Merge pull request #171836 from ncfavier/escape-wrapper-args

Fix wrapper arguments escaping
This commit is contained in:
Thiago Kenji Okada 2022-05-12 21:55:06 +01:00 committed by GitHub
commit eae1669de5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
18 changed files with 28 additions and 24 deletions

View file

@ -39,7 +39,7 @@ bundlerApp {
postBuild = ''
wrapProgram $out/bin/image_optim \
--prefix PATH : ${makeBinPath optionalDepsPath}
--prefix PATH : ${lib.escapeShellArg (makeBinPath optionalDepsPath)}
'';
passthru.updateScript = bundlerUpdateScript "image_optim";

View file

@ -56,7 +56,7 @@ stdenv.mkDerivation rec {
preFixup = optionalString (tiffSupport || jpgSupport) ''
gappsWrapperArgs+=(
--prefix PATH : ${runtimePath}
--prefix PATH : ${lib.escapeShellArg runtimePath}
)
'';

View file

@ -75,7 +75,7 @@ stdenv.mkDerivation rec {
preFixup = ''
gappsWrapperArgs+=(
--prefix PURPLE_PLUGIN_PATH : ${pidgin.makePluginPath plugins}
--prefix PURPLE_PLUGIN_PATH : ${lib.escapeShellArg (pidgin.makePluginPath plugins)}
${lib.concatMapStringsSep " " (p: p.wrapArgs or "") plugins}
)
'';

View file

@ -44,7 +44,7 @@ python3Packages.buildPythonApplication rec {
dontBuild = true;
doCheck = false;
makeWrapperArgs = ["--prefix PATH : ${wrapperPath}"];
makeWrapperArgs = ["--prefix PATH : ${lib.escapeShellArg wrapperPath}"];
installPhase = ''
make DESTDIR=$out install

View file

@ -58,7 +58,7 @@ stdenv.mkDerivation rec {
--add-flags "-cp $out/share/java/jameica.jar:$out/share/jameica-${version}/* ${
lib.optionalString stdenv.isDarwin ''-Xdock:name="Jameica" -XstartOnFirstThread''
} de.willuhn.jameica.Main" \
--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath buildInputs} \
--prefix LD_LIBRARY_PATH : ${lib.escapeShellArg (lib.makeLibraryPath buildInputs)} \
--chdir "$out/share/java/"
'';

View file

@ -42,7 +42,7 @@ in stdenv.mkDerivation {
done
# Needed for at least the remote plugin server
for file in $out/bin/*; do
wrapProgram "$file" --prefix SOAPY_SDR_PLUGIN_PATH : ${extraPackagesSearchPath}
wrapProgram "$file" --prefix SOAPY_SDR_PLUGIN_PATH : ${lib.escapeShellArg extraPackagesSearchPath}
done
'';

View file

@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
preConfigure = ''
# Make custom kernels avaible from qucs-s
gappsWrapperArgs+=(--prefix PATH ":" ${lib.makeBinPath kernels})
gappsWrapperArgs+=(--prefix PATH ":" ${lib.escapeShellArg (lib.makeBinPath kernels)})
'';
QTDIR=qt4;

View file

@ -17,7 +17,7 @@ in symlinkJoin {
postBuild = ''
wrapProgram $out/bin/vdr \
--add-flags "-L $out/lib/vdr --localedir=$out/share/locale" \
--prefix XINE_PLUGIN_PATH ":" ${makeXinePluginPath requiredXinePlugins}
--prefix XINE_PLUGIN_PATH ":" ${lib.escapeShellArg (makeXinePluginPath requiredXinePlugins)}
'';
meta = with vdr.meta; {

View file

@ -76,5 +76,5 @@ in runCommand podman.name {
ln -s ${podman-unwrapped}/share $out/share
makeWrapper ${podman-unwrapped}/bin/podman $out/bin/podman \
--set CONTAINERS_HELPER_BINARY_DIR ${helpersBin}/bin \
--prefix PATH : ${binPath}
--prefix PATH : ${lib.escapeShellArg binPath}
''

View file

@ -28,17 +28,21 @@ stdenv.mkDerivation rec {
buildInputs = optional (contains_any scripts perlscripts) perl;
nativeBuildInputs = [ makeWrapper ];
postFixup = ''
postFixup = optionalString (elem "bandwidth" scripts) ''
wrapProgram $out/libexec/i3blocks/bandwidth \
--prefix PATH : ${makeBinPath (optional (elem "bandwidth" scripts) iproute2)}
--prefix PATH : ${makeBinPath [ iproute2 ]}
'' + optionalString (elem "battery" scripts) ''
wrapProgram $out/libexec/i3blocks/battery \
--prefix PATH : ${makeBinPath (optional (elem "battery" scripts) acpi)}
--prefix PATH : ${makeBinPath [ acpi ]}
'' + optionalString (elem "cpu_usage" scripts) ''
wrapProgram $out/libexec/i3blocks/cpu_usage \
--prefix PATH : ${makeBinPath (optional (elem "cpu_usage" scripts) sysstat)}
--prefix PATH : ${makeBinPath [ sysstat ]}
'' + optionalString (elem "iface" scripts) ''
wrapProgram $out/libexec/i3blocks/iface \
--prefix PATH : ${makeBinPath (optional (elem "iface" scripts) iproute2)}
--prefix PATH : ${makeBinPath [ iproute2 ]}
'' + optionalString (elem "volume" scripts) ''
wrapProgram $out/libexec/i3blocks/volume \
--prefix PATH : ${makeBinPath (optional (elem "volume" scripts) alsa-utils)}
--prefix PATH : ${makeBinPath [ alsa-utils ]}
'';
meta = with lib; {

