pyrox.dev / nixpkgs
lol
fork atom

patch-shebangs: fix binary data corrupt after patching

This removes the recently introduced shell based implementation of `sponge` which wasn't capable of managing binary input.

Now, a tmpFile under $TMPDIR is created manually and later deleted

see: https://github.com/NixOS/nixpkgs/pull/414448#issuecomment-3041238623

DavHau a1154d63 1cf013f7

options
unified split
Changed files
+59 -28
pkgs
build-support
setup-hooks
patch-shebangs.sh
test
stdenv
patch-shebangs.nix
+20 -28
pkgs/build-support/setup-hooks/patch-shebangs.sh 
···

       
68

       
68

       
 

       
        return 0


     

       
69

       
69

       
 

       
    fi


     

       
70

       
70

       
 

       



     

       
71

       

       
-

       
    # like sponge from moreutils but in pure bash


     

       
72

       

       
-

       
    _sponge() {


     

       
73

       

       
-

       
        local content


     

       
74

       

       
-

       
        local target


     

       
75

       

       
-

       
        local restoreReadOnly


     

       
76

       

       
-

       
        content=""


     

       
77

       

       
-

       
        target="$1"


     

       
78

       

       
-

       



     

       
79

       

       
-

       
        # Make file writable if it is read-only


     

       
80

       

       
-

       
        if [[ ! -w "$target" ]]; then


     

       
81

       

       
-

       
            chmod +w "$target"


     

       
82

       

       
-

       
            restoreReadOnly=true


     

       
83

       

       
-

       
        fi


     

       
84

       

       
-

       



     

       
85

       

       
-

       
        while IFS= read -r line || [[ -n "$line" ]]; do


     

       
86

       

       
-

       
            content+="$line"$'\n'


     

       
87

       

       
-

       
        done


     

       
88

       

       
-

       
        printf '%s' "$content" > "$target"


     

       
89

       

       
-

       



     

       
90

       

       
-

       
        # Restore read-only if it was read-only before


     

       
91

       

       
-

       
        if [[ -n "${restoreReadOnly:-}" ]]; then


     

       
92

       

       
-

       
            chmod -w "$target"


     

       
93

       

       
-

       
        fi


     

       
94

       

       
-

       
    }


     

       
95

       

       
-

       



     

       
96

       
71

       
 

       
    local f


     

       
97

       
72

       
 

       
    while IFS= read -r -d $'\0' f; do


     

       
98

       
73

       
 

       
        isScript "$f" || continue


     
···

       
151

       
126

       
 

       



     

       
152

       
127

       
 

       
                # Preserve times, see: https://github.com/NixOS/nixpkgs/pull/33281


     

       
153

       
128

       
 

       
                timestamp=$(stat --printf "%y" "$f")


     

       
154

       

       
-

       
                sed -e "1 s|.*|#\!$escapedInterpreterLine|" "$f" | _sponge "$f"


     

       

       
129

       
+

       



     

       

       
130

       
+

       
                # Manually create temporary file instead of using sed -i


     

       

       
131

       
+

       
                # (sed -i on $out/x creates tmpfile /nix/store/x which fails on macos + sandbox)


     

       

       
132

       
+

       
                tmpFile=$(mktemp -t patchShebangs.XXXXXXXXXX)


     

       

       
133

       
+

       
                sed -e "1 s|.*|#\!$escapedInterpreterLine|" "$f" > "$tmpFile"


     

       

       
134

       
+

       



     

       

       
135

       
+

       
                # Make original file writable if it is read-only


     

       

       
136

       
+

       
                local restoreReadOnly


     

       

       
137

       
+

       
                if [[ ! -w "$f" ]]; then


     

       

       
138

       
+

       
                    chmod +w "$f"


     

       

       
139

       
+

       
                    restoreReadOnly=true


     

       

       
140

       
+

       
                fi


     

       

       
141

       
+

       



     

       

       
142

       
+

       
                # Replace the original file's content with the patched content


     

       

       
143

       
+

       
                # (preserving permissions)


     

       

       
144

       
+

       
                cat "$tmpFile" > "$f"


     

       

       
145

       
+

       
                rm "$tmpFile"


     

       

       
146

       
+

       
                if [[ -n "${restoreReadOnly:-}" ]]; then


     

       

