diff options
author | Timo Kaufmann <timokau@zoho.com> | 2018-07-15 09:58:47 +0200 |
---|---|---|
committer | Timo Kaufmann <timokau@zoho.com> | 2018-07-15 09:58:47 +0200 |
commit | 1ddab0efb1729a32fdea83cf757584a7ebf1e13a (patch) | |
tree | 657164513f903e9ea8066408e54f86eaccbcc607 | |
parent | aa6adfc324b44c840a488a4b0a5cd4c1c66f80c7 (diff) | |
download | nixlib-1ddab0efb1729a32fdea83cf757584a7ebf1e13a.tar nixlib-1ddab0efb1729a32fdea83cf757584a7ebf1e13a.tar.gz nixlib-1ddab0efb1729a32fdea83cf757584a7ebf1e13a.tar.bz2 nixlib-1ddab0efb1729a32fdea83cf757584a7ebf1e13a.tar.lz nixlib-1ddab0efb1729a32fdea83cf757584a7ebf1e13a.tar.xz nixlib-1ddab0efb1729a32fdea83cf757584a7ebf1e13a.tar.zst nixlib-1ddab0efb1729a32fdea83cf757584a7ebf1e13a.zip |
fetchpatch: escape excludes and includes
Excludes and includes are implemented by passing the parameters to the respective flags of `filterdiff`. Those were passed unescaped until now. Since those flags expect patterns (similar to shell globs), something like `/some/path/*` might be used to exclude or include all files in some path. Without escaping the shell would expand the `*`, leading to unexpected behaviour.
-rw-r--r-- | pkgs/build-support/fetchpatch/default.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/pkgs/build-support/fetchpatch/default.nix b/pkgs/build-support/fetchpatch/default.nix index 16343d626ce7..c8004fb8743c 100644 --- a/pkgs/build-support/fetchpatch/default.nix +++ b/pkgs/build-support/fetchpatch/default.nix @@ -23,8 +23,8 @@ fetchurl ({ --clean "$out" > "$tmpfile" ${patchutils}/bin/filterdiff \ -p1 \ - ${builtins.toString (builtins.map (x: "-x ${x}") excludes)} \ - ${builtins.toString (builtins.map (x: "-i ${x}") includes)} \ + ${builtins.toString (builtins.map (x: "-x ${lib.escapeShellArg x}") excludes)} \ + ${builtins.toString (builtins.map (x: "-i ${lib.escapeShellArg x}") includes)} \ "$tmpfile" > "$out" ${args.postFetch or ""} ''; |