diff options
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/accountsservice')
5 files changed, 381 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/libraries/accountsservice/Disable-methods-that-change-files-in-etc.patch b/nixpkgs/pkgs/development/libraries/accountsservice/Disable-methods-that-change-files-in-etc.patch new file mode 100644 index 000000000000..acaccb8c8485 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/accountsservice/Disable-methods-that-change-files-in-etc.patch @@ -0,0 +1,130 @@ +From 6f172007452b39bfda5062fc29ea5382671ac16e Mon Sep 17 00:00:00 2001 +From: Alexander Ried <ried@mytum.de> +Date: Thu, 26 May 2016 19:54:21 +0200 +Subject: [PATCH] Disable methods that change files in /etc + +Only if environment variable NIXOS_USERS_PURE is set. +--- + src/daemon.c | 10 ++++++++++ + src/user.c | 35 +++++++++++++++++++++++++++++++++++ + 2 files changed, 45 insertions(+) + +diff --git a/src/daemon.c b/src/daemon.c +index e62e124..87459b2 100644 +--- a/src/daemon.c ++++ b/src/daemon.c +@@ -931,6 +931,11 @@ daemon_create_user (AccountsAccounts *accounts, + const gchar *real_name, + gint account_type) + { ++ if (getenv("NIXOS_USERS_PURE")) { ++ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); ++ return; ++ } ++ + Daemon *daemon = (Daemon*)accounts; + CreateUserData *data; + +@@ -1138,6 +1143,11 @@ daemon_delete_user (AccountsAccounts *accounts, + gint64 uid, + gboolean remove_files) + { ++ if (getenv("NIXOS_USERS_PURE")) { ++ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); ++ return; ++ } ++ + Daemon *daemon = (Daemon*)accounts; + DeleteUserData *data; + +diff --git a/src/user.c b/src/user.c +index 0fb1a17..dbdebaf 100644 +--- a/src/user.c ++++ b/src/user.c +@@ -904,6 +904,11 @@ user_set_real_name (AccountsUser *auser, + GDBusMethodInvocation *context, + const gchar *real_name) + { ++ if (getenv("NIXOS_USERS_PURE")) { ++ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); ++ return; ++ } ++ + User *user = (User*)auser; + int uid; + const gchar *action_id; +@@ -981,6 +986,11 @@ user_set_user_name (AccountsUser *auser, + GDBusMethodInvocation *context, + const gchar *user_name) + { ++ if (getenv("NIXOS_USERS_PURE")) { ++ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); ++ return; ++ } ++ + User *user = (User*)auser; + daemon_local_check_auth (user->daemon, + user, +@@ -1263,6 +1273,11 @@ user_set_home_directory (AccountsUser *auser, + GDBusMethodInvocation *context, + const gchar *home_dir) + { ++ if (getenv("NIXOS_USERS_PURE")) { ++ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); ++ return; ++ } ++ + User *user = (User*)auser; + daemon_local_check_auth (user->daemon, + user, +@@ -1322,6 +1337,11 @@ user_set_shell (AccountsUser *auser, + GDBusMethodInvocation *context, + const gchar *shell) + { ++ if (getenv("NIXOS_USERS_PURE")) { ++ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); ++ return; ++ } ++ + User *user = (User*)auser; + daemon_local_check_auth (user->daemon, + user, +@@ -1602,6 +1622,11 @@ user_set_locked (AccountsUser *auser, + GDBusMethodInvocation *context, + gboolean locked) + { ++ if (getenv("NIXOS_USERS_PURE")) { ++ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); ++ return; ++ } ++ + User *user = (User*)auser; + daemon_local_check_auth (user->daemon, + user, +@@ -1814,6 +1839,11 @@ user_set_password_mode (AccountsUser *auser, + GDBusMethodInvocation *context, + gint mode) + { ++ if (getenv("NIXOS_USERS_PURE")) { ++ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); ++ return; ++ } ++ + User *user = (User*)auser; + const gchar *action_id; + +@@ -1905,6 +1935,11 @@ user_set_password (AccountsUser *auser, + const gchar *password, + const gchar *hint) + { ++ if (getenv("NIXOS_USERS_PURE")) { ++ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); ++ return; ++ } ++ + User *user = (User*)auser; + gchar **data; + +-- +2.9.3 + diff --git a/nixpkgs/pkgs/development/libraries/accountsservice/default.nix b/nixpkgs/pkgs/development/libraries/accountsservice/default.nix new file mode 100644 index 000000000000..eb48aca80ee6 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/accountsservice/default.nix @@ -0,0 +1,89 @@ +{ stdenv +, fetchurl +, fetchpatch +, substituteAll +, pkgconfig +, glib +, shadow +, gobject-introspection +, polkit +, systemd +, coreutils +, meson +, dbus +, ninja +, python3 +, gettext +}: + +stdenv.mkDerivation rec { + pname = "accountsservice"; + version = "0.6.55"; + + outputs = [ "out" "dev" ]; + + src = fetchurl { + url = "https://www.freedesktop.org/software/${pname}/${pname}-${version}.tar.xz"; + sha256 = "16wwd633jak9ajyr1f1h047rmd09fhf3kzjz6g5xjsz0lwcj8azz"; + }; + + nativeBuildInputs = [ + dbus + gettext + gobject-introspection + meson + ninja + pkgconfig + python3 + ]; + + buildInputs = [ + glib + polkit + ]; + + mesonFlags = [ + "-Dadmin_group=wheel" + "-Dlocalstatedir=/var" + "-Dsystemdsystemunitdir=${placeholder "out"}/etc/systemd/system" + ]; + + postPatch = '' + chmod +x meson_post_install.py + patchShebangs meson_post_install.py + ''; + + patches = [ + (substituteAll { + src = ./fix-paths.patch; + inherit shadow coreutils; + }) + ./no-create-dirs.patch + ./Disable-methods-that-change-files-in-etc.patch + # Fixes https://github.com/NixOS/nixpkgs/issues/72396 + ./drop-prefix-check-extensions.patch + # Systemd unit improvements. Notably using StateDirectory eliminating the + # need of an ad-hoc script. + (fetchpatch { + url = "https://gitlab.freedesktop.org/accountsservice/accountsservice/commit/152b845bbd3ca2a64516691493a160825f1a2046.patch"; + sha256 = "114wrf5mwj5bgc5v1g05md4ridcnwdrwppr3bjz96sknwh5hk8s5"; + }) + (fetchpatch { + url = "https://gitlab.freedesktop.org/accountsservice/accountsservice/commit/0e712e935abd26499ff5995ab363e5bfd9ee7c4c.patch"; + sha256 = "1y60a5fmgfqjzprwpizilrazqn3mggdlgc5sgcpsprsp62fv78rl"; + }) + # Don't use etc/dbus-1/system.d + (fetchpatch { + url = "https://gitlab.freedesktop.org/accountsservice/accountsservice/commit/ced73d0fcbd2a54085a660d260482fc70d79bd5c.patch"; + sha256 = "0s7fknfgxl8hnf6givmhfg4586fjb2n64i9arh1w7xnq7x9x8d4c"; + }) + ]; + + meta = with stdenv.lib; { + description = "D-Bus interface for user account query and manipulation"; + homepage = https://www.freedesktop.org/wiki/Software/AccountsService; + license = licenses.gpl3; + maintainers = with maintainers; [ pSub ]; + platforms = with platforms; linux; + }; +} diff --git a/nixpkgs/pkgs/development/libraries/accountsservice/drop-prefix-check-extensions.patch b/nixpkgs/pkgs/development/libraries/accountsservice/drop-prefix-check-extensions.patch new file mode 100644 index 000000000000..4b5222c9552d --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/accountsservice/drop-prefix-check-extensions.patch @@ -0,0 +1,22 @@ +diff --git a/src/extensions.c b/src/extensions.c +index 038dcb2..830465d 100644 +--- a/src/extensions.c ++++ b/src/extensions.c +@@ -121,16 +121,7 @@ daemon_read_extension_directory (GHashTable *ifaces, + continue; + } + +- /* Ensure it looks like "../../dbus-1/interfaces/${name}" */ +- const gchar * const prefix = "../../dbus-1/interfaces/"; +- if (g_str_has_prefix (symlink, prefix) && g_str_equal (symlink + strlen (prefix), name)) { +- daemon_read_extension_file (ifaces, filename); +- } +- else { +- g_warning ("Found accounts service vendor extension symlink %s, but it must be exactly " +- "equal to '../../dbus-1/interfaces/%s' for forwards-compatibility reasons.", +- filename, name); +- } ++ daemon_read_extension_file (ifaces, filename); + } + + g_dir_close (dir); diff --git a/nixpkgs/pkgs/development/libraries/accountsservice/fix-paths.patch b/nixpkgs/pkgs/development/libraries/accountsservice/fix-paths.patch new file mode 100644 index 000000000000..0bf6ee3d91a5 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/accountsservice/fix-paths.patch @@ -0,0 +1,125 @@ +diff --git a/src/daemon.c b/src/daemon.c +index c52bda3..75d214e 100644 +--- a/src/daemon.c ++++ b/src/daemon.c +@@ -1106,7 +1106,7 @@ daemon_create_user_authorized_cb (Daemon *daemon, + + sys_log (context, "create user '%s'", cd->user_name); + +- argv[0] = "/usr/sbin/useradd"; ++ argv[0] = "@shadow@/bin/useradd"; + argv[1] = "-m"; + argv[2] = "-c"; + argv[3] = cd->real_name; +@@ -1318,7 +1318,7 @@ daemon_delete_user_authorized_cb (Daemon *daemon, + + user_set_saved (user, FALSE); + +- argv[0] = "/usr/sbin/userdel"; ++ argv[0] = "@shadow@/bin/userdel"; + if (ud->remove_files) { + argv[1] = "-f"; + argv[2] = "-r"; +diff --git a/src/user.c b/src/user.c +index 9f57af5..e65289d 100644 +--- a/src/user.c ++++ b/src/user.c +@@ -844,7 +844,7 @@ user_change_real_name_authorized_cb (Daemon *daemon, + accounts_user_get_uid (ACCOUNTS_USER (user)), + name); + +- argv[0] = "/usr/sbin/usermod"; ++ argv[0] = "@shadown@/bin/usermod"; + argv[1] = "-c"; + argv[2] = name; + argv[3] = "--"; +@@ -913,7 +913,7 @@ user_change_user_name_authorized_cb (Daemon *daemon, + accounts_user_get_uid (ACCOUNTS_USER (user)), + name); + +- argv[0] = "/usr/sbin/usermod"; ++ argv[0] = "@shadow@/bin/usermod"; + argv[1] = "-l"; + argv[2] = name; + argv[3] = "--"; +@@ -1321,7 +1321,7 @@ user_change_home_dir_authorized_cb (Daemon *daemon, + accounts_user_get_uid (ACCOUNTS_USER (user)), + home_dir); + +- argv[0] = "/usr/sbin/usermod"; ++ argv[0] = "@shadow@/bin/usermod"; + argv[1] = "-m"; + argv[2] = "-d"; + argv[3] = home_dir; +@@ -1378,7 +1378,7 @@ user_change_shell_authorized_cb (Daemon *daemon, + accounts_user_get_uid (ACCOUNTS_USER (user)), + shell); + +- argv[0] = "/usr/sbin/usermod"; ++ argv[0] = "@shadow@/bin/usermod"; + argv[1] = "-s"; + argv[2] = shell; + argv[3] = "--"; +@@ -1520,7 +1520,7 @@ user_change_icon_file_authorized_cb (Daemon *daemon, + return; + } + +- argv[0] = "/bin/cat"; ++ argv[0] = "@coreutils@/bin/cat"; + argv[1] = filename; + argv[2] = NULL; + +@@ -1601,7 +1601,7 @@ user_change_locked_authorized_cb (Daemon *daemon, + locked ? "locking" : "unlocking", + accounts_user_get_user_name (ACCOUNTS_USER (user)), + accounts_user_get_uid (ACCOUNTS_USER (user))); +- argv[0] = "/usr/sbin/usermod"; ++ argv[0] = "@shadow@/bin/usermod"; + argv[1] = locked ? "-L" : "-U"; + argv[2] = "--"; + argv[3] = accounts_user_get_user_name (ACCOUNTS_USER (user)); +@@ -1726,7 +1726,7 @@ user_change_account_type_authorized_cb (Daemon *daemon, + + g_free (groups); + +- argv[0] = "/usr/sbin/usermod"; ++ argv[0] = "@shadow@/bin/usermod"; + argv[1] = "-G"; + argv[2] = str->str; + argv[3] = "--"; +@@ -1794,7 +1794,7 @@ user_change_password_mode_authorized_cb (Daemon *daemon, + if (mode == PASSWORD_MODE_SET_AT_LOGIN || + mode == PASSWORD_MODE_NONE) { + +- argv[0] = "/usr/bin/passwd"; ++ argv[0] = "/run/wrappers/bin/passwd"; + argv[1] = "-d"; + argv[2] = "--"; + argv[3] = accounts_user_get_user_name (ACCOUNTS_USER (user)); +@@ -1806,7 +1806,7 @@ user_change_password_mode_authorized_cb (Daemon *daemon, + } + + if (mode == PASSWORD_MODE_SET_AT_LOGIN) { +- argv[0] = "/usr/bin/chage"; ++ argv[0] = "@shadow@/bin/chage"; + argv[1] = "-d"; + argv[2] = "0"; + argv[3] = "--"; +@@ -1827,7 +1827,7 @@ user_change_password_mode_authorized_cb (Daemon *daemon, + accounts_user_set_locked (ACCOUNTS_USER (user), FALSE); + } + else if (accounts_user_get_locked (ACCOUNTS_USER (user))) { +- argv[0] = "/usr/sbin/usermod"; ++ argv[0] = "@shadow@/bin/usermod"; + argv[1] = "-U"; + argv[2] = "--"; + argv[3] = accounts_user_get_user_name (ACCOUNTS_USER (user)); +@@ -1905,7 +1905,7 @@ user_change_password_authorized_cb (Daemon *daemon, + + g_object_freeze_notify (G_OBJECT (user)); + +- argv[0] = "/usr/sbin/usermod"; ++ argv[0] = "@shadow@/bin/usermod"; + argv[1] = "-p"; + argv[2] = strings[0]; + argv[3] = "--"; diff --git a/nixpkgs/pkgs/development/libraries/accountsservice/no-create-dirs.patch b/nixpkgs/pkgs/development/libraries/accountsservice/no-create-dirs.patch new file mode 100644 index 000000000000..0333f925d267 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/accountsservice/no-create-dirs.patch @@ -0,0 +1,15 @@ +diff --git a/meson_post_install.py b/meson_post_install.py +index 5cc2dc4..dd27ad5 100644 +--- a/meson_post_install.py ++++ b/meson_post_install.py +@@ -9,8 +9,8 @@ localstatedir = os.path.normpath(destdir + os.sep + sys.argv[1]) + # FIXME: meson will not track the creation of these directories + # https://github.com/mesonbuild/meson/blob/master/mesonbuild/scripts/uninstall.py#L39 + dst_dirs = [ +- (os.path.join(localstatedir, 'lib', 'AccountsService', 'icons'), 0o775), +- (os.path.join(localstatedir, 'lib', 'AccountsService', 'users'), 0o700), ++# (os.path.join(localstatedir, 'lib', 'AccountsService', 'icons'), 0o775), ++# (os.path.join(localstatedir, 'lib', 'AccountsService', 'users'), 0o700), + ] + + for (dst_dir, dst_dir_mode) in dst_dirs: |