home-environment: fail if a home.file is outside $HOME

author: Robert Helgesson <robert@rycee.net> 2017-09-13 15:19:49 +0200
committer: Robert Helgesson <robert@rycee.net> 2017-09-13 15:23:43 +0200
commit: 6ecf9e091c53d592edeb202378a5b5c920dfde55 (patch)
tree: 3086ee6bc19eed1609576d6b58c3f5ab956f25ed /modules
parent: aa69598b5742024ebaee0c861585269f77ef1a5f (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/modules/home-environment.nix b/modules/home-environment.nix
index 5db2fbd6f42..db4a9847a08 100644
--- a/modules/home-environment.nix
+++ b/modules/home-environment.nix
@@ -416,11 +416,19 @@ in
             concatStringsSep "\n" (
               mapAttrsToList (n: v:
                 ''
+                  target="$(realpath -m "$out/${v.target}")"
+
+                  # Target file must be within $HOME.
+                  if [[ ! "$target" =~ "$out" ]] ; then
+                    echo "Error installing file '${v.target}' outside \$HOME" >&2
+                    exit 1
+                  fi
+
                   if [ -d "${v.source}" ]; then
                     mkdir -pv "$(dirname "$out/${v.target}")"
-                    ln -sv "${v.source}" "$out/${v.target}"
+                    ln -sv "${v.source}" "$target"
                   else
-                    install -D -m${v.mode} "${v.source}" "$out/${v.target}"
+                    install -D -m${v.mode} "${v.source}" "$target"
                   fi
                 ''
               ) cfg.file
author	Robert Helgesson <robert@rycee.net>	2017-09-13 15:19:49 +0200
committer	Robert Helgesson <robert@rycee.net>	2017-09-13 15:23:43 +0200
commit	6ecf9e091c53d592edeb202378a5b5c920dfde55 (patch)
tree	3086ee6bc19eed1609576d6b58c3f5ab956f25ed /modules
parent	aa69598b5742024ebaee0c861585269f77ef1a5f (diff)