specialisation: limit the allowed characters in specialisation names

Since the systemd boot counting PR was merged, dashes in specialisation names cause issues when installing the boot loader entries, since dashes are also used as separator for the different components of the file name of the boot loader entries on disk. The assertion avoids this footgun which is pretty annoying to recover from.
2025-02-06 04:03:04 +00:00 · 2024-08-11 19:03:05 +02:00 · 2024-08-11 19:03:05 +02:00 · 57a30e4cbd
commit 57a30e4cbd
parent 5d06d0d8df
2 changed files with 51 additions and 1 deletions
--- a/nixos/modules/system/activation/specialisation.nix
+++ b/nixos/modules/system/activation/specialisation.nix
@ -1,10 +1,14 @@
-{ config, lib, pkgs, extendModules, noUserModules, ... }:
+{ config, lib, extendModules, noUserModules, ... }:

 let
  inherit (lib)
+    attrNames
    concatStringsSep
+    filter
+    length
    mapAttrs
    mapAttrsToList
+    match
    mkOption
    types
    ;
@ -73,6 +77,19 @@ in
  };

  config = {
+    assertions = [(
+      let
+        invalidNames = filter (name: match "[[:alnum:]_]+" name == null) (attrNames config.specialisation);
+      in
+      {
+        assertion = length invalidNames == 0;
+        message = ''
+          Specialisation names can only contain alphanumeric characters and underscores
+          Invalid specialisation names: ${concatStringsSep ", " invalidNames}
+        '';
+      }
+    )];
+
    system.systemBuilderCommands = ''
      mkdir $out/specialisation
      ${concatStringsSep "\n"
--- a/nixos/tests/nixos-rebuild-specialisations.nix
+++ b/nixos/tests/nixos-rebuild-specialisations.nix
@ -71,6 +71,32 @@ import ./make-test-python.nix ({ pkgs, ... }: {
        }
      '';

+      wrongConfigFile = pkgs.writeText "configuration.nix" ''
+        { lib, pkgs, ... }: {
+          imports = [
+            ./hardware-configuration.nix
+            <nixpkgs/nixos/modules/testing/test-instrumentation.nix>
+          ];
+
+          boot.loader.grub = {
+            enable = true;
+            device = "/dev/vda";
+            forceInstall = true;
+          };
+
+          documentation.enable = false;
+
+          environment.systemPackages = [
+            (pkgs.writeShellScriptBin "parent" "")
+          ];
+
+          specialisation.foo-bar = {
+            inheritParentConfig = true;
+
+            configuration = { ... }: { };
+          };
+        }
+      '';
    in
    ''
      machine.start()
@ -116,5 +142,12 @@ import ./make-test-python.nix ({ pkgs, ... }: {
      with subtest("Make sure nonsense command combinations are forbidden"):
          machine.fail("nixos-rebuild boot --specialisation foo")
          machine.fail("nixos-rebuild boot -c foo")
+
+      machine.copy_from_host(
+          "${wrongConfigFile}",
+          "/etc/nixos/configuration.nix",
+      )
+      with subtest("Make sure that invalid specialisation names are rejected"):
+          machine.fail("nixos-rebuild switch")
    '';
 })