lib/types: check paths in pathWith with hasStorePathPrefix (#387304)

author: Johannes Kirschbauer <hsjobeki@gmail.com> 2025-04-21 10:45:23 +0200
committer: GitHub <noreply@github.com> 2025-04-21 10:45:23 +0200
commit: 013beed1db624778d03851236827c9658add109a (patch)
tree: 40ba9c6feebc7ce1e02c7575beaef6d9a92fc8cc /lib/types.nix
parent: cpuid: 20241023 -> 20250419 (#400300) (diff)
parent: lib/types: check paths in pathWith with hasStorePathPrefix (diff)
download: nixpkgs-013beed1db624778d03851236827c9658add109a.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/types.nix b/lib/types.nix
index 92cdb1491c7c..715da842ac01 100644
--- a/lib/types.nix
+++ b/lib/types.nix
@@ -678,7 +678,14 @@ let
             check =
               x:
               let
-                isInStore = builtins.match "${builtins.storeDir}/[^.].*" (toString x) != null;
+                isInStore = lib.path.hasStorePathPrefix (
+                  if builtins.isPath x then
+                    x
+                  # Discarding string context is necessary to convert the value to
+                  # a path and safe as the result is never used in any derivation.
+                  else
+                    /. + builtins.unsafeDiscardStringContext x
+                );
                 isAbsolute = builtins.substring 0 1 (toString x) == "/";
                 isExpectedType = (
                   if inStore == null || inStore then isStringLike x else isString x # Do not allow a true path, which could be copied to the store later on.
author	Johannes Kirschbauer <hsjobeki@gmail.com>	2025-04-21 10:45:23 +0200
committer	GitHub <noreply@github.com>	2025-04-21 10:45:23 +0200
commit	013beed1db624778d03851236827c9658add109a (patch)
tree	40ba9c6feebc7ce1e02c7575beaef6d9a92fc8cc /lib/types.nix
parent	cpuid: 20241023 -> 20250419 (#400300) (diff)
parent	lib/types: check paths in pathWith with hasStorePathPrefix (diff)
download	nixpkgs-013beed1db624778d03851236827c9658add109a.tar.gz