From 3299c31f4479670ef49cad5c87421a034705f9b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <v@cunat.cz>
Date: Wed, 10 Apr 2024 07:52:44 +0200
Subject: [PATCH 1/3] stdenv: avoid setuid issues

See #300635.  Maybe in time we'll have a better solution.
---
 pkgs/stdenv/generic/setup.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh
index 6c72395219f7..45c73d7709c6 100644
--- a/pkgs/stdenv/generic/setup.sh
+++ b/pkgs/stdenv/generic/setup.sh
@@ -1421,7 +1421,8 @@ fixupPhase() {
     # Make sure everything is writable so "strip" et al. work.
     local output
     for output in $(getAllOutputNames); do
-        if [ -e "${!output}" ]; then chmod -R u+w "${!output}"; fi
+        # for set*id bits see #300635
+        if [ -e "${!output}" ]; then chmod -R u+w,u-s,g-s "${!output}"; fi
     done
 
     runHook preFixup

From 2e7e411c09e766a5518548c176e46c2404545b51 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <v@cunat.cz>
Date: Wed, 10 Apr 2024 07:54:49 +0200
Subject: [PATCH 2/3] Revert "plocate: fixup build"

This reverts commit 4caf1e3b18fb1ca35031bd26b6a29157df30897e.
---
 pkgs/tools/misc/plocate/default.nix | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/pkgs/tools/misc/plocate/default.nix b/pkgs/tools/misc/plocate/default.nix
index d4ea53b2301f..b44cb0b14860 100644
--- a/pkgs/tools/misc/plocate/default.nix
+++ b/pkgs/tools/misc/plocate/default.nix
@@ -33,9 +33,6 @@ stdenv.mkDerivation rec {
     "-Ddbpath=locatedb"
   ];
 
-  # https://github.com/NixOS/nixpkgs/issues/300635
-  postInstall = ''chmod -R u-s,g-s "$out"'';
-
   meta = with lib; {
     description = "Much faster locate";
     homepage = "https://plocate.sesse.net/";

From d7b4200c6b4cb6853c0b36e936c91f29fd02502a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <v@cunat.cz>
Date: Wed, 10 Apr 2024 07:55:33 +0200
Subject: [PATCH 3/3] Revert "lxc: fixup build"

This reverts commit e7df8051fb34d7c566f19c7176a8fe8225da713a
and 64cdda4b5f54454c99a26f7ff74e9066180d02f1.
---
 pkgs/os-specific/linux/lxc/default.nix | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/pkgs/os-specific/linux/lxc/default.nix b/pkgs/os-specific/linux/lxc/default.nix
index 71de8ce3cdcc..e525c9c3f5f7 100644
--- a/pkgs/os-specific/linux/lxc/default.nix
+++ b/pkgs/os-specific/linux/lxc/default.nix
@@ -61,9 +61,6 @@ stdenv.mkDerivation rec {
 
   doCheck = true;
 
-  # https://github.com/NixOS/nixpkgs/issues/300635
-  postInstall = ''chmod -R u-s,g-s "$out"'';
-
   passthru = {
     tests = {
       incus-legacy-init = nixosTests.incus.container-legacy-init;