forked from lix-project/hydra
Use hashFile instead of nix-hash
Calling a shell command is a security hole if $path contains special characters (e.g. "${foo}"). Observed in http://hydra.nixos.org/build/4041321.
This commit is contained in:
parent
67986b03fa
commit
aa7ddeb8e9
|
@ -801,14 +801,8 @@ sub addBuildProducts {
|
||||||
if (-f $path) {
|
if (-f $path) {
|
||||||
my $st = stat($path) or die "cannot stat $path: $!";
|
my $st = stat($path) or die "cannot stat $path: $!";
|
||||||
$fileSize = $st->size;
|
$fileSize = $st->size;
|
||||||
|
$sha1 = hashFile("sha1", 0, $path);
|
||||||
$sha1 = `nix-hash --flat --type sha1 $path`
|
$sha256 = hashFile("sha256", 0, $path);
|
||||||
or die "cannot hash $path: $?";;
|
|
||||||
chomp $sha1;
|
|
||||||
|
|
||||||
$sha256 = `nix-hash --flat --type sha256 $path`
|
|
||||||
or die "cannot hash $path: $?";;
|
|
||||||
chomp $sha256;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
my $name = $path eq $outPath ? "" : basename $path;
|
my $name = $path eq $outPath ? "" : basename $path;
|
||||||
|
|
Loading…
Reference in a new issue