From 8f806681d781ca250ddaafd262d6b6c89d79d9ef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Tue, 8 Apr 2025 16:55:42 +0200
Subject: [PATCH] tree-wise: quote path correctlys

---
 disk-deactivate/disk-deactivate.jq | 30 +++++++++++++++++-------------
 lib/make-disk-image.nix            |  2 +-
 lib/types/btrfs.nix                |  4 ++--
 3 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/disk-deactivate/disk-deactivate.jq b/disk-deactivate/disk-deactivate.jq
index b4fe877..d762ac0 100644
--- a/disk-deactivate/disk-deactivate.jq
+++ b/disk-deactivate/disk-deactivate.jq
@@ -1,20 +1,25 @@
+def shellquote:
+  gsub("'"; "''\\''") |
+  "'" + . + "'"
+;
+
 # since lsblk lacks zfs support, we have to do it this way
 def remove:
   if .fstype == "zfs_member" then
     "if type zpool >/dev/null; then zpool destroy -f \(.label); zpool labelclear -f \(.label); fi"
   elif .fstype == "LVM2_member" then
     [
-      "vg=$(pvs \(.path) --noheadings --options vg_name | grep -o '[a-zA-Z0-9-]*')",
+      "vg=$(pvs \(.path | shellquote) --noheadings --options vg_name | grep -o '[a-zA-Z0-9-]*')",
       "vgchange -a n \"$vg\"",
       "vgremove -f \"$vg\""
     ]
   elif .fstype == "swap" then
-    "swapoff \(.path)"
+    "swapoff \(.path | shellquote)"
   elif .fstype == null then
     # maybe its zfs
     [
       # the next line has some horrible escaping
-      "zpool=$(if type zdb >/dev/null; then zdb -l \(.path) | sed -nr $'s/ +name: \\'(.*)\\'/\\\\1/p'; fi)",
+      "zpool=$(if type zdb >/dev/null; then zdb -l \(.path | shellquote) | sed -nr $'s/ +name: \\'(.*)\\'/\\\\1/p'; fi)",
       "if [[ -n \"${zpool}\" ]]; then zpool destroy -f \"$zpool\"; zpool labelclear -f \"$zpool\"; fi",
       "unset zpool"
     ]
@@ -27,25 +32,25 @@ def deactivate:
   if .type == "disk" or .type == "loop" then
     [
       # If this disk is a member of raid, stop that raid
-      "md_dev=$(lsblk \(.path) -l -p -o type,name | awk 'match($1,\"raid.*\") {print $2}')",
+      "md_dev=$(lsblk \(.path | shellquote) -l -p -o type,name | awk 'match($1,\"raid.*\") {print $2}')",
       "if [[ -n \"${md_dev}\" ]]; then umount \"$md_dev\"; mdadm --stop \"$md_dev\"; fi",
       # Remove all file-systems and other magic strings
-      "wipefs --all -f \(.path)",
+      "wipefs --all -f \(.path | shellquote)",
       # Remove the MBR bootstrap code
-      "dd if=/dev/zero of=\(.path) bs=440 count=1"
+      "dd if=/dev/zero of=\(.path | shellquote) bs=440 count=1"
     ]
   elif .type == "part" then
     [
-      "wipefs --all -f \(.path)"
+      "wipefs --all -f \(.path | shellquote)"
     ]
   elif .type == "crypt" then
     [
-      "cryptsetup luksClose \(.path)",
-      "wipefs --all -f \(.path)"
+      "cryptsetup luksClose \(.path | shellquote)",
+      "wipefs --all -f \(.path | shellquote)"
     ]
   elif .type == "swap" then
     [
-      "swapoff \(.path)"
+      "swapoff \(.path | shellquote)"
     ]
   elif .type == "lvm" then
     (.name | split("-")[0]) as $vgname |
@@ -55,7 +60,7 @@ def deactivate:
     ]
   elif (.type | contains("raid")) then
     [
-      "mdadm --stop \(.name)"
+      "mdadm --stop \(.name | shellquote)"
     ]
   else
     ["echo Warning: unknown type '\(.type)'. Consider handling this in https://github.com/nix-community/disko/blob/master/disk-deactivate/disk-deactivate.jq"]
@@ -64,7 +69,7 @@ def deactivate:
 
 def walk:
   [
-    (.mountpoints[] | select(. != null) | "umount -R \(.)"),
+    (.mountpoints[] | select(. != null) | "umount -R (. | shellquote)"),
     ((.children // []) | map(walk)),
     remove,
     deactivate
@@ -87,4 +92,3 @@ def init:
 ;
 
 .blockdevices | map(init) | flatten | join("\n")
-
diff --git a/lib/make-disk-image.nix b/lib/make-disk-image.nix
index df3324f..fc14b46 100644
--- a/lib/make-disk-image.nix
+++ b/lib/make-disk-image.nix
@@ -145,7 +145,7 @@ let
     time xargs cp --recursive --target ${systemToInstall.config.disko.rootMountPoint}/nix/store < ${closureInfo}/store-paths
 
     ${systemToInstall.config.system.build.nixos-install}/bin/nixos-install --root ${systemToInstall.config.disko.rootMountPoint} --system ${systemToInstall.config.system.build.toplevel} --keep-going --no-channel-copy -v --no-root-password --option binary-caches ""
-    umount -Rv ${systemToInstall.config.disko.rootMountPoint}
+    umount -Rv ${lib.escapeShellArg systemToInstall.config.disko.rootMountPoint}
   '';
 
   QEMU_OPTS = lib.concatStringsSep " " (
diff --git a/lib/types/btrfs.nix b/lib/types/btrfs.nix
index 858cbdd..e1e228b 100644
--- a/lib/types/btrfs.nix
+++ b/lib/types/btrfs.nix
@@ -160,7 +160,7 @@ in
               (
                 MNTPOINT=$(mktemp -d)
                 mount ${device} "$MNTPOINT" -o subvol=/
-                trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
+                trap 'umount "$MNTPOINT"; rm -rf "$MNTPOINT"' EXIT
                 ${swapCreate "$MNTPOINT" config.swap}
               )
             ''}
@@ -168,7 +168,7 @@ in
               (
                 MNTPOINT=$(mktemp -d)
                 mount "${config.device}" "$MNTPOINT" -o subvol=/
-                trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
+                trap 'umount "$MNTPOINT"; rm -rf "$MNTPOINT"' EXIT
                 SUBVOL_ABS_PATH="$MNTPOINT/${subvol.name}"
                 mkdir -p "$(dirname "$SUBVOL_ABS_PATH")"
                 if ! btrfs subvolume show "$SUBVOL_ABS_PATH" > /dev/null 2>&1; then