From 3b9d05e114550db6ea23befa078bd978371d863c Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Mon, 18 Oct 2021 12:39:51 +0200
Subject: [PATCH] dockerTools: Fix and test #118722 path in contents

---
 nixos/tests/docker-tools.nix           | 13 +++++++++++++
 pkgs/build-support/docker/default.nix  |  7 ++++++-
 pkgs/build-support/docker/examples.nix | 12 ++++++++++++
 3 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/nixos/tests/docker-tools.nix b/nixos/tests/docker-tools.nix
index e482223436fa..7110187e8d76 100644
--- a/nixos/tests/docker-tools.nix
+++ b/nixos/tests/docker-tools.nix
@@ -383,5 +383,18 @@ import ./make-test-python.nix ({ pkgs, ... }: {
         docker.succeed(
             "tar -tf ${examples.exportBash} | grep '\./bin/bash' > /dev/null"
         )
+
+    with subtest("Ensure bare paths in contents are loaded correctly"):
+        docker.succeed(
+            "docker load --input='${examples.build-image-with-path}'",
+            "docker run --rm build-image-with-path bash -c '[[ -e /hello.txt ]]'",
+            "docker rmi build-image-with-path",
+        )
+        docker.succeed(
+            "${examples.layered-image-with-path} | docker load",
+            "docker run --rm layered-image-with-path bash -c '[[ -e /hello.txt ]]'",
+            "docker rmi layered-image-with-path",
+        )
+
   '';
 })
diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix
index 47fd99c12f8e..a42b025bc7f2 100644
--- a/pkgs/build-support/docker/default.nix
+++ b/pkgs/build-support/docker/default.nix
@@ -37,6 +37,11 @@
 
 let
 
+  inherit (lib)
+    escapeShellArgs
+    toList
+    ;
+
   mkDbExtraCommand = contents:
     let
       contentsList = if builtins.isList contents then contents else [ contents ];
@@ -402,7 +407,7 @@ rec {
 
       preMount = lib.optionalString (contents != null && contents != [ ]) ''
         echo "Adding contents..."
-        for item in ${toString contents}; do
+        for item in ${escapeShellArgs (map (c: "${c}") (toList contents))}; do
           echo "Adding $item..."
           rsync -a${if keepContentsDirlinks then "K" else "k"} --chown=0:0 $item/ layer/
         done
diff --git a/pkgs/build-support/docker/examples.nix b/pkgs/build-support/docker/examples.nix
index 9f6823a58789..141c2ba0ea45 100644
--- a/pkgs/build-support/docker/examples.nix
+++ b/pkgs/build-support/docker/examples.nix
@@ -553,4 +553,16 @@ rec {
 
   # Example export of the bash image
   exportBash = pkgs.dockerTools.exportImage { fromImage = bash; };
+
+  build-image-with-path = buildImage {
+    name = "build-image-with-path";
+    tag = "latest";
+    contents = [ pkgs.bashInteractive ./test-dummy ];
+  };
+
+  layered-image-with-path = pkgs.dockerTools.streamLayeredImage {
+    name = "layered-image-with-path";
+    tag = "latest";
+    contents = [ pkgs.bashInteractive ./test-dummy ];
+  };
 }