Escape paths with ":" that are passed to systemd-nspawn --bind

When parsing paths to automatically make available to the container, the
":" is used internally by systemd-nspawn to signify destinations in the
container. Replace automatically with "\:" for the mounts that we set
up, in order to safely handle a working directory etc. that contains
this character.

For bind options exposed to the user, it is assumed the user takes care
of passing systemd-nspawn compatible paths themselves.

Fixes FS#60845

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>

arch-nspawn.in

@@ -81,14 +81,14 @@ build_mount_args() {
 	for host_mirror in "${host_mirrors[@]}"; do
 		if [[ $host_mirror == *file://* ]]; then
 			host_mirror_path=$(echo "$host_mirror" | sed -r 's#file://(/.*)/\$repo/os/\$arch#\1#g')
-			mount_args+=("--bind-ro=$host_mirror_path")
+			mount_args+=("--bind-ro=${host_mirror_path//:/\\:}")
 		fi
 	done
 
-	mount_args+=("--bind=${cache_dirs[0]}")
+	mount_args+=("--bind=${cache_dirs[0]//:/\\:}")
 
 	for cache_dir in "${cache_dirs[@]:1}"; do
-		mount_args+=("--bind-ro=$cache_dir")
+		mount_args+=("--bind-ro=${cache_dir//:/\\:}")
 	done
 }
 

makechrootpkg.in

@@ -379,8 +379,8 @@ download_sources
 prepare_chroot
 
 if arch-nspawn "$copydir" \
-	--bind="$PWD:/startdir" \
-	--bind="$SRCDEST:/srcdest" \
+	--bind="${PWD//:/\\:}:/startdir" \
+	--bind="${SRCDEST//:/\\:}:/srcdest" \
 	"${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \
 	/chrootbuild "${makepkg_args[@]}"
 then