Escape all shell arguments uniformly
This commit is contained in:
parent
852e9c3096
commit
28fa4a2f03
|
@ -213,7 +213,16 @@ rec {
|
||||||
escapeShellArg "so([<>])me"
|
escapeShellArg "so([<>])me"
|
||||||
=> "so\\(\\[\\<\\>\\]\\)me"
|
=> "so\\(\\[\\<\\>\\]\\)me"
|
||||||
*/
|
*/
|
||||||
escapeShellArg = lib.escape (stringToCharacters "\\ ';$`()|<>\t*[]");
|
escapeShellArg = arg:
|
||||||
|
lib.escape (stringToCharacters "\\ ';$`()|<>\t*[]") (toString arg);
|
||||||
|
|
||||||
|
/* Escape all arguments to be passed to the Bourne shell.
|
||||||
|
|
||||||
|
Example:
|
||||||
|
escapeShellArgs ["one" "two three"]
|
||||||
|
=> "one two\\ three"
|
||||||
|
*/
|
||||||
|
escapeShellArgs = concatMapStringsSep " " escapeShellArg;
|
||||||
|
|
||||||
/* Obsolete - use replaceStrings instead. */
|
/* Obsolete - use replaceStrings instead. */
|
||||||
replaceChars = builtins.replaceStrings or (
|
replaceChars = builtins.replaceStrings or (
|
||||||
|
|
|
@ -187,7 +187,7 @@ in
|
||||||
script = ''
|
script = ''
|
||||||
cd '${cpath}'
|
cd '${cpath}'
|
||||||
set +e
|
set +e
|
||||||
simp_le ${concatMapStringsSep " " (arg: escapeShellArg (toString arg)) cmdline}
|
simp_le ${escapeShellArgs cmdline}
|
||||||
EXITCODE=$?
|
EXITCODE=$?
|
||||||
set -e
|
set -e
|
||||||
echo "$EXITCODE" > /tmp/lastExitCode
|
echo "$EXITCODE" > /tmp/lastExitCode
|
||||||
|
|
|
@ -101,7 +101,7 @@ in {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${pkgs.opendkim}/bin/opendkim ${concatMapStringsSep " " escapeShellArg args}";
|
ExecStart = "${pkgs.opendkim}/bin/opendkim ${escapeShellArgs args}";
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
Group = cfg.group;
|
Group = cfg.group;
|
||||||
RuntimeDirectory = optional (cfg.socket == defaultSock) "opendkim";
|
RuntimeDirectory = optional (cfg.socket == defaultSock) "opendkim";
|
||||||
|
|
|
@ -152,8 +152,6 @@ let
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
mkShellStr = val: "'${replaceStrings ["'"] ["'\\''"] val}'";
|
|
||||||
|
|
||||||
certtool = "${pkgs.gnutls.bin}/bin/certtool";
|
certtool = "${pkgs.gnutls.bin}/bin/certtool";
|
||||||
|
|
||||||
nixos-taskserver = pkgs.buildPythonPackage {
|
nixos-taskserver = pkgs.buildPythonPackage {
|
||||||
|
|
|
@ -13,7 +13,7 @@ let
|
||||||
|
|
||||||
ectl = ''${cfg.package}/bin/ejabberdctl ${if cfg.configFile == null then "" else "--config ${cfg.configFile}"} --ctl-config "${ctlcfg}" --spool "${cfg.spoolDir}" --logs "${cfg.logsDir}"'';
|
ectl = ''${cfg.package}/bin/ejabberdctl ${if cfg.configFile == null then "" else "--config ${cfg.configFile}"} --ctl-config "${ctlcfg}" --spool "${cfg.spoolDir}" --logs "${cfg.logsDir}"'';
|
||||||
|
|
||||||
dumps = lib.concatMapStringsSep " " lib.escapeShellArg cfg.loadDumps;
|
dumps = lib.escapeShellArgs cfg.loadDumps;
|
||||||
|
|
||||||
in {
|
in {
|
||||||
|
|
||||||
|
|
|
@ -71,8 +71,6 @@ let
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
shellEscape = x: "'${replaceChars ["'"] [("'\\'" + "'")] x}'";
|
|
||||||
|
|
||||||
loopForever = "while :; do ${coreutils}/bin/sleep 1; done";
|
loopForever = "while :; do ${coreutils}/bin/sleep 1; done";
|
||||||
|
|
||||||
initScript = writeScript "init.sh" (''
|
initScript = writeScript "init.sh" (''
|
||||||
|
@ -132,7 +130,7 @@ let
|
||||||
-o StrictHostKeyChecking=no \
|
-o StrictHostKeyChecking=no \
|
||||||
-i /ssh.key \
|
-i /ssh.key \
|
||||||
-l Administrator \
|
-l Administrator \
|
||||||
192.168.0.1 -- ${shellEscape command}
|
192.168.0.1 -- ${lib.escapeShellArg command}
|
||||||
'') + optionalString (suspendTo != null) ''
