systemd: Properly escape environment options.

Using toJSON on a string value works because the allowed JSON escape sequences is almost a subset of the systemd allowed escape sequences. The only exception is `\/` which JSON allows but systemd doesn't. Luckily this sequence isn't required and toJSON don't produce it making the result valid for systemd consumption. Examples of things that this fixes are environment variables with double quotes or newlines.
NixOS · Feb 21, 2017 · da33c8a · da33c8a
1 parent 85fe839
commit da33c8a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix
@@ -329,7 +329,7 @@ let
           ${let env = cfg.globalEnvironment // def.environment;
             in concatMapStrings (n:
               let s = optionalString (env."${n}" != null)
-                "Environment=\"${n}=${env.${n}}\"\n";
+                "Environment=${builtins.toJSON "${n}=${env.${n}}"}\n";
               in if stringLength s >= 2048 then throw "The value of the environment variable ‘${n}’ in systemd service ‘${name}.service’ is too long." else s) (attrNames env)}
           ${if def.reloadIfChanged then ''
             X-ReloadIfChanged=true