Merge pull request #40947 from samueldr/fix/34779

dockerTools: fixes extraCommands for mkRootLayer.
2018-05-24 21:22:31 +02:00 · 2018-05-24 21:22:31 +02:00 · 2e98e0c003
commit 2e98e0c003
parent 2ce9d4f60c 902b0593be
3 changed files with 22 additions and 2 deletions
--- a/nixos/tests/docker-tools.nix
+++ b/nixos/tests/docker-tools.nix
@ -45,5 +45,11 @@ import ./make-test.nix ({ pkgs, ... }: {
      $docker->succeed("docker load --input='${pkgs.dockerTools.examples.onTopOfPulledImage}'");
      $docker->succeed("docker run --rm ontopofpulledimage hello");
      $docker->succeed("docker rmi ontopofpulledimage");
+
+      # Regression test for issue #34779
+      $docker->succeed("docker load --input='${pkgs.dockerTools.examples.runAsRootExtraCommands}'");
+      $docker->succeed("docker run --rm runasrootextracommands cat extraCommands");
+      $docker->succeed("docker run --rm runasrootextracommands cat runAsRoot");
+      $docker->succeed("docker rmi '${pkgs.dockerTools.examples.runAsRootExtraCommands.imageName}'");
    '';
 })
--- a/pkgs/build-support/docker/default.nix
+++ b/pkgs/build-support/docker/default.nix
@ -352,7 +352,9 @@ rec {
    extraCommands ? ""
  }:
    # Generate an executable script from the `runAsRoot` text.
-    let runAsRootScript = shellScript "run-as-root.sh" runAsRoot;
+    let
+      runAsRootScript = shellScript "run-as-root.sh" runAsRoot;
+      extraCommandsScript = shellScript "extra-commands.sh" extraCommands;
    in runWithOverlay {
      name = "docker-layer-${name}";

@ -390,7 +392,7 @@ rec {
      '';

      postUmount = ''
-        (cd layer; eval "${extraCommands}")
+        (cd layer; ${extraCommandsScript})

        echo "Packing layer..."
        mkdir $out
--- a/pkgs/build-support/docker/examples.nix
+++ b/pkgs/build-support/docker/examples.nix
@ -124,4 +124,16 @@ rec {
    fromImage = nixFromDockerHub;
    contents = [ pkgs.hello ];
  };
+
+  # 8. regression test for erroneous use of eval and string expansion.
+  # See issue #34779 and PR #40947 for details.
+  runAsRootExtraCommands = pkgs.dockerTools.buildImage {
+    name = "runAsRootExtraCommands";
+    contents = [ pkgs.coreutils ];
+    # The parens here are to create problematic bash to embed and eval. In case
+    # this is *embedded* into the script (with nix expansion) the initial quotes
+    # will close the string and the following parens are unexpected
+    runAsRoot = ''echo "(runAsRoot)" > runAsRoot'';
+    extraCommands = ''echo "(extraCommand)" > extraCommands'';
+  };
 }