From 7d7127da1ebd477f7de03db98a4e466073e9d532 Mon Sep 17 00:00:00 2001
From: D Anzorge <d.anzorge@gmail.com>
Date: Wed, 16 Jun 2021 01:19:05 +0200
Subject: [PATCH] nix: use escapeShellArg for vars in wrapper scripts

---
 nix/module.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nix/module.nix b/nix/module.nix
index 27c45db5b..59afa75d3 100644
--- a/nix/module.nix
+++ b/nix/module.nix
@@ -42,8 +42,8 @@ let
 
   loadEnv = (pkgs.writeScript "load-bookwyrm-env" ''
     #!/usr/bin/env bash
-    ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: v: "export ${n}='${v}'") env)}
-    ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: v: ''export ${n}="$(cat '${v}')"'')  envSecrets)} 
+    ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: v: "export ${n}=${lib.escapeShellArg v}") env)}
+    ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: v: ''export ${n}="$(cat ${lib.escapeShellArg v})"'')  envSecrets)} 
   '');
   bookwyrmManageScript = (pkgs.writeScriptBin "bookwyrm-manage" ''
     #!/usr/bin/env bash