Merge pull request #40947 from samueldr/fix/34779

dockerTools: fixes extraCommands for mkRootLayer.
author: lewo <lewo@abesis.fr> 2018-05-24 21:22:31 +0200
committer: GitHub <noreply@github.com> 2018-05-24 21:22:31 +0200
commit: 2e98e0c0032f4fb6630b76833309f108688f5955 (patch)
tree: 9d5b19c780cd75e8f990074c8333f10aab9e88b3 /pkgs/build-support/docker
parent: 2ce9d4f60cd1226eb3f57f08a102b8868e294918 (diff)
parent: 902b0593be857e4f19b9875638af6e854aa99a9b (diff)
download: nixpkgs-2e98e0c0032f4fb6630b76833309f108688f5955.tar
nixpkgs-2e98e0c0032f4fb6630b76833309f108688f5955.tar.gz
nixpkgs-2e98e0c0032f4fb6630b76833309f108688f5955.tar.bz2
nixpkgs-2e98e0c0032f4fb6630b76833309f108688f5955.tar.lz
nixpkgs-2e98e0c0032f4fb6630b76833309f108688f5955.tar.xz
nixpkgs-2e98e0c0032f4fb6630b76833309f108688f5955.tar.zst
nixpkgs-2e98e0c0032f4fb6630b76833309f108688f5955.zip
2 files changed, 16 insertions, 2 deletions
diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix
index 0aded149dd2..0e10ba036a0 100644
--- a/pkgs/build-support/docker/default.nix
+++ b/pkgs/build-support/docker/default.nix
@@ -352,7 +352,9 @@ rec {
     extraCommands ? ""
   }:
     # Generate an executable script from the `runAsRoot` text.
-    let runAsRootScript = shellScript "run-as-root.sh" runAsRoot;
+    let
+      runAsRootScript = shellScript "run-as-root.sh" runAsRoot;
+      extraCommandsScript = shellScript "extra-commands.sh" extraCommands;
     in runWithOverlay {
       name = "docker-layer-${name}";
 
@@ -390,7 +392,7 @@ rec {
       '';
 
       postUmount = ''
-        (cd layer; eval "${extraCommands}")
+        (cd layer; ${extraCommandsScript})
 
         echo "Packing layer..."
         mkdir $out
diff --git a/pkgs/build-support/docker/examples.nix b/pkgs/build-support/docker/examples.nix
index eb5b9fe36e4..ca7f7809379 100644
--- a/pkgs/build-support/docker/examples.nix
+++ b/pkgs/build-support/docker/examples.nix
@@ -124,4 +124,16 @@ rec {
     fromImage = nixFromDockerHub;
     contents = [ pkgs.hello ];
   };
+
+  # 8. regression test for erroneous use of eval and string expansion.
+  # See issue #34779 and PR #40947 for details.
+  runAsRootExtraCommands = pkgs.dockerTools.buildImage {
+    name = "runAsRootExtraCommands";
+    contents = [ pkgs.coreutils ];
+    # The parens here are to create problematic bash to embed and eval. In case
+    # this is *embedded* into the script (with nix expansion) the initial quotes
+    # will close the string and the following parens are unexpected
+    runAsRoot = ''echo "(runAsRoot)" > runAsRoot'';
+    extraCommands = ''echo "(extraCommand)" > extraCommands'';
+  };
 }
author	lewo <lewo@abesis.fr>	2018-05-24 21:22:31 +0200
committer	GitHub <noreply@github.com>	2018-05-24 21:22:31 +0200
commit	2e98e0c0032f4fb6630b76833309f108688f5955 (patch)
tree	9d5b19c780cd75e8f990074c8333f10aab9e88b3 /pkgs/build-support/docker
parent	2ce9d4f60cd1226eb3f57f08a102b8868e294918 (diff)
parent	902b0593be857e4f19b9875638af6e854aa99a9b (diff)
download	nixpkgs-2e98e0c0032f4fb6630b76833309f108688f5955.tar nixpkgs-2e98e0c0032f4fb6630b76833309f108688f5955.tar.gz nixpkgs-2e98e0c0032f4fb6630b76833309f108688f5955.tar.bz2 nixpkgs-2e98e0c0032f4fb6630b76833309f108688f5955.tar.lz nixpkgs-2e98e0c0032f4fb6630b76833309f108688f5955.tar.xz nixpkgs-2e98e0c0032f4fb6630b76833309f108688f5955.tar.zst nixpkgs-2e98e0c0032f4fb6630b76833309f108688f5955.zip