Unverified Commit afffa89e authored by Klemens Nanni's avatar Klemens Nanni Committed by GitHub
Browse files

ssh: Fix environment variable parsing (#177503) 

From systemctl(1)'s `show-environment`:
	[...] If no special characters or
	whitespace is present in the variable values, no escaping is
	performed, and the assignments have the form "VARIABLE=value". If
	whitespace or characters which have special meaning to the shell
	are present, dollar-single-quote escaping is used, and assignments
	have the form "VARIABLE=$'value'". [...]

`DISPLAY` is unlikely to require such escaping, but is still broken and
overly complicated.

Just rely on the fact that systemctl outputs line that are safe to be
interpreted by the shell.

Filter for `DISPLAY` and `eval` the output instead of trying to parse
just the value part and reassign it again.
parent d361bb4b

nixos/modules/programs/ssh.nix

+1 −3
Original line number Diff line number Diff line
@@ -13,9 +13,7 @@ let 


  askPasswordWrapper = pkgs.writeScript "ssh-askpass-wrapper" ''

    #! ${pkgs.runtimeShell} -e

    export DISPLAY="$(systemctl --user show-environment | ${pkgs.gnused}/bin/sed 's/^DISPLAY=\(.*\)/\1/; t; d')"

    export XAUTHORITY="$(systemctl --user show-environment | ${pkgs.gnused}/bin/sed 's/^XAUTHORITY=\(.*\)/\1/; t; d')"

    export WAYLAND_DISPLAY="$(systemctl --user show-environment | ${pkgs.gnused}/bin/sed 's/^WAYLAND_DISPLAY=\(.*\)/\1/; t; d')"

    eval export $(systemctl --user show-environment | ${pkgs.coreutils}/bin/grep -E '^(DISPLAY|WAYLAND_DISPLAY|XAUTHORITY)=')

    exec ${cfg.askPassword} "$@"

  '';