From df590070b007b2cd2f64647b2780c903506aa21f Mon Sep 17 00:00:00 2001 From: Jules Aguillon Date: Tue, 18 Jan 2022 21:56:14 +0100 Subject: types.singleLineStr: strings that don't contain '\n' Add a new type, inheriting 'types.str' but checking whether the value doesn't contain any newline characters. The motivation comes from a problem with the 'users.users.${u}.openssh.authorizedKeys' option. It is easy to unintentionally insert a newline character at the end of a string, or even in the middle, for example: restricted_ssh_keys = command: keys: let prefix = '' command="${command}",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding ''; in map (key: "${prefix} ${key}") keys; The 'prefix' string ends with a newline, which ends up in the middle of a key entry after a few manipulations. This is problematic because the key file is built by concatenating all the keys with 'concatStringsSep "\n"', with result in two entries for the faulty key: '' command="...",options... MY_KEY '' This is hard to debug and might be dangerous. This is now caught at build time. --- lib/types.nix | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'lib') diff --git a/lib/types.nix b/lib/types.nix index 244cbb6b5354..0e702fb2f2ed 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -300,6 +300,13 @@ rec { inherit (str) merge; }; + singleLineStr = mkOptionType { + name = "singleLineStr"; + description = "string that doesn't contain '\\n'"; + check = x: str.check x && !(lib.hasInfix "\n" x); + inherit (str) merge; + }; + strMatching = pattern: mkOptionType { name = "strMatching ${escapeNixString pattern}"; description = "string matching the pattern ${pattern}"; -- cgit 1.4.1