diff options
| author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2010-09-13 15:41:38 +0000 |
|---|---|---|
| committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2010-09-13 15:41:38 +0000 |
| commit | f729f12e4e8f03540e33aaf07292934747417787 (patch) | |
| tree | 7673aece3848666da3f7787282af11dbe3819280 /modules/security | |
| parent | f99e42cfbc860c37185ca0c4ff7d9578ffec3d9a (diff) | |
| download | nixpkgs-f729f12e4e8f03540e33aaf07292934747417787.tar nixpkgs-f729f12e4e8f03540e33aaf07292934747417787.tar.gz nixpkgs-f729f12e4e8f03540e33aaf07292934747417787.tar.bz2 nixpkgs-f729f12e4e8f03540e33aaf07292934747417787.tar.lz nixpkgs-f729f12e4e8f03540e33aaf07292934747417787.tar.xz nixpkgs-f729f12e4e8f03540e33aaf07292934747417787.tar.zst nixpkgs-f729f12e4e8f03540e33aaf07292934747417787.zip | |
Some cleanups in the activation script:
* Moved some scriptlets to the appropriate modules. * Put the scriptlet that sets the default path at the start, since it never makes sense not to have it there. It no longer needs to be declared as a dependency. * If a scriptlet has no dependencies, it can be denoted as a plain string (i.e., `noDepEntry' is not needed anymore). svn path=/nixos/trunk/; revision=23762
Diffstat (limited to 'modules/security')
| -rw-r--r-- | modules/security/policykit.nix | 4 | ||||
| -rw-r--r-- | modules/security/polkit.nix | 18 | ||||
| -rw-r--r-- | modules/security/setuid-wrappers.nix | 4 |
3 files changed, 11 insertions, 15 deletions
diff --git a/modules/security/policykit.nix b/modules/security/policykit.nix index 6d7b507d033..39075dd760f 100644 --- a/modules/security/policykit.nix +++ b/modules/security/policykit.nix @@ -51,7 +51,7 @@ in } ]; - system.activationScripts.policyKit = fullDepEntry + system.activationScripts.policyKit = stringAfter [ "users" ] '' mkdir -m 0770 -p /var/run/PolicyKit chown root.polkituser /var/run/PolicyKit @@ -63,7 +63,7 @@ in touch /var/lib/misc/PolicyKit.reload chmod 0664 /var/lib/misc/PolicyKit.reload chown polkituser.polkituser /var/lib/misc/PolicyKit.reload - '' [ "users" ]; + ''; }; diff --git a/modules/security/polkit.nix b/modules/security/polkit.nix index 0a8ff4c7ea2..3723a621827 100644 --- a/modules/security/polkit.nix +++ b/modules/security/polkit.nix @@ -27,12 +27,10 @@ in environment = { systemPackages = [ pkWrapper ]; pathsToLink = [ "/share/polkit-1" "/etc/polkit-1" ]; - etc = [ - { - source = "${config.system.path}/etc/polkit-1"; + etc = singleton + { source = "${config.system.path}/etc/polkit-1"; target = "polkit-1"; - } - ]; + }; }; services.dbus.packages = [ pkWrapper ]; @@ -41,18 +39,16 @@ in pam.services = [ { name = "polkit-1"; } ]; setuidPrograms = [ "pkexec" ]; - setuidOwners = [ - { - program = "polkit-agent-helper-1"; + setuidOwners = singleton + { program = "polkit-agent-helper-1"; owner = "root"; group = "root"; setuid = true; source = pkgs.polkit + "/" + pkWrapper.helper; - } - ]; + }; }; - system.activationScripts.polikit = pkgs.stringsWithDeps.noDepEntry + system.activationScripts.polkit = '' mkdir -p /var/lib/polkit-1/localauthority chmod 700 /var/lib/polkit-1{/localauthority,} diff --git a/modules/security/setuid-wrappers.nix b/modules/security/setuid-wrappers.nix index 3c4a08c16b7..edbae5d55c8 100644 --- a/modules/security/setuid-wrappers.nix +++ b/modules/security/setuid-wrappers.nix @@ -110,7 +110,7 @@ in chmod "u${if setuid then "+" else "-"}s,g${if setgid then "+" else "-"}s,${permissions}" ${wrapperDir}/${program} ''; - in pkgs.stringsWithDeps.fullDepEntry + in stringAfter [ "users" ] '' # Look in the system path and in the default profile for # programs to be wrapped. @@ -120,7 +120,7 @@ in mkdir -p ${wrapperDir} ${concatMapStrings makeSetuidWrapper setuidPrograms} - '' [ "defaultPath" "users" ]; + ''; }; |