From a5c0b6fc95104acbcfd9ff0f61e3b106102f2ad0 Mon Sep 17 00:00:00 2001
From: Markus Kowalewski <markus.kowalewski@gmail.com>
Date: Sat, 1 May 2021 00:09:50 +0200
Subject: [PATCH 1/2] slurm: 20.11.5.1 -> 20.11.6.1

---
 pkgs/servers/computing/slurm/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/computing/slurm/default.nix b/pkgs/servers/computing/slurm/default.nix
index 25181590ed1..721bbc4735f 100644
--- a/pkgs/servers/computing/slurm/default.nix
+++ b/pkgs/servers/computing/slurm/default.nix
@@ -9,7 +9,7 @@
 
 stdenv.mkDerivation rec {
   pname = "slurm";
-  version = "20.11.5.1";
+  version = "20.11.6.1";
 
   # N.B. We use github release tags instead of https://www.schedmd.com/downloads.php
   # because the latter does not keep older releases.
@@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
     repo = "slurm";
     # The release tags use - instead of .
     rev = "${pname}-${builtins.replaceStrings ["."] ["-"] version}";
-    sha256 = "1anzjv9sdl1a3j6sxsy2q8dy4dax1a4yqc9rnprlzymjkgb8hy75";
+    sha256 = "1c2dqqddw5bfb27smq7rqa7v1wymdj155ky50rbyvl36pmhc9djp";
   };
 
   outputs = [ "out" "dev" ];

From d07185f986c63fd062c6de0b59096365836a5679 Mon Sep 17 00:00:00 2001
From: Markus Kowalewski <markus.kowalewski@gmail.com>
Date: Sat, 1 May 2021 00:15:55 +0200
Subject: [PATCH 2/2] nixos/slurm: fix creation of slurmdbd config file

replace cp/chmod by install to avoid security issues.
See https://github.com/NixOS/nixpkgs/issues/121293
---
 nixos/modules/services/computing/slurm/slurm.nix | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/nixos/modules/services/computing/slurm/slurm.nix b/nixos/modules/services/computing/slurm/slurm.nix
index 0b52f8afed8..a3dee94e2dc 100644
--- a/nixos/modules/services/computing/slurm/slurm.nix
+++ b/nixos/modules/services/computing/slurm/slurm.nix
@@ -403,9 +403,7 @@ in
       requires = [ "munged.service" "mysql.service" ];
 
       preStart = ''
-        cp ${slurmdbdConf} ${configPath}
-        chmod 600 ${configPath}
-        chown ${cfg.user} ${configPath}
+        install -m 600 -o ${cfg.user} -T ${slurmdbdConf} ${configPath}
         ${optionalString (cfg.dbdserver.storagePassFile != null) ''
           echo "StoragePass=$(cat ${cfg.dbdserver.storagePassFile})" \
             >> ${configPath}