search

divnix / std

A DevOps framework for the SDLC with the power of Nix and Flakes. Good for keeping deadlines!
https://std.divnix.com
377 stars 41 forks source link

fix: quoting of PRJ_PATH/fragment for installables #358

Closed kolloch closed 8 months ago

kolloch commented 8 months ago

https://github.com/divnix/std/issues/357

kolloch commented 8 months ago

I also enabled showing the actual command with set -x that might not be to your test.

The precommit hooks in the devshell also put the updated flake.locks into this commit. Not sure about that.

whs-dot-hk commented 8 months ago

I see the string created here https://github.com/paisano-nix/core/blob/3e897a19418361ece34841105122ed4f9379ca96/grow/newExtractFor.nix#L10

kolloch commented 8 months ago

@whs-dot-hk I am not quite sure what you are getting it.

Maybe somemore context on what I did with the fragment:

I am quoting the fragment for shell usage. That would actually mean that the string including the double quotes is passed to the nix command. Right now they are interpreted by bash, so that the string passed to the command does not contain the quotes anymore. That would make a difference, if anything in the path would contain spaces or other special characters, otherwise not so much. Still, I think it is generally good practice to quote things properly so that you don't even have to think about corner cases.

whs-dot-hk commented 8 months ago

I was trying to understand what is fragment, it seems that it means a flake fragment

I am not sure where to escape, but I think yours is a good place

Do other places in the code also need to change?

kolloch commented 8 months ago

Do other places in the code also need to change?

Hard to say.

❯ rg PRJ_ROOT
src/std/fwlib/_mkCommand.nix
27:          if test -z "$PRJ_ROOT"; then

src/std/fwlib/blockTypes/terra.nix
69:        dir="$PRJ_ROOT/${repoFolder}/.tf"
70:        mkdir -p "$PRJ_ROOT/${repoFolder}/.tf"
71:        cat << MESSAGE > "$PRJ_ROOT/${repoFolder}/.tf/readme.md"

src/std/fwlib/blockTypes/installables.nix
37:        nix profile install $PRJ_ROOT#${fragment}
41:        nix profile upgrade $PRJ_ROOT#${fragment}
45:        nix profile remove $PRJ_ROOT#${fragment}
50:        nix bundle --bundler github:Ninlives/relocatable.nix --refresh $PRJ_ROOT#${fragment}
54:        nix bundle --bundler github:NixOS/bundlers#toDockerImage --refresh $PRJ_ROOT#${fragment}
58:        nix bundle --bundler github:ralismark/nix-appimage --refresh $PRJ_ROOT#${fragment}

PRJ_ROOT itself looks good to me.

Otherwise one would need to go through all instances in which nix variables are injected into shell scripts (that are not just store paths) and escape them.