home-environment: fail if a home.file is outside $HOME

2024-06-01 20:43:34 +02:00 · 2017-09-13 15:19:49 +02:00 · 2017-09-13 15:19:49 +02:00 · 6ecf9e091c
commit 6ecf9e091c
parent aa69598b57
1 changed files with 10 additions and 2 deletions
--- a/modules/home-environment.nix
+++ b/modules/home-environment.nix
@ -416,11 +416,19 @@ in
            concatStringsSep "\n" (
              mapAttrsToList (n: v:
                ''
+                  target="$(realpath -m "$out/${v.target}")"
+
+                  # Target file must be within $HOME.
+                  if [[ ! "$target" =~ "$out" ]] ; then
+                    echo "Error installing file '${v.target}' outside \$HOME" >&2
+                    exit 1
+                  fi
+
                  if [ -d "${v.source}" ]; then
                    mkdir -pv "$(dirname "$out/${v.target}")"
-                    ln -sv "${v.source}" "$out/${v.target}"
+                    ln -sv "${v.source}" "$target"
                  else
-                    install -D -m${v.mode} "${v.source}" "$out/${v.target}"
+                    install -D -m${v.mode} "${v.source}" "$target"
                  fi
                ''
              ) cfg.file