|
'') + optionalString (suspendTo != null) ''
|
||||||
${coreutils}/bin/touch /xchg/suspend_now
|
${coreutils}/bin/touch /xchg/suspend_now
|
||||||
${loopForever}
|
${loopForever}
|
||||||
|
|
|
@ -16,8 +16,6 @@
|
||||||
}@args:
|
}@args:
|
||||||
|
|
||||||
let
|
let
|
||||||
|
|
||||||
shellEscape = x: "'${lib.replaceChars ["'"] [("'\\'" + "'")] x}'";
|
|
||||||
importedGemset = import gemset;
|
importedGemset = import gemset;
|
||||||
filteredGemset = (lib.filterAttrs (name: attrs:
|
filteredGemset = (lib.filterAttrs (name: attrs:
|
||||||
if (builtins.hasAttr "groups" attrs)
|
if (builtins.hasAttr "groups" attrs)
|
||||||
|
@ -58,8 +56,8 @@ let
|
||||||
"${confFiles}/Gemfile" \
|
"${confFiles}/Gemfile" \
|
||||||
"$out/${ruby.gemPath}" \
|
"$out/${ruby.gemPath}" \
|
||||||
"${bundler}/${ruby.gemPath}" \
|
"${bundler}/${ruby.gemPath}" \
|
||||||
${shellEscape (toString envPaths)} \
|
${lib.escapeShellArg envPaths} \
|
||||||
${shellEscape (toString groups)}
|
${lib.escapeShellArg groups}
|
||||||
'' + lib.optionalString (postBuild != null) postBuild;
|
'' + lib.optionalString (postBuild != null) postBuild;
|
||||||
passthru = rec {
|
passthru = rec {
|
||||||
inherit ruby bundler meta gems;
|
inherit ruby bundler meta gems;
|
||||||
|
|
|
@ -18,8 +18,8 @@
|
||||||
# Normal gem packages can be used outside of bundler; a binstub is created in
|
# Normal gem packages can be used outside of bundler; a binstub is created in
|
||||||
# $out/bin.
|
# $out/bin.
|
||||||
|
|
||||||
{ lib, ruby, bundler, fetchurl, fetchgit, makeWrapper, git,
|
{ lib, fetchurl, fetchgit, makeWrapper, git, darwin
|
||||||
buildRubyGem, darwin
|
, ruby, bundler
|
||||||
} @ defs:
|
} @ defs:
|
||||||
|
|
||||||
lib.makeOverridable (
|
lib.makeOverridable (
|
||||||
|
@ -53,7 +53,6 @@ lib.makeOverridable (
|
||||||
, ...} @ attrs:
|
, ...} @ attrs:
|
||||||
|
|
||||||
let
|
let
|
||||||
shellEscape = x: "'${lib.replaceChars ["'"] [("'\\'" + "'")] x}'";
|
|
||||||
src = attrs.src or (
|
src = attrs.src or (
|
||||||
if type == "gem" then
|
if type == "gem" then
|
||||||
fetchurl {
|
fetchurl {
|
||||||
|
@ -165,7 +164,7 @@ stdenv.mkDerivation (attrs // {
|
||||||
${src} \
|
${src} \
|
||||||
${attrs.rev} \
|
${attrs.rev} \
|
||||||
${version} \
|
${version} \
|
||||||
${shellEscape (toString buildFlags)}
|
${lib.escapeShellArgs buildFlags}
|
||||||
''}
|
''}
|
||||||
|
|
||||||
${lib.optionalString (type == "gem") ''
|
${lib.optionalString (type == "gem") ''
|
||||||
|
|
|
@ -37,7 +37,6 @@
|
||||||
# that point into the user's profile.
|
# that point into the user's profile.
|
||||||
|
|
||||||
let
|
let
|
||||||
shellEscape = x: "'${lib.replaceChars ["'"] [("'\\'" + "'")] x}'";
|
|
||||||
installer = writeScript "xquartz-install" ''
|
installer = writeScript "xquartz-install" ''
|
||||||
NIX_LINK=$HOME/.nix-profile
|
NIX_LINK=$HOME/.nix-profile
|
||||||
|
|
||||||
|
@ -138,7 +137,7 @@ in stdenv.mkDerivation {
|
||||||
defaultStartX="$out/bin/startx -- $out/bin/Xquartz"
|
defaultStartX="$out/bin/startx -- $out/bin/Xquartz"
|
||||||
|
|
||||||
ruby ${./patch_plist.rb} \
|
ruby ${./patch_plist.rb} \
|
||||||
${shellEscape (builtins.toXML {
|
${lib.escapeShellArg (builtins.toXML {
|
||||||
XQUARTZ_DEFAULT_CLIENT = "${xterm}/bin/xterm";
|
XQUARTZ_DEFAULT_CLIENT = "${xterm}/bin/xterm";
|
||||||
XQUARTZ_DEFAULT_SHELL = "${shell}";
|
XQUARTZ_DEFAULT_SHELL = "${shell}";
|
||||||
XQUARTZ_DEFAULT_STARTX = "@STARTX@";
|
XQUARTZ_DEFAULT_STARTX = "@STARTX@";
|
||||||
|
|
Loading…
Reference in New Issue