post-build-hook: docs fixup

author: Graham Christensen <graham@grahamc.com> 2019-08-06 14:26:43 -0400
committer: Graham Christensen <graham@grahamc.com> 2019-08-06 14:26:43 -0400
commit: 363a2f68261af73aefe4edead9c0526030751a27 (patch)
tree: 9f95ebcc8fab186194fde0f15b25eb8eaa219908 /doc/manual/advanced-topics/post-build-hook.xml
parent: 7c5596734f65b30b250ea73a423b40a4ce513fdf (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/doc/manual/advanced-topics/post-build-hook.xml b/doc/manual/advanced-topics/post-build-hook.xml
index 4335b308b..3dc43ee79 100644
--- a/doc/manual/advanced-topics/post-build-hook.xml
+++ b/doc/manual/advanced-topics/post-build-hook.xml
@@ -74,6 +74,8 @@ trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDS
 #!/bin/sh
 
 set -eu
+set -f # disable globbing
+export IFS=' '
 
 echo "Signing paths" $OUT_PATHS
 nix sign-paths --key-file /etc/nix/key.private $OUT_PATHS
@@ -88,8 +90,9 @@ exec nix copy --to 's3://example-nix-cache' $OUT_PATHS
       list of Nix store paths. In this case, we expect and want the
       shell to perform word splitting to make each output path its
       own argument to <command>nix sign-paths</command>. Nix guarantees
-      the paths will only contain characters which are safe for word
-      splitting, and free of any globs.
+      the paths will not contain any spaces, however a store path
+      might contain glob characters. The <command>set -f</command>
+      disables globbing in the shell.
     </para>
   </note>
   <para>
author	Graham Christensen <graham@grahamc.com>	2019-08-06 14:26:43 -0400
committer	Graham Christensen <graham@grahamc.com>	2019-08-06 14:26:43 -0400
commit	363a2f68261af73aefe4edead9c0526030751a27 (patch)
tree	9f95ebcc8fab186194fde0f15b25eb8eaa219908 /doc/manual/advanced-topics/post-build-hook.xml
parent	7c5596734f65b30b250ea73a423b40a4ce513fdf (diff)