From 886e62f5b0651faf8de724c9514271f498a6af1e Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Mon, 1 Jul 2019 01:33:07 -0400 Subject: [PATCH] accountsservice: cleanup * set admin_group to wheel * use a fix-paths.patch * patch to create StateDirectory Comes from upstream and should eliminate us creating the directories with a wrapper script. --- .../libraries/accountsservice/default.nix | 47 ++++--- .../libraries/accountsservice/fix-paths.patch | 125 ++++++++++++++++++ 2 files changed, 150 insertions(+), 22 deletions(-) create mode 100644 pkgs/development/libraries/accountsservice/fix-paths.patch diff --git a/pkgs/development/libraries/accountsservice/default.nix b/pkgs/development/libraries/accountsservice/default.nix index 01f11ad3b2b0..8713663ecca7 100644 --- a/pkgs/development/libraries/accountsservice/default.nix +++ b/pkgs/development/libraries/accountsservice/default.nix @@ -1,9 +1,9 @@ { stdenv , fetchurl +, fetchpatch +, substituteAll , pkgconfig , glib -, intltool -, makeWrapper , shadow , gobject-introspection , polkit @@ -13,19 +13,24 @@ , dbus , ninja , python3 +, gettext }: stdenv.mkDerivation rec { pname = "accountsservice"; version = "0.6.55"; + outputs = [ "out" "dev" ]; + src = fetchurl { url = "https://www.freedesktop.org/software/${pname}/${pname}-${version}.tar.xz"; sha256 = "16wwd633jak9ajyr1f1h047rmd09fhf3kzjz6g5xjsz0lwcj8azz"; }; nativeBuildInputs = [ - makeWrapper + dbus + gettext + gobject-introspection meson ninja pkgconfig @@ -33,42 +38,40 @@ stdenv.mkDerivation rec { ]; buildInputs = [ - dbus glib - gobject-introspection - intltool polkit - systemd ]; mesonFlags = [ - "-Dsystemdsystemunitdir=etc/systemd/system" + "-Dadmin_group=wheel" "-Dlocalstatedir=/var" + "-Dsystemdsystemunitdir=${placeholder ''out''}/etc/systemd/system" ]; - prePatch = '' + postPatch = '' chmod +x meson_post_install.py patchShebangs meson_post_install.py - - substituteInPlace src/daemon.c --replace '"/usr/sbin/useradd"' '"${shadow}/bin/useradd"' \ - --replace '"/usr/sbin/userdel"' '"${shadow}/bin/userdel"' - substituteInPlace src/user.c --replace '"/usr/sbin/usermod"' '"${shadow}/bin/usermod"' \ - --replace '"/usr/bin/chage"' '"${shadow}/bin/chage"' \ - --replace '"/usr/bin/passwd"' '"${shadow}/bin/passwd"' \ - --replace '"/bin/cat"' '"${coreutils}/bin/cat"' ''; patches = [ + (substituteAll { + src = ./fix-paths.patch; + inherit shadow coreutils; + }) ./no-create-dirs.patch ./Disable-methods-that-change-files-in-etc.patch + # Systemd unit improvements. Notably using StateDirectory eliminating the + # need of an ad-hoc script. + (fetchpatch { + url = "https://gitlab.freedesktop.org/accountsservice/accountsservice/commit/152b845bbd3ca2a64516691493a160825f1a2046.patch"; + sha256 = "114wrf5mwj5bgc5v1g05md4ridcnwdrwppr3bjz96sknwh5hk8s5"; + }) + (fetchpatch { + url = "https://gitlab.freedesktop.org/accountsservice/accountsservice/commit/0e712e935abd26499ff5995ab363e5bfd9ee7c4c.patch"; + sha256 = "1y60a5fmgfqjzprwpizilrazqn3mggdlgc5sgcpsprsp62fv78rl"; + }) ]; - preFixup = '' - wrapProgram "$out/libexec/accounts-daemon" \ - --run "${coreutils}/bin/mkdir -p /var/lib/AccountsService/users" \ - --run "${coreutils}/bin/mkdir -p /var/lib/AccountsService/icons" - ''; - meta = with stdenv.lib; { description = "D-Bus interface for user account query and manipulation"; homepage = https://www.freedesktop.org/wiki/Software/AccountsService; diff --git a/pkgs/development/libraries/accountsservice/fix-paths.patch b/pkgs/development/libraries/accountsservice/fix-paths.patch new file mode 100644 index 000000000000..0bf6ee3d91a5 --- /dev/null +++ b/pkgs/development/libraries/accountsservice/fix-paths.patch @@ -0,0 +1,125 @@ +diff --git a/src/daemon.c b/src/daemon.c +index c52bda3..75d214e 