Fixing a bunch of issues

nixos/modules/services/mail/mail.nix

@@ -26,7 +26,7 @@ with lib;
 
   config = mkIf (config.services.mail.sendmailSetuidWrapper != null) {
 
-    security.wrappers.setuid = [ config.services.mail.sendmailSetuidWrapper ];
+    security.wrappers.sendmail = config.services.mail.sendmailSetuidWrapper;
 
   };
 

nixos/modules/services/networking/gale.nix

@@ -141,7 +141,7 @@ in
          setgid = false;
        };
 
-       security.wrappers.setuid = [ cfg.setuidWrapper ];
+       security.wrappers.gksign = cfg.setuidWrapper;
 
        systemd.services.gale-galed = {
          description = "Gale messaging daemon";

nixos/modules/services/scheduling/atd.nix

@@ -42,9 +42,7 @@ in
 
   config = mkIf cfg.enable {
 
-    security.wrappers.setuid = map (program: {
+    security.wrappers.setuid = map (program: "${program}" = {
-      inherit program;
-
       source = "${pkgs.atd}/bin/${program}";
       owner = "atd";
       group = "atd";

nixos/modules/services/scheduling/cron.nix

@@ -61,7 +61,7 @@ in
           A list of Cron jobs to be appended to the system-wide
           crontab.  See the manual page for crontab for the expected
           format. If you want to get the results mailed you must setuid
-          sendmail. See <option>security.wrappers.setuid</option>
+          sendmail. See <option>security.wrappers</option>
 
           If neither /var/cron/cron.deny nor /var/cron/cron.allow exist only root
           will is allowed to have its own crontab file. The /var/cron/cron.deny file

nixos/modules/services/system/dbus.nix

@@ -114,15 +114,14 @@ in
 
     systemd.packages = [ pkgs.dbus.daemon ];
 
-    security.wrappers.setuid = singleton
+    security.wrappers.dbus-daemon-launch-helper = {
-      { program = "dbus-daemon-launch-helper";
+      source = "${pkgs.dbus.daemon}/libexec/dbus-daemon-launch-helper";
-        source = "${pkgs.dbus.daemon}/libexec/dbus-daemon-launch-helper";
+      owner = "root";
-        owner = "root";
+      group = "messagebus";
-        group = "messagebus";
+      setuid = true;
-        setuid = true;
+      setgid = false;
-        setgid = false;
+      permissions = "u+rx,g+rx,o-rx";
-        permissions = "u+rx,g+rx,o-rx";
+    };
-      };
 
     services.dbus.packages = [
       pkgs.dbus.out

nixos/modules/services/x11/desktop-managers/kde4.nix

@@ -131,13 +131,7 @@ in
           '';
       };
 
-    security.wrappers.setuid = singleton
+    security.wrappers.kcheckpass.source = "${kde_workspace}/lib/kde4/libexec/kcheckpass";
-      { program = "kcheckpass";
-        source = "${kde_workspace}/lib/kde4/libexec/kcheckpass";
-        owner = "root";
-        group = "root";
-        setuid = true;
-      };
 
     environment.systemPackages =
         [ pkgs.kde4.kdelibs

nixos/modules/services/x11/desktop-managers/kde5.nix

@@ -68,20 +68,10 @@ in
         '';
       };
 
-      security.wrappers.setuid = [
+      security.wrappers = {
-        {
+        kcheckpass.source = "${kde5.plasma-workspace.out}/lib/libexec/kcheckpass";
-          program = "kcheckpass";
+        "start_kdeinit".source = "${kde5.kinit.out}/lib/libexec/kf5/start_kdeinit";
-          source = "${kde5.plasma-workspace.out}/lib/libexec/kcheckpass";
+      };
-          owner = "root";
-          setuid = true;
-        }
-        {
-          program = "start_kdeinit";
-          source = "${kde5.kinit.out}/lib/libexec/kf5/start_kdeinit";
-          owner = "root";
-          setuid = true;
-        }
-      ];
 
       environment.systemPackages =
         [

nixos/modules/virtualisation/virtualbox-host.nix

@@ -68,9 +68,8 @@ in
     boot.extraModulePackages = [ kernelModules ];
     environment.systemPackages = [ virtualbox ];
 
-    security.wrappers.setuid = let
+    security.wrappers = let
-      mkSuid = program: {
+      mkSuid = program: "${program}" = {
-        inherit program;
         source = "${virtualbox}/libexec/virtualbox/${program}";
         owner = "root";
         group = "vboxusers";