Use hashFile instead of nix-hash

Calling a shell command is a security hole if $path contains special
characters (e.g. "${foo}").  Observed in
http://hydra.nixos.org/build/4041321.
This commit is contained in:
Eelco Dolstra 2013-02-23 16:07:30 +01:00
parent 67986b03fa
commit aa7ddeb8e9

View file

@ -801,14 +801,8 @@ sub addBuildProducts {
if (-f $path) { if (-f $path) {
my $st = stat($path) or die "cannot stat $path: $!"; my $st = stat($path) or die "cannot stat $path: $!";
$fileSize = $st->size; $fileSize = $st->size;
$sha1 = hashFile("sha1", 0, $path);
$sha1 = `nix-hash --flat --type sha1 $path` $sha256 = hashFile("sha256", 0, $path);
or die "cannot hash $path: $?";;
chomp $sha1;
$sha256 = `nix-hash --flat --type sha256 $path`
or die "cannot hash $path: $?";;
chomp $sha256;
} }
my $name = $path eq $outPath ? "" : basename $path; my $name = $path eq $outPath ? "" : basename $path;