mirror: Use shell-free calls when possible

Passing a list of parameters to `system` automatically gives us peace of
mind with regards to shell escaping. This is because it will not rely on
a shell invocation to run the given parameters, but directly exec to it.

The left-over shell invocations all use redirection.
This commit is contained in:
Samuel Dionne-Riel 2020-03-24 22:29:10 -04:00
parent 0568ef3c4a
commit 51104d8cde

View file

@ -236,12 +236,12 @@ if ($bucketReleases && $bucketReleases->head_key("$releasePrefix")) {
File::Path::make_path("$tmpDir/unpack"); File::Path::make_path("$tmpDir/unpack");
run("tar", "xfJ", "$tmpDir/nixexprs.tar.xz", "-C", "$tmpDir/unpack"); run("tar", "xfJ", "$tmpDir/nixexprs.tar.xz", "-C", "$tmpDir/unpack");
my $exprDir = glob("$tmpDir/unpack/*"); my $exprDir = glob("$tmpDir/unpack/*");
run("generate-programs-index $filesCache $exprDir/programs.sqlite http://nix-cache.s3.amazonaws.com/ $tmpDir/store-paths $exprDir/nixpkgs"); run("generate-programs-index", "$filesCache", "$exprDir/programs.sqlite", "http://nix-cache.s3.amazonaws.com/", "$tmpDir/store-paths", "$exprDir/nixpkgs");
run("index-debuginfo $filesCache s3://nix-cache $tmpDir/store-paths"); run("index-debuginfo", "$filesCache", "s3://nix-cache", "$tmpDir/store-paths");
run("rm -f $tmpDir/nixexprs.tar.xz $exprDir/programs.sqlite-journal"); run("rm", "-f", "$tmpDir/nixexprs.tar.xz", "$exprDir/programs.sqlite-journal");
unlink("$tmpDir/nixexprs.tar.xz.sha256"); unlink("$tmpDir/nixexprs.tar.xz.sha256");
run("tar", "cfJ", "$tmpDir/nixexprs.tar.xz", "-C", "$tmpDir/unpack", basename($exprDir)); run("tar", "cfJ", "$tmpDir/nixexprs.tar.xz", "-C", "$tmpDir/unpack", basename($exprDir));
run("rm -rf $tmpDir/unpack"); run("rm", "-rf", "$tmpDir/unpack");
} }
if (-e "$tmpDir/store-paths") { if (-e "$tmpDir/store-paths") {