launchd+targets/darwin: Escape XML in plists (#7356)

This patch updates all usage of toPlist such that it escapes any strings in the final output. The motication for this change is to avoid confusion when end-users of home-manager's APIs are not aware that the option values they set end up being passed un-escaped to XML files. BREAKING CHANGE: Consumers doing manual escaping will now be doubly escaped. Co-authored-by: Linnnus <linnnus@users.noreply.github.com>
2025-11-08 19:46:05 +01:00 · 2025-08-09 18:22:08 +02:00 · 2025-08-09 18:22:08 +02:00 · 3ec1cd9a07
commit 3ec1cd9a07
parent cc2fa2331a
8 changed files with 35 additions and 4 deletions
--- a/modules/launchd/default.nix
+++ b/modules/launchd/default.nix
@ -43,7 +43,7 @@ let
      };
    };

-  toAgent = config: pkgs.writeText "${config.Label}.plist" (toPlist { } config);
+  toAgent = config: pkgs.writeText "${config.Label}.plist" (toPlist { escape = true; } config);

  agentPlists = lib.mapAttrs' (n: v: lib.nameValuePair "${v.config.Label}.plist" (toAgent v.config)) (
    lib.filterAttrs (n: v: v.enable) cfg.agents
--- a/modules/launchd/launchd.nix
+++ b/modules/launchd/launchd.nix
@ -155,6 +155,18 @@ in
        This key maps to the second argument of `execvp(3)`.  This key is required in the absence of the Program
        key. Please note: many people are confused by this key. Please read `execvp(3)` very carefully!
      '';
+      # TODO: Remove this some time after 25.01.
+      apply =
+        value:
+        if value != null then
+          map (
+            item:
+            lib.warnIf (lib.hasInfix "&amp;" item)
+              "A value for `ProgramArguments` contains the literal string `&amp;`. This is no longer necessary and will lead to double-escaping, as home-manager now automatically escapes special characters."
+              item
+          ) value
+        else
+          value;
    };

    EnableGlobbing = mkOption {
--- a/modules/misc/news/2025/07/2025-07-01_22-15-34.nix
+++ b/modules/misc/news/2025/07/2025-07-01_22-15-34.nix
@ -0,0 +1,13 @@
+{ pkgs, ... }:
+{
+  time = "2025-07-01T20:15:34+00:00";
+  condition = pkgs.stdenv.hostPlatform.isDarwin;
+  message = ''
+    XML characters are escaped for 'targets.darwin.keybindings' and 'launchd.agents.<name>'.
+
+    Special characters used in strings passed to  'targets.darwin.keybindings'
+    and 'launchd.agents.<name>' are now escaped before being included in the
+    generated plist files. If you were doing manual escaping you will need to
+    stop to avoid double escaping.
+  '';
+}
--- a/modules/targets/darwin/keybindings.nix
+++ b/modules/targets/darwin/keybindings.nix
@ -8,7 +8,9 @@
 let
  cfg = config.targets.darwin;
  homeDir = config.home.homeDirectory;
-  confFile = pkgs.writeText "DefaultKeybinding.dict" (lib.generators.toPlist { } cfg.keybindings);
+  confFile = pkgs.writeText "DefaultKeybinding.dict" (
+    lib.generators.toPlist { escape = true; } cfg.keybindings
+  );
 in
 {
  options.targets.darwin.keybindings = lib.mkOption {
--- a/modules/targets/darwin/user-defaults/default.nix
+++ b/modules/targets/darwin/user-defaults/default.nix
@ -11,7 +11,8 @@ let
  mkActivationCmds =
    isLocal: settings:
    let
-      toDefaultsFile = domain: attrs: pkgs.writeText "${domain}.plist" (lib.generators.toPlist { } attrs);
+      toDefaultsFile =
+        domain: attrs: pkgs.writeText "${domain}.plist" (lib.generators.toPlist { escape = true; } attrs);

      cliFlags = lib.optionalString isLocal "-currentHost";

--- a/tests/modules/launchd/agents.nix
+++ b/tests/modules/launchd/agents.nix
@ -14,6 +14,7 @@
        };
        ProcessType = "Background";
        UnrecognizedByHomeManager = "should make it to the resulting plist";
+        "\"Special\" characters" = "<should be escaped>";
      };
    };

--- a/tests/modules/launchd/expected-agent.plist
+++ b/tests/modules/launchd/expected-agent.plist
@ -2,6 +2,8 @@
 <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
+	<key>&quot;Special&quot; characters</key>
+	<string>&lt;should be escaped&gt;</string>
 	<key>KeepAlive</key>
 	<dict>
 		<key>Crashed</key>
--- a/tests/modules/services/macos-remap-keys/basic-agent.plist
+++ b/tests/modules/services/macos-remap-keys/basic-agent.plist
@ -14,7 +14,7 @@
 		<string>/usr/bin/hidutil</string>
 		<string>property</string>
 		<string>--set</string>
-		<string>{ "UserKeyMapping": [ { "HIDKeyboardModifierMappingSrc": 0x700000039, "HIDKeyboardModifierMappingDst": 0x70000002A } ] }</string>
+		<string>{ &quot;UserKeyMapping&quot;: [ { &quot;HIDKeyboardModifierMappingSrc&quot;: 0x700000039, &quot;HIDKeyboardModifierMappingDst&quot;: 0x70000002A } ] }</string>
 	</array>
 	<key>RunAtLoad</key>
 	<true/>