[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/01: gnu: docker: Booby-trap "Command" and "LookPath" calls.
From: |
guix-commits |
Subject: |
01/01: gnu: docker: Booby-trap "Command" and "LookPath" calls. |
Date: |
Thu, 10 Jan 2019 15:30:04 -0500 (EST) |
dannym pushed a commit to branch master
in repository guix.
commit ffcd282702fedf90c80b5b2a05a5e2f473cf4c9c
Author: Danny Milosavljevic <address@hidden>
Date: Thu Jan 10 20:17:34 2019 +0100
gnu: docker: Booby-trap "Command" and "LookPath" calls.
* gnu/packages/docker.scm (docker)[arguments]<#:phases>[patch-paths]:
Booby-trap "Command" and "LookPath" calls.
---
gnu/packages/docker.scm | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/docker.scm b/gnu/packages/docker.scm
index ab1a575..23695a0 100644
--- a/gnu/packages/docker.scm
+++ b/gnu/packages/docker.scm
@@ -363,9 +363,24 @@ network attachments.")
;; invokes other programs we don't know about and thus don't
;; substitute.
(substitute* source-files
- (("LookPath\\(\"zfs\"\\)") "LooxPath(\"zfs\")")
- (("LookPath\\(\"") "Guix_doesnt_want_LookPath\\(\"") ; ))
- (("LooxPath") "LookPath")))
+ ;; Search for Java in PATH.
+ (("\\<exec\\.Command\\(\"java\"") ; )
+ "xxec.Command(\"java\"") ; )
+ ;; Search for AUFS in PATH (mainline Linux doesn't support it).
+ (("\\<exec\\.Command\\(\"auplink\"") ; )
+ "xxec.Command(\"auplink\"") ; )
+ ;; Fail on other unsubstituted commands.
+ (("\\<exec\\.Command\\(\"([a-zA-Z0-9][a-zA-Z0-9_-]*)\""
+ _ executable) ; )
+ (string-append "exec.Guix_doesnt_want_Command(\""
+ executable "\"")) ;)
+ (("\\<xxec\\.Command")
+ "exec.Command")
+ ;; Search for ZFS in PATH.
+ (("\\<LookPath\\(\"zfs\"\\)") "LooxPath(\"zfs\")")
+ ;; Fail on other unsubstituted LookPaths.
+ (("\\<LookPath\\(\"") "Guix_doesnt_want_LookPath\\(\"") ; ))
+ (("\\<LooxPath") "LookPath")))
#t))
(add-after 'patch-paths 'delete-failing-tests
(lambda _