From 51104d8cdea5651507bb3a0b35c7c224a3c41b19 Mon Sep 17 00:00:00 2001 From: Samuel Dionne-Riel Date: Tue, 24 Mar 2020 22:29:10 -0400 Subject: [PATCH] mirror: Use shell-free calls when possible Passing a list of parameters to `system` automatically gives us peace of mind with regards to shell escaping. This is because it will not rely on a shell invocation to run the given parameters, but directly exec to it. The left-over shell invocations all use redirection. --- mirror-nixos-branch.pl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/mirror-nixos-branch.pl b/mirror-nixos-branch.pl index 85d05b2..d2e1140 100755 --- a/mirror-nixos-branch.pl +++ b/mirror-nixos-branch.pl @@ -236,12 +236,12 @@ if ($bucketReleases && $bucketReleases->head_key("$releasePrefix")) { File::Path::make_path("$tmpDir/unpack"); run("tar", "xfJ", "$tmpDir/nixexprs.tar.xz", "-C", "$tmpDir/unpack"); my $exprDir = glob("$tmpDir/unpack/*"); - run("generate-programs-index $filesCache $exprDir/programs.sqlite http://nix-cache.s3.amazonaws.com/ $tmpDir/store-paths $exprDir/nixpkgs"); - run("index-debuginfo $filesCache s3://nix-cache $tmpDir/store-paths"); - run("rm -f $tmpDir/nixexprs.tar.xz $exprDir/programs.sqlite-journal"); + run("generate-programs-index", "$filesCache", "$exprDir/programs.sqlite", "http://nix-cache.s3.amazonaws.com/", "$tmpDir/store-paths", "$exprDir/nixpkgs"); + run("index-debuginfo", "$filesCache", "s3://nix-cache", "$tmpDir/store-paths"); + run("rm", "-f", "$tmpDir/nixexprs.tar.xz", "$exprDir/programs.sqlite-journal"); unlink("$tmpDir/nixexprs.tar.xz.sha256"); run("tar", "cfJ", "$tmpDir/nixexprs.tar.xz", "-C", "$tmpDir/unpack", basename($exprDir)); - run("rm -rf $tmpDir/unpack"); + run("rm", "-rf", "$tmpDir/unpack"); } if (-e "$tmpDir/store-paths") {