mirror of
https://github.com/nix-community/home-manager
synced 2024-11-22 20:53:14 +00:00
home-manager: verify username and home directory
The generation activation script should be run by the user specified in `home.username` and `home.homeDirectory`. If some other user runs the activation script, then files may end up in the wrong place or with the wrong owner. This commits adds a check early in the activation script that verifies that the running user match the user in the configuration. Fixes #4019
This commit is contained in:
parent
bec196cd9b
commit
6a19225683
4 changed files with 39 additions and 10 deletions
|
@ -8,7 +8,7 @@ msgid ""
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Project-Id-Version: Home Manager\n"
|
"Project-Id-Version: Home Manager\n"
|
||||||
"Report-Msgid-Bugs-To: https://github.com/nix-community/home-manager/issues\n"
|
"Report-Msgid-Bugs-To: https://github.com/nix-community/home-manager/issues\n"
|
||||||
"POT-Creation-Date: 2023-04-11 22:44+0200\n"
|
"POT-Creation-Date: 2023-05-27 09:08+0200\n"
|
||||||
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
||||||
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
||||||
"Language-Team: LANGUAGE <LL@li.org>\n"
|
"Language-Team: LANGUAGE <LL@li.org>\n"
|
||||||
|
|
|
@ -704,6 +704,9 @@ in
|
||||||
|
|
||||||
${builtins.readFile ./lib-bash/activation-init.sh}
|
${builtins.readFile ./lib-bash/activation-init.sh}
|
||||||
|
|
||||||
|
checkUsername ${escapeShellArg config.home.username}
|
||||||
|
checkHomeDirectory ${escapeShellArg config.home.homeDirectory}
|
||||||
|
|
||||||
${activationCmds}
|
${activationCmds}
|
||||||
'';
|
'';
|
||||||
in
|
in
|
||||||
|
|
18
modules/lib-bash/activation-init.sh
Normal file → Executable file
18
modules/lib-bash/activation-init.sh
Normal file → Executable file
|
@ -88,6 +88,24 @@ function setupVars() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function checkUsername() {
|
||||||
|
local expectedUser="$1"
|
||||||
|
|
||||||
|
if [[ "$USER" != "$expectedUser" ]]; then
|
||||||
|
_iError 'Error: USER is set to "%s" but we expect "%s"' "$USER" "$expectedUser"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function checkHomeDirectory() {
|
||||||
|
local expectedHome="$1"
|
||||||
|
|
||||||
|
if ! [[ $HOME -ef $expectedHome ]]; then
|
||||||
|
_iError 'Error: HOME is set to "%s" but we expect "%s"' "$HOME" "$expectedHome"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
if [[ -v VERBOSE ]]; then
|
if [[ -v VERBOSE ]]; then
|
||||||
export VERBOSE_ECHO=echo
|
export VERBOSE_ECHO=echo
|
||||||
export VERBOSE_ARG="--verbose"
|
export VERBOSE_ARG="--verbose"
|
||||||
|
|
|
@ -8,7 +8,7 @@ msgid ""
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Project-Id-Version: Home Manager Modules\n"
|
"Project-Id-Version: Home Manager Modules\n"
|
||||||
"Report-Msgid-Bugs-To: https://github.com/nix-community/home-manager/issues\n"
|
"Report-Msgid-Bugs-To: https://github.com/nix-community/home-manager/issues\n"
|
||||||
"POT-Creation-Date: 2023-04-11 22:44+0200\n"
|
"POT-Creation-Date: 2023-05-27 09:08+0200\n"
|
||||||
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
||||||
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
||||||
"Language-Team: LANGUAGE <LL@li.org>\n"
|
"Language-Team: LANGUAGE <LL@li.org>\n"
|
||||||
|
@ -33,7 +33,7 @@ msgstr ""
|
||||||
msgid "No change so reusing latest profile generation %s"
|
msgid "No change so reusing latest profile generation %s"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: modules/home-environment.nix:625
|
#: modules/home-environment.nix:627
|
||||||
msgid ""
|
msgid ""
|
||||||
"Oops, Nix failed to install your new Home Manager profile!\n"
|
"Oops, Nix failed to install your new Home Manager profile!\n"
|
||||||
"\n"
|
"\n"
|
||||||
|
@ -49,7 +49,7 @@ msgid ""
|
||||||
"Then try activating your Home Manager configuration again."
|
"Then try activating your Home Manager configuration again."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: modules/home-environment.nix:658
|
#: modules/home-environment.nix:660
|
||||||
msgid "Activating %s"
|
msgid "Activating %s"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
@ -81,26 +81,34 @@ msgid ""
|
||||||
"and trying home-manager switch again. Good luck!"
|
"and trying home-manager switch again. Good luck!"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: modules/lib-bash/activation-init.sh:101
|
#: modules/lib-bash/activation-init.sh:95
|
||||||
|
msgid "Error: USER is set to \"%s\" but we expect \"%s\""
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
|
#: modules/lib-bash/activation-init.sh:104
|
||||||
|
msgid "Error: HOME is set to \"%s\" but we expect \"%s\""
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
|
#: modules/lib-bash/activation-init.sh:119
|
||||||
msgid "Starting Home Manager activation"
|
msgid "Starting Home Manager activation"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: modules/lib-bash/activation-init.sh:105
|
#: modules/lib-bash/activation-init.sh:123
|
||||||
msgid "Sanity checking Nix"
|
msgid "Sanity checking Nix"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: modules/lib-bash/activation-init.sh:112
|
#: modules/lib-bash/activation-init.sh:133
|
||||||
msgid "This is a dry run"
|
msgid "This is a dry run"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: modules/lib-bash/activation-init.sh:116
|
#: modules/lib-bash/activation-init.sh:137
|
||||||
msgid "This is a live run"
|
msgid "This is a live run"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: modules/lib-bash/activation-init.sh:122
|
#: modules/lib-bash/activation-init.sh:143
|
||||||
msgid "Using Nix version: %s"
|
msgid "Using Nix version: %s"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: modules/lib-bash/activation-init.sh:125
|
#: modules/lib-bash/activation-init.sh:146
|
||||||
msgid "Activation variables:"
|
msgid "Activation variables:"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
Loading…
Reference in a new issue