aboutsummaryrefslogtreecommitdiff
path: root/src/nix-build/nix-build.cc
diff options
context:
space:
mode:
authorAlbert Safin <xzfcpw@gmail.com>2020-01-17 06:44:00 +0000
committerAlbert Safin <xzfcpw@gmail.com>2020-02-19 14:28:49 +0000
commitf2a03acf3f42140f40fa5141b2b6ea94a554df64 (patch)
tree052d7b56d18eb8c1cac285df24bbd919ca04d252 /src/nix-build/nix-build.cc
parent8b09105db3869284ee7892f82155dda79f98d6e6 (diff)
nix-shell: clean up the tmpDir and escape variables
The problem fixed: each nix-shell invocation creates a new temporary directory (`/tmp/nix-shell-*`) and never cleans up. And while I'm here, shellescape all variables inlined into the rcfile. See what might happen without escaping: $ export TZ="';echo pwned'" $ nix-shell -p hello --run hello pwned Hello, world!
Diffstat (limited to 'src/nix-build/nix-build.cc')
-rwxr-xr-xsrc/nix-build/nix-build.cc17
1 files changed, 11 insertions, 6 deletions
diff --git a/src/nix-build/nix-build.cc b/src/nix-build/nix-build.cc
index 205165a4c..d9bec431e 100755
--- a/src/nix-build/nix-build.cc
+++ b/src/nix-build/nix-build.cc
@@ -423,13 +423,18 @@ static void _main(int argc, char * * argv)
lose the current $PATH directories. */
auto rcfile = (Path) tmpDir + "/rc";
writeFile(rcfile, fmt(
- (keepTmp ? "" : "rm -rf '%1%'; "s) +
+ R"(_nix_shell_clean_tmpdir() { rm -rf %1%; }; )"s +
+ (keepTmp ?
+ "trap _nix_shell_clean_tmpdir EXIT; "
+ "exitHooks+=(_nix_shell_clean_tmpdir); "
+ "failureHooks+=(_nix_shell_clean_tmpdir); ":
+ "_nix_shell_clean_tmpdir; ") +
(pure ? "" : "[ -n \"$PS1\" ] && [ -e ~/.bashrc ] && source ~/.bashrc;") +
"%2%"
"dontAddDisableDepTrack=1; "
"[ -e $stdenv/setup ] && source $stdenv/setup; "
"%3%"
- "PATH=\"%4%:$PATH\"; "
+ "PATH=%4%:\"$PATH\"; "
"SHELL=%5%; "
"set +e; "
R"s([ -n "$PS1" ] && PS1='\n\[\033[1;32m\][nix-shell:\w]\$\[\033[0m\] '; )s"
@@ -438,12 +443,12 @@ static void _main(int argc, char * * argv)
"shopt -u nullglob; "
"unset TZ; %6%"
"%7%",
- (Path) tmpDir,
+ shellEscape(tmpDir),
(pure ? "" : "p=$PATH; "),
(pure ? "" : "PATH=$PATH:$p; unset p; "),
- dirOf(*shell),
- *shell,
- (getenv("TZ") ? (string("export TZ='") + getenv("TZ") + "'; ") : ""),
+ shellEscape(dirOf(*shell)),
+ shellEscape(*shell),
+ (getenv("TZ") ? (string("export TZ=") + shellEscape(getenv("TZ")) + "; ") : ""),
envCommand));
Strings envStrs;