accountsservice: cleanup

* set admin_group to wheel
* use a fix-paths.patch
* patch to create StateDirectory
  Comes from upstream and should
  eliminate us creating the directories
  with a wrapper script.
This commit is contained in:
worldofpeace 2019-07-01 01:33:07 -04:00
parent 89f26a475d
commit 886e62f5b0
2 changed files with 150 additions and 22 deletions

View file

@ -1,9 +1,9 @@
{ stdenv
, fetchurl
, fetchpatch
, substituteAll
, pkgconfig
, glib
, intltool
, makeWrapper
, shadow
, gobject-introspection
, polkit
@ -13,19 +13,24 @@
, dbus
, ninja
, python3
, gettext
}:
stdenv.mkDerivation rec {
pname = "accountsservice";
version = "0.6.55";
outputs = [ "out" "dev" ];
src = fetchurl {
url = "https://www.freedesktop.org/software/${pname}/${pname}-${version}.tar.xz";
sha256 = "16wwd633jak9ajyr1f1h047rmd09fhf3kzjz6g5xjsz0lwcj8azz";
};
nativeBuildInputs = [
makeWrapper
dbus
gettext
gobject-introspection
meson
ninja
pkgconfig
@ -33,42 +38,40 @@ stdenv.mkDerivation rec {
];
buildInputs = [
dbus
glib
gobject-introspection
intltool
polkit
systemd
];
mesonFlags = [
"-Dsystemdsystemunitdir=etc/systemd/system"
"-Dadmin_group=wheel"
"-Dlocalstatedir=/var"
"-Dsystemdsystemunitdir=${placeholder ''out''}/etc/systemd/system"
];
prePatch = ''
postPatch = ''
chmod +x meson_post_install.py
patchShebangs meson_post_install.py
substituteInPlace src/daemon.c --replace '"/usr/sbin/useradd"' '"${shadow}/bin/useradd"' \
--replace '"/usr/sbin/userdel"' '"${shadow}/bin/userdel"'
substituteInPlace src/user.c --replace '"/usr/sbin/usermod"' '"${shadow}/bin/usermod"' \
--replace '"/usr/bin/chage"' '"${shadow}/bin/chage"' \
--replace '"/usr/bin/passwd"' '"${shadow}/bin/passwd"' \
--replace '"/bin/cat"' '"${coreutils}/bin/cat"'
'';
patches = [
(substituteAll {
src = ./fix-paths.patch;
inherit shadow coreutils;
})
./no-create-dirs.patch
./Disable-methods-that-change-files-in-etc.patch
# Systemd unit improvements. Notably using StateDirectory eliminating the
# need of an ad-hoc script.
(fetchpatch {
url = "https://gitlab.freedesktop.org/accountsservice/accountsservice/commit/152b845bbd3ca2a64516691493a160825f1a2046.patch";
sha256 = "114wrf5mwj5bgc5v1g05md4ridcnwdrwppr3bjz96sknwh5hk8s5";
})
(fetchpatch {
url = "https://gitlab.freedesktop.org/accountsservice/accountsservice/commit/0e712e935abd26499ff5995ab363e5bfd9ee7c4c.patch";
sha256 = "1y60a5fmgfqjzprwpizilrazqn3mggdlgc5sgcpsprsp62fv78rl";
})
];
preFixup = ''
wrapProgram "$out/libexec/accounts-daemon" \
--run "${coreutils}/bin/mkdir -p /var/lib/AccountsService/users" \
--run "${coreutils}/bin/mkdir -p /var/lib/AccountsService/icons"
'';
meta = with stdenv.lib; {
description = "D-Bus interface for user account query and manipulation";
homepage = https://www.freedesktop.org/wiki/Software/AccountsService;

