diff options
| author | André Silva <andrerfosilva@gmail.com> | 2021-09-22 17:40:30 +0100 |
|---|---|---|
| committer | André Silva <andrerfosilva@gmail.com> | 2021-09-22 17:41:37 +0100 |
| commit | b804b0596c432e6d7eb452768acfc75acd4badd0 (patch) | |
| tree | cfa8d992632a5dba60119f8a36c79ca3a569e810 | |
| parent | 2c774b95e9f40abc41f29ce044869158ef681e21 (diff) | |
| download | nixpkgs-b804b0596c432e6d7eb452768acfc75acd4badd0.tar nixpkgs-b804b0596c432e6d7eb452768acfc75acd4badd0.tar.gz nixpkgs-b804b0596c432e6d7eb452768acfc75acd4badd0.tar.bz2 nixpkgs-b804b0596c432e6d7eb452768acfc75acd4badd0.tar.lz nixpkgs-b804b0596c432e6d7eb452768acfc75acd4badd0.tar.xz nixpkgs-b804b0596c432e6d7eb452768acfc75acd4badd0.tar.zst nixpkgs-b804b0596c432e6d7eb452768acfc75acd4badd0.zip | |
ledger-live-desktop: fix libudev handling in fhs-env
| -rw-r--r-- | pkgs/applications/blockchains/ledger-live-desktop/default.nix | 17 | ||||
| -rw-r--r-- | pkgs/applications/blockchains/ledger-live-desktop/systemd.patch | 14 |
2 files changed, 29 insertions, 2 deletions
diff --git a/pkgs/applications/blockchains/ledger-live-desktop/default.nix b/pkgs/applications/blockchains/ledger-live-desktop/default.nix index 4b3ba00fb96..fc122f4923e 100644 --- a/pkgs/applications/blockchains/ledger-live-desktop/default.nix +++ b/pkgs/applications/blockchains/ledger-live-desktop/default.nix @@ -1,4 +1,4 @@ -{ lib, fetchurl, appimageTools, imagemagick }: +{ lib, fetchurl, appimageTools, imagemagick, systemd }: let pname = "ledger-live-desktop"; @@ -13,9 +13,22 @@ let appimageContents = appimageTools.extractType2 { inherit name src; }; -in appimageTools.wrapType2 rec { + + # Hotplug events from udevd are fired into the kernel, which then re-broadcasts them over a + # special socket, to every libudev client listening for hotplug when the kernel does that. It will + # try to preserve the uid of the sender but a non-root namespace (like the fhs-env) cant map root + # to a uid, for security reasons, so the uid of the sender becomes nobody and libudev actively + # rejects such messages. This patch disables that bit of security in libudev. + # See: https://github.com/NixOS/nixpkgs/issues/116361 + systemdPatched = systemd.overrideAttrs ({ patches ? [ ], ... }: { + patches = patches ++ [ ./systemd.patch ]; + }); +in +appimageTools.wrapType2 rec { inherit name src; + extraPkgs = pkgs: [ systemdPatched ]; + extraInstallCommands = '' mv $out/bin/${name} $out/bin/${pname} install -m 444 -D ${appimageContents}/ledger-live-desktop.desktop $out/share/applications/ledger-live-desktop.desktop diff --git a/pkgs/applications/blockchains/ledger-live-desktop/systemd.patch b/pkgs/applications/blockchains/ledger-live-desktop/systemd.patch new file mode 100644 index 00000000000..a70053d7118 --- /dev/null +++ b/pkgs/applications/blockchains/ledger-live-desktop/systemd.patch @@ -0,0 +1,14 @@ +diff --git a/src/libsystemd/sd-device/device-monitor.c b/src/libsystemd/sd-device/device-monitor.c +index fd5900704d..f9106fdbe5 100644 +--- a/src/libsystemd/sd-device/device-monitor.c ++++ b/src/libsystemd/sd-device/device-monitor.c +@@ -445,9 +445,6 @@ int device_monitor_receive_device(sd_device_monitor *m, sd_device **ret) { + "sd-device-monitor: No sender credentials received, message ignored."); + + cred = (struct ucred*) CMSG_DATA(cmsg); +- if (cred->uid != 0) +- return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN), +- "sd-device-monitor: Sender uid="UID_FMT", message ignored.", cred->uid); + + if (streq(buf.raw, "libudev")) { + /* udev message needs proper version magic */ |