diff options
| author | adisbladis <adisbladis@gmail.com> | 2020-05-27 18:10:10 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-27 18:10:10 +0200 |
| commit | feb02812b43919e69fc9b8992f4e1a684136b23c (patch) | |
| tree | 518e11d7d8c781866999d9d059c4f702a15c72b0 /pkgs/tools/security | |
| parent | 1c8f4ec3a75dc45a4ad24c6b9c97d31e82ac7c7f (diff) | |
| parent | 82f897333a1d2e10ae2d1661f8313c493836d334 (diff) | |
| download | nixlib-feb02812b43919e69fc9b8992f4e1a684136b23c.tar nixlib-feb02812b43919e69fc9b8992f4e1a684136b23c.tar.gz nixlib-feb02812b43919e69fc9b8992f4e1a684136b23c.tar.bz2 nixlib-feb02812b43919e69fc9b8992f4e1a684136b23c.tar.lz nixlib-feb02812b43919e69fc9b8992f4e1a684136b23c.tar.xz nixlib-feb02812b43919e69fc9b8992f4e1a684136b23c.tar.zst nixlib-feb02812b43919e69fc9b8992f4e1a684136b23c.zip | |
Merge pull request #89005 from cole-h/doas
doas: add NixOS binary dirs to safe PATH
Diffstat (limited to 'pkgs/tools/security')
| -rw-r--r-- | pkgs/tools/security/doas/0001-add-NixOS-specific-dirs-to-safe-PATH.patch | 24 | ||||
| -rw-r--r-- | pkgs/tools/security/doas/default.nix | 6 |
2 files changed, 30 insertions, 0 deletions
diff --git a/pkgs/tools/security/doas/0001-add-NixOS-specific-dirs-to-safe-PATH.patch b/pkgs/tools/security/doas/0001-add-NixOS-specific-dirs-to-safe-PATH.patch new file mode 100644 index 000000000000..d1a1997ba1f6 --- /dev/null +++ b/pkgs/tools/security/doas/0001-add-NixOS-specific-dirs-to-safe-PATH.patch @@ -0,0 +1,24 @@ +From 9218347b8f833ab05d016dfba5617dcdeb59eb7b Mon Sep 17 00:00:00 2001 +From: Cole Helbling <cole.e.helbling@outlook.com> +Date: Wed, 27 May 2020 08:02:57 -0700 +Subject: [PATCH] add NixOS-specific dirs to safe PATH + +--- + doas.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/doas.c b/doas.c +index e253905..2fdb20f 100644 +--- a/doas.c ++++ b/doas.c +@@ -234,6 +234,7 @@ int + main(int argc, char **argv) + { + const char *safepath = "/bin:/sbin:/usr/bin:/usr/sbin:" ++ "/run/current-system/sw/bin:/run/current-system/sw/sbin:/run/wrappers/bin:" + "/usr/local/bin:/usr/local/sbin"; + const char *confpath = NULL; + char *shargv[] = { NULL, NULL }; +-- +2.26.2 + diff --git a/pkgs/tools/security/doas/default.nix b/pkgs/tools/security/doas/default.nix index 8cc9017a8fea..baa2fc301a89 100644 --- a/pkgs/tools/security/doas/default.nix +++ b/pkgs/tools/security/doas/default.nix @@ -26,6 +26,12 @@ stdenv.mkDerivation rec { "--pamdir=${placeholder "out"}/etc/pam.d" ]; + patches = [ + # Allow doas to discover binaries in /run/current-system/sw/{s,}bin and + # /run/wrappers/bin + ./0001-add-NixOS-specific-dirs-to-safe-PATH.patch + ]; + postPatch = '' sed -i '/\(chown\|chmod\)/d' bsd.prog.mk ''; |