See e.g. https://bugzilla.redhat.com/show_bug.cgi?id=894646 — without
this patch, wicd-curses throws an AttributeError on startup. The patch
is a cut-down version of the one added there by Pavel Zhukov.
This adds enhanced-ctorrent (ctorrent) which is a CLI-based bittorrent
client written in C++. It is very fast for those times when one wants to
simply add a torrent quick'n'dirty-style.
Writing the gid_map is already non-fatal, but the actual sandbox process
still tries to setresgid() to nogroup (usually 65534). This however
fails, because if user namespace sandboxing is present, the namespace
doesn't have CAP_SETGID at this point.
Fortunately, the effective GID is already 65534, so we just need to
check whether the target gid matches and only(!) setresgid() if it
doesn't.
So if someone would run a SUID version of the sandbox, it would still
work nonetheless without a negative impact on security.
Fixes#5730, thanks to @wizeman for reporting and initial debugging.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Required adding a flag to the generic builder to build Setup.hs with
core packages even if there is an override in buildInputs, to break
circular dependencies.
- Things didn't work very well before, as libs were only dlopened and
not found. Fixes#5716.
- Newer releases need autotools to build (and git), leading to some bloat.
- Also, more things are installed by default, increasing the output size.
The dependency on sqlite was propagated through to miro by libsoup, but
with f570f97, it's no longer propagated anymore so we need to pass it to
the miro derivation directly.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
The build script is a shell script which has a shebang using
/usr/bin/env, which isn't available in a chrooted Nix daemon.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
