everything?: Updating every package that depended on the old setuidPrograms configuration.

3 files changed, 59 insertions, 8 deletions

diff --git a/nixos/modules/programs/kbdlight.nix b/nixos/modules/programs/kbdlight.nix
index 0172368e968f..c3ea6b5e9738 100644
--- a/nixos/modules/programs/kbdlight.nix
+++ b/nixos/modules/programs/kbdlight.nix
@@ -11,6 +11,13 @@ in
 
   config = mkIf cfg.enable {
     environment.systemPackages = [ pkgs.kbdlight ];
-    security.setuidPrograms = [ "kbdlight" ];
+
+    security.permissionsWrappers.setuid =
+    [ { program = "kbdlight";
+        source  = "${pkgs.kbdlight.out}/bin/kbdlight";
+        user    = "root";
+        group   = "root";
+        setuid  = true;        
+    }];
   };
 }
diff --git a/nixos/modules/programs/light.nix b/nixos/modules/programs/light.nix
index 09cd1113d9c7..d141eaf66f76 100644
--- a/nixos/modules/programs/light.nix
+++ b/nixos/modules/programs/light.nix
@@ -21,6 +21,13 @@ in
 
   config = mkIf cfg.enable {
     environment.systemPackages = [ pkgs.light ];
-    security.setuidPrograms = [ "light" ];
+
+    security.permissionsWrappers.setuid =
+    [ { program = "light";
+        source  = "${pkgs.light.out}/bin/light";
+        user    = "root";
+        group   = "root";
+        setuid  = true;        
+    }];
   };
 }
diff --git a/nixos/modules/programs/shadow.nix b/nixos/modules/programs/shadow.nix
index 878c9cc0cf09..8ee324eaf63f 100644
--- a/nixos/modules/programs/shadow.nix
+++ b/nixos/modules/programs/shadow.nix
@@ -102,11 +102,48 @@ in
         chgpasswd = { rootOK = true; };
       };
 
-    security.setuidPrograms = [ "su" "chfn" ]
-      ++ [ "newuidmap" "newgidmap" ] # new in shadow 4.2.x
-      ++ lib.optionals config.users.mutableUsers
-      [ "passwd" "sg" "newgrp" ];
-
+    security.setuidPrograms = 
+    [
+      { program = "su";
+        source  = "${pkgs.shadow.su}/bin/su";
+        user    = "root";
+        group   = "root";
+        setuid  = true;        
+      }
+
+      { program = "chfn";
+        source  = "${pkgs.shadow.out}/bin/chfn";
+        user    = "root";
+        group   = "root";
+        setuid  = true;
+      }
+    ] ++
+    (lib.optionals config.users.mutableUsers
+     map (x: x // { user = "root";
+                    group   = "root";
+                    setuid  = true;
+                  })
+         [
+           { program = "passwd";
+             source  = "${pkgs.shadow.out}/bin/passwd";
+           }
+
+           { program = "sg";
+             source  = "${pkgs.shadow.out}/bin/sg";
+           }
+
+           { program = "newgrp";
+             source  = "${pkgs.shadow.out}/bin/newgrp";
+           }
+
+           { program = "newuidmap";
+             source  = "${pkgs.shadow.out}/bin/newuidmap";
+           }
+
+           { program = "newgidmap";
+             source  = "${pkgs.shadow.out}/bin/newgidmap";
+           }
+         ]
+    );
   };
-
 }