Escape filename given to nix-shell in shebang mode
This prevents spaces or other metacharacters from causing nix-shell to execute the wrong path. Fixes #4229.
This commit is contained in:
parent
605bacdc92
commit
437189e446
|
@ -217,9 +217,9 @@ static void main_nix_build(int argc, char * * argv)
|
||||||
// read the shebang to understand which packages to read from. Since
|
// read the shebang to understand which packages to read from. Since
|
||||||
// this is handled via nix-shell -p, we wrap our ruby script execution
|
// this is handled via nix-shell -p, we wrap our ruby script execution
|
||||||
// in ruby -e 'load' which ignores the shebangs.
|
// in ruby -e 'load' which ignores the shebangs.
|
||||||
envCommand = (format("exec %1% %2% -e 'load(\"%3%\")' -- %4%") % execArgs % interpreter % script % joined.str()).str();
|
envCommand = (format("exec %1% %2% -e 'load(ARGV.shift)' -- %3% %4%") % execArgs % interpreter % shellEscape(script) % joined.str()).str();
|
||||||
} else {
|
} else {
|
||||||
envCommand = (format("exec %1% %2% %3% %4%") % execArgs % interpreter % script % joined.str()).str();
|
envCommand = (format("exec %1% %2% %3% %4%") % execArgs % interpreter % shellEscape(script) % joined.str()).str();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -47,6 +47,14 @@ chmod a+rx $TEST_ROOT/shell.shebang.sh
|
||||||
output=$($TEST_ROOT/shell.shebang.sh abc def)
|
output=$($TEST_ROOT/shell.shebang.sh abc def)
|
||||||
[ "$output" = "foo bar abc def" ]
|
[ "$output" = "foo bar abc def" ]
|
||||||
|
|
||||||
|
# Test nix-shell shebang mode again with metacharacters in the filename.
|
||||||
|
# First word of filename is chosen to not match any file in the test root.
|
||||||
|
sed -e "s|@ENV_PROG@|$(type -p env)|" shell.shebang.sh > $TEST_ROOT/spaced\ \\\'\"shell.shebang.sh
|
||||||
|
chmod a+rx $TEST_ROOT/spaced\ \\\'\"shell.shebang.sh
|
||||||
|
|
||||||
|
output=$($TEST_ROOT/spaced\ \\\'\"shell.shebang.sh abc def)
|
||||||
|
[ "$output" = "foo bar abc def" ]
|
||||||
|
|
||||||
# Test nix-shell shebang mode for ruby
|
# Test nix-shell shebang mode for ruby
|
||||||
# This uses a fake interpreter that returns the arguments passed
|
# This uses a fake interpreter that returns the arguments passed
|
||||||
# This, in turn, verifies the `rc` script is valid and the `load()` script (given using `-e`) is as expected.
|
# This, in turn, verifies the `rc` script is valid and the `load()` script (given using `-e`) is as expected.
|
||||||
|
@ -54,7 +62,15 @@ sed -e "s|@SHELL_PROG@|$(type -p nix-shell)|" shell.shebang.rb > $TEST_ROOT/shel
|
||||||
chmod a+rx $TEST_ROOT/shell.shebang.rb
|
chmod a+rx $TEST_ROOT/shell.shebang.rb
|
||||||
|
|
||||||
output=$($TEST_ROOT/shell.shebang.rb abc ruby)
|
output=$($TEST_ROOT/shell.shebang.rb abc ruby)
|
||||||
[ "$output" = '-e load("'"$TEST_ROOT"'/shell.shebang.rb") -- abc ruby' ]
|
[ "$output" = '-e load(ARGV.shift) -- '"$TEST_ROOT"'/shell.shebang.rb abc ruby' ]
|
||||||
|
|
||||||
|
# Test nix-shell shebang mode for ruby again with metacharacters in the filename.
|
||||||
|
# Note: fake interpreter only space-separates args without adding escapes to its output.
|
||||||
|
sed -e "s|@SHELL_PROG@|$(type -p nix-shell)|" shell.shebang.rb > $TEST_ROOT/spaced\ \\\'\"shell.shebang.rb
|
||||||
|
chmod a+rx $TEST_ROOT/spaced\ \\\'\"shell.shebang.rb
|
||||||
|
|
||||||
|
output=$($TEST_ROOT/spaced\ \\\'\"shell.shebang.rb abc ruby)
|
||||||
|
[ "$output" = '-e load(ARGV.shift) -- '"$TEST_ROOT"'/spaced \'\''"shell.shebang.rb abc ruby' ]
|
||||||
|
|
||||||
# Test 'nix develop'.
|
# Test 'nix develop'.
|
||||||
nix develop -f shell.nix shellDrv -c bash -c '[[ -n $stdenv ]]'
|
nix develop -f shell.nix shellDrv -c bash -c '[[ -n $stdenv ]]'
|
||||||
|
|
|
@ -50,7 +50,7 @@ let pkgs = rec {
|
||||||
# ruby "interpreter" that outputs "$@"
|
# ruby "interpreter" that outputs "$@"
|
||||||
ruby = runCommand "ruby" {} ''
|
ruby = runCommand "ruby" {} ''
|
||||||
mkdir -p $out/bin
|
mkdir -p $out/bin
|
||||||
echo 'printf -- "$*"' > $out/bin/ruby
|
echo 'printf %s "$*"' > $out/bin/ruby
|
||||||
chmod a+rx $out/bin/ruby
|
chmod a+rx $out/bin/ruby
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue