From 8cb73687cec13746d631676523226290e706de81 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Sun, 26 May 2024 01:17:42 +0000
Subject: [PATCH] unl0kr: don't add extra deps to user's PATH

---
 hosts/common/programs/assorted.nix       |  2 ++
 hosts/common/programs/unl0kr/default.nix | 23 +++++++++++++++--------
 2 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/hosts/common/programs/assorted.nix b/hosts/common/programs/assorted.nix
index f84e0aea..b90c2900 100644
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@@ -807,6 +807,8 @@ in
     sequoia.sandbox.whitelistPwd = true;
     sequoia.sandbox.autodetectCliPaths = true;
 
+    shadow.sandbox.enable = false;  #< `login` can't be sandboxed, since it starts an interactive user session
+
     shattered-pixel-dungeon.buildCost = 1;
     shattered-pixel-dungeon.persist.byStore.plaintext = [ ".local/share/.shatteredpixel/shattered-pixel-dungeon" ];
     shattered-pixel-dungeon.sandbox.method = "bwrap";
diff --git a/hosts/common/programs/unl0kr/default.nix b/hosts/common/programs/unl0kr/default.nix
index 19ba61de..cd6e06d8 100644
--- a/hosts/common/programs/unl0kr/default.nix
+++ b/hosts/common/programs/unl0kr/default.nix
@@ -9,13 +9,12 @@ let
   };
   launcher = pkgs.writeShellApplication {
     name = "unl0kr-login";
-    runtimeInputs = [
-      # TODO: since this invokes `login`, adding these deps to PATH is questionable
-      cfg.package
-      pkgs.shadow
-      redirect-tty
-    ];
     text = ''
+      extraPath=/run/current-system/sw/bin:/bin:${lib.makeBinPath [ cfg.package config.sane.programs.shadow.package redirect-tty ]}
+      locate() {
+        PATH=$PATH:$extraPath command -v "$1"
+      }
+
       # TODO: make this more robust to failure.
       # - if `unl0kr` fails, then the second `redirect-tty` sends a newline to `login`, causing it to exit and the service fails.
       # - if `redirect-tty` fails, then... the service is left hanging.
@@ -25,8 +24,12 @@ let
       #   but modified to not leak pword to CLI
       # - implement some sort of watchdog (e.g. detect spawned children?)
       # - set a timeout at the outer scope (which gets canceled upon successful login)
-      bash -c 'redirect-tty "/dev/${tty}" unl0kr ; sleep 2 ; redirect-tty "/dev/${tty}" echo ""' &
-      login -p ${cfg.config.user}
+      PATH=$PATH:$extraPath sh -c 'redirect-tty "/dev/${tty}" unl0kr ; sleep 2 ; redirect-tty "/dev/${tty}" echo ""' &
+
+      # N.B.: invoke `login` by full path instead of modifying `PATH`,
+      # because we don't want the user session to inherit the PATH of this script!
+      _login="$(locate login)"
+      "$_login" -p ${cfg.config.user}
     '';
   };
 in
@@ -82,6 +85,10 @@ in
       };
     };
 
+    suggestedPrograms = [
+      "shadow"  #< for login
+    ];
+
     fs.".profile".symlink.text = lib.mkMerge [
       (lib.mkBefore ''
         # setup primarySessionCommands here and let any other nix config populate it later