diff options
Diffstat (limited to 'nixos/modules/system')
-rw-r--r-- | nixos/modules/system/activation/test.nix | 4 | ||||
-rw-r--r-- | nixos/modules/system/activation/top-level.nix | 23 |
2 files changed, 13 insertions, 14 deletions
diff --git a/nixos/modules/system/activation/test.nix b/nixos/modules/system/activation/test.nix index 8cf000451c6e3..fd251d5289579 100644 --- a/nixos/modules/system/activation/test.nix +++ b/nixos/modules/system/activation/test.nix @@ -5,7 +5,7 @@ }: let node-forbiddenDependencies-fail = nixos ({ ... }: { - system.forbiddenDependenciesRegex = "-dev$"; + system.forbiddenDependenciesRegexes = ["-dev$"]; environment.etc."dev-dependency" = { text = "${expect.dev}"; }; @@ -14,7 +14,7 @@ let boot.loader.grub.enable = false; }); node-forbiddenDependencies-succeed = nixos ({ ... }: { - system.forbiddenDependenciesRegex = "-dev$"; + system.forbiddenDependenciesRegexes = ["-dev$"]; system.extraDependencies = [ expect.dev ]; documentation.enable = false; fileSystems."/".device = "ignore-root-device"; diff --git a/nixos/modules/system/activation/top-level.nix b/nixos/modules/system/activation/top-level.nix index 4cf3012646fa3..ed0ece19f2fa2 100644 --- a/nixos/modules/system/activation/top-level.nix +++ b/nixos/modules/system/activation/top-level.nix @@ -86,6 +86,7 @@ in ../build.nix (mkRemovedOptionModule [ "nesting" "clone" ] "Use `specialisation.«name» = { inheritParentConfig = true; configuration = { ... }; }` instead.") (mkRemovedOptionModule [ "nesting" "children" ] "Use `specialisation.«name».configuration = { ... }` instead.") + (mkRenamedOptionModule [ "system" "forbiddenDependenciesRegex" ] [ "system" "forbiddenDependenciesRegexes" ]) ]; options = { @@ -160,12 +161,12 @@ in ''; }; - system.forbiddenDependenciesRegex = mkOption { - default = ""; - example = "-dev$"; - type = types.str; + system.forbiddenDependenciesRegexes = mkOption { + default = []; + example = ["-dev$"]; + type = types.listOf types.str; description = '' - A POSIX Extended Regular Expression that matches store paths that + POSIX Extended Regular Expressions that match store paths that should not appear in the system closure, with the exception of {option}`system.extraDependencies`, which is not checked. ''; }; @@ -289,15 +290,14 @@ in "$out/configuration.nix" '' + optionalString - (config.system.forbiddenDependenciesRegex != "") - '' - if [[ $forbiddenDependenciesRegex != "" && -n $closureInfo ]]; then - if forbiddenPaths="$(grep -E -- "$forbiddenDependenciesRegex" $closureInfo/store-paths)"; then + (config.system.forbiddenDependenciesRegexes != []) (lib.concatStringsSep "\n" (map (regex: '' + if [[ ${regex} != "" && -n $closureInfo ]]; then + if forbiddenPaths="$(grep -E -- "${regex}" $closureInfo/store-paths)"; then echo -e "System closure $out contains the following disallowed paths:\n$forbiddenPaths" exit 1 fi fi - ''; + '') config.system.forbiddenDependenciesRegexes)); system.systemBuilderArgs = { @@ -319,8 +319,7 @@ in # option, as opposed to `system.extraDependencies`. passedChecks = concatStringsSep " " config.system.checks; } - // lib.optionalAttrs (config.system.forbiddenDependenciesRegex != "") { - inherit (config.system) forbiddenDependenciesRegex; + // lib.optionalAttrs (config.system.forbiddenDependenciesRegexes != []) { closureInfo = pkgs.closureInfo { rootPaths = [ # override to avoid infinite recursion (and to allow using extraDependencies to add forbidden dependencies) (config.system.build.toplevel.overrideAttrs (_: { extraDependencies = []; closureInfo = null; })) |