diff options
author | Kevin Cox <kevincox@kevincox.ca> | 2017-01-27 22:01:21 +0000 |
---|---|---|
committer | Graham Christensen <graham@grahamc.com> | 2017-02-20 22:20:13 -0500 |
commit | da33c8a19d97711d213789cf49c8b7c483beb18f (patch) | |
tree | 25061debad511d3fa422eb640eccf358e6217581 /nixos/modules | |
parent | 85fe839caf6a162d3d2215f372294eafb29d9f31 (diff) | |
download | nixlib-da33c8a19d97711d213789cf49c8b7c483beb18f.tar nixlib-da33c8a19d97711d213789cf49c8b7c483beb18f.tar.gz nixlib-da33c8a19d97711d213789cf49c8b7c483beb18f.tar.bz2 nixlib-da33c8a19d97711d213789cf49c8b7c483beb18f.tar.lz nixlib-da33c8a19d97711d213789cf49c8b7c483beb18f.tar.xz nixlib-da33c8a19d97711d213789cf49c8b7c483beb18f.tar.zst nixlib-da33c8a19d97711d213789cf49c8b7c483beb18f.zip |
systemd: Properly escape environment options.
Using toJSON on a string value works because the allowed JSON escape sequences is almost a subset of the systemd allowed escape sequences. The only exception is `\/` which JSON allows but systemd doesn't. Luckily this sequence isn't required and toJSON don't produce it making the result valid for systemd consumption. Examples of things that this fixes are environment variables with double quotes or newlines.
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/system/boot/systemd.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 904404e1e472..de5fb3edd67e 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -329,7 +329,7 @@ let ${let env = cfg.globalEnvironment // def.environment; in concatMapStrings (n: let s = optionalString (env."${n}" != null) - "Environment=\"${n}=${env.${n}}\"\n"; + "Environment=${builtins.toJSON "${n}=${env.${n}}"}\n"; in if stringLength s >= 2048 then throw "The value of the environment variable ‘${n}’ in systemd service ‘${name}.service’ is too long." else s) (attrNames env)} ${if def.reloadIfChanged then '' X-ReloadIfChanged=true |