fix(nix/writeTree): also shell escape path nodes

We allow strings with context that represent paths (since they qualify
as `pathLike`). While store path (names) may not contain any characters
that are meaningful in shell, they may contain directories and/or files
with such names since it's permissible in POSIX.

To fix this, we convert the given value `v` to a shell argument in two
stages:

1. Use `${v}` to coerce the value to a string while importing any
   necessary paths to store.
2. Escape the resulting string for use as an argument.

Change-Id: Ib989b50df2a921c2abcd1ebc7ca0ff6e2bb79088
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12898
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
This commit is contained in:
sterni 2024-12-20 13:43:58 +01:00 committed by clbot
parent de4004a8ea
commit 756e96499c

View file

@ -17,7 +17,7 @@ let
+ pipe tree [ + pipe tree [
(mapAttrsToList (k: v: (mapAttrsToList (k: v:
if isPathLike v then if isPathLike v then
"cp -R --reflink=auto ${v} \"$out/\"${esc path}/${esc k}" "cp -R --reflink=auto ${esc "${v}"} \"$out/\"${esc path}/${esc k}"
else if lib.isAttrs v then else if lib.isAttrs v then
writeTreeAtPath (path + "/" + k) v writeTreeAtPath (path + "/" + k) v
else else