kdesu: provide a script in bin and look for daemon first in /run/wrappers/bin #93306
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
One still has to add something like the following in the system configuration in order to be able to use the security.wrappers.kdesud = {
source = "${pkgs.kdesu}/libexec/kf5/kdesud";
setgid = true;
}; |
ttuegel
requested changes
Jul 19, 2020
| @@ -0,0 +1,38 @@ | |||
| From 01af4d2a098e5819c09bca37568941dcd4b89d0b Mon Sep 17 00:00:00 2001 | |||
There was a problem hiding this comment.
Please create a directory for kdesu in kde-frameworks and move this patch there.
| @@ -11,4 +11,5 @@ mkDerivation { | |||
| buildInputs = [ kcoreaddons ki18n kpty kservice qtbase ]; | |||
| propagatedBuildInputs = [ kpty ]; | |||
| outputs = [ "out" "dev" ]; | |||
| patches = [ ./kdesu-search-for-wrapped-daemon-first.patch ]; | |||
There was a problem hiding this comment.
Please move this file to .../kde-frameworks/kdesu/default.nix and update kde-frameworks/default.nix.
ttuegel
reviewed
Jul 20, 2020
Comment on lines
15
to
20
| cat > $out/bin/kdesu <<EOF | ||
| #! /bin/sh -e | ||
| export PATH="\''${PATH}:${kinit}/bin" | ||
| exec -a "\$0" $out/libexec/kf5/kdesu "\$@" | ||
| EOF | ||
| chmod +x $out/bin/kdesu |
There was a problem hiding this comment.
The preferred way to do this is:
Suggested change
| cat > $out/bin/kdesu <<EOF | |
| #! /bin/sh -e | |
| export PATH="\''${PATH}:${kinit}/bin" | |
| exec -a "\$0" $out/libexec/kf5/kdesu "\$@" | |
| EOF | |
| chmod +x $out/bin/kdesu | |
| makeWrapper $out/libexec/kf5/kdesu $out/bin/kdesu \ | |
| --suffix PATH : ${lib.getBin kinit}/bin |
This requires makeWrapper in nativeBuildInputs.
There was a problem hiding this comment.
I have wrapped kdesu in libexec and then created a symbolic link to the wrapper in bin.
If looking first in libexec, the eventually wrapped one in /run/wrappers/bin can not be found. This allows wrapping the daemon so that it can be run with sgid privileges.
|
Changed to avoid double wrapping |
|
@ttuegel can this be merged? |
|
Thanks! 😃 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation for this change
If looking for the
kdesudfirst inlibexec, the eventually wrapped one in/run/wrappers/bincan not be found. With this change it becomes possible to use a wrapped version of the daemon.Also a shell script is installed at ${plasma-5.kde-cli-tools}/bin/
to ease launchingkdesu`.Fixes #28426.
Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)nix path-info -Sbefore and after)