file

@ -3,5 +3,6 @@
files-hidden-source = ./hidden-source.nix; files-hidden-source = ./hidden-source.nix;
files-out-of-store-symlink = ./out-of-store-symlink.nix; files-out-of-store-symlink = ./out-of-store-symlink.nix;
files-source-with-spaces = ./source-with-spaces.nix; files-source-with-spaces = ./source-with-spaces.nix;
files-target-with-shellvar = ./target-with-shellvar.nix;
files-text = ./text.nix; files-text = ./text.nix;
} }

View file

@ -0,0 +1,15 @@
{ config, lib, pkgs, ... }:
with lib;
{
config = {
home.file."$HOME/$FOO/bar baz".text = "blah";
nmt.script = ''
assertFileExists 'home-files/$HOME/$FOO/bar baz';
assertFileContent 'home-files/$HOME/$FOO/bar baz' \
${pkgs.writeText "expected" "blah"}
'';
};
}