diff -ur mpss-daemon-3.8.6.orig/libmpssconfig/genfs.c mpss-daemon-3.8.6/libmpssconfig/genfs.c --- mpss-daemon-3.8.6.orig/libmpssconfig/genfs.c 2021-01-21 01:46:48.337522089 +0100 +++ mpss-daemon-3.8.6/libmpssconfig/genfs.c 2021-01-21 04:05:30.895228099 +0100 @@ -481,6 +481,8 @@ struct dirent *file; DIR *dp; + printf("handle_common %s\n", dir); + switch (type) { case SRCTYPE_DIR: mpssut_filename(menv, NULL, comname, PATH_MAX, "%s", dir); @@ -1682,10 +1684,10 @@ pid = fork(); if (pid == 0) { - ifargv[0] = "/bin/gzip"; + ifargv[0] = "/run/current-system/sw/bin/gzip"; ifargv[1] = name; ifargv[2] = NULL; - execve("/bin/gzip", ifargv, NULL); + execve("/run/current-system/sw/bin/gzip", ifargv, NULL); } waitpid(pid, &status, 0); @@ -1699,11 +1701,11 @@ pid = fork(); if (pid == 0) { - ifargv[0] = "/bin/gzip"; + ifargv[0] = "/run/current-system/sw/bin/gzip"; ifargv[1] = "-d"; ifargv[2] = name; ifargv[3] = NULL; - execve("/bin/gzip", ifargv, NULL); + execve("/run/current-system/sw/bin/gzip", ifargv, NULL); } waitpid(pid, NULL, 0); @@ -1724,7 +1726,7 @@ fclose(stdout); fclose(stderr); - ifargv[0] = "/bin/cpio"; + ifargv[0] = "/run/current-system/sw/bin/cpio"; ifargv[1] = "-i"; ifargv[2] = "-F"; ifargv[3] = cfile; @@ -1734,7 +1736,7 @@ } else { ifargv[4] = NULL; } - execve("/bin/cpio", ifargv, NULL); + execve("/run/current-system/sw/bin/cpio", ifargv, NULL); } if (waitpid(pid, &status, 0) < 0) diff -ur mpss-daemon-3.8.6.orig/libmpssconfig/micenv.c mpss-daemon-3.8.6/libmpssconfig/micenv.c --- mpss-daemon-3.8.6.orig/libmpssconfig/micenv.c 2021-01-21 01:46:48.338522081 +0100 +++ mpss-daemon-3.8.6/libmpssconfig/micenv.c 2021-01-21 02:27:02.788081574 +0100 @@ -106,6 +106,8 @@ menv->dist = DISTRIB_SUSE; else if (!strcasecmp(dist, "ubuntu")) menv->dist = DISTRIB_UBUNTU; + else if (!strcasecmp(dist, "nixos")) + menv->dist = DISTRIB_NIXOS; else return (SETENV_FUNC_DIST << 16) | SETENV_CMDLINE_DIST; } else if ((dist = getenv("MPSS_DIST")) != NULL) { @@ -117,6 +119,8 @@ menv->dist = DISTRIB_SUSE; else if (!strcasecmp(dist, "ubuntu")) menv->dist = DISTRIB_UBUNTU; + else if (!strcasecmp(dist, "nixos")) + menv->dist = DISTRIB_NIXOS; else return (SETENV_FUNC_DIST << 16) | SETENV_ENV_DIST; } else { @@ -126,12 +130,15 @@ menv->dist = DISTRIB_SUSE; else if ((stat(UBUNTU_NETWORK_DIR, &sbuf) == 0) && S_ISDIR(sbuf.st_mode)) menv->dist = DISTRIB_UBUNTU; + else if ((stat(NIXOS_RUN_DIR, &sbuf) == 0) && S_ISDIR(sbuf.st_mode)) + menv->dist = DISTRIB_NIXOS; else return (SETENV_FUNC_DIST << 16) | SETENV_PROBE_DIST; } switch(menv->dist) { case DISTRIB_REDHAT: + case DISTRIB_NIXOS: case DISTRIB_SUSE: menv->lockfile = LSB_LOCK_FILENAME; break; diff -ur mpss-daemon-3.8.6.orig/libmpssconfig/mpssconfig.h mpss-daemon-3.8.6/libmpssconfig/mpssconfig.h --- mpss-daemon-3.8.6.orig/libmpssconfig/mpssconfig.h 2021-01-21 01:46:48.338522081 +0100 +++ mpss-daemon-3.8.6/libmpssconfig/mpssconfig.h 2021-01-21 02:10:37.013513734 +0100 @@ -218,6 +218,7 @@ #define REDHAT_NETWORK_DIR "/etc/sysconfig/network-scripts" #define SUSE_NETWORK_DIR "/etc/sysconfig/network" #define UBUNTU_NETWORK_DIR "/etc/network" +#define NIXOS_RUN_DIR "/var/run/nixos" /** * Mic family @@ -239,6 +240,7 @@ #define DISTRIB_REDHAT 1 #define DISTRIB_SUSE 2 #define DISTRIB_UBUNTU 