kpmcore: patch trustedprefixes

This commit is contained in:
Victor Fuentes 2022-09-18 13:30:20 -04:00
parent 5196625a15
commit afe3ad49e5
No known key found for this signature in database
GPG key ID: 0A88B68D6A9ACAE0
2 changed files with 19 additions and 0 deletions

View file

@ -13,6 +13,10 @@ stdenv.mkDerivation rec {
hash = "sha256-Ws20hKX2iDdke5yBBKXukVUD4OnLf1OmwlhW+jUXL24=";
};
patches = [
./nixostrustedprefix.patch
];
nativeBuildInputs = [ extra-cmake-modules ];
buildInputs = [
@ -29,6 +33,8 @@ stdenv.mkDerivation rec {
preConfigure = ''
substituteInPlace src/util/CMakeLists.txt \
--replace \$\{POLKITQT-1_POLICY_FILES_INSTALL_DIR\} $out/share/polkit-1/actions
substituteInPlace src/backend/corebackend.cpp \
--replace /usr/share/polkit-1/actions/org.kde.kpmcore.externalcommand.policy $out/share/polkit-1/actions/org.kde.kpmcore.externalcommand.policy
'';
meta = with lib; {

View file

@ -0,0 +1,13 @@
diff --git a/src/util/externalcommandhelper.cpp b/src/util/externalcommandhelper.cpp
index a879c8d..3d7863b 100644
--- a/src/util/externalcommandhelper.cpp
+++ b/src/util/externalcommandhelper.cpp
@@ -387,7 +387,7 @@ QVariantMap ExternalCommandHelper::RunCommand(const QString& command, const QStr
if (dirname == QStringLiteral("bin") || dirname == QStringLiteral("sbin")) {
prefix.cdUp();
}
- if (trustedPrefixes.find(prefix.path()) == trustedPrefixes.end()) { // TODO: C++20: replace with contains
+ if (!prefix.path().startsWith(QStringLiteral("/nix/store")) && !prefix.path().startsWith(QStringLiteral("/run/current-system/sw"))) { // TODO: C++20: replace with contains
qInfo() << prefix.path() << "prefix is not one of the trusted command prefixes";
reply[QStringLiteral("success")] = false;
return reply;