fix: make runSshNoTty fallible for system_features and escape bash variables

sabify · sabify · commit 454ad62d9341 · 2025-11-23T23:40:17.000-08:00
diff --git a/src/nixos-anywhere.sh b/src/nixos-anywhere.sh
@@ -1050,8 +1050,9 @@ SSH
 
   # Get system-features with a specific cpu architecture from the machine and add them to the installer
   if [[ -n ${flake} ]]; then
-    system_features=$(runSshNoTty -o ConnectTimeout=10 nix --extra-experimental-features 'nix-command' config show system-features 2>/dev/null || true)
-
+    system_features=$(runSshNoTty -o ConnectTimeout=10 nix --extra-experimental-features 'nix-command' config show system-features)
+    # Escape the bash variable for safe interpolation into Nix
+    system_features="$(printf '%s' "$system_features" | sed 's/\\/\\\\/g; s/"/\\"/g')"
     # First, try to evaluate all nix settings from the flake in one go
     nixConfContent=$(nix --extra-experimental-features 'nix-command flakes' eval --raw --apply "
       config:
@@ -1067,7 +1068,7 @@ SSH
             remoteFeaturesStr = \"${system_features}\";
             # Parse remote features string (space-separated) into list
             remoteFeaturesList = if remoteFeaturesStr != \"\" then
-              builtins.filter (x: x != \"\") (builtins.split \" +\" remoteFeaturesStr)
+              builtins.filter (x: builtins.isString x && x != \"\") (builtins.split \" +\" remoteFeaturesStr)
             else [];
           in remoteFeaturesList;
 
@@ -1096,7 +1097,10 @@ SSH
     if [[ -n ${nixConfContent} ]]; then
       runSsh sh <<SSH
 mkdir -p ~/.config/nix
-echo "${nixConfContent}" >> ~/.config/nix/nix.conf
+printf '%s\n' "\$(cat <<'CONTENT'
+${nixConfContent}
+CONTENT
+)" >> ~/.config/nix/nix.conf
 SSH
     fi
   fi