3 +#define DISTRIB_NIXOS 4 char *home; char *confdir; char *destdir; diff -ur mpss-daemon-3.8.6.orig/libmpssconfig/verify_bzimage.c mpss-daemon-3.8.6/libmpssconfig/verify_bzimage.c --- mpss-daemon-3.8.6.orig/libmpssconfig/verify_bzimage.c 2021-01-21 01:46:48.338522081 +0100 +++ mpss-daemon-3.8.6/libmpssconfig/verify_bzimage.c 2021-01-21 03:00:35.816162608 +0100 @@ -173,17 +173,18 @@ do_gunzip(char *name) { pid_t pid; - char *ifargv[4]; + char *ifargv[5]; pid = fork(); if (pid == 0) { fclose(stdout); fclose(stderr); - ifargv[0] = "/bin/gzip"; - ifargv[1] = "-d"; - ifargv[2] = name; - ifargv[3] = NULL; - execve("/bin/gzip", ifargv, NULL); + ifargv[0] = "/usr/bin/env"; + ifargv[1] = "gzip"; + ifargv[2] = "-d"; + ifargv[3] = name; + ifargv[4] = NULL; + execve("/usr/bin/env", ifargv, NULL); } waitpid(pid, NULL, 0); diff -ur mpss-daemon-3.8.6.orig/micctrl/init.c mpss-daemon-3.8.6/micctrl/init.c --- mpss-daemon-3.8.6.orig/micctrl/init.c 2021-01-21 01:46:48.338522081 +0100 +++ mpss-daemon-3.8.6/micctrl/init.c 2021-01-21 01:52:24.195846483 +0100 @@ -1016,7 +1016,7 @@ } fprintf(fp, defconf, mpssenv.vardir, DEF_SHUTDOWN_TIMEOUT, DEF_CRASHDUMP_DIR, DEF_CRASHDUMP_LIMITGB); - fprintf(fp, kncextracmd); + fprintf(fp, "%s", kncextracmd); fclose(fp); display(PFS, "%s: Created %s\n", mic->name, filename); } else { diff -ur mpss-daemon-3.8.6.orig/micctrl/network.c mpss-daemon-3.8.6/micctrl/network.c --- mpss-daemon-3.8.6.orig/micctrl/network.c 2021-01-21 01:46:48.338522081 +0100 +++ mpss-daemon-3.8.6/micctrl/network.c 2021-01-21 02:38:42.021016226 +0100 @@ -101,6 +101,13 @@ void ubuntu_unattach_hostbridge(char *name, char *bridge); void ubuntu_remove_bridges(void); +void nixos_net_remove(char *name, char *bridge, int modhost); +void nixos_br_remove(struct mbridge *br); +void nixos_attach_hostbridge(char *name, char *bridge, char *mac, char *mtu, int saveresolv); +void nixos_host_addif(char *name, char *ip, char *netbits, char *mtu, char *mac); +void nixos_unattach_hostbridge(char *name, char *bridge); +void nixos_remove_bridges(void); + struct netinfo { char *netdir; char *defnetdir; @@ -141,7 +148,15 @@ ubuntu_br_remove, ubuntu_attach_hostbridge, ubuntu_host_addif, - ubuntu_remove_bridges} + ubuntu_remove_bridges}, + { "/tmp/notreally", + "/tmp/notreally", + "/tmp/yeahstillno", + nixos_net_remove, + nixos_br_remove, + nixos_attach_hostbridge, + nixos_host_addif, + nixos_remove_bridges} }; #define MIC_DEFAULT_BIG_MTU "64512"; @@ -995,7 +1010,7 @@ (mic->config.rootdev.type == ROOT_TYPE_PFS)) { mpssut_filename(&mpssenv, NULL, oname, PATH_MAX, "%s/etc/ssh/%s", strchr(mic->config.rootdev.target, ':') + 1, name); - if ((fd = open(oname, O_WRONLY|O_CREAT) & 0777) < 0) { + if (fd = open(oname, O_WRONLY|O_CREAT, 0755) < 0) { display(PERROR, "%s: Could not open %s\n", mic->name, oname); free(buffer); return 0; @@ -2571,6 +2586,37 @@ } void +nixos_net_remove(char *name, char *bridge, int modhost) +{ + printf("STUB: nixos_net_remove(%s, %s, %d)\n", name, bridge, modhost); +} + +void +nixos_br_remove(struct mbridge *br) +{ + printf("STUB: nixos_br_remove(%p)\n", br); +} + +void +nixos_attach_hostbridge(char *name, char *bridge, char *mac, char *mtu, int saveresolv) +{ + printf("STUB: