tree-wise: quote path correctlys

2025-04-08 16:55:42 +02:00
parent 329d3d7e8b
commit 8f806681d7
3 changed files with 20 additions and 16 deletions
--- a/disk-deactivate/disk-deactivate.jq
+++ b/disk-deactivate/disk-deactivate.jq
@@ -1,20 +1,25 @@
+def shellquote:
+  gsub("'"; "''\\''") |
+  "'" + . + "'"
+;
+
 # since lsblk lacks zfs support, we have to do it this way
 def remove:
  if .fstype == "zfs_member" then
    "if type zpool >/dev/null; then zpool destroy -f \(.label); zpool labelclear -f \(.label); fi"
  elif .fstype == "LVM2_member" then
    [
-      "vg=$(pvs \(.path) --noheadings --options vg_name | grep -o '[a-zA-Z0-9-]*')",
+      "vg=$(pvs \(.path | shellquote) --noheadings --options vg_name | grep -o '[a-zA-Z0-9-]*')",
      "vgchange -a n \"$vg\"",
      "vgremove -f \"$vg\""
    ]
  elif .fstype == "swap" then
-    "swapoff \(.path)"
+    "swapoff \(.path | shellquote)"
  elif .fstype == null then
    # maybe its zfs
    [
      # the next line has some horrible escaping
-      "zpool=$(if type zdb >/dev/null; then zdb -l \(.path) | sed -nr $'s/ +name: \\'(.*)\\'/\\\\1/p'; fi)",
+      "zpool=$(if type zdb >/dev/null; then zdb -l \(.path | shellquote) | sed -nr $'s/ +name: \\'(.*)\\'/\\\\1/p'; fi)",
      "if [[ -n \"${zpool}\" ]]; then zpool destroy -f \"$zpool\"; zpool labelclear -f \"$zpool\"; fi",
      "unset zpool"
    ]
@@ -27,25 +32,25 @@ def deactivate:
  if .type == "disk" or .type == "loop" then
    [
      # If this disk is a member of raid, stop that raid
-      "md_dev=$(lsblk \(.path) -l -p -o type,name | awk 'match($1,\"raid.*\") {print $2}')",
+      "md_dev=$(lsblk \(.path | shellquote) -l -p -o type,name | awk 'match($1,\"raid.*\") {print $2}')",
      "if [[ -n \"${md_dev}\" ]]; then umount \"$md_dev\"; mdadm --stop \"$md_dev\"; fi",
      # Remove all file-systems and other magic strings
-      "wipefs --all -f \(.path)",
+      "wipefs --all -f \(.path | shellquote)",
      # Remove the MBR bootstrap code
-      "dd if=/dev/zero of=\(.path) bs=440 count=1"
+      "dd if=/dev/zero of=\(.path | shellquote) bs=440 count=1"
    ]
  elif .type == "part" then
    [
-      "wipefs --all -f \(.path)"
+      "wipefs --all -f \(.path | shellquote)"
    ]
  elif .type == "crypt" then
    [
-      "cryptsetup luksClose \(.path)",
-      "wipefs --all -f \(.path)"
+      "cryptsetup luksClose \(.path | shellquote)",
+      "wipefs --all -f \(.path | shellquote)"
    ]
  elif .type == "swap" then
    [
-      "swapoff \(.path)"
+      "swapoff \(.path | shellquote)"
    ]
  elif .type == "lvm" then
    (.name | split("-")[0]) as $vgname |
@@ -55,7 +60,7 @@ def deactivate:
    ]
  elif (.type | contains("raid")) then
    [
-      "mdadm --stop \(.name)"
+      "mdadm --stop \(.name | shellquote)"
    ]
  else
    ["echo Warning: unknown type '\(.type)'. Consider handling this in https://github.com/nix-community/disko/blob/master/disk-deactivate/disk-deactivate.jq"]
@@ -64,7 +69,7 @@ def deactivate:

 def walk:
  [
-    (.mountpoints[] | select(. != null) | "umount -R \(.)"),
+    (.mountpoints[] | select(. != null) | "umount -R (. | shellquote)"),
    ((.children // []) | map(walk)),
    remove,
    deactivate
@@ -87,4 +92,3 @@ def init:
 ;

 .blockdevices | map(init) | flatten | join("\n")
-
--- a/lib/make-disk-image.nix
+++ b/lib/make-disk-image.nix
@@ -145,7 +145,7 @@ let
    time xargs cp --recursive --target ${systemToInstall.config.disko.rootMountPoint}/nix/store < ${closureInfo}/store-paths

    ${systemToInstall.config.system.build.nixos-install}/bin/nixos-install --root ${systemToInstall.config.disko.rootMountPoint} --system ${systemToInstall.config.system.build.toplevel} --keep-going --no-channel-copy -v --no-root-password --option binary-caches ""
-    umount -Rv ${systemToInstall.config.disko.rootMountPoint}
+    umount -Rv ${lib.escapeShellArg systemToInstall.config.disko.rootMountPoint}
  '';

  QEMU_OPTS = lib.concatStringsSep " " (
--- a/lib/types/btrfs.nix
+++ b/lib/types/btrfs.nix
@@ -160,7 +160,7 @@ in
              (
                MNTPOINT=$(mktemp -d)
                mount ${device} "$MNTPOINT" -o subvol=/
-                trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
+                trap 'umount "$MNTPOINT"; rm -rf "$MNTPOINT"' EXIT
                ${swapCreate "$MNTPOINT" config.swap}
              )
            ''}
@@ -168,7 +168,7 @@ in
              (
                MNTPOINT=$(mktemp -d)
                mount "${config.device}" "$MNTPOINT" -o subvol=/
-                trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
+                trap 'umount "$MNTPOINT"; rm -rf "$MNTPOINT"' EXIT
                SUBVOL_ABS_PATH="$MNTPOINT/${subvol.name}"
                mkdir -p "$(dirname "$SUBVOL_ABS_PATH")"
                if ! btrfs subvolume show "$SUBVOL_ABS_PATH" > /dev/null 2>&1; then