nix-community/home-manager
1
0
Fork 0
mirror of https://github.com/nix-community/home-manager.git synced 2025-11-08 19:46:05 +01:00
Code Activity

launchd+targets/darwin: Escape XML in plists (#7356)

Browse source 
This patch updates all usage of toPlist such that it escapes any strings
in the final output.

The motication for this change is to avoid confusion when end-users of
home-manager's APIs are not aware that the option values they set end up
being passed un-escaped to XML files.

BREAKING CHANGE: Consumers doing manual escaping will now be doubly escaped.

Co-authored-by: Linnnus <linnnus@users.noreply.github.com>
This commit is contained in:
lignus 2025-08-09 18:22:08 +02:00 committed by GitHub
parent cc2fa2331a
commit 3ec1cd9a07
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 35 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/launchd/default.nix
View file

@ -43,7 +43,7 @@ let
}; };
}; };
toAgent = config: pkgs.writeText "${config.Label}.plist" (toPlist { } config); toAgent = config: pkgs.writeText "${config.Label}.plist" (toPlist { escape = true; } config);
agentPlists = lib.mapAttrs' (n: v: lib.nameValuePair "${v.config.Label}.plist" (toAgent v.config)) ( agentPlists = lib.mapAttrs' (n: v: lib.nameValuePair "${v.config.Label}.plist" (toAgent v.config)) (
lib.filterAttrs (n: v: v.enable) cfg.agents lib.filterAttrs (n: v: v.enable) cfg.agents

12
modules/launchd/launchd.nix
View file

@ -155,6 +155,18 @@ in
This key maps to the second argument of `execvp(3)`. This key is required in the absence of the Program This key maps to the second argument of `execvp(3)`. This key is required in the absence of the Program
key. Please note: many people are confused by this key. Please read `execvp(3)` very carefully! key. Please note: many people are confused by this key. Please read `execvp(3)` very carefully!
''; '';
# TODO: Remove this some time after 25.01.
apply =
value:
if value != null then
map (
item:
lib.warnIf (lib.hasInfix "&amp;" item)
"A value for `ProgramArguments` contains the literal string `&amp;`. This is no longer necessary and will lead to double-escaping, as home-manager now automatically escapes special characters."
item
) value
else
value;
}; };
EnableGlobbing = mkOption { EnableGlobbing = mkOption {

13
modules/misc/news/2025/07/2025-07-01_22-15-34.nix Normal file
View file

@ -0,0 +1,13 @@
{ pkgs, ... }:
{
time = "2025-07-01T20:15:34+00:00";
condition = pkgs.stdenv.hostPlatform.isDarwin;
message = ''
XML characters are escaped for 'targets.darwin.keybindings' and 'launchd.agents.<name>'.
Special characters used in strings passed to 'targets.darwin.keybindings'
and 'launchd.agents.<name>' are now escaped before being included in the
generated plist files. If you were doing manual escaping you will need to
stop to avoid double escaping.
'';
}

4
modules/targets/darwin/keybindings.nix
View file

@ -8,7 +8,9 @@
let let
cfg = config.targets.darwin; cfg = config.targets.darwin;
homeDir = config.home.homeDirectory; homeDir = config.home.homeDirectory;
confFile = pkgs.writeText "DefaultKeybinding.dict" (lib.generators.toPlist { } cfg.keybindings); confFile = pkgs.writeText "DefaultKeybinding.dict" (
lib.generators.toPlist { escape = true; } cfg.keybindings
);
in in
{ {
options.targets.darwin.keybindings = lib.mkOption { options.targets.darwin.keybindings = lib.mkOption {

3
modules/targets/darwin/user-defaults/default.nix
View file

@ -11,7 +11,8 @@ let
mkActivationCmds = mkActivationCmds =
isLocal: settings: isLocal: settings:
let let
toDefaultsFile = domain: attrs: pkgs.writeText "${domain}.plist" (lib.generators.toPlist { } attrs); toDefaultsFile =
domain: attrs: pkgs.writeText "${domain}.plist" (lib.generators.toPlist { escape = true; } attrs);
cliFlags = lib.optionalString isLocal "-currentHost"; cliFlags = lib.optionalString isLocal "-currentHost";

1
tests/modules/launchd/agents.nix
View file

@ -14,6 +14,7 @@
}; };
ProcessType = "Background"; ProcessType = "Background";
UnrecognizedByHomeManager = "should make it to the resulting plist"; UnrecognizedByHomeManager = "should make it to the resulting plist";
"\"Special\" characters" = "<should be escaped>";
}; };
}; };

2
tests/modules/launchd/expected-agent.plist
View file

@ -2,6 +2,8 @@
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0"> <plist version="1.0">
<dict> <dict>
<key>&quot;Special&quot; characters</key>
<string>&lt;should be escaped&gt;</string>
<key>KeepAlive</key> <key>KeepAlive</key>
<dict> <dict>
<key>Crashed</key> <key>Crashed</key>

2
tests/modules/services/macos-remap-keys/basic-agent.plist
View file

@ -14,7 +14,7 @@
<string>/usr/bin/hidutil</string> <string>/usr/bin/hidutil</string>
<string>property</string> <string>property</string>
<string>--set</string> <string>--set</string>
<string>{ "UserKeyMapping": [ { "HIDKeyboardModifierMappingSrc": 0x700000039, "HIDKeyboardModifierMappingDst": 0x70000002A } ] }</string> <string>{ &quot;UserKeyMapping&quot;: [ { &quot;HIDKeyboardModifierMappingSrc&quot;: 0x700000039, &quot;HIDKeyboardModifierMappingDst&quot;: 0x70000002A } ] }</string>
</array> </array>
<key>RunAtLoad</key> <key>RunAtLoad</key>
<true/> <true/>