nixos_attach_hostbridge(%s, %s, %s, %s, %d)\n", name, bridge, mac, mtu, saveresolv); +} + +void +nixos_host_addif(char *name, char *ip, char *netbits, char *mtu, char *mac) +{ + printf("STUB: nixos_host_addif(%s, %s, %s, %s, _)\n", name, ip, netbits, mtu, mac); +} + +void +nixos_remove_bridges(void) +{ + printf("STUB: nixos_remove_bridges()\n"); + // TODO +} + +void common_host_addif(char *name, char *ip, char *netbits, char *mtu, char *mac) { char filename[PATH_MAX]; diff -ur mpss-daemon-3.8.6.orig/micctrl/user.c mpss-daemon-3.8.6/micctrl/user.c --- mpss-daemon-3.8.6.orig/micctrl/user.c 2021-01-21 01:46:48.338522081 +0100 +++ mpss-daemon-3.8.6/micctrl/user.c 2021-01-21 03:36:40.330342110 +0100 @@ -2344,14 +2344,18 @@ if ((hpwfp = fopen("/etc/passwd", "r")) == NULL) return; + printf("opened /etc/passwd\n"); while (fgets(line, PWBUF_SIZE, hpwfp)) { user = line; + printf("line: %s\n", user); if (parse_pwfile(user, &pw, &uid, &gid, &name, &home, &app)) continue; + printf("parsed pwfile\n"); if ((uid < get_min_uid()) || (uid == 65534)) continue; + printf("uid okay\n"); while (ulist) { if (!strcmp(ulist->user, user)) { @@ -2858,7 +2862,7 @@ if (pid == 0) { fclose(stdout); fclose(stderr); - ifargv[0] = "/usr/bin/ssh-keygen"; + ifargv[0] = "/run/current-system/sw/bin/ssh-keygen"; ifargv[1] = "-q"; ifargv[2] = "-t"; ifargv[3] = type; @@ -2869,7 +2873,7 @@ ifargv[8] = "-N"; ifargv[9] = ""; ifargv[10] = NULL; - execve("/usr/bin/ssh-keygen", ifargv, NULL); + execve("/run/current-system/sw/bin/ssh-keygen", ifargv, NULL); exit(errno); } @@ -2885,9 +2889,9 @@ char *name; char *type; int optional; -} hkeys[] = {{"ssh_host_key", "rsa1", FALSE}, +} hkeys[] = {/*{"ssh_host_key", "rsa1", FALSE},*/ {"ssh_host_rsa_key", "rsa", FALSE}, - {"ssh_host_dsa_key", "dsa", FALSE}, + /*{"ssh_host_dsa_key", "dsa", FALSE},*/ {"ssh_host_ecdsa_key", "ecdsa", TRUE}, {NULL, NULL}}; diff -ur mpss-daemon-3.8.6.orig/micctrl/utilfuncs.c mpss-daemon-3.8.6/micctrl/utilfuncs.c --- mpss-daemon-3.8.6.orig/micctrl/utilfuncs.c 2021-01-21 01:46:48.338522081 +0100 +++ mpss-daemon-3.8.6/micctrl/utilfuncs.c 2021-01-21 01:56:35.453755052 +0100 @@ -238,7 +238,7 @@ mpssut_filename(&mpssenv, NULL, permfile, PATH_MAX, "/permfile"); tmpname = mpssut_tempnam(permfile); - if ((fd = open(tmpname, O_RDWR | O_CREAT)) < 0) { + if ((fd = open(tmpname, O_RDWR | O_CREAT, 0644)) < 0) { free(tmpname); display(PERROR, "Failed permissions test - cannot determine if %s is secure\n", mpssenv.destdir); exit(errno); diff -ur mpss-daemon-3.8.6.orig/mpssd/mpssd.c mpss-daemon-3.8.6/mpssd/mpssd.c --- mpss-daemon-3.8.6.orig/mpssd/mpssd.c 2021-01-21 01:46:48.338522081 +0100 +++ mpss-daemon-3.8.6/mpssd/mpssd.c 2021-01-21 03:52:50.930892803 +0100 @@ -729,10 +729,10 @@ pid = fork(); if (pid == 0) { - ifargv[0] = "/bin/gzip"; + ifargv[0] = "/run/current-system/sw/bin/gzip"; ifargv[1] = name; ifargv[2] = NULL; - execve("/bin/gzip", ifargv, NULL); + execve("/run/current-system/sw/bin/gzip", ifargv, NULL); } return pid; @@ -1418,7 +1418,7 @@ len = read(fd, cookie, MPSS_COOKIE_SIZE); close(fd); - if ((fd = open(cookiename, O_WRONLY|O_CREAT)) < 0) { + if ((fd = open(cookiename, O_WRONLY|O_CREAT, 0755)) < 0) { mpsslog(PERROR, "Failed to open %s: %s\n", cookiename, strerror(errno)); goto cookie_done; }