Skip to content

nix-store --print-env: fix shell quoting on _args output#14329

Merged
Ericson2314 merged 1 commit into
NixOS:masterfrom
Mic92:nix-store-print-env
Jan 26, 2026
Merged

nix-store --print-env: fix shell quoting on _args output#14329
Ericson2314 merged 1 commit into
NixOS:masterfrom
Mic92:nix-store-print-env

Conversation

@Mic92
Copy link
Copy Markdown
Member

@Mic92 Mic92 commented Oct 22, 2025

The previous implementation double-quoted the _args variable by escaping each argument individually and then wrapping them all in single quotes, producing output like: _args=''-e' 'arg1' 'arg2''

This fix concatenates all arguments into a single string first, then escapes that string once, producing correct output like: _args='-e arg1 arg2'

This prevents potential command injection issues when the output is sourced in shell scripts.

Fixes #14327

Motivation

Context

Add 👍 to pull requests you find important.

The Nix maintainer team uses a GitHub project board to schedule and track reviews.

@Mic92 Mic92 requested a review from edolstra as a code owner October 22, 2025 19:00
@github-actions github-actions Bot added new-cli Relating to the "nix" command with-tests Issues related to testing. PRs with tests have some priority labels Oct 22, 2025
@Mic92 Mic92 force-pushed the nix-store-print-env branch from ed3d0c8 to 68c48ce Compare October 22, 2025 19:02
@Mic92 Mic92 force-pushed the nix-store-print-env branch from 68c48ce to 5ed7379 Compare October 27, 2025 20:57
@Mic92 Mic92 force-pushed the nix-store-print-env branch from 5ed7379 to d244930 Compare November 11, 2025 09:26
@Ericson2314 Ericson2314 enabled auto-merge January 26, 2026 20:07
@Mic92 @Ericson2314
nix-store --print-env: fix shell quoting on _args output
ffe97db 
The previous implementation double-quoted the _args variable by escaping
each argument individually and then wrapping them all in single quotes,
producing output like: _args=''-e' 'arg1' 'arg2''

This fix concatenates all arguments into a single string first, then
escapes that string once, producing correct output like:
_args='-e arg1 arg2'

This prevents potential command injection issues when the output is
sourced in shell scripts.

Fixes NixOS#14327
@Ericson2314 Ericson2314 disabled auto-merge January 26, 2026 20:08
@Ericson2314 Ericson2314 enabled auto-merge January 26, 2026 20:08
@Ericson2314 Ericson2314 added this pull request to the merge queue Jan 26, 2026
Merged via the queue into NixOS:master with commit c7098ec Jan 26, 2026
14 checks passed
@roberth roberth mentioned this pull request Mar 2, 2026
Merged
brittonr pushed a commit to brittonr/nix that referenced this pull request Apr 1, 2026
@Ericson2314
Merge pull request NixOS#14329 from Mic92/nix-store-print-env
34d5415 
nix-store --print-env: fix shell quoting on _args output
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Ericson2314 Ericson2314 Ericson2314 approved these changes

@edolstra edolstra Awaiting requested review from edolstra edolstra is a code owner

+1 more reviewer

@matshch matshch matshch approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

new-cli Relating to the "nix" command with-tests Issues related to testing. PRs with tests have some priority

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

nix-store --print-env improperly escapes the command line arguments of the builder

3 participants

@Mic92 @Ericson2314 @matshch