diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 01:35:06 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 02:11:48 +0200 |
commit | 1a64deeb894dc95e2645a75771732c6cc53a79ad (patch) | |
tree | 1b9df4838f894577a09b9b260151756272efeb53 /flakes/mypackages/pkgs/rrsync_sudo | |
parent | fa25ffd4583cc362075cd5e1b4130f33306103f0 (diff) | |
download | Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip |
Squash changes containing private information
There were a lot of changes since the previous commit, but a lot of them
contained personnal information about users. All thos changes got
stashed into a single commit (history is kept in a different place) and
private information was moved in a separate private repository
Diffstat (limited to 'flakes/mypackages/pkgs/rrsync_sudo')
-rw-r--r-- | flakes/mypackages/pkgs/rrsync_sudo/default.nix | 8 | ||||
-rw-r--r-- | flakes/mypackages/pkgs/rrsync_sudo/sudo.patch | 20 |
2 files changed, 28 insertions, 0 deletions
diff --git a/flakes/mypackages/pkgs/rrsync_sudo/default.nix b/flakes/mypackages/pkgs/rrsync_sudo/default.nix new file mode 100644 index 0000000..7a47320 --- /dev/null +++ b/flakes/mypackages/pkgs/rrsync_sudo/default.nix | |||
@@ -0,0 +1,8 @@ | |||
1 | { rrsync }: | ||
2 | |||
3 | rrsync.overrideAttrs(old: { | ||
4 | patches = old.patches or [] ++ [ ./sudo.patch ]; | ||
5 | postPatch = old.postPatch + '' | ||
6 | substituteInPlace support/rrsync --replace /usr/bin/sudo /run/wrappers/bin/sudo | ||
7 | ''; | ||
8 | }) | ||
diff --git a/flakes/mypackages/pkgs/rrsync_sudo/sudo.patch b/flakes/mypackages/pkgs/rrsync_sudo/sudo.patch new file mode 100644 index 0000000..6de9cc9 --- /dev/null +++ b/flakes/mypackages/pkgs/rrsync_sudo/sudo.patch | |||
@@ -0,0 +1,20 @@ | |||
1 | --- a/support/rrsync 2015-09-14 01:23:54.000000000 +0200 | ||
2 | +++ b/support/rrsync 2020-02-08 13:55:14.302163313 +0100 | ||
3 | @@ -48,7 +48,7 @@ | ||
4 | |||
5 | my $command = $ENV{SSH_ORIGINAL_COMMAND}; | ||
6 | die "$0: Not invoked via sshd\n$Usage" unless defined $command; | ||
7 | -die "$0: SSH_ORIGINAL_COMMAND='$command' is not rsync\n" unless $command =~ s/^rsync\s+//; | ||
8 | +die "$0: SSH_ORIGINAL_COMMAND='$command' is not rsync\n" unless $command =~ s/^sudo rsync\s+//; | ||
9 | die "$0: --server option is not first\n" unless $command =~ /^--server\s/; | ||
10 | our $am_sender = $command =~ /^--server\s+--sender\s/; # Restrictive on purpose! | ||
11 | die "$0 sending to read-only server not allowed\n" if $only eq 'r' && !$am_sender; | ||
12 | @@ -227,7 +227,7 @@ | ||
13 | } | ||
14 | |||
15 | # Note: This assumes that the rsync protocol will not be maliciously hijacked. | ||
16 | -exec(RSYNC, @opts, @args) or die "exec(rsync @opts @args) failed: $? $!"; | ||
17 | +exec("/usr/bin/sudo", RSYNC, @opts, @args) or die "exec(sudo rsync @opts @args) failed: $? $!"; | ||
18 | |||
19 | sub check_arg | ||
20 | { | ||