xscreensaver: add suid wrapper patch

This adds a patch for XScreenSaver that ensures that the suid wrapper for xscreensaver-auth is run correctly. The patch is a simple update to drivers/xscreensaver.c that inserts /run/wrappers/bin before the DEFAULT_PATH_PREFIX, which is the directory for xscreensaver hacks/demos, and should be preserved. The wrapper directory can be modified in the derivation, or even disabled. Co-authored-by: Anderson Torres <torres.anderson.85@protonmail.com>
author: Chris Marchesi <chrism@vancluevertech.com> 2023-11-23 12:29:34 -0800
committer: Anderson Torres <torres.anderson.85@protonmail.com> 2023-11-24 08:53:00 -0300
commit: 2034ea01b9edb411ed5f08acf8a2e4f8af763734 (patch)
tree: 3c47bb3bba26c0899ad2dbb385323c3df8fcf3ef /pkgs/by-name
parent: 45c702624754d2fa8d7367c181ed0f6cd9f1cf8e (diff)
download: nixlib-2034ea01b9edb411ed5f08acf8a2e4f8af763734.tar
nixlib-2034ea01b9edb411ed5f08acf8a2e4f8af763734.tar.gz
nixlib-2034ea01b9edb411ed5f08acf8a2e4f8af763734.tar.bz2
nixlib-2034ea01b9edb411ed5f08acf8a2e4f8af763734.tar.lz
nixlib-2034ea01b9edb411ed5f08acf8a2e4f8af763734.tar.xz
nixlib-2034ea01b9edb411ed5f08acf8a2e4f8af763734.tar.zst
nixlib-2034ea01b9edb411ed5f08acf8a2e4f8af763734.zip
2 files changed, 51 insertions, 0 deletions
diff --git a/pkgs/by-name/xs/xscreensaver/package.nix b/pkgs/by-name/xs/xscreensaver/package.nix
index 2f4af30ff304..ba946305425f 100644
--- a/pkgs/by-name/xs/xscreensaver/package.nix
+++ b/pkgs/by-name/xs/xscreensaver/package.nix
@@ -26,6 +26,9 @@
 , systemd
 , forceInstallAllHacks ? true
 , withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd
+, nixosTests
+, substituteAll
+, wrapperPrefix ? "/run/wrappers/bin"
 }:
 
 stdenv.mkDerivation (finalAttrs: {
@@ -75,6 +78,13 @@ stdenv.mkDerivation (finalAttrs: {
     popd
   '';
 
+  patches = [
+    (substituteAll {
+      src = ./xscreensaver-wrapper-prefix.patch;
+      inherit wrapperPrefix;
+    })
+  ];
+
   preConfigure = ''
     # Fix installation paths for GTK resources.
     sed -e 's%@GTK_DATADIR@%@datadir@% ; s%@PO_DATADIR@%@datadir@%' \
@@ -105,6 +115,10 @@ stdenv.mkDerivation (finalAttrs: {
     cp -f $(find hacks -type f -perm -111 "!" -name "*.*" ) "$out/libexec/xscreensaver"
   '';
 
+  passthru.tests = {
+    xscreensaver = nixosTests.xscreensaver;
+  };
+
   meta = {
     homepage = "https://www.jwz.org/xscreensaver/";
     description = "A set of screensavers";
diff --git a/pkgs/by-name/xs/xscreensaver/xscreensaver-wrapper-prefix.patch b/pkgs/by-name/xs/xscreensaver/xscreensaver-wrapper-prefix.patch
new file mode 100644
index 000000000000..892924b560b7
--- /dev/null
+++ b/pkgs/by-name/xs/xscreensaver/xscreensaver-wrapper-prefix.patch
@@ -0,0 +1,37 @@
+--- a/driver/xscreensaver.c
++++ b/driver/xscreensaver.c
+@@ -253,6 +253,8 @@
+ #undef MAX
+ #define MAX(x,y)((x)>(y)?(x):(y))
+ 
++/* Define the default wrapper prefix here, for NixOS */
++#define NIXOS_WRAPPER_PREFIX "@wrapperPrefix@"
+ 
+ /* Globals used in this file.
+  */
+@@ -632,12 +634,24 @@ handle_sigchld (Display *dpy, Bool blanked_p)
+ static void
+ hack_environment (void)
+ {
++  static const char *wrapper_path = NIXOS_WRAPPER_PREFIX;
+   static const char *def_path = DEFAULT_PATH_PREFIX;
+   const char *opath = getenv("PATH");
+   char *npath;
+   if (! opath) opath = "/bin:/usr/bin";  /* WTF */
+-  npath = (char *) malloc(strlen(def_path) + strlen(opath) + 20);
++  /* NOTE: The NixOS patch adds extra margin than what would be expected for a
++     single extra ":" PATH separator to account for UTF-32 encoding. The
++     original 20 bytes would have only accounted for UTF-16 safely (the path
++     concatenation would have needed 28 bytes of margin at minimum for UTF-32).
++   */
++  npath = (char *) malloc(strlen(wrapper_path) + strlen(def_path) + strlen(opath) + 32);
+   strcpy (npath, "PATH=");
++  if (wrapper_path && *wrapper_path)
++    {
++      strcat (npath, wrapper_path);
++      strcat (npath, ":");
++    }
++
+   strcat (npath, def_path);
+   strcat (npath, ":");
+   strcat (npath, opath);
author	Chris Marchesi <chrism@vancluevertech.com>	2023-11-23 12:29:34 -0800
committer	Anderson Torres <torres.anderson.85@protonmail.com>	2023-11-24 08:53:00 -0300
commit	2034ea01b9edb411ed5f08acf8a2e4f8af763734 (patch)
tree	3c47bb3bba26c0899ad2dbb385323c3df8fcf3ef /pkgs/by-name
parent	45c702624754d2fa8d7367c181ed0f6cd9f1cf8e (diff)
download	nixlib-2034ea01b9edb411ed5f08acf8a2e4f8af763734.tar nixlib-2034ea01b9edb411ed5f08acf8a2e4f8af763734.tar.gz nixlib-2034ea01b9edb411ed5f08acf8a2e4f8af763734.tar.bz2 nixlib-2034ea01b9edb411ed5f08acf8a2e4f8af763734.tar.lz nixlib-2034ea01b9edb411ed5f08acf8a2e4f8af763734.tar.xz nixlib-2034ea01b9edb411ed5f08acf8a2e4f8af763734.tar.zst nixlib-2034ea01b9edb411ed5f08acf8a2e4f8af763734.zip