From 595c2828b0115cbb8b2fa0a39889fb1f5dc73163 Mon Sep 17 00:00:00 2001 From: Wroclaw Date: Sun, 18 May 2025 19:35:34 +0200 Subject: [PATCH] pkgs/den-http-get-updater: assert no path is located in nix store --- pkgs/by-name/de/den-http-get-updater/package.nix | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/de/den-http-get-updater/package.nix b/pkgs/by-name/de/den-http-get-updater/package.nix index 91d8581..3293811 100644 --- a/pkgs/by-name/de/den-http-get-updater/package.nix +++ b/pkgs/by-name/de/den-http-get-updater/package.nix @@ -44,7 +44,16 @@ }: let - realFileLocation = builtins.toString fileLocation; + assertNoStorePathPrefix = path: + assert lib.assertMsg (!lib.hasPrefix builtins.storeDir path) '' + The path '${path}' is a store path. + + den-http-get-updater must be evaluated in impure mode, + in order to modify target files, and this cannot be done + with files in the store. + ''; path; + + realFileLocation = assertNoStorePathPrefix (builtins.toString fileLocation); prefetchList' = lib.map (x: assert builtins.isNull x.prefetchUrlLocation || lib.isAttrs x.prefetchUrlLocation; @@ -58,7 +67,7 @@ let name = if x.unpack or unpack then "source" else null; mark = builtins.hashString "sha256" x.previousHash; markRegexEscape = lib.escapeRegex mark; - realFileLocation = builtins.toString x.fileLocation or fileLocation; + realFileLocation = assertNoStorePathPrefix (builtins.toString x.realFileLocation or fileLocation); realFileLocationShellEscape = lib.escapeShellArg realFileLocation; prefetchUrlLocationShellEscape = lib.mapAttrs (_: lib.escapeShellArg) x.prefetchUrlLocation; previousHashRegexEscape = lib.escapeRegex x.previousHash;