aboutsummaryrefslogtreecommitdiff
path: root/flakes/mypackages/pkgs/rrsync_sudo
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2023-10-04 01:35:06 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2023-10-04 02:11:48 +0200
commit1a64deeb894dc95e2645a75771732c6cc53a79ad (patch)
tree1b9df4838f894577a09b9b260151756272efeb53 /flakes/mypackages/pkgs/rrsync_sudo
parentfa25ffd4583cc362075cd5e1b4130f33306103f0 (diff)
downloadNix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz
Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst
Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip
Squash changes containing private information
There were a lot of changes since the previous commit, but a lot of them contained personnal information about users. All thos changes got stashed into a single commit (history is kept in a different place) and private information was moved in a separate private repository
Diffstat (limited to 'flakes/mypackages/pkgs/rrsync_sudo')
-rw-r--r--flakes/mypackages/pkgs/rrsync_sudo/default.nix8
-rw-r--r--flakes/mypackages/pkgs/rrsync_sudo/sudo.patch20
2 files changed, 28 insertions, 0 deletions
diff --git a/flakes/mypackages/pkgs/rrsync_sudo/default.nix b/flakes/mypackages/pkgs/rrsync_sudo/default.nix
new file mode 100644
index 0000000..7a47320
--- /dev/null
+++ b/flakes/mypackages/pkgs/rrsync_sudo/default.nix
@@ -0,0 +1,8 @@
1{ rrsync }:
2
3rrsync.overrideAttrs(old: {
4 patches = old.patches or [] ++ [ ./sudo.patch ];
5 postPatch = old.postPatch + ''
6 substituteInPlace support/rrsync --replace /usr/bin/sudo /run/wrappers/bin/sudo
7 '';
8})
diff --git a/flakes/mypackages/pkgs/rrsync_sudo/sudo.patch b/flakes/mypackages/pkgs/rrsync_sudo/sudo.patch
new file mode 100644
index 0000000..6de9cc9
--- /dev/null
+++ b/flakes/mypackages/pkgs/rrsync_sudo/sudo.patch
@@ -0,0 +1,20 @@
1--- a/support/rrsync 2015-09-14 01:23:54.000000000 +0200
2+++ b/support/rrsync 2020-02-08 13:55:14.302163313 +0100
3@@ -48,7 +48,7 @@
4
5 my $command = $ENV{SSH_ORIGINAL_COMMAND};
6 die "$0: Not invoked via sshd\n$Usage" unless defined $command;
7-die "$0: SSH_ORIGINAL_COMMAND='$command' is not rsync\n" unless $command =~ s/^rsync\s+//;
8+die "$0: SSH_ORIGINAL_COMMAND='$command' is not rsync\n" unless $command =~ s/^sudo rsync\s+//;
9 die "$0: --server option is not first\n" unless $command =~ /^--server\s/;
10 our $am_sender = $command =~ /^--server\s+--sender\s/; # Restrictive on purpose!
11 die "$0 sending to read-only server not allowed\n" if $only eq 'r' && !$am_sender;
12@@ -227,7 +227,7 @@
13 }
14
15 # Note: This assumes that the rsync protocol will not be maliciously hijacked.
16-exec(RSYNC, @opts, @args) or die "exec(rsync @opts @args) failed: $? $!";
17+exec("/usr/bin/sudo", RSYNC, @opts, @args) or die "exec(sudo rsync @opts @args) failed: $? $!";
18
19 sub check_arg
20 {