Message ID | 20210612212442.13395-1-brice@waegenei.re |
---|---|
State | Accepted |
Headers | show |
Series | [bug#48986] gnu: opendoas: Fix restricted path "safepath". | expand |
Context | Check | Description |
---|---|---|
cbaines/comparison | success | View comparision |
cbaines/git branch | success | View Git branch |
cbaines/applying patch | success | View Laminar job |
cbaines/issue | success | View issue |
Hi Brice, Brice Waegeneire <brice@waegenei.re> skribis: > OpenDoas look for binaries in safepath when a rule specify a relative > command, such as “permit keepenv :wheel cmd guix”. > > * gnu/packages/admin.scm (opendoas)[phases]: Rename 'fix-install' phase > to 'pre-configure', run it before 'configure' and add a substitution for > safepath. You could maybe move the comment above to admin.scm, right above (substitute* "doas.c" …). Otherwise LGTM, thanks! Ludo’.
Ludo’, Thank you for the review. Ludovic Courtès <ludo@gnu.org> writes: > Hi Brice, > > Brice Waegeneire <brice@waegenei.re> skribis: > >> OpenDoas look for binaries in safepath when a rule specify a relative >> command, such as “permit keepenv :wheel cmd guix”. >> >> * gnu/packages/admin.scm (opendoas)[phases]: Rename 'fix-install' phase >> to 'pre-configure', run it before 'configure' and add a substitution for >> safepath. > > You could maybe move the comment above to admin.scm, right above > (substitute* "doas.c" …). Done. > Otherwise LGTM, thanks! Pushed as eb939109b9c06a09e1534a403745bd362b653d95. Cheers, - Brice
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 12eb659039..80d12fc2a3 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -41,6 +41,7 @@ ;;; Copyright © 2021 Hyunseok Kim <lasnesne@lagunposprasihopre.org> ;;; Copyright © 2021 David Larsson <david.larsson@selfhosted.xyz> ;;; Copyright © 2021 WinterHound <winterhound@yandex.com> +;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re> ;;; ;;; This file is part of GNU Guix. ;;; @@ -1699,18 +1700,25 @@ commands and their arguments.") (arguments `(#:phases (modify-phases %standard-phases + (add-before 'configure 'pre-configure + (lambda* (#:key outputs #:allow-other-keys) + (substitute* "GNUmakefile" + (("^\tchown.*$") "")) + (substitute* "doas.c" + (("safepath =" match) + (string-append match " \"" + "/run/setuid-programs:" + "/run/current-system/profile/bin:" + "/run/current-system/profile/sbin:" + "\" "))) + #t)) (replace 'configure ;; The configure script doesn't accept most of the default flags. (lambda* (#:key configure-flags #:allow-other-keys) ;; The configure script can be told which compiler to use only ;; through environment variables. (setenv "CC" ,(cc-for-target)) - (apply invoke "./configure" configure-flags))) - (add-before 'install 'fix-makefile - (lambda* (#:key outputs #:allow-other-keys) - (substitute* "GNUmakefile" - (("^\tchown.*$") "")) - #t))) + (apply invoke "./configure" configure-flags)))) #:configure-flags (list (string-append "--prefix=" (assoc-ref %outputs "out")) "--with-timestamp")