wrapPackage: make shell escaping optional#54
wrapPackage: make shell escaping optional#54krauterbaquette wants to merge 3 commits intoLassulus:mainfrom
Conversation
|
hmm, the problem could actually be the type of escaping we use here, does |
|
|
|
@gytic could you share the code which produced |
Sure, I used this code: inputs.wrappers.lib.wrapPackage {
inherit pkgs;
package = pkg.signal-desktop;
args = [ ''--password-store="gnome-libsecret"'' ];
};Later on I can also try if |
I tested it without quotes at all, so
I also added a test for the new option |
|
after thinking a bit about this, I would prefer to fix the escaping rather than having an option to disable it, It seems in case of signal-desktop there was a way to work around it? So I will leave this unmerged until we find a case where we cannot work around it without disabling escaping |
|
Is escaping really broken? I think in the example provided by @gytic it was the user input that was broken due to misunderstanding of how args are processed. Also, rather than disabling quoting for all args I would introduce unquotedArgs, with a big fat warming that they could be used to inject arbitrary code. |
Yeah, this was definetly an Issue on my side. I tried to update the documentation a bit in the new commit to make it more clear, hat argumetns will be escaped.
I removed the escapeArgs boolean and made a new option with an unescapedArgs list. |
krauterbaquette
force-pushed
the
main
branch
from
4410105 to
93fd544
Compare
3 participants
I had a problem wrapping signal-desktop where argument escaping would break the parsing by signal:
--password-store="gnome-libsecret"would correctly set the password store whereas'--password-store="gnome-libsecret"'(produces by the shell escaping) would not.This PR therefore adds an option to skip shell escaping which fixes the signal-desktop problem for me.