antidote / oh-my-zsh: improve escaping of shell arguments

[Zocker1999NET]

Description

This pull request improves the handling of shell arguments in the Antidote and Oh My Zsh Home Manager modules by ensuring all relevant file paths and arguments are properly shell-escaped.

Checklist

• Change is backwards compatible.

• Code formatted with nix fmt or
  nix-shell -p treefmt nixfmt deadnix keep-sorted nixf-diagnose --run treefmt.

• Code tested through nix run .#tests -- test-all or
  nix-shell --pure tests -A run.all.

• Test cases updated/added. See example.

• Commit messages are formatted like

  {component}: {description}
  
  {long description}
  

  See CONTRIBUTING for more information and recent commit messages for examples.

• If this PR adds a new module

  • Added myself as module maintainer. See example.
  • Generate a news entry. See News
  • Basic tests added. See Tests

• If this PR adds an exciting new feature or contains a breaking change.

  • Generate a news entry. See News

[khaneliman]

Some of these don't look like the placement is correct. It appears it would create escaped strings in the middle of stuff. Would be nice to have some tests around some of the generated values.

[Zocker1999NET]

It appears it would create escaped strings in the middle of stuff.

Do you mean stuff like ZSH=${escapeShellArg cfg.oh-my-zsh.package}/share/oh-my-zsh; which could be converted to ZSH="/nix/store/...-oh-my-zsh"/share/oh-my-zsh? That is intentional because most shells (including zsh) support that.

Or do you mean something else?

[khaneliman]

Yeah, just feels wrong to not escape the full path / variable and only part of it.

[rycee]

I'm inclined to say that it looks fine to me and maybe it should be considered idiomatic since it simplifies the code a bit.

[ellingtonjp]

This change breaks oh-my-zsh plugins. For example, this was previously working, but now breaks for me:

        oh-my-zsh = {
          enable = true;
          plugins = [
            "git"
            "vi-mode"
          ];
        };

With the following:

error:
       … while calling the 'derivationStrict' builtin
         at <nix/derivation-internal.nix>:37:12:
           36|
           37|   strict = derivationStrict drvAttrs;
             |            ^
           38|

       … while evaluating derivation 'darwin-system-26.05.06648f4'
         whose name attribute is located at /nix/store/f9zw9nsp96n5zlfr2cwl8msrd1mfbzm1-source/pkgs/stdenv/generic/make-derivation.nix:541:11

       … while evaluating attribute 'activationScript' of derivation 'darwin-system-26.05.06648f4'
         at /nix/store/jz2wwz18fnladl35z2bc4406fl9w5ifw-source/modules/system/default.nix:89:7:
           88|
           89|       activationScript = cfg.activationScripts.script.text;
             |       ^
           90|

       … while evaluating the option `system.activationScripts.script.text':

       … while evaluating definitions from `/nix/store/jz2wwz18fnladl35z2bc4406fl9w5ifw-source/modules/system/activation-scripts.nix':

       … while evaluating the option `system.activationScripts.postActivation.text':

       … while evaluating definitions from `/nix/store/hd2d4d2bw34ay6js0w4yp7vz8q2b6b16-source/nix-darwin':

       … while evaluating the option `home-manager.users.jon.home.file."./.zshrc".source':

       … while evaluating definitions from `/nix/store/hd2d4d2bw34ay6js0w4yp7vz8q2b6b16-source/modules/files.nix':

       … while evaluating the option `home-manager.users.jon.home.file."./.zshrc".text':

       … while evaluating definitions from `/nix/store/hd2d4d2bw34ay6js0w4yp7vz8q2b6b16-source/modules/programs/zsh':

       … while evaluating the option `home-manager.users.jon.programs.zsh.initContent':

       (stack trace truncated; use '--show-trace' to show the full, detailed trace)

       error: expected a list but found a string: "git vi-mode"
       ```

[Zocker1999NET]

@ellingtonjp Oh, sorry. Thanks for giving the error message, I tracked the issue down & will immediately create a 2nd PR

[ooojustin]

This change also stopped env vars like $HOME from working in oh-my-zsh.custom / theme paths, I opened a follow-up in #9095