Merge pull request #47554 from dtzWill/update/light-1.2

light: 1.1.2 -> 1.2, use new udev support instead of setuid wrapper.

2 files changed, 11 insertions, 2 deletions

diff --git a/nixos/doc/manual/release-notes/rl-1903.xml b/nixos/doc/manual/release-notes/rl-1903.xml
index 1f26d4765b97..9cb5b93f27cb 100644
--- a/nixos/doc/manual/release-notes/rl-1903.xml
+++ b/nixos/doc/manual/release-notes/rl-1903.xml
@@ -105,6 +105,14 @@
      <varname>rabbitmq-server</varname>.
     </para>
    </listitem>
+   <listitem>
+     <para>
+       The <literal>light</literal> module no longer uses setuid binaries, but
+       udev rules. As a consequence users of that module have to belong to the
+       <literal>video</literal> group in order to use the executable
+       (i.e. <literal>users.users.yourusername.extraGroups = ["video"];</literal>).
+     </para>
+   </listitem>
   </itemizedlist>
  </section>
 
diff --git a/nixos/modules/programs/light.nix b/nixos/modules/programs/light.nix
index 6f8c389acc97..9f2a03e7e763 100644
--- a/nixos/modules/programs/light.nix
+++ b/nixos/modules/programs/light.nix
@@ -13,7 +13,8 @@ in
         default = false;
         type = types.bool;
         description = ''
-          Whether to install Light backlight control with setuid wrapper.
+          Whether to install Light backlight control command
+          and udev rules granting access to members of the "video" group.
         '';
       };
     };
@@ -21,6 +22,6 @@ in
 
   config = mkIf cfg.enable {
     environment.systemPackages = [ pkgs.light ];
-    security.wrappers.light.source = "${pkgs.light.out}/bin/light";
+    services.udev.packages = [ pkgs.light ];
   };
 }