From c982c19f53b35a93463f7b028edb5b862d0243a5 Mon Sep 17 00:00:00 2001 From: bb010g Date: Mon, 28 Oct 2019 19:29:12 -0700 Subject: [PATCH] files: properly escape shell arguments --- modules/files.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/files.nix b/modules/files.nix index 320cab73..c0698ed7 100644 --- a/modules/files.nix +++ b/modules/files.nix @@ -53,7 +53,7 @@ in # Paths that should be forcibly overwritten by Home Manager. # Caveat emptor! forcedPaths = - concatMapStringsSep " " (p: ''"$HOME/${p}"'') + concatMapStringsSep " " (p: ''"$HOME"/${escapeShellArg p}'') (mapAttrsToList (n: v: v.target) (filterAttrs (n: v: v.force) cfg)); @@ -62,7 +62,7 @@ in # A symbolic link whose target path matches this pattern will be # considered part of a Home Manager generation. - homeFilePattern="$(readlink -e "${builtins.storeDir}")/*-home-manager-files/*" + homeFilePattern="$(readlink -e ${escapeShellArg builtins.storeDir})/*-home-manager-files/*" forcedPaths=(${forcedPaths}) @@ -160,7 +160,7 @@ in # A symbolic link whose target path matches this pattern will be # considered part of a Home Manager generation. - homeFilePattern="$(readlink -e "${builtins.storeDir}")/*-home-manager-files/*" + homeFilePattern="$(readlink -e ${escapeShellArg builtins.storeDir})/*-home-manager-files/*" newGenFiles="$1" shift 1 @@ -245,9 +245,9 @@ in } declare -A changedFiles '' + concatMapStrings (v: '' - _cmp "${sourceStorePath v}" "${homeDirectory}/${v.target}" \ - && changedFiles["${v.target}"]=0 \ - || changedFiles["${v.target}"]=1 + _cmp ${escapeShellArg (sourceStorePath v)} ${escapeShellArg homeDirectory}/${escapeShellArg v.target} \ + && changedFiles[${escapeShellArg v.target}]=0 \ + || changedFiles[${escapeShellArg v.target}]=1 '') (filter (v: v.onChange != "") (attrValues cfg)) + '' unset -f _cmp @@ -256,7 +256,7 @@ in home.activation.onFilesChange = hm.dag.entryAfter ["linkGeneration"] ( concatMapStrings (v: '' - if [[ ${"$\{changedFiles"}["${v.target}"]} -eq 1 ]]; then + if [[ ''${changedFiles[${escapeShellArg v.target}]} -eq 1 ]]; then ${v.onChange} fi '') (filter (v: v.onChange != "") (attrValues cfg))