From 612035c45f36cc089f0392875c31c7efa2cf608c Mon Sep 17 00:00:00 2001
From: Reno Reckling <exi@wthack.de>
Date: Sat, 30 Sep 2023 14:00:13 +0200
Subject: [PATCH] Fix broken genJqSecretsReplacementSnippet for jq 1.7
 (#257932)

jq 1.7 updated it's behaviour and now throws an error
if the first argument is an empty string. It now needs
"." to pass the input through.
---
 nixos/lib/utils.nix | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/nixos/lib/utils.nix b/nixos/lib/utils.nix
index 7ea9d6a5c71..e618cf2f861 100644
--- a/nixos/lib/utils.nix
+++ b/nixos/lib/utils.nix
@@ -177,6 +177,7 @@ rec {
   genJqSecretsReplacementSnippet' = attr: set: output:
     let
       secrets = recursiveGetAttrWithJqPrefix set attr;
+      stringOrDefault = str: def: if str == "" then def else str;
     in ''
       if [[ -h '${output}' ]]; then
         rm '${output}'
@@ -195,10 +196,12 @@ rec {
                (attrNames secrets))
     + "\n"
     + "${pkgs.jq}/bin/jq >'${output}' "
-    + lib.escapeShellArg (concatStringsSep
-      " | "
-      (imap1 (index: name: ''${name} = $ENV.secret${toString index}'')
-             (attrNames secrets)))
+    + lib.escapeShellArg (stringOrDefault
+          (concatStringsSep
+            " | "
+            (imap1 (index: name: ''${name} = $ENV.secret${toString index}'')
+                   (attrNames secrets)))
+          ".")
     + ''
        <<'EOF'
       ${builtins.toJSON set}