nixosTests.cryptpad started failing recently.
Investigating the issue shows that seccomp has become problematic during
the init phase, (e.g. this can be reproduced by removing the customize
directory in /var/lib/cryptpad):
machine # [ 10.774365] systemd-coredump[864]: Process 756 (node) of user 65513 dumped core.
machine #
machine # Module libgcc_s.so.1 without build-id.
machine # Module libstdc++.so.6 without build-id.
machine # Module libicudata.so.74 without build-id.
machine # Module libicuuc.so.74 without build-id.
machine # Module libicui18n.so.74 without build-id.
machine # Module libz.so.1 without build-id.
machine # Module node without build-id.
machine # Stack trace of thread 756:
machine # #0 0x00007ff951974dcb fchown (libc.so.6 + 0x107dcb)
machine # #1 0x00007ff95490d0c0 uv__fs_copyfile (libuv.so.1 + 0x150c0)
machine # #2 0x00007ff95490d89a uv__fs_work (libuv.so.1 + 0x1589a)
machine # #3 0x00007ff954910c76 uv_fs_copyfile (libuv.so.1 + 0x18c76)
machine # #4 0x0000000000eb8a39 _ZN4node2fsL8CopyFileERKN2v820FunctionCallbackInfoINS1_5ValueEEE (node + 0xab8a39)
machine # #5 0x0000000001cda5e2 Builtins_CallApiCallbackGeneric (node + 0x18da5e2)
[...]
machine # [ 10.877468] cryptpad[685]: /nix/store/h4yhhxpfm03c5rgz91q7jrvknh596ly2-cryptpad-2024.12.0/bin/cryptpad: line 3: 756 Bad system call (core dumped) "/nix/store/fkyp1bm5gll9adnfcj92snyym524mdrj-nodejs-22.11.0/bin/node" "/nix/store/h4yhhxpfm03c5rgz91q7jrvknh596ly2-cryptpad-2024.12.0/lib/node_modules/cryptpad/scripts/build.js"
nodejs 20.18 rightly did not require chown when the source and
destination are the same owner (heck, the script does not run as
root so even if it is not blocked there is no way it'd work with a
different owner...)
For now just allow chown calls again, this is not worth wasting more
time.
Fixes https://github.com/NixOS/nixpkgs/issues/370717
passthru.function is not existent, instead use overrideAttrs which has
almost the intended functionality. It triggers a rebuild, which
_should_ be fine for this package.
Fixes the following warning when setting
`systemd.enableStrictShellChecks = true`:
> In /nix/store/lbzbwz5w0r7rn1m2h3cwa57nfs0xy6dd-unit-script-tzupdate-start/bin/tzupdate-start line 6:
> timedatectl set-timezone $(/nix/store/q9bahab38yvn2lr3r3sdkvlnkg1rkzng-tzupdate-3.1.0/bin/tzupdate --print-only)
> ^-- SC2046 (warning): Quote this to prevent word splitting.
Fixes the following warning when setting
`systemd.enableStrictShellChecks = true`:
> In /nix/store/a3mk99mgl10a4k3maxx361hdli5p2rip-unit-script-ensure-printers-start/bin/ensure-printers-start line 6:
> /nix/store/26fb46gwc5sbd045nj3dxw4zqpml359i-cups-2.4.11/bin/lpadmin -D 'virtual printer for cups-pdf instance pdf' -L '/var/spool/cups-pdf-pdf/users/${USER}' -m CUPS-PDF_opt.ppd -p pdf -v cups-pdf:/pdf -E
> ^-- SC2016 (info): Expressions don't expand in single quotes, use double quotes for that.
Fixes the following warning when setting
`systemd.enableStrictShellChecks = true`:
> SC2174 (warning): When used with -p, -m only applies to the deepest
> directory.
Since it could conceivably be possible for `/var` to not exist when
running this script, the fix also explicitly tries to create /var with
the normal 0755 permissions.
Frigate wants to connect on 127.0.0.1:5000 for unauthenticated requests
by checking the request port. This adress is hardcoded in the source.
See https://github.com/NixOS/nixpkgs/issues/370349 for more details