View file

@ -0,0 +1,125 @@
diff --git a/src/daemon.c b/src/daemon.c
index c52bda3..75d214e 100644
--- a/src/daemon.c
+++ b/src/daemon.c
@@ -1106,7 +1106,7 @@ daemon_create_user_authorized_cb (Daemon *daemon,
sys_log (context, "create user '%s'", cd->user_name);
- argv[0] = "/usr/sbin/useradd";
+ argv[0] = "@shadow@/bin/useradd";
argv[1] = "-m";
argv[2] = "-c";
argv[3] = cd->real_name;
@@ -1318,7 +1318,7 @@ daemon_delete_user_authorized_cb (Daemon *daemon,
user_set_saved (user, FALSE);
- argv[0] = "/usr/sbin/userdel";
+ argv[0] = "@shadow@/bin/userdel";
if (ud->remove_files) {
argv[1] = "-f";
argv[2] = "-r";
diff --git a/src/user.c b/src/user.c
index 9f57af5..e65289d 100644
--- a/src/user.c
+++ b/src/user.c
@@ -844,7 +844,7 @@ user_change_real_name_authorized_cb (Daemon *daemon,
accounts_user_get_uid (ACCOUNTS_USER (user)),
name);
- argv[0] = "/usr/sbin/usermod";
+ argv[0] = "@shadown@/bin/usermod";
argv[1] = "-c";
argv[2] = name;
argv[3] = "--";
@@ -913,7 +913,7 @@ user_change_user_name_authorized_cb (Daemon *daemon,
accounts_user_get_uid (ACCOUNTS_USER (user)),
name);
- argv[0] = "/usr/sbin/usermod";
+ argv[0] = "@shadow@/bin/usermod";
argv[1] = "-l";
argv[2] = name;
argv[3] = "--";
@@ -1321,7 +1321,7 @@ user_change_home_dir_authorized_cb (Daemon *daemon,
accounts_user_get_uid (ACCOUNTS_USER (user)),
home_dir);
- argv[0] = "/usr/sbin/usermod";
+ argv[0] = "@shadow@/bin/usermod";
argv[1] = "-m";
argv[2] = "-d";
argv[3] = home_dir;
@@ -1378,7 +1378,7 @@ user_change_shell_authorized_cb (Daemon *daemon,
accounts_user_get_uid (ACCOUNTS_USER (user)),
shell);
- argv[0] = "/usr/sbin/usermod";
+ argv[0] = "@shadow@/bin/usermod";
argv[1] = "-s";
argv[2] = shell;
argv[3] = "--";
@@ -1520,7 +1520,7 @@ user_change_icon_file_authorized_cb (Daemon *daemon,
return;
}
- argv[0] = "/bin/cat";
+ argv[0] = "@coreutils@/bin/cat";
argv[1] = filename;
argv[2] = NULL;
@@ -1601,7 +1601,7 @@ user_change_locked_authorized_cb (Daemon *daemon,
locked ? "locking" : "unlocking",
accounts_user_get_user_name (ACCOUNTS_USER (user)),
accounts_user_get_uid (ACCOUNTS_USER (user)));
- argv[0] = "/usr/sbin/usermod";
+ argv[0] = "@shadow@/bin/usermod";
argv[1] = locked ? "-L" : "-U";
argv[2] = "--";
argv[3] = accounts_user_get_user_name (ACCOUNTS_USER (user));
@@ -1726,7 +1726,7 @@ user_change_account_type_authorized_cb (Daemon *daemon,
g_free (groups);
- argv[0] = "/usr/sbin/usermod";
+ argv[0] = "@shadow@/bin/usermod";
argv[1] = "-G";
argv[2] = str->str;
argv[3] = "--";
@@ -1794,7 +1794,7 @@ user_change_password_mode_authorized_cb (Daemon *daemon,
if (mode == PASSWORD_MODE_SET_AT_LOGIN ||
mode == PASSWORD_MODE_NONE) {
- argv[0] = "/usr/bin/passwd";
+ argv[0] = "/run/wrappers/bin/passwd";
argv[1] = "-d";
argv[2] = "--";
argv[3] = accounts_user_get_user_name (ACCOUNTS_USER (user));
@@ -1806,7 +1806,7 @@ user_change_password_mode_authorized_cb (Daemon *daemon,
}
if (mode == PASSWORD_MODE_SET_AT_LOGIN) {
- argv[0] = "/usr/bin/chage";
+ argv[0] = "@shadow@/bin/chage";
argv[1] = "-d";
argv[2] = "0";
argv[3] = "--";
@@ -1827,7 +1827,7 @@ user_change_password_mode_authorized_cb (Daemon *daemon,
accounts_user_set_locked (ACCOUNTS_USER (user), FALSE);
}
else if (accounts_user_get_locked (ACCOUNTS_USER (user))) {
- argv[0] = "/usr/sbin/usermod";
+ argv[0] = "@shadow@/bin/usermod";
argv[1] = "-U";
argv[2] = "--";
argv[3] = accounts_user_get_user_name (ACCOUNTS_USER (user));
@@ -1905,7 +1905,7 @@ user_change_password_authorized_cb (Daemon *daemon,
g_object_freeze_notify (G_OBJECT (user));
- argv[0] = "/usr/sbin/usermod";
+ argv[0] = "@shadow@/bin/usermod";
argv[1] = "-p";
argv[2] = strings[0];
argv[3] = "--";