security-wrapper: link old wrapper dir to new one

This makes setuid wrappers not fail after upgrading. references #23641, #22914, #19862, #16654 (cherry picked from commit e82baf0)
NixOS · Mar 23, 2017 · 1394a0c · 1394a0c
1 parent 3bfeceb
commit 1394a0c
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix
@@ -179,21 +179,31 @@ in
 
           # Remove the old /var/setuid-wrappers path from the system...
           #
-          # TODO: this is only necessary for ugprades 16.09 => 17.x;
+          # TODO: this is only necessary for upgrades 16.09 => 17.x;
           # this conditional removal block needs to be removed after
           # the release.
           if [ -d /var/setuid-wrappers ]; then
             rm -rf /var/setuid-wrappers
+            ln -s /run/wrappers/bin /var/setuid-wrappers
           fi
 
           # Remove the old /run/setuid-wrappers-dir path from the
           # system as well...
           #
-          # TODO: this is only necessary for ugprades 16.09 => 17.x;
+          # TODO: this is only necessary for upgrades 16.09 => 17.x;
           # this conditional removal block needs to be removed after
           # the release.
           if [ -d /run/setuid-wrapper-dirs ]; then
             rm -rf /run/setuid-wrapper-dirs
+            ln -s /run/wrappers/bin /run/setuid-wrapper-dirs
+          fi
+
+          # TODO: this is only necessary for upgrades 16.09 => 17.x;
+          # this conditional removal block needs to be removed after
+          # the release.
+          if readlink -f /run/booted-system | grep nixos-17 > /dev/null; then
+            rm -rf /run/setuid-wrapper-dirs
+            rm -rf /var/setuid-wrappers
           fi
 
           # We want to place the tmpdirs for the wrappers to the parent dir.