summary refs log tree commit diff
path: root/nixos/modules/security/wrappers
diff options
context:
space:
mode:
authorParnell Springmeyer <parnell@digitalmentat.com>2017-01-29 01:27:11 -0600
committerParnell Springmeyer <parnell@digitalmentat.com>2017-01-29 01:27:11 -0600
commit5077699605fae8840afe1a066a37412e7ea9206f (patch)
tree050729cd6afb3bb9cb4bf2a054f994d1950ab8ad /nixos/modules/security/wrappers
parent0707a3eaa2ce33e8f490fff474c168a33dc1b5f5 (diff)
downloadnixlib-5077699605fae8840afe1a066a37412e7ea9206f.tar
nixlib-5077699605fae8840afe1a066a37412e7ea9206f.tar.gz
nixlib-5077699605fae8840afe1a066a37412e7ea9206f.tar.bz2
nixlib-5077699605fae8840afe1a066a37412e7ea9206f.tar.lz
nixlib-5077699605fae8840afe1a066a37412e7ea9206f.tar.xz
nixlib-5077699605fae8840afe1a066a37412e7ea9206f.tar.zst
nixlib-5077699605fae8840afe1a066a37412e7ea9206f.zip
Derp derp
Diffstat (limited to 'nixos/modules/security/wrappers')
-rw-r--r--nixos/modules/security/wrappers/default.nix46
1 files changed, 22 insertions, 24 deletions
diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix
index b71e3d219855..a93db916fad8 100644
--- a/nixos/modules/security/wrappers/default.nix
+++ b/nixos/modules/security/wrappers/default.nix
@@ -1,9 +1,15 @@
 { config, lib, pkgs, ... }:
 let
 
-  inherit (config.security) wrapperDir;
+  inherit (config.security) wrapperDir wrappers setuidPrograms;
+
+  programs =
+    (map (x: { program = x; owner = "root"; group = "root"; setuid = true; })
+      setuidPrograms)
+      ++ lib.mapAttrsToList
+           (n: v: (if v ? "program" then v else v // {program=n;}))
+           wrappers;
 
-  wrappers  = config.security.wrappers;
   mkWrapper = { program, source ? null, ...}: ''
     if ! source=${if source != null then source else "$(readlink -f $(PATH=$WRAPPER_PATH type -tP ${program}))"}; then
         # If we can't find the program, fall back to the
@@ -21,7 +27,7 @@ let
     unpackPhase  = "true";
     installPhase = ''
       mkdir -p $out/bin
-      ${lib.concatMapStrings mkWrapper wrappers}
+      ${lib.concatMapStrings (builtins.map mkWrapper programs)}
     '';
   };
 
@@ -70,6 +76,18 @@ let
 
       chmod "u${if setuid then "+" else "-"}s,g${if setgid then "+" else "-"}s,${permissions}" $wrapperDir/${program}
     '';
+
+  mkWrappedPrograms =
+    builtins.map
+      (s: if (s ? "capabilities")
+          then mkSetcapProgram s
+          else if 
+             (s ? "setuid"  && s.setuid  == true) ||
+             (s ? "setguid" && s.setguid == true) ||
+             (s ? "permissions")
+          then mkSetuidProgram s
+          else ""
+      ) programs;
 in
 {
 
@@ -157,27 +175,7 @@ in
 
     ###### setcap activation script
     system.activationScripts.wrappers =
-      let
-        programs =
-          (map (x: { program = x; owner = "root"; group = "root"; setuid = true; })
-            config.security.setuidPrograms)
-            ++ lib.mapAttrsToList
-                 (n: v: (if v ? "program" then v else v // {program=n;}))
-                 wrappers;
-
-        mkWrappedPrograms =
-          builtins.map
-            (s: if (s ? "capabilities")
-                then mkSetcapProgram s
-                else if 
-                   (s ? "setuid"  && s.setuid  == true) ||
-                   (s ? "setguid" && s.setguid == true) ||
-                   (s ? "permissions")
-                then mkSetuidProgram s
-                else ""
-            ) programs;
-
-      in lib.stringAfter [ "users" ]
+      lib.stringAfter [ "users" ]
         ''
           # Look in the system path and in the default profile for
           # programs to be wrapped.