From 6a1922568337e7cf21175213d3aafd1ac79c9a2e Mon Sep 17 00:00:00 2001 From: Robert Helgesson Date: Fri, 26 May 2023 15:11:22 +0200 Subject: [PATCH] home-manager: verify username and home directory The generation activation script should be run by the user specified in `home.username` and `home.homeDirectory`. If some other user runs the activation script, then files may end up in the wrong place or with the wrong owner. This commits adds a check early in the activation script that verifies that the running user match the user in the configuration. Fixes #4019 --- home-manager/po/home-manager.pot | 2 +- modules/home-environment.nix | 3 +++ modules/lib-bash/activation-init.sh | 18 ++++++++++++++++++ modules/po/hm-modules.pot | 26 +++++++++++++++++--------- 4 files changed, 39 insertions(+), 10 deletions(-) mode change 100644 => 100755 modules/lib-bash/activation-init.sh diff --git a/home-manager/po/home-manager.pot b/home-manager/po/home-manager.pot index 4a01edbb3..1e6da07bc 100644 --- a/home-manager/po/home-manager.pot +++ b/home-manager/po/home-manager.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Home Manager\n" "Report-Msgid-Bugs-To: https://github.com/nix-community/home-manager/issues\n" -"POT-Creation-Date: 2023-04-11 22:44+0200\n" +"POT-Creation-Date: 2023-05-27 09:08+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" diff --git a/modules/home-environment.nix b/modules/home-environment.nix index 497e174b1..9abf223bd 100644 --- a/modules/home-environment.nix +++ b/modules/home-environment.nix @@ -704,6 +704,9 @@ in ${builtins.readFile ./lib-bash/activation-init.sh} + checkUsername ${escapeShellArg config.home.username} + checkHomeDirectory ${escapeShellArg config.home.homeDirectory} + ${activationCmds} ''; in diff --git a/modules/lib-bash/activation-init.sh b/modules/lib-bash/activation-init.sh old mode 100644 new mode 100755 index 185fa2457..881b63a8f --- a/modules/lib-bash/activation-init.sh +++ b/modules/lib-bash/activation-init.sh @@ -88,6 +88,24 @@ function setupVars() { fi } +function checkUsername() { + local expectedUser="$1" + + if [[ "$USER" != "$expectedUser" ]]; then + _iError 'Error: USER is set to "%s" but we expect "%s"' "$USER" "$expectedUser" + exit 1 + fi +} + +function checkHomeDirectory() { + local expectedHome="$1" + + if ! [[ $HOME -ef $expectedHome ]]; then + _iError 'Error: HOME is set to "%s" but we expect "%s"' "$HOME" "$expectedHome" + exit 1 + fi +} + if [[ -v VERBOSE ]]; then export VERBOSE_ECHO=echo export VERBOSE_ARG="--verbose" diff --git a/modules/po/hm-modules.pot b/modules/po/hm-modules.pot index aa2a09ef5..3a8327a0c 100644 --- a/modules/po/hm-modules.pot +++ b/modules/po/hm-modules.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Home Manager Modules\n" "Report-Msgid-Bugs-To: https://github.com/nix-community/home-manager/issues\n" -"POT-Creation-Date: 2023-04-11 22:44+0200\n" +"POT-Creation-Date: 2023-05-27 09:08+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -33,7 +33,7 @@ msgstr "" msgid "No change so reusing latest profile generation %s" msgstr "" -#: modules/home-environment.nix:625 +#: modules/home-environment.nix:627 msgid "" "Oops, Nix failed to install your new Home Manager profile!\n" "\n" @@ -49,7 +49,7 @@ msgid "" "Then try activating your Home Manager configuration again." msgstr "" -#: modules/home-environment.nix:658 +#: modules/home-environment.nix:660 msgid "Activating %s" msgstr "" @@ -81,26 +81,34 @@ msgid "" "and trying home-manager switch again. Good luck!" msgstr "" -#: modules/lib-bash/activation-init.sh:101 +#: modules/lib-bash/activation-init.sh:95 +msgid "Error: USER is set to \"%s\" but we expect \"%s\"" +msgstr "" + +#: modules/lib-bash/activation-init.sh:104 +msgid "Error: HOME is set to \"%s\" but we expect \"%s\"" +msgstr "" + +#: modules/lib-bash/activation-init.sh:119 msgid "Starting Home Manager activation" msgstr "" -#: modules/lib-bash/activation-init.sh:105 +#: modules/lib-bash/activation-init.sh:123 msgid "Sanity checking Nix" msgstr "" -#: modules/lib-bash/activation-init.sh:112 +#: modules/lib-bash/activation-init.sh:133 msgid "This is a dry run" msgstr "" -#: modules/lib-bash/activation-init.sh:116 +#: modules/lib-bash/activation-init.sh:137 msgid "This is a live run" msgstr "" -#: modules/lib-bash/activation-init.sh:122 +#: modules/lib-bash/activation-init.sh:143 msgid "Using Nix version: %s" msgstr "" -#: modules/lib-bash/activation-init.sh:125 +#: modules/lib-bash/activation-init.sh:146 msgid "Activation variables:" msgstr ""