100644 +--- a/src/daemon.c ++++ b/src/daemon.c +@@ -1106,7 +1106,7 @@ daemon_create_user_authorized_cb (Daemon *daemon, + + sys_log (context, "create user '%s'", cd->user_name); + +- argv[0] = "/usr/sbin/useradd"; ++ argv[0] = "@shadow@/bin/useradd"; + argv[1] = "-m"; + argv[2] = "-c"; + argv[3] = cd->real_name; +@@ -1318,7 +1318,7 @@ daemon_delete_user_authorized_cb (Daemon *daemon, + + user_set_saved (user, FALSE); + +- argv[0] = "/usr/sbin/userdel"; ++ argv[0] = "@shadow@/bin/userdel"; + if (ud->remove_files) { + argv[1] = "-f"; + argv[2] = "-r"; +diff --git a/src/user.c b/src/user.c +index 9f57af5..e65289d 100644 +--- a/src/user.c ++++ b/src/user.c +@@ -844,7 +844,7 @@ user_change_real_name_authorized_cb (Daemon *daemon, + accounts_user_get_uid (ACCOUNTS_USER (user)), + name); + +- argv[0] = "/usr/sbin/usermod"; ++ argv[0] = "@shadown@/bin/usermod"; + argv[1] = "-c"; + argv[2] = name; + argv[3] = "--"; +@@ -913,7 +913,7 @@ user_change_user_name_authorized_cb (Daemon *daemon, + accounts_user_get_uid (ACCOUNTS_USER (user)), + name); + +- argv[0] = "/usr/sbin/usermod"; ++ argv[0] = "@shadow@/bin/usermod"; + argv[1] = "-l"; + argv[2] = name; + argv[3] = "--"; +@@ -1321,7 +1321,7 @@ user_change_home_dir_authorized_cb (Daemon *daemon, + accounts_user_get_uid (ACCOUNTS_USER (user)), + home_dir); + +- argv[0] = "/usr/sbin/usermod"; ++ argv[0] = "@shadow@/bin/usermod"; + argv[1] = "-m"; + argv[2] = "-d"; + argv[3] = home_dir; +@@ -1378,7 +1378,7 @@ user_change_shell_authorized_cb (Daemon *daemon, + accounts_user_get_uid (ACCOUNTS_USER (user)), + shell); + +- argv[0] = "/usr/sbin/usermod"; ++ argv[0] = "@shadow@/bin/usermod"; + argv[1] = "-s"; + argv[2] = shell; + argv[3] = "--"; +@@ -1520,7 +1520,7 @@ user_change_icon_file_authorized_cb (Daemon *daemon, + return; + } + +- argv[0] = "/bin/cat"; ++ argv[0] = "@coreutils@/bin/cat"; + argv[1] = filename; + argv[2] = NULL; + +@@ -1601,7 +1601,7 @@ user_change_locked_authorized_cb (Daemon *daemon, + locked ? "locking" : "unlocking", + accounts_user_get_user_name (ACCOUNTS_USER (user)), + accounts_user_get_uid (ACCOUNTS_USER (user))); +- argv[0] = "/usr/sbin/usermod"; ++ argv[0] = "@shadow@/bin/usermod"; + argv[1] = locked ? "-L" : "-U"; + argv[2] = "--"; + argv[3] = accounts_user_get_user_name (ACCOUNTS_USER (user)); +@@ -1726,7 +1726,7 @@ user_change_account_type_authorized_cb (Daemon *daemon, + + g_free (groups); + +- argv[0] = "/usr/sbin/usermod"; ++ argv[0] = "@shadow@/bin/usermod"; + argv[1] = "-G"; + argv[2] = str->str; + argv[3] = "--"; +@@ -1794,7 +1794,7 @@ user_change_password_mode_authorized_cb (Daemon *daemon, + if (mode == PASSWORD_MODE_SET_AT_LOGIN || + mode == PASSWORD_MODE_NONE) { + +- argv[0] = "/usr/bin/passwd"; ++ argv[0] = "/run/wrappers/bin/passwd"; + argv[1] = "-d"; + argv[2] = "--"; + argv[3] = accounts_user_get_user_name (ACCOUNTS_USER (user)); +@@ -1806,7 +1806,7 @@ user_change_password_mode_authorized_cb (Daemon *daemon, + } + + if (mode == PASSWORD_MODE_SET_AT_LOGIN) { +- argv[0] = "/usr/bin/chage"; ++ argv[0] = "@shadow@/bin/chage"; + argv[1] = "-d"; + argv[2] = "0"; + argv[3] = "--"; +@@ -1827,7 +1827,7 @@ user_change_password_mode_authorized_cb (Daemon *daemon, + accounts_user_set_locked (ACCOUNTS_USER (user), FALSE); + } + else if (accounts_user_get_locked (ACCOUNTS_USER (user))) { +- argv[0] = "/usr/sbin/usermod"; ++ argv[0] = "@shadow@/bin/usermod"; + argv[1] = "-U"; + argv[2] = "--"; + argv[3] = accounts_user_get_user_name (ACCOUNTS_USER (user)); +@@ -1905,7 +1905,7 @@ user_change_password_authorized_cb (Daemon *daemon, + + g_object_freeze_notify (G_OBJECT (user)); + +- argv[0] = "/usr/sbin/usermod"; ++ argv[0] = "@shadow@/bin/usermod"; + argv[1] = "-p"; + argv[2] = strings[0]; + argv[3] = "--";