From eb939109b9c06a09e1534a403745bd362b653d95 Mon Sep 17 00:00:00 2001 From: Brice Waegeneire Date: Sat, 12 Jun 2021 15:02:12 +0200 Subject: gnu: opendoas: Fix restricted path "safepath". * gnu/packages/admin.scm (opendoas)[phases]: Rename 'fix-install' phase to 'pre-configure', run it before 'configure' and add a substitution for safepath. --- gnu/packages/admin.scm | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index f97be3c735..ea5cd91e38 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -41,6 +41,7 @@ ;;; Copyright © 2021 Hyunseok Kim ;;; Copyright © 2021 David Larsson ;;; Copyright © 2021 WinterHound +;;; Copyright © 2021 Brice Waegeneire ;;; ;;; This file is part of GNU Guix. ;;; @@ -1700,18 +1701,27 @@ commands and their arguments.") (arguments `(#:phases (modify-phases %standard-phases + (add-before 'configure 'pre-configure + (lambda* (#:key outputs #:allow-other-keys) + (substitute* "GNUmakefile" + (("^\tchown.*$") "")) + ;; OpenDoas look for binaries in safepath when a rule specify a + ;; relative command, such as “permit keepenv :wheel cmd guix”. + (substitute* "doas.c" + (("safepath =" match) + (string-append match " \"" + "/run/setuid-programs:" + "/run/current-system/profile/bin:" + "/run/current-system/profile/sbin:" + "\" "))) + #t)) (replace 'configure ;; The configure script doesn't accept most of the default flags. (lambda* (#:key configure-flags #:allow-other-keys) ;; The configure script can be told which compiler to use only ;; through environment variables. (setenv "CC" ,(cc-for-target)) - (apply invoke "./configure" configure-flags))) - (add-before 'install 'fix-makefile - (lambda* (#:key outputs #:allow-other-keys) - (substitute* "GNUmakefile" - (("^\tchown.*$") "")) - #t))) + (apply invoke "./configure" configure-flags)))) #:configure-flags (list (string-append "--prefix=" (assoc-ref %outputs "out")) "--with-timestamp") -- cgit v1.2.3