From 783634622560445f999b11f8081087314e6a7409 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Thu, 13 Feb 2020 13:07:06 +0100
Subject: [PATCH] Add rsync backup via dilion

---
 pkgs/default.nix             |  1 +
 pkgs/rrsync_sudo/default.nix |  8 ++++++++
 pkgs/rrsync_sudo/sudo.patch  | 20 ++++++++++++++++++++
 3 files changed, 29 insertions(+)
 create mode 100644 pkgs/rrsync_sudo/default.nix
 create mode 100644 pkgs/rrsync_sudo/sudo.patch

diff --git a/pkgs/default.nix b/pkgs/default.nix
index 2ad79a2f..b6f9eae1 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -24,6 +24,7 @@ rec {
   pg_activity = callPackage ../pkgs/pg_activity { inherit mylibs; };
   pgloader = callPackage ../pkgs/pgloader {};
   predixy = callPackage ../pkgs/predixy { inherit mylibs; };
+  rrsync_sudo = callPackage ../pkgs/rrsync_sudo {};
   telegram-cli = callPackage ../pkgs/telegram-cli { inherit mylibs; };
   telegram-history-dump = callPackage ../pkgs/telegram-history-dump { inherit mylibs; };
   telegramircd = callPackage ../pkgs/telegramircd { inherit mylibs; telethon = callPackage ../pkgs/telethon_sync {}; };
diff --git a/pkgs/rrsync_sudo/default.nix b/pkgs/rrsync_sudo/default.nix
new file mode 100644
index 00000000..7a47320b
--- /dev/null
+++ b/pkgs/rrsync_sudo/default.nix
@@ -0,0 +1,8 @@
+{ rrsync }:
+
+rrsync.overrideAttrs(old: {
+  patches = old.patches or [] ++ [ ./sudo.patch ];
+  postPatch = old.postPatch + ''
+    substituteInPlace support/rrsync --replace /usr/bin/sudo /run/wrappers/bin/sudo
+  '';
+})
diff --git a/pkgs/rrsync_sudo/sudo.patch b/pkgs/rrsync_sudo/sudo.patch
new file mode 100644
index 00000000..6de9cc94
--- /dev/null
+++ b/pkgs/rrsync_sudo/sudo.patch
@@ -0,0 +1,20 @@
+--- a/support/rrsync	2015-09-14 01:23:54.000000000 +0200
++++ b/support/rrsync	2020-02-08 13:55:14.302163313 +0100
+@@ -48,7 +48,7 @@
+ 
+ my $command = $ENV{SSH_ORIGINAL_COMMAND};
+ die "$0: Not invoked via sshd\n$Usage"	unless defined $command;
+-die "$0: SSH_ORIGINAL_COMMAND='$command' is not rsync\n" unless $command =~ s/^rsync\s+//;
++die "$0: SSH_ORIGINAL_COMMAND='$command' is not rsync\n" unless $command =~ s/^sudo rsync\s+//;
+ die "$0: --server option is not first\n" unless $command =~ /^--server\s/;
+ our $am_sender = $command =~ /^--server\s+--sender\s/; # Restrictive on purpose!
+ die "$0 sending to read-only server not allowed\n" if $only eq 'r' && !$am_sender;
+@@ -227,7 +227,7 @@
+ }
+ 
+ # Note: This assumes that the rsync protocol will not be maliciously hijacked.
+-exec(RSYNC, @opts, @args) or die "exec(rsync @opts @args) failed: $? $!";
++exec("/usr/bin/sudo", RSYNC, @opts, @args) or die "exec(sudo rsync @opts @args) failed: $? $!";
+ 
+ sub check_arg
+ {
-- 
2.41.0