Use hashFile instead of nix-hash

Calling a shell command is a security hole if $path contains special characters (e.g. "${foo}"). Observed in http://hydra.nixos.org/build/4041321.
2013-02-23 16:07:30 +01:00 · 2013-02-23 16:07:30 +01:00 · aa7ddeb8e9
parent 67986b03fa
commit aa7ddeb8e9
1 changed files with 2 additions and 8 deletions
--- a/src/lib/Hydra/Helper/AddBuilds.pm
+++ b/src/lib/Hydra/Helper/AddBuilds.pm
@ -801,14 +801,8 @@ sub addBuildProducts {
                if (-f $path) {
                    my $st = stat($path) or die "cannot stat $path: $!";
                    $fileSize = $st->size;
-
-                    $sha1 = `nix-hash --flat --type sha1 $path`
-                        or die "cannot hash $path: $?";;
-                    chomp $sha1;
-
-                    $sha256 = `nix-hash --flat --type sha256 $path`
-                        or die "cannot hash $path: $?";;
-                    chomp $sha256;
+                    $sha1 = hashFile("sha1", 0, $path);
+                    $sha256 = hashFile("sha256", 0, $path);
                }

                my $name = $path eq $outPath ? "" : basename $path;