nix-shell: stop using dynamic format strings!!

This was always a terrible idea independently of whether it crashes.
Stop doing it!

This commit was verified by running nix-shell on a trivial derivation
with --debug --verbose to get the vomit-level output of the shell rc
file and then diffing it before/after this change. I have reasonable
confidence it did not regress anything, though this code is genuinely
really hard to follow (which is a second reason that I split it into two
fmt calls).

Fixes: lix-project/lix#533
Change-Id: I8e11ddbece2b12749fda13efe0b587a71b00bfe5

src/legacy/nix-build.cc

@@ -490,42 +490,51 @@ static void main_nix_build(int argc, char * * argv)
            environment variables and shell functions.  Also don't
            lose the current $PATH directories. */
         auto rcfile = (Path) tmpDir + "/rc";
+        auto tz = getEnv("TZ");
         std::string rc = fmt(
-                R"(_nix_shell_clean_tmpdir() { command rm -rf %1%; }; )"s +
+            R"(_nix_shell_clean_tmpdir() { command rm -rf %1%; }; )"
-                (keepTmp ?
+            "%2%"
-                    "trap _nix_shell_clean_tmpdir EXIT; "
+            "%3%"
-                    "exitHooks+=(_nix_shell_clean_tmpdir); "
+            // always clear PATH.
-                    "failureHooks+=(_nix_shell_clean_tmpdir); ":
+            // when nix-shell is run impure, we rehydrate it with the `p=$PATH` above
-                    "_nix_shell_clean_tmpdir; ") +
+            "unset PATH;"
-                (pure ? "" : "[ -n \"$PS1\" ] && [ -e ~/.bashrc ] && source ~/.bashrc;") +
+            "dontAddDisableDepTrack=1;\n",
-                "%2%"
+            shellEscape(tmpDir),
-                // always clear PATH.
+            (keepTmp
-                // when nix-shell is run impure, we rehydrate it with the `p=$PATH` above
+                ? "trap _nix_shell_clean_tmpdir EXIT; "
-                "unset PATH;"
+                  "exitHooks+=(_nix_shell_clean_tmpdir); "
-                "dontAddDisableDepTrack=1;\n"
+                  "failureHooks+=(_nix_shell_clean_tmpdir); "
-                + structuredAttrsRC +
+                : "_nix_shell_clean_tmpdir; "),
-                "\n[ -e $stdenv/setup ] && source $stdenv/setup; "
+            (pure
-                "%3%"
+                ? ""
-                "PATH=%4%:\"$PATH\"; "
+                : "[ -n \"$PS1\" ] && [ -e ~/.bashrc ] && source ~/.bashrc; p=$PATH; ")
-                "SHELL=%5%; "
+        );
-                "BASH=%5%; "
+        rc += structuredAttrsRC;
-                "set +e; "
+        rc += fmt(
-                R"s([ -n "$PS1" -a -z "$NIX_SHELL_PRESERVE_PROMPT" ] && )s" +
+            "\n[ -e $stdenv/setup ] && source $stdenv/setup; "
-                (getuid() == 0 ? R"s(PS1='\n\[\033[1;31m\][nix-shell:\w]\$\[\033[0m\] '; )s"
+            "%1%"
-                               : R"s(PS1='\n\[\033[1;32m\][nix-shell:\w]\$\[\033[0m\] '; )s") +
+            "PATH=%2%:\"$PATH\"; "
-                "if [ \"$(type -t runHook)\" = function ]; then runHook shellHook; fi; "
+            "SHELL=%3%; "
-                "unset NIX_ENFORCE_PURITY; "
+            "BASH=%3%; "
-                "shopt -u nullglob; "
+            "set +e; "
-                "unset TZ; %6%"
+            R"s([ -n "$PS1" -a -z "$NIX_SHELL_PRESERVE_PROMPT" ] && )s"
-                "shopt -s execfail;"
+            "%4%"
-                "%7%",
+            "if [ \"$(type -t runHook)\" = function ]; then runHook shellHook; fi; "
-                shellEscape(tmpDir),
+            "unset NIX_ENFORCE_PURITY; "
-                (pure ? "" : "p=$PATH; "),
+            "shopt -u nullglob; "
-                (pure ? "" : "PATH=$PATH:$p; unset p; "),
+            "unset TZ; %5%"
-                shellEscape(dirOf(*shell)),
+            "shopt -s execfail;"
-                shellEscape(*shell),
+            "%6%",
-                (getenv("TZ") ? (std::string("export TZ=") + shellEscape(getenv("TZ")) + "; ") : ""),
+            (pure ? "" : "PATH=$PATH:$p; unset p; "),
-                envCommand);
+            shellEscape(dirOf(*shell)),
+            shellEscape(*shell),
+            (getuid() == 0 ? R"s(PS1='\n\[\033[1;31m\][nix-shell:\w]\$\[\033[0m\] '; )s"
+                           : R"s(PS1='\n\[\033[1;32m\][nix-shell:\w]\$\[\033[0m\] '; )s"),
+            (tz.has_value()
+                ? (std::string("export TZ=") + shellEscape(*tz) + "; ")
+                : ""),
+            envCommand
+        );
         vomit("Sourcing nix-shell with file %s and contents:\n%s", rcfile, rc);
         writeFile(rcfile, rc);
 

tests/functional/meson.build

@@ -115,6 +115,7 @@ functional_tests_scripts = [
   'check.sh',
   'nix-shell/basic.sh',
   'nix-shell/structured-attrs.sh',
+  'nix-shell/regression-533.sh',
   'check-refs.sh',
   'build-remote-input-addressed.sh',
   'secure-drv-outputs.sh',

tests/functional/nix-shell/regression-533.sh

@@ -0,0 +1,18 @@
+source ../common.sh
+
+clearStore
+
+evil=$(cat <<-'EOF'
+builtins.derivation {
+  name = "evil-kbity";
+  system = "x86_64-darwin";
+  builder = "/bin/sh";
+  args = [ "-c" "> $out" ];
+  __structuredAttrs = true;
+  env.oops = "lol %s";
+}
+EOF
+)
+
+# This should not crash
+nix-shell --expr "$evil" --run 'echo yay' | grepQuiet yay