1
0
Fork 0
mirror of https://github.com/nix-community/home-manager synced 2025-01-08 10:09:49 +01:00

Run sudo with -s in the darwin module (#807)

Currently activation is run with `sudo -i` this defaults to the user's
login shell. This can lead to problems if the user's shell isn't set
properly.

By passing `-s` rather than `-i`, `sudo` runs `activate` in `SHELL`
instead. We assume that at this point in the activation `SHELL`
contains the path to a bash in the nix store. This should always be a
valid shell to run the `activate` script with.

From the `sudo` manual it seems like this cannot be fixed if `SHELL`
isn't set at this point or by passing a command to `-s` because that
command is then passed to the user's shell.

(cherry picked from commit cf62e96bf7)
This commit is contained in:
toonn 2022-03-31 20:24:26 +02:00 committed by Wael Nasreddine
parent a8d00f5c03
commit ef6b316265

View file

@ -134,7 +134,7 @@ in
system.activationScripts.postActivation.text =
concatStringsSep "\n" (mapAttrsToList (username: usercfg: ''
echo Activating home-manager configuration for ${username}
sudo -u ${username} -i ${pkgs.writeShellScript "activation-${username}" ''
sudo -u ${username} -s ${pkgs.writeShellScript "activation-${username}" ''
${lib.optionalString (cfg.backupFileExtension != null)
"export HOME_MANAGER_BACKUP_EXT=${lib.escapeShellArg cfg.backupFileExtension}"}
${lib.optionalString cfg.verbose "export VERBOSE=1"}