diff options
| author | Victor Fuentes <vmfuentes64@gmail.com> | 2022-09-18 13:30:20 -0400 |
|---|---|---|
| committer | Victor Fuentes <vmfuentes64@gmail.com> | 2022-11-03 09:45:35 -0400 |
| commit | afe3ad49e5da82c86d02c71508007400c3ea3949 (patch) | |
| tree | 466b26e2b3bd75f6169a25d62c2b9f88a8b2af3c | |
| parent | 5196625a158d6fd7ddd6701850a624bab55655a9 (diff) | |
| download | nixpkgs-afe3ad49e5da82c86d02c71508007400c3ea3949.tar nixpkgs-afe3ad49e5da82c86d02c71508007400c3ea3949.tar.gz nixpkgs-afe3ad49e5da82c86d02c71508007400c3ea3949.tar.bz2 nixpkgs-afe3ad49e5da82c86d02c71508007400c3ea3949.tar.lz nixpkgs-afe3ad49e5da82c86d02c71508007400c3ea3949.tar.xz nixpkgs-afe3ad49e5da82c86d02c71508007400c3ea3949.tar.zst nixpkgs-afe3ad49e5da82c86d02c71508007400c3ea3949.zip | |
kpmcore: patch trustedprefixes
| -rw-r--r-- | pkgs/development/libraries/kpmcore/default.nix | 6 | ||||
| -rw-r--r-- | pkgs/development/libraries/kpmcore/nixostrustedprefix.patch | 13 |
2 files changed, 19 insertions, 0 deletions
diff --git a/pkgs/development/libraries/kpmcore/default.nix b/pkgs/development/libraries/kpmcore/default.nix index 7b7794d3647..0145bcf20c5 100644 --- a/pkgs/development/libraries/kpmcore/default.nix +++ b/pkgs/development/libraries/kpmcore/default.nix @@ -13,6 +13,10 @@ stdenv.mkDerivation rec { hash = "sha256-Ws20hKX2iDdke5yBBKXukVUD4OnLf1OmwlhW+jUXL24="; }; + patches = [ + ./nixostrustedprefix.patch + ]; + nativeBuildInputs = [ extra-cmake-modules ]; buildInputs = [ @@ -29,6 +33,8 @@ stdenv.mkDerivation rec { preConfigure = '' substituteInPlace src/util/CMakeLists.txt \ --replace \$\{POLKITQT-1_POLICY_FILES_INSTALL_DIR\} $out/share/polkit-1/actions + substituteInPlace src/backend/corebackend.cpp \ + --replace /usr/share/polkit-1/actions/org.kde.kpmcore.externalcommand.policy $out/share/polkit-1/actions/org.kde.kpmcore.externalcommand.policy ''; meta = with lib; { diff --git a/pkgs/development/libraries/kpmcore/nixostrustedprefix.patch b/pkgs/development/libraries/kpmcore/nixostrustedprefix.patch new file mode 100644 index 00000000000..cb1eb68364d --- /dev/null +++ b/pkgs/development/libraries/kpmcore/nixostrustedprefix.patch @@ -0,0 +1,13 @@ +diff --git a/src/util/externalcommandhelper.cpp b/src/util/externalcommandhelper.cpp +index a879c8d..3d7863b 100644 +--- a/src/util/externalcommandhelper.cpp ++++ b/src/util/externalcommandhelper.cpp +@@ -387,7 +387,7 @@ QVariantMap ExternalCommandHelper::RunCommand(const QString& command, const QStr + if (dirname == QStringLiteral("bin") || dirname == QStringLiteral("sbin")) { + prefix.cdUp(); + } +- if (trustedPrefixes.find(prefix.path()) == trustedPrefixes.end()) { // TODO: C++20: replace with contains ++ if (!prefix.path().startsWith(QStringLiteral("/nix/store")) && !prefix.path().startsWith(QStringLiteral("/run/current-system/sw"))) { // TODO: C++20: replace with contains + qInfo() << prefix.path() << "prefix is not one of the trusted command prefixes"; + reply[QStringLiteral("success")] = false; + return reply; |