diff options
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/accountsservice')
6 files changed, 418 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/libraries/accountsservice/Disable-methods-that-change-files-in-etc.patch b/nixpkgs/pkgs/development/libraries/accountsservice/Disable-methods-that-change-files-in-etc.patch new file mode 100644 index 000000000000..23e1de95fdff --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/accountsservice/Disable-methods-that-change-files-in-etc.patch @@ -0,0 +1,127 @@ +From 6f172007452b39bfda5062fc29ea5382671ac16e Mon Sep 17 00:00:00 2001 +From: Alexander Ried <ried@mytum.de> +Date: Thu, 26 May 2016 19:54:21 +0200 +Subject: [PATCH] Disable methods that change files in /etc + +Only if environment variable NIXOS_USERS_PURE is set. +--- + src/daemon.c | 10 ++++++++++ + src/user.c | 35 +++++++++++++++++++++++++++++++++++ + 2 files changed, 45 insertions(+) + +diff --git a/src/daemon.c b/src/daemon.c +index 861430f..aefaf2d 100644 +--- a/src/daemon.c ++++ b/src/daemon.c +@@ -1378,6 +1378,11 @@ daemon_create_user (AccountsAccounts *accounts, + const gchar *real_name, + gint account_type) + { ++ if (getenv("NIXOS_USERS_PURE")) { ++ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); ++ return; ++ } ++ + Daemon *daemon = (Daemon *) accounts; + CreateUserData *data; + +@@ -1581,6 +1586,11 @@ daemon_delete_user (AccountsAccounts *accounts, + gint64 uid, + gboolean remove_files) + { ++ if (getenv("NIXOS_USERS_PURE")) { ++ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); ++ return; ++ } ++ + Daemon *daemon = (Daemon *) accounts; + DeleteUserData *data; + +diff --git a/src/user.c b/src/user.c +index 28170db..df947a1 100644 +--- a/src/user.c ++++ b/src/user.c +@@ -1216,6 +1216,11 @@ user_set_real_name (AccountsUser *auser, + GDBusMethodInvocation *context, + const gchar *real_name) + { ++ if (getenv("NIXOS_USERS_PURE")) { ++ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); ++ return; ++ } ++ + User *user = (User *) auser; + int uid; + const gchar *action_id; +@@ -1293,6 +1298,11 @@ user_set_user_name (AccountsUser *auser, + GDBusMethodInvocation *context, + const gchar *user_name) + { ++ if (getenv("NIXOS_USERS_PURE")) { ++ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); ++ return; ++ } ++ + User *user = (User *) auser; + + daemon_local_check_auth (user->daemon, +@@ -1945,6 +1955,11 @@ user_set_home_directory (AccountsUser *auser, + GDBusMethodInvocation *context, + const gchar *home_dir) + { ++ if (getenv("NIXOS_USERS_PURE")) { ++ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); ++ return; ++ } ++ + User *user = (User *) auser; + + daemon_local_check_auth (user->daemon, +@@ -2000,6 +2015,11 @@ user_set_shell (AccountsUser *auser, + GDBusMethodInvocation *context, + const gchar *shell) + { ++ if (getenv("NIXOS_USERS_PURE")) { ++ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); ++ return; ++ } ++ + User *user = (User *) auser; + + daemon_local_check_auth (user->daemon, +@@ -2249,6 +2269,11 @@ user_set_locked (AccountsUser *auser, + GDBusMethodInvocation *context, + gboolean locked) + { ++ if (getenv("NIXOS_USERS_PURE")) { ++ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); ++ return; ++ } ++ + User *user = (User *) auser; + + daemon_local_check_auth (user->daemon, +@@ -2457,6 +2482,11 @@ user_set_password_mode (AccountsUser *auser, + GDBusMethodInvocation *context, + gint mode) + { ++ if (getenv("NIXOS_USERS_PURE")) { ++ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); ++ return; ++ } ++ + User *user = (User *) auser; + const gchar *action_id; + gint uid; +@@ -2550,6 +2580,11 @@ user_set_password (AccountsUser *auser, + const gchar *password, + const gchar *hint) + { ++ if (getenv("NIXOS_USERS_PURE")) { ++ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); ++ return; ++ } ++ + User *user = (User *) auser; + gchar **data; + const gchar *action_id; diff --git a/nixpkgs/pkgs/development/libraries/accountsservice/default.nix b/nixpkgs/pkgs/development/libraries/accountsservice/default.nix new file mode 100644 index 000000000000..1a5f03f635bc --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/accountsservice/default.nix @@ -0,0 +1,95 @@ +{ lib +, stdenv +, fetchurl +, substituteAll +, pkg-config +, glib +, shadow +, gobject-introspection +, polkit +, systemd +, coreutils +, meson +, mesonEmulatorHook +, dbus +, ninja +, python3 +, vala +, gettext +, libxcrypt +}: + +stdenv.mkDerivation rec { + pname = "accountsservice"; + version = "23.13.9"; + + outputs = [ "out" "dev" ]; + + src = fetchurl { + url = "https://www.freedesktop.org/software/accountsservice/accountsservice-${version}.tar.xz"; + sha256 = "rdpM3q4k+gmS598///nv+nCQvjrCM6Pt/fadWpybkk8="; + }; + + patches = [ + # Hardcode dependency paths. + (substituteAll { + src = ./fix-paths.patch; + inherit shadow coreutils; + }) + + # Do not try to create directories in /var, that will not work in Nix sandbox. + ./no-create-dirs.patch + + # Disable mutating D-Bus methods with immutable /etc. + ./Disable-methods-that-change-files-in-etc.patch + + # Do not ignore third-party (e.g Pantheon) extensions not matching FHS path scheme. + # Fixes https://github.com/NixOS/nixpkgs/issues/72396 + ./drop-prefix-check-extensions.patch + + # Detect DM type from config file. + # `readlink display-manager.service` won't return any of the candidates. + ./get-dm-type-from-config.patch + ]; + + nativeBuildInputs = [ + gettext + gobject-introspection + meson + ninja + pkg-config + python3 + vala + ] ++ lib.optionals (!stdenv.buildPlatform.canExecute stdenv.hostPlatform) [ + # meson.build:88:2: ERROR: Can not run test applications in this cross environment. + mesonEmulatorHook + ]; + + buildInputs = [ + dbus + gettext + glib + polkit + systemd + libxcrypt + ]; + + mesonFlags = [ + "-Dadmin_group=wheel" + "-Dlocalstatedir=/var" + "-Dsystemdsystemunitdir=${placeholder "out"}/etc/systemd/system" + ]; + + postPatch = '' + chmod +x meson_post_install.py + patchShebangs meson_post_install.py + ''; + + meta = with lib; { + description = "D-Bus interface for user account query and manipulation"; + homepage = "https://www.freedesktop.org/wiki/Software/AccountsService"; + license = licenses.gpl3Plus; + maintainers = teams.freedesktop.members ++ (with maintainers; [ pSub ]); + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/development/libraries/accountsservice/drop-prefix-check-extensions.patch b/nixpkgs/pkgs/development/libraries/accountsservice/drop-prefix-check-extensions.patch new file mode 100644 index 000000000000..d4b7eac1cb31 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/accountsservice/drop-prefix-check-extensions.patch @@ -0,0 +1,21 @@ +diff --git a/src/extensions.c b/src/extensions.c +index 354f476..8d020a6 100644 +--- a/src/extensions.c ++++ b/src/extensions.c +@@ -122,15 +122,7 @@ daemon_read_extension_directory (GHashTable *ifaces, + continue; + } + +- /* Ensure it looks like "../../dbus-1/interfaces/${name}" */ +- const gchar * const prefix = "../../dbus-1/interfaces/"; +- if (g_str_has_prefix (symlink, prefix) && g_str_equal (symlink + strlen (prefix), name)) { +- daemon_read_extension_file (ifaces, filename); +- } else { +- g_warning ("Found accounts service vendor extension symlink %s, but it must be exactly " +- "equal to '../../dbus-1/interfaces/%s' for forwards-compatibility reasons.", +- filename, name); +- } ++ daemon_read_extension_file (ifaces, filename); + } + + g_dir_close (dir); diff --git a/nixpkgs/pkgs/development/libraries/accountsservice/fix-paths.patch b/nixpkgs/pkgs/development/libraries/accountsservice/fix-paths.patch new file mode 100644 index 000000000000..d4b48e882e53 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/accountsservice/fix-paths.patch @@ -0,0 +1,143 @@ +diff --git a/src/daemon.c b/src/daemon.c +index aa9d050..861430f 100644 +--- a/src/daemon.c ++++ b/src/daemon.c +@@ -1319,7 +1319,7 @@ daemon_create_user_authorized_cb (Daemon *daemon, + + sys_log (context, "create user '%s'", cd->user_name); + +- argv[0] = "/usr/sbin/useradd"; ++ argv[0] = "@shadow@/bin/useradd"; + argv[1] = "-m"; + argv[2] = "-c"; + argv[3] = cd->real_name; +@@ -1552,7 +1552,7 @@ daemon_delete_user_authorized_cb (Daemon *daemon, + } + free (resolved_homedir); + +- argv[0] = "/usr/sbin/userdel"; ++ argv[0] = "@shadow@/bin/userdel"; + if (ud->remove_files) { + argv[1] = "-f"; + argv[2] = "-r"; +diff --git a/src/user.c b/src/user.c +index 917d427..28170db 100644 +--- a/src/user.c ++++ b/src/user.c +@@ -1193,7 +1193,7 @@ user_change_real_name_authorized_cb (Daemon *daemon, + new_gecos = g_strdup (name); + } + +- argv[0] = "/usr/sbin/usermod"; ++ argv[0] = "@shadow@/bin/usermod"; + argv[1] = "-c"; + argv[2] = new_gecos; + argv[3] = "--"; +@@ -1267,7 +1267,7 @@ user_change_user_name_authorized_cb (Daemon *daemon, + accounts_user_get_uid (ACCOUNTS_USER (user)), + name); + +- argv[0] = "/usr/sbin/usermod"; ++ argv[0] = "@shadow@/bin/usermod"; + argv[1] = "-l"; + argv[2] = name; + argv[3] = "--"; +@@ -1718,7 +1718,7 @@ user_set_password_expiration_policy_authorized_cb (Daemon *daemon + accounts_user_get_uid (ACCOUNTS_USER (user))); + + g_object_freeze_notify (G_OBJECT (user)); +- argv[0] = "/usr/bin/chage"; ++ argv[0] = "@shadow@/bin/chage"; + argv[1] = "-m"; + argv[2] = pwd_expiration->min_days_between_changes; + argv[3] = "-M"; +@@ -1806,7 +1806,7 @@ user_set_user_expiration_policy_authorized_cb (Daemon *daemon, + } else { + expiration_time = g_strdup ("-1"); + } +- argv[0] = "/usr/bin/chage"; ++ argv[0] = "@shadow@/bin/chage"; + argv[1] = "-E"; + argv[2] = expiration_time; + argv[3] = accounts_user_get_user_name (ACCOUNTS_USER (user)); +@@ -1919,7 +1919,7 @@ user_change_home_dir_authorized_cb (Daemon *daemon, + accounts_user_get_uid (ACCOUNTS_USER (user)), + home_dir); + +- argv[0] = "/usr/sbin/usermod"; ++ argv[0] = "@shadow@/bin/usermod"; + argv[1] = "-m"; + argv[2] = "-d"; + argv[3] = home_dir; +@@ -1977,7 +1977,7 @@ user_change_shell_authorized_cb (Daemon *daemon, + accounts_user_get_uid (ACCOUNTS_USER (user)), + shell); + +- argv[0] = "/usr/sbin/usermod"; ++ argv[0] = "@shadow@/bin/usermod"; + argv[1] = "-s"; + argv[2] = shell; + argv[3] = "--"; +@@ -2120,7 +2120,7 @@ user_change_icon_file_authorized_cb (Daemon *daemon, + return; + } + +- argv[0] = "/bin/cat"; ++ argv[0] = "@coreutils@/bin/cat"; + argv[1] = filename; + argv[2] = NULL; + +@@ -2201,7 +2201,7 @@ user_change_locked_authorized_cb (Daemon *daemon, + locked ? "locking" : "unlocking", + accounts_user_get_user_name (ACCOUNTS_USER (user)), + accounts_user_get_uid (ACCOUNTS_USER (user))); +- argv[0] = "/usr/sbin/usermod"; ++ argv[0] = "@shadow@/bin/usermod"; + argv[1] = locked ? "-L" : "-U"; + argv[2] = "--"; + argv[3] = accounts_user_get_user_name (ACCOUNTS_USER (user)); +@@ -2328,7 +2328,7 @@ user_change_account_type_authorized_cb (Daemon *daemon, + + g_free (groups); + +- argv[0] = "/usr/sbin/usermod"; ++ argv[0] = "@shadow@/bin/usermod"; + argv[1] = "-G"; + argv[2] = str->str; + argv[3] = "--"; +@@ -2396,7 +2396,7 @@ user_change_password_mode_authorized_cb (Daemon *daemon, + + if (mode == PASSWORD_MODE_SET_AT_LOGIN || + mode == PASSWORD_MODE_NONE) { +- argv[0] = "/usr/bin/passwd"; ++ argv[0] = "/run/wrappers/bin/passwd"; + argv[1] = "-d"; + argv[2] = "--"; + argv[3] = accounts_user_get_user_name (ACCOUNTS_USER (user)); +@@ -2408,7 +2408,7 @@ user_change_password_mode_authorized_cb (Daemon *daemon, + } + + if (mode == PASSWORD_MODE_SET_AT_LOGIN) { +- argv[0] = "/usr/bin/chage"; ++ argv[0] = "@shadow@/bin/chage"; + argv[1] = "-d"; + argv[2] = "0"; + argv[3] = "--"; +@@ -2428,7 +2428,7 @@ user_change_password_mode_authorized_cb (Daemon *daemon, + */ + accounts_user_set_locked (ACCOUNTS_USER (user), FALSE); + } else if (accounts_user_get_locked (ACCOUNTS_USER (user))) { +- argv[0] = "/usr/sbin/usermod"; ++ argv[0] = "@shadow@/bin/usermod"; + argv[1] = "-U"; + argv[2] = "--"; + argv[3] = accounts_user_get_user_name (ACCOUNTS_USER (user)); +@@ -2505,7 +2505,7 @@ user_change_password_authorized_cb (Daemon *daemon, + + g_autoptr (GError) error = NULL; + g_autoptr (GSubprocess) process = NULL; +- const char *argv[] = { "/usr/sbin/chpasswd", "-e", NULL }; ++ const char *argv[] = { "@shadow@/bin/chpasswd", "-e", NULL }; + + sys_log (context, + "set password and hint of user '%s' (%" G_GUINT64_FORMAT ")", diff --git a/nixpkgs/pkgs/development/libraries/accountsservice/get-dm-type-from-config.patch b/nixpkgs/pkgs/development/libraries/accountsservice/get-dm-type-from-config.patch new file mode 100644 index 000000000000..3d4398ab303a --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/accountsservice/get-dm-type-from-config.patch @@ -0,0 +1,15 @@ +diff --git a/src/daemon.c b/src/daemon.c +index aefaf2d..7c004d0 100644 +--- a/src/daemon.c ++++ b/src/daemon.c +@@ -193,9 +193,9 @@ get_current_system_dm_type (void) + basename = g_file_get_basename (file); + g_object_unref (file); + +- if (g_strcmp0 (basename, "lightdm.service") == 0) ++ if (g_file_test (PATH_LIGHTDM_CONF, G_FILE_TEST_EXISTS)) + return DISPLAY_MANAGER_TYPE_LIGHTDM; +- else if (g_strcmp0 (basename, "gdm.service") == 0) ++ else if (g_file_test (PATH_GDM_CUSTOM, G_FILE_TEST_EXISTS)) + return DISPLAY_MANAGER_TYPE_GDM; + } diff --git a/nixpkgs/pkgs/development/libraries/accountsservice/no-create-dirs.patch b/nixpkgs/pkgs/development/libraries/accountsservice/no-create-dirs.patch new file mode 100644 index 000000000000..9fbba4599c9f --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/accountsservice/no-create-dirs.patch @@ -0,0 +1,17 @@ +diff --git a/meson_post_install.py b/meson_post_install.py +index d8c3dd1..620f714 100644 +--- a/meson_post_install.py ++++ b/meson_post_install.py +@@ -9,9 +9,9 @@ + # FIXME: meson will not track the creation of these directories + # https://github.com/mesonbuild/meson/blob/master/mesonbuild/scripts/uninstall.py#L39 + dst_dirs = [ +- (os.path.join(localstatedir, 'lib'), 0o755), +- (os.path.join(localstatedir, 'lib', 'AccountsService', 'icons'), 0o775), +- (os.path.join(localstatedir, 'lib', 'AccountsService', 'users'), 0o700), ++ # (os.path.join(localstatedir, 'lib'), 0o755), ++ # (os.path.join(localstatedir, 'lib', 'AccountsService', 'icons'), 0o775), ++ # (os.path.join(localstatedir, 'lib', 'AccountsService', 'users'), 0o700), + ] + + for (dst_dir, dst_dir_mode) in dst_dirs: |