aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEelco Dolstra <edolstra@gmail.com>2021-01-20 10:00:10 +0100
committerGitHub <noreply@github.com>2021-01-20 10:00:10 +0100
commitd04d8463faba97164f21fc64780574561a954555 (patch)
tree49d9d33edf1fce5bbe4df519b069d621bf6c2adb
parentbc90252cec9af05b897cf209012d44a9b20ea251 (diff)
parent437189e446e16399d347e4430c4d115b4cf2ddf1 (diff)
Merge pull request #4281 from lilyball/shebang
Escape filename given to nix-shell in shebang mode
-rwxr-xr-xsrc/nix-build/nix-build.cc4
-rw-r--r--tests/nix-shell.sh18
-rw-r--r--tests/shell.nix2
3 files changed, 20 insertions, 4 deletions
diff --git a/src/nix-build/nix-build.cc b/src/nix-build/nix-build.cc
index 74fafd426..38048da52 100755
--- a/src/nix-build/nix-build.cc
+++ b/src/nix-build/nix-build.cc
@@ -217,9 +217,9 @@ static void main_nix_build(int argc, char * * argv)
// read the shebang to understand which packages to read from. Since
// this is handled via nix-shell -p, we wrap our ruby script execution
// in ruby -e 'load' which ignores the shebangs.
- envCommand = (format("exec %1% %2% -e 'load(\"%3%\")' -- %4%") % execArgs % interpreter % script % joined.str()).str();
+ envCommand = (format("exec %1% %2% -e 'load(ARGV.shift)' -- %3% %4%") % execArgs % interpreter % shellEscape(script) % joined.str()).str();
} else {
- envCommand = (format("exec %1% %2% %3% %4%") % execArgs % interpreter % script % joined.str()).str();
+ envCommand = (format("exec %1% %2% %3% %4%") % execArgs % interpreter % shellEscape(script) % joined.str()).str();
}
}
diff --git a/tests/nix-shell.sh b/tests/nix-shell.sh
index 7b2be650a..4775bafb9 100644
--- a/tests/nix-shell.sh
+++ b/tests/nix-shell.sh
@@ -47,6 +47,14 @@ chmod a+rx $TEST_ROOT/shell.shebang.sh
output=$($TEST_ROOT/shell.shebang.sh abc def)
[ "$output" = "foo bar abc def" ]
+# Test nix-shell shebang mode again with metacharacters in the filename.
+# First word of filename is chosen to not match any file in the test root.
+sed -e "s|@ENV_PROG@|$(type -p env)|" shell.shebang.sh > $TEST_ROOT/spaced\ \\\'\"shell.shebang.sh
+chmod a+rx $TEST_ROOT/spaced\ \\\'\"shell.shebang.sh
+
+output=$($TEST_ROOT/spaced\ \\\'\"shell.shebang.sh abc def)
+[ "$output" = "foo bar abc def" ]
+
# Test nix-shell shebang mode for ruby
# This uses a fake interpreter that returns the arguments passed
# This, in turn, verifies the `rc` script is valid and the `load()` script (given using `-e`) is as expected.
@@ -54,7 +62,15 @@ sed -e "s|@SHELL_PROG@|$(type -p nix-shell)|" shell.shebang.rb > $TEST_ROOT/shel
chmod a+rx $TEST_ROOT/shell.shebang.rb
output=$($TEST_ROOT/shell.shebang.rb abc ruby)
-[ "$output" = '-e load("'"$TEST_ROOT"'/shell.shebang.rb") -- abc ruby' ]
+[ "$output" = '-e load(ARGV.shift) -- '"$TEST_ROOT"'/shell.shebang.rb abc ruby' ]
+
+# Test nix-shell shebang mode for ruby again with metacharacters in the filename.
+# Note: fake interpreter only space-separates args without adding escapes to its output.
+sed -e "s|@SHELL_PROG@|$(type -p nix-shell)|" shell.shebang.rb > $TEST_ROOT/spaced\ \\\'\"shell.shebang.rb
+chmod a+rx $TEST_ROOT/spaced\ \\\'\"shell.shebang.rb
+
+output=$($TEST_ROOT/spaced\ \\\'\"shell.shebang.rb abc ruby)
+[ "$output" = '-e load(ARGV.shift) -- '"$TEST_ROOT"'/spaced \'\''"shell.shebang.rb abc ruby' ]
# Test 'nix develop'.
nix develop -f shell.nix shellDrv -c bash -c '[[ -n $stdenv ]]'
diff --git a/tests/shell.nix b/tests/shell.nix
index 6ce59b416..24ebcc04c 100644
--- a/tests/shell.nix
+++ b/tests/shell.nix
@@ -50,7 +50,7 @@ let pkgs = rec {
# ruby "interpreter" that outputs "$@"
ruby = runCommand "ruby" {} ''
mkdir -p $out/bin
- echo 'printf -- "$*"' > $out/bin/ruby
+ echo 'printf %s "$*"' > $out/bin/ruby
chmod a+rx $out/bin/ruby
'';