Commit 47349597 authored by Robert Hensing's avatar Robert Hensing
Browse files

nixos-rebuild: Add proper escaping to ssh calls 

SSH merges its arguments by space-concatenation - it does not preserve
the array structure.

This is arguably a historic mistake, whose fix would be too breaking.
I suppose it will stay this way forever, until perhaps a better behavior
can be opted in to using a flag, and I don't think this flag exists yet.

To make multi-argument commands work reliably over ssh, we need to escape
them, which is what the ${@@Q} incantation achieves.
parent 64275009

pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh

+3 −3
Original line number Diff line number Diff line
@@ -220,9 +220,9 @@ buildHostCmd() { 
    if [ -z "$buildHost" ]; then

        runCmd "$@"

    elif [ -n "$remoteNix" ]; then

        runCmd ssh $SSHOPTS "$buildHost" "${c[@]}" env PATH="$remoteNix":'$PATH' "$@"

        runCmd ssh $SSHOPTS "$buildHost" "${c[@]}" env PATH="$remoteNix":'$PATH' "${@@Q}"

    else

        runCmd ssh $SSHOPTS "$buildHost" "${c[@]}" "$@"

        runCmd ssh $SSHOPTS "$buildHost" "${c[@]}" "${@@Q}"

    fi

}
@@ -237,7 +237,7 @@ targetHostCmd() { 
    if [ -z "$targetHost" ]; then

        runCmd "${c[@]}" "$@"

    else

        runCmd ssh $SSHOPTS "$targetHost" "${c[@]}" "$@"

        runCmd ssh $SSHOPTS "$targetHost" "${c[@]}" "${@@Q}"

    fi

}