colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #59630 from worldofpeace/setcap-gnome-keyring

Browse Source 
gnome3.gnome-keyring: CAP_IPC_LOCK gnome-keyring-daemon
This commit is contained in:
worldofpeace 2019-04-30 13:17:03 -04:00 committed by GitHub
commit 7df410c6d4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nixos/modules/services/desktops/gnome3/gnome-keyring.nix
View File

@ -37,6 +37,11 @@ with lib;
security.pam.services.login.enableGnomeKeyring = true;
security.wrappers.gnome-keyring-daemon = {
source = "${pkgs.gnome3.gnome-keyring}/bin/gnome-keyring-daemon";
capabilities = "cap_ipc_lock=ep";
};
};
}

10
pkgs/desktops/gnome-3/core/gnome-keyring/default.nix
View File

@ -46,6 +46,16 @@ stdenv.mkDerivation rec {
make check
'';
# Use wrapped gnome-keyring-daemon with cap_ipc_lock=ep
postFixup = ''
files=($out/etc/xdg/autostart/* $out/share/dbus-1/services/*)
for file in ''${files[*]}; do
substituteInPlace $file \
--replace "$out/bin/gnome-keyring-daemon" "/run/wrappers/bin/gnome-keyring-daemon"
done
'';
passthru = {
updateScript = gnome3.updateScript {
packageName = "gnome-keyring";