View file

@ -7,7 +7,7 @@ stdenv.mkDerivation {
name = (appendToName "with-dicts" hunspell).name;
nativeBuildInputs = [ makeWrapper ];
buildCommand = ''
makeWrapper ${hunspell.bin}/bin/hunspell $out/bin/hunspell --prefix DICPATH : ${searchPath}
makeWrapper ${hunspell.bin}/bin/hunspell $out/bin/hunspell --prefix DICPATH : ${lib.escapeShellArg searchPath}
'';
meta = removeAttrs hunspell.meta ["outputsToInstall"];
}

View file

@ -7,7 +7,7 @@ stdenv.mkDerivation {
name = (appendToName "with-dicts" nuspell).name;
nativeBuildInputs = [ makeWrapper ];
buildCommand = ''
makeWrapper ${nuspell}/bin/nuspell $out/bin/nuspell --prefix DICPATH : ${searchPath}
makeWrapper ${nuspell}/bin/nuspell $out/bin/nuspell --prefix DICPATH : ${lib.escapeShellArg searchPath}
'';
meta = removeAttrs nuspell.meta ["outputsToInstall"];
}

View file

@ -12,7 +12,7 @@ let
${o.postInstall or ""}
mkdir -p $out/libexec
mv $out/bin/hci $out/libexec
makeWrapper $out/libexec/hci $out/bin/hci --prefix PATH : ${makeBinPath bundledBins}
makeWrapper $out/libexec/hci $out/bin/hci --prefix PATH : ${lib.escapeShellArg (makeBinPath bundledBins)}
'';
})
(addBuildDepends [ makeWrapper ] (justStaticExecutables haskellPackages.hercules-ci-cli));

View file

@ -12,7 +12,7 @@ let
${o.postInstall or ""}
mkdir -p $out/libexec
mv $out/bin/hercules-ci-agent $out/libexec
makeWrapper $out/libexec/hercules-ci-agent $out/bin/hercules-ci-agent --prefix PATH : ${makeBinPath bundledBins}
makeWrapper $out/libexec/hercules-ci-agent $out/bin/hercules-ci-agent --prefix PATH : ${lib.escapeShellArg (makeBinPath bundledBins)}
'';
})
(addBuildDepends [ makeWrapper ] (justStaticExecutables haskellPackages.hercules-ci-agent));

View file

@ -37,7 +37,7 @@ stdenv.mkDerivation {
'';
dontStrip = true;
postFixup = ''
wrapProgram $out/bin/sqitch --prefix PERL5LIB : ${perlPackages.makeFullPerlPath modules}
wrapProgram $out/bin/sqitch --prefix PERL5LIB : ${lib.escapeShellArg (perlPackages.makeFullPerlPath modules)}
'';
meta = {

View file

@ -32,9 +32,9 @@ stdenv.mkDerivation rec {
runHook postInstall
'';
postFixup = ''
postFixup = optionalString ffmpegSupport ''
wrapProgram $out/bin/navidrome \
--prefix PATH : ${makeBinPath (optional ffmpegSupport ffmpeg)}
--prefix PATH : ${makeBinPath [ ffmpeg ]}
'';
passthru.tests.navidrome = nixosTests.navidrome;

View file

@ -47,7 +47,7 @@ buildGoModule rec {
--set PUFFER_PANEL_EMAIL_TEMPLATES $out/share/pufferpanel/templates/emails.json \
--set GIN_MODE release \
--set PUFFER_PANEL_WEB_FILES $out/share/pufferpanel/www \
--prefix PATH : ${lib.makeBinPath pathDeps}
--prefix PATH : ${lib.escapeShellArg (lib.makeBinPath pathDeps)}
'';
meta = with lib; {

View file

@ -20,7 +20,7 @@ symlinkJoin {
postBuild = ''
for i in bin/emoji-picker libexec/ibus-{setup,engine}-typing-booster; do
wrapProgram "$out/$i" \
--prefix NIX_HUNSPELL_DIRS : ${hunspellDirs}
--prefix NIX_HUNSPELL_DIRS : ${lib.escapeShellArg hunspellDirs}
done
sed -i -e "s,${typing-booster},$out," $out/share/ibus/component/typing-booster.xml