mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-07-13 21:50:33 +03:00
Enable polkit-1
Now both polkit-1 and old policykit are enabled. Packages that can use both will be migrated to new polkit-1, than old one can be disabled. svn path=/nixos/trunk/; revision=21776
This commit is contained in:
Yury G. Kudryashov
parent
680818c2cc
commit
03caab4572
2 changed files with 46 additions and 6 deletions
|
|
@ -38,7 +38,7 @@
|
||||||
./security/pam.nix
|
./security/pam.nix
|
||||||
./security/pam_usb.nix
|
./security/pam_usb.nix
|
||||||
./security/policykit.nix
|
./security/policykit.nix
|
||||||
#./security/polkit.nix # Currently disabled; using the old policykit.
|
./security/polkit.nix
|
||||||
./security/setuid-wrappers.nix
|
./security/setuid-wrappers.nix
|
||||||
./security/sudo.nix
|
./security/sudo.nix
|
||||||
./services/audio/alsa.nix
|
./services/audio/alsa.nix
|
||||||
|
|
|
||||||
|
|
@ -2,23 +2,63 @@
|
||||||
|
|
||||||
with pkgs.lib;
|
with pkgs.lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
pkWrapper = pkgs.stdenv.mkDerivation {
|
||||||
|
name = "polkit-wrapper";
|
||||||
|
helper = "polkit-agent-helper-1";
|
||||||
|
buildInputs = [ pkgs.xorg.lndir ];
|
||||||
|
|
||||||
|
builder = pkgs.writeScript "pkwrap-builder" ''
|
||||||
|
source $stdenv/setup
|
||||||
|
|
||||||
|
mkdir -p $out
|
||||||
|
lndir ${pkgs.polkit} $out
|
||||||
|
new=$out/libexec/$helper
|
||||||
|
|
||||||
|
mv $new $out/libexec/.$helper.orig
|
||||||
|
echo "exec ${config.security.wrapperDir}/$helper \"\$@\"" > $new
|
||||||
|
chmod +x $new
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
|
|
||||||
environment.systemPackages = [ pkgs.polkit ];
|
environment = {
|
||||||
|
systemPackages = [ pkWrapper ];
|
||||||
|
pathsToLink = [ "/share/polkit-1" "/etc/polkit-1" ];
|
||||||
|
etc = [
|
||||||
|
{
|
||||||
|
source = "${config.system.path}/etc/polkit-1";
|
||||||
|
target = "polkit-1";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
services.dbus.packages = [ pkgs.polkit ];
|
services.dbus.packages = [ pkWrapper ];
|
||||||
|
|
||||||
security.pam.services = [ { name = "polkit-1"; } ];
|
security = {
|
||||||
|
pam.services = [ { name = "polkit-1"; } ];
|
||||||
|
setuidPrograms = [ "pkexec" ];
|
||||||
|
|
||||||
security.setuidPrograms = [ "pkexec" ];
|
setuidOwners = [
|
||||||
|
{
|
||||||
|
program = pkWrapper.helper;
|
||||||
|
owner = "root";
|
||||||
|
group = "root";
|
||||||
|
setuid = true;
|
||||||
|
source = pkWrapper + "/libexec/." + pkWrapper.helper + ".orig";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
system.activationScripts.policyKit = pkgs.stringsWithDeps.noDepEntry
|
system.activationScripts.policyKit = pkgs.stringsWithDeps.noDepEntry
|
||||||
''
|
''
|
||||||
mkdir -p /var/lib/polkit-1
|
mkdir -p /var/lib/polkit-1
|
||||||
|
chmod 700 /var/lib/polkit-1
|
||||||
'';
|
'';
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue