nixos: add functions and documentation for escaping systemd Exec* directives

it's really easy to accidentally write the wrong systemd Exec* directive, ones that works most of the time but fails when users include systemd metacharacters in arguments that are interpolated into an Exec* directive. add a few functions analogous to escapeShellArg{,s} and some documentation on how and when to use them.
2025-06-10 03:23:29 +03:00 · 2022-01-09 08:46:55 +01:00 · 2022-01-09 08:46:55 +01:00 · 40a35299fa
commit 40a35299fa
parent 74f542c42e
6 changed files with 157 additions and 0 deletions
--- a/nixos/lib/utils.nix
+++ b/nixos/lib/utils.nix
@ -45,6 +45,26 @@ rec {
   replaceChars ["/" "-" " "] ["-" "\\x2d" "\\x20"]
   (removePrefix "/" s);

+  # Quotes an argument for use in Exec* service lines.
+  # systemd accepts "-quoted strings with escape sequences, toJSON produces
+  # a subset of these.
+  # Additionally we escape % to disallow expansion of % specifiers. Any lone ;
+  # in the input will be turned it ";" and thus lose its special meaning.
+  # Every $ is escaped to $$, this makes it unnecessary to disable environment
+  # substitution for the directive.
+  escapeSystemdExecArg = arg:
+    let
+      s = if builtins.isPath arg then "${arg}"
+        else if builtins.isString arg then arg
+        else if builtins.isInt arg || builtins.isFloat arg then toString arg
+        else throw "escapeSystemdExecArg only allows strings, paths and numbers";
+    in
+      replaceChars [ "%" "$" ] [ "%%" "$$" ] (builtins.toJSON s);
+
+  # Quotes a list of arguments into a single string for use in a Exec*
+  # line.
+  escapeSystemdExecArgs = concatMapStringsSep " " escapeSystemdExecArg;
+
  # Returns a system path for a given shell package
  toShellPath = shell:
    if types.shellPackage.check shell then