From 4df4d2a8eac999e47f973911857b9756281f8273 Mon Sep 17 00:00:00 2001
From: talyz <kim.lindberger@gmail.com>
Date: Fri, 30 Sep 2022 17:02:24 +0200
Subject: genJqSecretsReplacementSnippet: Allow dots in attribute names...

...and escape quotation marks and backslashes.
---
 nixos/lib/utils.nix | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

(limited to 'nixos/lib/utils.nix')

diff --git a/nixos/lib/utils.nix b/nixos/lib/utils.nix
index d7671a37499..f646f70323e 100644
--- a/nixos/lib/utils.nix
+++ b/nixos/lib/utils.nix
@@ -102,7 +102,11 @@ rec {
         if item ? ${attr} then
           nameValuePair prefix item.${attr}
         else if isAttrs item then
-          map (name: recurse (prefix + "." + name) item.${name}) (attrNames item)
+          map (name:
+            let
+              escapedName = ''"${replaceChars [''"'' "\\"] [''\"'' "\\\\"] name}"'';
+            in
+              recurse (prefix + "." + escapedName) item.${name}) (attrNames item)
         else if isList item then
           imap0 (index: item: recurse (prefix + "[${toString index}]") item) item
         else
@@ -182,13 +186,13 @@ rec {
                 '')
                (attrNames secrets))
     + "\n"
-    + "${pkgs.jq}/bin/jq >'${output}' '"
-    + concatStringsSep
+    + "${pkgs.jq}/bin/jq >'${output}' "
+    + lib.escapeShellArg (concatStringsSep
       " | "
       (imap1 (index: name: ''${name} = $ENV.secret${toString index}'')
-             (attrNames secrets))
+             (attrNames secrets)))
     + ''
-      ' <<'EOF'
+       <<'EOF'
       ${builtins.toJSON set}
       EOF
       (( ! $inherit_errexit_enabled )) && shopt -u inherit_errexit
-- 
cgit 1.4.1