Newest at the top
| 2025-02-12 21:59:33 +0100 | <tomsmeding> | it certainly seems to act as if there's no reparsing going on in between, but perhaps that just means that it's properly escaped beforehand |
| 2025-02-12 21:59:04 +0100 | <tomsmeding> | merijn: if I use --ghc-option instead of --ghc-options, the space remains intact |
| 2025-02-12 21:58:33 +0100 | <tomsmeding> | mauke: not if there's escaping/quoting in between |
| 2025-02-12 21:58:25 +0100 | <merijn> | tomsmeding: If you quote it further, presumably |
| 2025-02-12 21:58:08 +0100 | <tomsmeding> | can I not pass an option to GHC that contains a space? |
| 2025-02-12 21:58:06 +0100 | <merijn> | it's complicated |
| 2025-02-12 21:58:03 +0100 | <mauke> | <merijn> euouae: it's a shell process call <-- directly contradicts <merijn> euouae: There is not space splitting |
| 2025-02-12 21:58:03 +0100 | <merijn> | well, a bit |
| 2025-02-12 21:57:59 +0100 | <merijn> | tomsmeding: I mean, not really |
| 2025-02-12 21:57:55 +0100 | <tomsmeding> | why was it designed that way |
| 2025-02-12 21:57:49 +0100 | <tomsmeding> | that's dumb |
| 2025-02-12 21:57:42 +0100 | <tomsmeding> | ah |
| 2025-02-12 21:57:35 +0100 | <merijn> | tomsmeding: Of course not, it's not called as program, it just calls the same logic with a string argument :p |
| 2025-02-12 21:57:34 +0100 | <tomsmeding> | also not if I `cabal clean` first |
| 2025-02-12 21:57:11 +0100 | alfiee | (~alfiee@user/alfiee) alfiee |
| 2025-02-12 21:57:07 +0100 | <tomsmeding> | I don't see a setup invocation at all |
| 2025-02-12 21:56:53 +0100 | <tomsmeding> | the first call containing "notify-send" is a call to ghc that gets passed "$(notify-send" and "kaas)" as two separate arguments |
| 2025-02-12 21:56:53 +0100 | <merijn> | tomsmeding: Might be just getting reparsed at the Setup step and using execve then |
| 2025-02-12 21:56:30 +0100 | <merijn> | (similar to the two line one cabal init generates) |
| 2025-02-12 21:56:27 +0100 | <tomsmeding> | I just ran `cabal build --ghc-options='$(notify-send kaas)'` in a simple cabal project under a tracer that shows all execve calls |
| 2025-02-12 21:56:15 +0100 | <merijn> | They (implicitly) usethe default Setup.hs |
| 2025-02-12 21:55:57 +0100 | <tomsmeding> | s/projects/packages/ |
| 2025-02-12 21:55:56 +0100 | <merijn> | yes |
| 2025-02-12 21:55:52 +0100 | <tomsmeding> | is this also true in build-type: Simple projects? |
| 2025-02-12 21:54:57 +0100 | <merijn> | in that Setup step |
| 2025-02-12 21:54:49 +0100 | <merijn> | all arguments definitely get turned into one string and then reparsed, though |
| 2025-02-12 21:54:00 +0100 | <euouae> | I'm not trying to criticize eitehr |
| 2025-02-12 21:53:57 +0100 | <merijn> | the problem is that cabal-install just calls Cabal's Setup.hs |
| 2025-02-12 21:53:22 +0100 | <tomsmeding> | but as I said, at least there appears to be some escaping going on if so |
| 2025-02-12 21:53:20 +0100 | <merijn> | oh, no that's not new |
| 2025-02-12 21:53:09 +0100 | <tomsmeding> | if cabal does indeed pass these things to the shell, I blame the reviewers who accepted that PR |
| 2025-02-12 21:52:53 +0100 | <merijn> | And I'm half guessing |
| 2025-02-12 21:52:53 +0100 | <tomsmeding> | I'm not blaming you for not remembering :p |
| 2025-02-12 21:52:46 +0100 | <merijn> | tomsmeding: In my defense, it's been 7 years :p |
| 2025-02-12 21:52:35 +0100 | <tomsmeding> | (and it's System.Process.shell, I think) |
| 2025-02-12 21:52:20 +0100 | <tomsmeding> | merijn: but you said "proc" |
| 2025-02-12 21:52:11 +0100 | <merijn> | tomsmeding: I was thinking System.Process.sh style |
| 2025-02-12 21:52:11 +0100 | <tomsmeding> | euouae: you could also -i an unexpected file then |
| 2025-02-12 21:51:53 +0100 | <merijn> | honestly, just don't look at the cabal inversion of control |
| 2025-02-12 21:51:35 +0100 | <euouae> | merijn: you could just be in control of that --ghc-options thing somehow -- think of someone contributing a patch to CI where they set the options sneakily |
| 2025-02-12 21:51:10 +0100 | <tomsmeding> | if you're thinking of System.Process.proc |
| 2025-02-12 21:51:05 +0100 | <merijn> | euouae: You already have a shell if you can call cabal with --ghc-options |
| 2025-02-12 21:51:04 +0100 | <tomsmeding> | that's not the shell |
| 2025-02-12 21:50:48 +0100 | <merijn> | tomsmeding: I'm not 100% it goes via the shell, I was thinking it goes via proc |
| 2025-02-12 21:50:43 +0100 | <tomsmeding> | okay --ghc-options seems to escape $ and ` in any case |
| 2025-02-12 21:50:27 +0100 | <euouae> | merijn: it doesn't super-matter, but I'm just telling you that it's definitely an error from a security perspective |
| 2025-02-12 21:50:20 +0100 | sprotte24 | (~sprotte24@p200300d16f0a8e003d8337fe7ef7e64f.dip0.t-ipconnect.de) |
| 2025-02-12 21:50:10 +0100 | <tomsmeding> | why is there a shell in the first place? |
| 2025-02-12 21:49:51 +0100 | <euouae> | the expected behavior of --ghc-options= should not be "you get a shell and do w/e you want" |
| 2025-02-12 21:49:49 +0100 | <tomsmeding> | well it's clearly a violation of expectations if something passed to --ghc-options, or god forbid --ghc-option, gets interpreted by a shell |