Tightening result caching security.

2021-01-10 22:36:03 +01:00 · 2021-01-10 22:36:03 +01:00 · 9d9ee79550
parent c0622e77b4
commit 9d9ee79550
1 changed files with 2 additions and 2 deletions
--- a/nixos/roles/laminar/default.nix
+++ b/nixos/roles/laminar/default.nix
@ -5,7 +5,7 @@ let
  cfgDir = "${stateDir}/cfg";
  cfg = config.services.laminar;
  cacheResult = "${pkgs.writeShellScript "cache-result-as-root"
-    "${pkgs.nix}/bin/nix-store -r --indirect --add-root /var/cache/gc-links/$2 $1"}";
+    ''echo "Cached build-result $1 to $(${pkgs.nix}/bin/nix-store -r --indirect --add-root "/var/cache/gc-links/$2" "$1")."''}";
 in {
  options = {
    services.laminar = {
@ -42,7 +42,7 @@ in {
          ghcArgs = [ "-threaded" ];
        } (builtins.readFile ./nix-jobs.hs);
        "cache-result" = pkgs.writeShellScript "cache-result" ''
-          /run/wrappers/bin/sudo ${cacheResult} $1 $2
+          /run/wrappers/bin/sudo ${cacheResult} "$1" "$2"
        '';
      };
      jobs = {