fetchpatch: escape excludes and includes

Excludes and includes are implemented by passing the parameters to the respective flags of `filterdiff`. Those were passed unescaped until now. Since those flags expect patterns (similar to shell globs), something like `/some/path/*` might be used to exclude or include all files in some path. Without escaping the shell would expand the `*`, leading to unexpected behaviour.
2018-07-15 09:58:47 +02:00 · 2018-07-15 09:58:47 +02:00 · 1ddab0efb1
commit 1ddab0efb1
parent aa6adfc324
1 changed files with 2 additions and 2 deletions
--- a/pkgs/build-support/fetchpatch/default.nix
+++ b/pkgs/build-support/fetchpatch/default.nix
@ -23,8 +23,8 @@ fetchurl ({
        --clean "$out" > "$tmpfile"
    ${patchutils}/bin/filterdiff \
      -p1 \
-      ${builtins.toString (builtins.map (x: "-x ${x}") excludes)} \
-      ${builtins.toString (builtins.map (x: "-i ${x}") includes)} \
+      ${builtins.toString (builtins.map (x: "-x ${lib.escapeShellArg x}") excludes)} \
+      ${builtins.toString (builtins.map (x: "-i ${lib.escapeShellArg x}") includes)} \
      "$tmpfile" > "$out"
    ${args.postFetch or ""}
  '';