home-manager: verify username and home directory

The generation activation script should be run by the user specified
in `home.username` and `home.homeDirectory`. If some other user runs
the activation script, then files may end up in the wrong place or
with the wrong owner.

This commits adds a check early in the activation script that verifies
that the running user match the user in the configuration.

Fixes #4019

home-manager/po/home-manager.pot

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Home Manager\n"
 "Report-Msgid-Bugs-To: https://github.com/nix-community/home-manager/issues\n"
-"POT-Creation-Date: 2023-04-11 22:44+0200\n"
+"POT-Creation-Date: 2023-05-27 09:08+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"

modules/home-environment.nix

@@ -704,6 +704,9 @@ in
 
           ${builtins.readFile ./lib-bash/activation-init.sh}
 
+          checkUsername ${escapeShellArg config.home.username}
+          checkHomeDirectory ${escapeShellArg config.home.homeDirectory}
+
           ${activationCmds}
         '';
       in

modules/lib-bash/activation-init.sh

@@ -88,6 +88,24 @@ function setupVars() {
     fi
 }
 
+function checkUsername() {
+  local expectedUser="$1"
+
+  if [[ "$USER" != "$expectedUser" ]]; then
+    _iError 'Error: USER is set to "%s" but we expect "%s"' "$USER" "$expectedUser"
+    exit 1
+  fi
+}
+
+function checkHomeDirectory() {
+  local expectedHome="$1"
+
+  if ! [[ $HOME -ef $expectedHome ]]; then
+    _iError 'Error: HOME is set to "%s" but we expect "%s"' "$HOME" "$expectedHome"
+    exit 1
+  fi
+}
+
 if [[ -v VERBOSE ]]; then
     export VERBOSE_ECHO=echo
     export VERBOSE_ARG="--verbose"

modules/po/hm-modules.pot

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Home Manager Modules\n"
 "Report-Msgid-Bugs-To: https://github.com/nix-community/home-manager/issues\n"
-"POT-Creation-Date: 2023-04-11 22:44+0200\n"
+"POT-Creation-Date: 2023-05-27 09:08+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -33,7 +33,7 @@ msgstr ""
 msgid "No change so reusing latest profile generation %s"
 msgstr ""
 
-#: modules/home-environment.nix:625
+#: modules/home-environment.nix:627
 msgid ""
 "Oops, Nix failed to install your new Home Manager profile!\n"
 "\n"
@@ -49,7 +49,7 @@ msgid ""
 "Then try activating your Home Manager configuration again."
 msgstr ""
 
-#: modules/home-environment.nix:658
+#: modules/home-environment.nix:660
 msgid "Activating %s"
 msgstr ""
 
@@ -81,26 +81,34 @@ msgid ""
 "and trying home-manager switch again. Good luck!"
 msgstr ""
 
-#: modules/lib-bash/activation-init.sh:101
+#: modules/lib-bash/activation-init.sh:95
+msgid "Error: USER is set to \"%s\" but we expect \"%s\""
+msgstr ""
+
+#: modules/lib-bash/activation-init.sh:104
+msgid "Error: HOME is set to \"%s\" but we expect \"%s\""
+msgstr ""
+
+#: modules/lib-bash/activation-init.sh:119
 msgid "Starting Home Manager activation"
 msgstr ""
 
-#: modules/lib-bash/activation-init.sh:105
+#: modules/lib-bash/activation-init.sh:123
 msgid "Sanity checking Nix"
 msgstr ""
 
-#: modules/lib-bash/activation-init.sh:112
+#: modules/lib-bash/activation-init.sh:133
 msgid "This is a dry run"
 msgstr ""
 
-#: modules/lib-bash/activation-init.sh:116
+#: modules/lib-bash/activation-init.sh:137
 msgid "This is a live run"
 msgstr ""
 
-#: modules/lib-bash/activation-init.sh:122
+#: modules/lib-bash/activation-init.sh:143
 msgid "Using Nix version: %s"
 msgstr ""
 
-#: modules/lib-bash/activation-init.sh:125
+#: modules/lib-bash/activation-init.sh:146
 msgid "Activation variables:"
 msgstr ""