security-wrapper: link old wrapper dir to new one

This makes setuid wrappers not fail after upgrading.

references #23641, #22914, #19862, #16654

1 files changed, 12 insertions, 2 deletions

diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix
index 65d875c3a375..c051b7d49e3f 100644
--- a/nixos/modules/security/wrappers/default.nix
+++ b/nixos/modules/security/wrappers/default.nix
@@ -179,21 +179,31 @@ in
 
           # Remove the old /var/setuid-wrappers path from the system...
           #
-          # TODO: this is only necessary for ugprades 16.09 => 17.x;
+          # TODO: this is only necessary for upgrades 16.09 => 17.x;
           # this conditional removal block needs to be removed after
           # the release.
           if [ -d /var/setuid-wrappers ]; then
             rm -rf /var/setuid-wrappers
+            ln -s /run/wrappers/bin /var/setuid-wrappers
           fi
 
           # Remove the old /run/setuid-wrappers-dir path from the
           # system as well...
           #
-          # TODO: this is only necessary for ugprades 16.09 => 17.x;
+          # TODO: this is only necessary for upgrades 16.09 => 17.x;
           # this conditional removal block needs to be removed after
           # the release.
           if [ -d /run/setuid-wrapper-dirs ]; then
             rm -rf /run/setuid-wrapper-dirs
+            ln -s /run/wrappers/bin /run/setuid-wrapper-dirs
+          fi
+
+          # TODO: this is only necessary for upgrades 16.09 => 17.x;
+          # this conditional removal block needs to be removed after
+          # the release.
+          if readlink -f /run/booted-system | grep nixos-17 > /dev/null; then
+            rm -rf /run/setuid-wrapper-dirs
+            rm -rf /var/setuid-wrappers
           fi
 
           # We want to place the tmpdirs for the wrappers to the parent dir.