kpmcore: patch trustedprefixes
This commit is contained in:
parent
5196625a15
commit
afe3ad49e5
2 changed files with 19 additions and 0 deletions
|
@ -13,6 +13,10 @@ stdenv.mkDerivation rec {
|
|||
hash = "sha256-Ws20hKX2iDdke5yBBKXukVUD4OnLf1OmwlhW+jUXL24=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
./nixostrustedprefix.patch
|
||||
];
|
||||
|
||||
nativeBuildInputs = [ extra-cmake-modules ];
|
||||
|
||||
buildInputs = [
|
||||
|
@ -29,6 +33,8 @@ stdenv.mkDerivation rec {
|
|||
preConfigure = ''
|
||||
substituteInPlace src/util/CMakeLists.txt \
|
||||
--replace \$\{POLKITQT-1_POLICY_FILES_INSTALL_DIR\} $out/share/polkit-1/actions
|
||||
substituteInPlace src/backend/corebackend.cpp \
|
||||
--replace /usr/share/polkit-1/actions/org.kde.kpmcore.externalcommand.policy $out/share/polkit-1/actions/org.kde.kpmcore.externalcommand.policy
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
|
|
13
pkgs/development/libraries/kpmcore/nixostrustedprefix.patch
Normal file
13
pkgs/development/libraries/kpmcore/nixostrustedprefix.patch
Normal file
|
@ -0,0 +1,13 @@
|
|||
diff --git a/src/util/externalcommandhelper.cpp b/src/util/externalcommandhelper.cpp
|
||||
index a879c8d..3d7863b 100644
|
||||
--- a/src/util/externalcommandhelper.cpp
|
||||
+++ b/src/util/externalcommandhelper.cpp
|
||||
@@ -387,7 +387,7 @@ QVariantMap ExternalCommandHelper::RunCommand(const QString& command, const QStr
|
||||
if (dirname == QStringLiteral("bin") || dirname == QStringLiteral("sbin")) {
|
||||
prefix.cdUp();
|
||||
}
|
||||
- if (trustedPrefixes.find(prefix.path()) == trustedPrefixes.end()) { // TODO: C++20: replace with contains
|
||||
+ if (!prefix.path().startsWith(QStringLiteral("/nix/store")) && !prefix.path().startsWith(QStringLiteral("/run/current-system/sw"))) { // TODO: C++20: replace with contains
|
||||
qInfo() << prefix.path() << "prefix is not one of the trusted command prefixes";
|
||||
reply[QStringLiteral("success")] = false;
|
||||
return reply;
|
Loading…
Reference in a new issue