New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kdesu: provide a script in bin and look for daemon first in /run/wrappers/bin #93306
Conversation
One still has to add something like the following in the system configuration in order to be able to use the security.wrappers.kdesud = {
source = "${pkgs.kdesu}/libexec/kf5/kdesud";
setgid = true;
}; |
@@ -0,0 +1,38 @@ | |||
From 01af4d2a098e5819c09bca37568941dcd4b89d0b Mon Sep 17 00:00:00 2001 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please create a directory for kdesu
in kde-frameworks
and move this patch there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
@@ -11,4 +11,5 @@ mkDerivation { | |||
buildInputs = [ kcoreaddons ki18n kpty kservice qtbase ]; | |||
propagatedBuildInputs = [ kpty ]; | |||
outputs = [ "out" "dev" ]; | |||
patches = [ ./kdesu-search-for-wrapped-daemon-first.patch ]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please move this file to .../kde-frameworks/kdesu/default.nix
and update kde-frameworks/default.nix
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
cat > $out/bin/kdesu <<EOF | ||
#! /bin/sh -e | ||
export PATH="\''${PATH}:${kinit}/bin" | ||
exec -a "\$0" $out/libexec/kf5/kdesu "\$@" | ||
EOF | ||
chmod +x $out/bin/kdesu |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The preferred way to do this is:
cat > $out/bin/kdesu <<EOF | |
#! /bin/sh -e | |
export PATH="\''${PATH}:${kinit}/bin" | |
exec -a "\$0" $out/libexec/kf5/kdesu "\$@" | |
EOF | |
chmod +x $out/bin/kdesu | |
makeWrapper $out/libexec/kf5/kdesu $out/bin/kdesu \ | |
--suffix PATH : ${lib.getBin kinit}/bin |
This requires makeWrapper
in nativeBuildInputs
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have wrapped kdesu
in libexec
and then created a symbolic link to the wrapper in bin
.
If looking first in libexec, the eventually wrapped one in /run/wrappers/bin can not be found. This allows wrapping the daemon so that it can be run with sgid privileges.
Changed to avoid double wrapping |
@ttuegel can this be merged? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me!
Thanks! 😃 |
Motivation for this change
If looking for the
kdesud
first inlibexec
, the eventually wrapped one in/run/wrappers/bin
can not be found. With this change it becomes possible to use a wrapped version of the daemon.Also a shell script is installed at ${plasma-5.kde-cli-tools}/bin/
to ease launching
kdesu`.Fixes #28426.
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)