| Commit message (Collapse) | Author | Age |
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Quoting various characters that the shell *may* interpret specially is a
very fragile thing to do.
I've used something more robust all over the place in various Nix
expression I've written just because I didn't trust escapeShellArg.
Here is a proof of concept showing that I was indeed right in
distrusting escapeShellArg:
with import <nixpkgs> {};
let
payload = runCommand "payload" {} ''
# \x00 is not allowed for Nix strings, so let's begin at 1
for i in $(seq 1 255); do
echo -en "\\x$(printf %02x $i)"
done > "$out"
'';
escapers = with lib; {
current = escapeShellArg;
better = arg: let
backslashEscapes = stringToCharacters "\"\\ ';$`()|<>\r\t*[]&!~#";
search = backslashEscapes ++ [ "\n" ];
replace = map (c: "\\${c}") backslashEscapes ++ [ "'\n'" ];
in replaceStrings search replace (toString arg);
best = arg: "'${replaceStrings ["'"] ["'\\''"] (toString arg)}'";
};
testWith = escaper: let
escaped = escaper (builtins.readFile payload);
in runCommand "test" {} ''
if ! r="$(bash -c ${escapers.best "echo -nE ${escaped}"} 2> /dev/null)"
then
echo bash eval error > "$out"
exit 0
fi
if echo -n "$r" | cmp -s "${payload}"; then
echo success > "$out"
else
echo failed > "$out"
fi
'';
in runCommand "results" {} ''
echo "Test results:"
${lib.concatStrings (lib.mapAttrsToList (name: impl: ''
echo " ${name}: $(< "${testWith impl}")"
'') escapers)}
exit 1
''
The resulting output is the following:
Test results:
best: success
better: success
current: bash eval error
I did the "better" implementation just to illustrate that the method of
quoting only "harmful" characters results in madness in terms of
implementation and performance.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @edolstra, @zimbatm
|
|\
| |
| | |
Escape all shell arguments uniformly
|
| | |
|
|/
|
|
|
| |
All these builtins are available since 1.10 or earlier (1.10 being the
lib/minver.nix)
|
|
|
|
| |
See https://github.com/NixOS/nixpkgs/commit/5445e521b6524587489c6968cc27347977b9b7b8#commitcomment-17531945
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| |
| |
| |
| | |
Comparison to master evaluations on Hydra:
- 1255515 for nixos
- 1255502 for nixpkgs
|
| | |
|
|\|
| |
| |
| |
| | |
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
|
| | |
|
|\| |
|
| | |
|
|\|
| |
| |
| |
| | |
TODO: there was more significant refactoring of qtbase and plasma 5.5
on master, and I'm deferring pointing to correct outputs to later.
|
| | |
|
|\| |
|
| | |
|
|\| |
|
| |
| |
| |
| | |
While the function itself is pretty easy, it's not straitforward to find a way to convert string to int with nix.
|
|\|
| |
| |
| | |
Many non-conflict problems weren't (fully) resolved in this commit yet.
|
| |
| |
| |
| |
| |
| |
| |
| | |
For example, this allows writing
nix.package = /nix/store/786mlvhd17xvcp2r4jmmay6jj4wj6b7f-nix-1.10pre4206_896428c;
Also, document types.package in the manual.
|
| | |
|
| |
| |
| |
| | |
It's no longer needed. Also clean up some comments.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|/ |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Example: configure rewrite rules for Mediawiki
RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
${concatMapStringsSep "\n" (u: "RewriteCond %{REQUEST_URI} !^${u.urlPath}") serverInfo.serverConfig.servedDirs}
RewriteRule ${if config.enableUploads
|
|
|
|
| |
Close #2883.
|
|
|
|
| |
It was discussed as a part of #2570.
|
|
|
|
| |
It was discussed as a part of #2570.
|
|
|
|
| |
Also clean up the name attribute of fetchzip derivations a bit.
|
| |
|
|
|