From 70b8167d4ac3572a2f364bba18432ea15df92971 Mon Sep 17 00:00:00 2001 From: Parnell Springmeyer Date: Sun, 29 Jan 2017 05:05:30 -0600 Subject: [PATCH] A few more tweaks --- nixos/modules/security/wrappers/default.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix index 8837ac35a53..8e20d773125 100644 --- a/nixos/modules/security/wrappers/default.nix +++ b/nixos/modules/security/wrappers/default.nix @@ -11,7 +11,7 @@ let wrappers); mkWrapper = { program, source ? null, ...}: '' - if ! source=${if source != null then source else "$(readlink -f $(PATH=$WRAPPER_PATH type -tP ${program}))"}; then + if ! source=${if source != null || source != "" then source else "$(readlink -f $(PATH=$WRAPPER_PATH type -tP ${program}))"}; then # If we can't find the program, fall back to the # system profile. source=/nix/var/nix/profiles/default/bin/${program} @@ -183,13 +183,16 @@ in # programs to be wrapped. WRAPPER_PATH=${config.system.path}/bin:${config.system.path}/sbin + # Remove the old /var/setuid-wrappers path from the system... if [ -d ${config.security.old-wrapperDir} ]; then rm -rf ${config.security.old-wrapperDir} fi + # Get the "/run/wrappers" path, we want to place the tmpdirs + # for the wrappers there parentWrapperDir="$(dirname ${wrapperDir})" - mkdir -p ${wrapperDir} + mkdir -p "$parentWrapperDir" wrapperDir=$(mktemp --directory --tmpdir="$parentWrapperDir" wrappers.XXXXXXXXXX) chmod a+rx $wrapperDir @@ -198,7 +201,7 @@ in if [ -L ${wrapperDir} ]; then # Atomically replace the symlink # See https://axialcorps.com/2013/07/03/atomically-replacing-files-and-directories/ - old=$(readlink ${wrapperDir}) + old=$(readlink -f ${wrapperDir}) ln --symbolic --force --no-dereference $wrapperDir ${wrapperDir}-tmp mv --no-target-directory ${wrapperDir}-tmp ${wrapperDir} rm --force --recursive $old