       
147

       
+

       
                    chmod -w "$f"


     

       

       
148

       
+

       
                fi


     

       
155

       
149

       
 

       



     

       
156

       
150

       
 

       
                touch --date "$timestamp" "$f"


     

       
157

       
151

       
 

       
            fi


     

       
158

       
152

       
 

       
        fi


     

       
159

       
153

       
 

       
    done < <(find "$@" -type f -perm -0100 -print0)


     

       
160

       

       
-

       



     

       
161

       

       
-

       
    unset -f _sponge


     

       
162

       
154

       
 

       
}


     

       
163

       
155

       
 

       



     

       
164

       
156

       
 

       
patchShebangsAuto () {
+39
pkgs/test/stdenv/patch-shebangs.nix 
···

       
204

       
204

       
 

       
      // {


     

       
205

       
205

       
 

       
        meta = { };


     

       
206

       
206

       
 

       
      };


     

       

       
207

       
+

       



     

       

       
208

       
+

       
    preserves-binary-data =


     

       

       
209

       
+

       
      (derivation {


     

       

       
210

       
+

       
        name = "preserves-binary-data";


     

       

       
211

       
+

       
        system = stdenv.buildPlatform.system;


     

       

       
212

       
+

       
        builder = "${stdenv.__bootPackages.stdenv.__bootPackages.bashNonInteractive}/bin/bash";


     

       

       
213

       
+

       
        initialPath = [


     

       

       
214

       
+

       
          stdenv.__bootPackages.stdenv.__bootPackages.coreutils


     

       

       
215

       
+

       
        ];


     

       

       
216

       
+

       
        strictDeps = false;


     

       

       
217

       
+

       
        args = [


     

       

       
218

       
+

       
          "-c"


     

       

       
219

       
+

       
          ''


     

       

       
220

       
+

       
            set -euo pipefail


     

       

       
221

       
+

       
            . ${../../stdenv/generic/setup.sh}


     

       

       
222

       
+

       
            . ${../../build-support/setup-hooks/patch-shebangs.sh}


     

       

       
223

       
+

       
            mkdir -p $out/bin


     

       

       
224

       
+

       
            # Create a script with binary data after the shebang


     

       

       
225

       
+

       
            echo "#!/bin/bash" > $out/bin/test


     

       

       
226

       
+

       
            echo "echo 'script start'" >> $out/bin/test


     

       

       
227

       
+

       
            # Add some binary data (null bytes and other non-printable chars)


     

       

       
228

       
+

       
            printf '\x00\x01\x02\xff\xfe' >> $out/bin/test


     

       

       
229

       
+

       
            echo >> $out/bin/test


     

       

       
230

       
+

       
            echo "echo 'script end'" >> $out/bin/test


     

       

       
231

       
+

       
            chmod +x $out/bin/test


     

       

       
232

       
+

       
            patchShebangs $out/bin/test


     

       

       
233

       
+

       
            # Verify binary data is still present by checking file size and content


     

       

       
234

       
+

       
            if ! printf '\x00\x01\x02\xff\xfe' | cmp -s - <(sed -n '3p' $out/bin/test | tr -d '\n'); then


     

       

       
235

       
+

       
              echo "Binary data corrupted during patching"


     

       

       
236

       
+

       
              exit 1


     

       

       
237

       
+

       
            fi


     

       

       
238

       
+

       
          ''


     

       

       
239

       
+

       
        ];


     

       

       
240

       
+

       
        assertion = "grep '^#!${stdenv.shell}' $out/bin/test > /dev/null";


     

       

       
241

       
+

       
      })


     

       

       
242

       
+

       
      // {


     

       

       
243

       
+

       
        meta = { };


     

       

       
244

       
+

       
      };


     

       
207

       
245

       
 

       
  };


     

       
208

       
246

       
 

       
in


     

       
209

       
247

       
 

       
stdenv.mkDerivation {


     
···

       
219

       
257

       
 

       
      read-only-script


     

       
220

       
258

       
 

       
      preserves-read-only


     

       
221

       
259

       
 

       
      preserves-timestamp


     

       

       
260

       
+

       
      preserves-binary-data


     

       
222

       
261

       
 

       
      ;


     

       
223

       
262

       
 

       
  };


     

       
224

       
263

       
 

       
  buildCommand = ''