diff options
| author | Brice Waegeneire <brice@waegenei.re> | 2021-06-12 15:02:12 +0200 |
|---|---|---|
| committer | Brice Waegeneire <brice@waegenei.re> | 2021-06-19 23:46:05 +0200 |
| commit | eb939109b9c06a09e1534a403745bd362b653d95 (patch) | |
| tree | 02bd36ec2fa66112b7100db04b6083872352b230 | |
| parent | cae5f6e54bea5a43762985f3b37818079aee326b (diff) | |
gnu: opendoas: Fix restricted path "safepath".
* gnu/packages/admin.scm (opendoas)[phases]: Rename 'fix-install' phase
to 'pre-configure', run it before 'configure' and add a substitution for
safepath.
| -rw-r--r-- | gnu/packages/admin.scm | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index f97be3c735..ea5cd91e38 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -41,6 +41,7 @@ ;;; Copyright © 2021 Hyunseok Kim <lasnesne@lagunposprasihopre.org> ;;; Copyright © 2021 David Larsson <david.larsson@selfhosted.xyz> ;;; Copyright © 2021 WinterHound <winterhound@yandex.com> +;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re> ;;; ;;; This file is part of GNU Guix. ;;; @@ -1700,18 +1701,27 @@ commands and their arguments.") (arguments `(#:phases (modify-phases %standard-phases + (add-before 'configure 'pre-configure + (lambda* (#:key outputs #:allow-other-keys) + (substitute* "GNUmakefile" + (("^\tchown.*$") "")) + ;; OpenDoas look for binaries in safepath when a rule specify a + ;; relative command, such as “permit keepenv :wheel cmd guix”. + (substitute* "doas.c" + (("safepath =" match) + (string-append match " \"" + "/run/setuid-programs:" + "/run/current-system/profile/bin:" + "/run/current-system/profile/sbin:" + "\" "))) + #t)) (replace 'configure ;; The configure script doesn't accept most of the default flags. (lambda* (#:key configure-flags #:allow-other-keys) ;; The configure script can be told which compiler to use only ;; through environment variables. (setenv "CC" ,(cc-for-target)) - (apply invoke "./configure" configure-flags))) - (add-before 'install 'fix-makefile - (lambda* (#:key outputs #:allow-other-keys) - (substitute* "GNUmakefile" - (("^\tchown.*$") "")) - #t))) + (apply invoke "./configure" configure-flags)))) #:configure-flags (list (string-append "--prefix=" (assoc-ref %outputs "out")) "--with-timestamp") |