nixos/version: validate system.stateVersion

2024-10-11 23:19:05 +03:00 · 2024-06-07 00:43:27 +02:00 · 2024-06-07 00:43:27 +02:00 · 03faf8f3bb
commit 03faf8f3bb
parent 6384cd9ba6
2 changed files with 49 additions and 2 deletions
--- a/nixos/doc/manual/release-notes/rl-2411.section.md
+++ b/nixos/doc/manual/release-notes/rl-2411.section.md
@ -45,6 +45,10 @@
 - `zx` was updated to v8, which introduces several breaking changes.
  See the [v8 changelog](https://github.com/google/zx/releases/tag/8.0.0) for more information.

+- `system.stateVersion` is now validated. If you never changed this yourself, you don't need to do anything. If your `stateVersion` is not a valid NixOS release version (e.g. "24.11" is valid),
+  your system was already at risk of experiencing silent incompatible state updates. If your previous value is a well-formed version but not a valid release (e.g. "23.12"),
+  round down to the nearest actual release. If it wasn't a well-formed version (e.g. "nixos-unstable"), set it to the version of NixOS that you originally installed.
+
 - The `portunus` package and service do not support weak password hashes anymore.
  If you installed Portunus on NixOS 23.11 or earlier, upgrade to NixOS 24.05 first to get support for strong password hashing.
  Then, follow the instructions on the [upstream release notes](https://github.com/majewsky/portunus/releases/tag/v2.0.0) to upgrade all existing user accounts to strong password hashes.
--- a/nixos/modules/misc/version.nix
+++ b/nixos/modules/misc/version.nix
@ -44,6 +44,49 @@ let
  };
  initrdRelease = pkgs.writeText "initrd-release" (attrsToText initrdReleaseContents);

+  checkRelease = version:
+    let
+      parts = lib.versions.splitVersion version;
+      isVersion = lib.length parts == 2 && lib.all (p: lib.stringLength p == 2) parts;
+      majorVersion = lib.toIntBase10 (lib.elemAt parts 0);
+      minorVersion = lib.elemAt parts 1;
+
+      versionPatterns = [
+        # only 13.10
+        { fromMajor = 13; minor = [ "10" ]; }
+        # 14.04 and 14.12
+        { fromMajor = 14; minor = [ "04" "12" ]; }
+        # only 15.09
+        { fromMajor = 15; minor = [ "09" ]; }
+        # 16.03 to 20.09
+        { fromMajor = 16; minor = [ "03" "09" ]; }
+        # from 21.05
+        { fromMajor = 21; minor = [ "05" "11" ]; }
+      ];
+
+      # find the versioning pattern that applies by looking for the first
+      # major version newer than `majorVersion`, and picking the previous pattern
+      patternIndex = lib.lists.findFirstIndex
+        ({ fromMajor, ... }: fromMajor > majorVersion)
+        (lib.length versionPatterns)
+        versionPatterns;
+
+      validMinorVersions =
+        if patternIndex == 0
+        then []
+        else (lib.elemAt versionPatterns (patternIndex - 1)).minor;
+
+      correctMinorVersion = lib.elem minorVersion validMinorVersions;
+      notNewerThanNixpkgs = lib.versionAtLeast trivial.release version;
+    in isVersion && correctMinorVersion && notNewerThanNixpkgs;
+
+  releaseType = types.addCheck
+    (types.strMatching "[[:digit:]]{2}\\.[[:digit:]]{2}")
+    checkRelease // {
+      name = "nixosRelease";
+      description = "NixOS release version, e.g. \"${trivial.release}\"";
+      descriptionClass = "nonRestrictiveClause";
+    };
 in
 {
  imports = [
@ -70,7 +113,7 @@ in

      release = mkOption {
        readOnly = true;
-        type = types.str;
+        type = releaseType;
        default = trivial.release;
        description = "The NixOS release (e.g. `16.03`).";
      };
@ -151,7 +194,7 @@ in
    };

    stateVersion = mkOption {
-      type = types.str;
+      type = releaseType;
      # TODO Remove this and drop the default of the option so people are forced to set it.
      # Doing this also means fixing the comment in nixos/modules/testing/test-instrumentation.nix
      apply = v: