nix-shell: clean up the tmpDir and escape variables

The problem fixed: each nix-shell invocation creates a new temporary
directory (`/tmp/nix-shell-*`) and never cleans up.

And while I'm here, shellescape all variables inlined into the rcfile.
See what might happen without escaping:

    $ export TZ="';echo pwned'"
    $ nix-shell -p hello --run hello
    pwned
    Hello, world!
This commit is contained in:
Albert Safin 2020-01-17 06:44:00 +00:00
parent 8b09105db3
commit f2a03acf3f

View file

@ -423,13 +423,18 @@ static void _main(int argc, char * * argv)
lose the current $PATH directories. */ lose the current $PATH directories. */
auto rcfile = (Path) tmpDir + "/rc"; auto rcfile = (Path) tmpDir + "/rc";
writeFile(rcfile, fmt( writeFile(rcfile, fmt(
(keepTmp ? "" : "rm -rf '%1%'; "s) + R"(_nix_shell_clean_tmpdir() { rm -rf %1%; }; )"s +
(keepTmp ?
"trap _nix_shell_clean_tmpdir EXIT; "
"exitHooks+=(_nix_shell_clean_tmpdir); "
"failureHooks+=(_nix_shell_clean_tmpdir); ":
"_nix_shell_clean_tmpdir; ") +
(pure ? "" : "[ -n \"$PS1\" ] && [ -e ~/.bashrc ] && source ~/.bashrc;") + (pure ? "" : "[ -n \"$PS1\" ] && [ -e ~/.bashrc ] && source ~/.bashrc;") +
"%2%" "%2%"
"dontAddDisableDepTrack=1; " "dontAddDisableDepTrack=1; "
"[ -e $stdenv/setup ] && source $stdenv/setup; " "[ -e $stdenv/setup ] && source $stdenv/setup; "
"%3%" "%3%"
"PATH=\"%4%:$PATH\"; " "PATH=%4%:\"$PATH\"; "
"SHELL=%5%; " "SHELL=%5%; "
"set +e; " "set +e; "
R"s([ -n "$PS1" ] && PS1='\n\[\033[1;32m\][nix-shell:\w]\$\[\033[0m\] '; )s" R"s([ -n "$PS1" ] && PS1='\n\[\033[1;32m\][nix-shell:\w]\$\[\033[0m\] '; )s"
@ -438,12 +443,12 @@ static void _main(int argc, char * * argv)
"shopt -u nullglob; " "shopt -u nullglob; "
"unset TZ; %6%" "unset TZ; %6%"
"%7%", "%7%",
(Path) tmpDir, shellEscape(tmpDir),
(pure ? "" : "p=$PATH; "), (pure ? "" : "p=$PATH; "),
(pure ? "" : "PATH=$PATH:$p; unset p; "), (pure ? "" : "PATH=$PATH:$p; unset p; "),
dirOf(*shell), shellEscape(dirOf(*shell)),
*shell, shellEscape(*shell),
(getenv("TZ") ? (string("export TZ='") + getenv("TZ") + "'; ") : ""), (getenv("TZ") ? (string("export TZ=") + shellEscape(getenv("TZ")) + "; ") : ""),
envCommand)); envCommand));
Strings envStrs; Strings envStrs;