mirror: Use shell-free calls when possible
Passing a list of parameters to `system` automatically gives us peace of mind with regards to shell escaping. This is because it will not rely on a shell invocation to run the given parameters, but directly exec to it. The left-over shell invocations all use redirection.
This commit is contained in:
parent
0568ef3c4a
commit
51104d8cde
|
@ -236,12 +236,12 @@ if ($bucketReleases && $bucketReleases->head_key("$releasePrefix")) {
|
||||||
File::Path::make_path("$tmpDir/unpack");
|
File::Path::make_path("$tmpDir/unpack");
|
||||||
run("tar", "xfJ", "$tmpDir/nixexprs.tar.xz", "-C", "$tmpDir/unpack");
|
run("tar", "xfJ", "$tmpDir/nixexprs.tar.xz", "-C", "$tmpDir/unpack");
|
||||||
my $exprDir = glob("$tmpDir/unpack/*");
|
my $exprDir = glob("$tmpDir/unpack/*");
|
||||||
run("generate-programs-index $filesCache $exprDir/programs.sqlite http://nix-cache.s3.amazonaws.com/ $tmpDir/store-paths $exprDir/nixpkgs");
|
run("generate-programs-index", "$filesCache", "$exprDir/programs.sqlite", "http://nix-cache.s3.amazonaws.com/", "$tmpDir/store-paths", "$exprDir/nixpkgs");
|
||||||
run("index-debuginfo $filesCache s3://nix-cache $tmpDir/store-paths");
|
run("index-debuginfo", "$filesCache", "s3://nix-cache", "$tmpDir/store-paths");
|
||||||
run("rm -f $tmpDir/nixexprs.tar.xz $exprDir/programs.sqlite-journal");
|
run("rm", "-f", "$tmpDir/nixexprs.tar.xz", "$exprDir/programs.sqlite-journal");
|
||||||
unlink("$tmpDir/nixexprs.tar.xz.sha256");
|
unlink("$tmpDir/nixexprs.tar.xz.sha256");
|
||||||
run("tar", "cfJ", "$tmpDir/nixexprs.tar.xz", "-C", "$tmpDir/unpack", basename($exprDir));
|
run("tar", "cfJ", "$tmpDir/nixexprs.tar.xz", "-C", "$tmpDir/unpack", basename($exprDir));
|
||||||
run("rm -rf $tmpDir/unpack");
|
run("rm", "-rf", "$tmpDir/unpack");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (-e "$tmpDir/store-paths") {
|
if (-e "$tmpDir/store-paths") {
|
||||||
|
|
Loading…
Reference in a new issue