@ -2,23 +2,63 @@
with pkgs . lib ;
let
pkWrapper = pkgs . stdenv . mkDerivation {
name = " p o l k i t - w r a p p e r " ;
helper = " p o l k i t - a g e n t - h e l p e r - 1 " ;
buildInputs = [ pkgs . xorg . lndir ] ;
builder = pkgs . writeScript " p k w r a p - b u i l d e r " ''
source $ stdenv/setup
mkdir - p $ out
lndir $ { pkgs . polkit } $ out
new = $ out/libexec / $ helper
mv $ new $ out/libexec/. $ helper . orig
echo " e x e c ${ config . security . wrapperDir } / $ h e l p e r \" \$ @ \" " > $ new
chmod + x $ new
'' ;
} ;
in
{
config = {
environment . systemPackages = [ pkgs . polkit ] ;
environment = {
systemPackages = [ pkWrapper ] ;
pathsToLink = [ " / s h a r e / p o l k i t - 1 " " / e t c / p o l k i t - 1 " ] ;
etc = [
{
source = " ${ config . system . path } / e t c / p o l k i t - 1 " ;
target = " p o l k i t - 1 " ;
}
] ;
} ;
services . dbus . packages = [ pkgs . polkit ] ;
services . dbus . packages = [ pkWrapper ] ;
security . pam . services = [ { name = " p o l k i t - 1 " ; } ] ;
security = {
pam . services = [ { name = " p o l k i t - 1 " ; } ] ;
setuidPrograms = [ " p k e x e c " ] ;
security . setuidPrograms = [ " p k e x e c " ] ;
setuidOwners = [
{
program = pkWrapper . helper ;
owner = " r o o t " ;
group = " r o o t " ;
setuid = true ;
source = pkWrapper + " / l i b e x e c / . " + pkWrapper . helper + " . o r i g " ;
}
] ;
} ;
system . activationScripts . policyKit = pkgs . stringsWithDeps . noDepEntry
''
mkdir - p /var/lib/polkit-1
chmod 700 /var/lib/polkit-1
'' ;
} ;
}