diff options
Diffstat (limited to 'pkgs/applications/blockchains/ledger-live-desktop/default.nix')
-rw-r--r-- | pkgs/applications/blockchains/ledger-live-desktop/default.nix | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/pkgs/applications/blockchains/ledger-live-desktop/default.nix b/pkgs/applications/blockchains/ledger-live-desktop/default.nix index 4b3ba00fb9606..fc122f4923e0b 100644 --- a/pkgs/applications/blockchains/ledger-live-desktop/default.nix +++ b/pkgs/applications/blockchains/ledger-live-desktop/default.nix @@ -1,4 +1,4 @@ -{ lib, fetchurl, appimageTools, imagemagick }: +{ lib, fetchurl, appimageTools, imagemagick, systemd }: let pname = "ledger-live-desktop"; @@ -13,9 +13,22 @@ let appimageContents = appimageTools.extractType2 { inherit name src; }; -in appimageTools.wrapType2 rec { + + # Hotplug events from udevd are fired into the kernel, which then re-broadcasts them over a + # special socket, to every libudev client listening for hotplug when the kernel does that. It will + # try to preserve the uid of the sender but a non-root namespace (like the fhs-env) cant map root + # to a uid, for security reasons, so the uid of the sender becomes nobody and libudev actively + # rejects such messages. This patch disables that bit of security in libudev. + # See: https://github.com/NixOS/nixpkgs/issues/116361 + systemdPatched = systemd.overrideAttrs ({ patches ? [ ], ... }: { + patches = patches ++ [ ./systemd.patch ]; + }); +in +appimageTools.wrapType2 rec { inherit name src; + extraPkgs = pkgs: [ systemdPatched ]; + extraInstallCommands = '' mv $out/bin/${name} $out/bin/${pname} install -m 444 -D ${appimageContents}/ledger-live-desktop.desktop $out/share/applications/ledger-live-desktop.desktop |