From e92b8402b05f34072a20075ed54660e7a7237cc3 Mon Sep 17 00:00:00 2001
From: Parnell Springmeyer <parnell@digitalmentat.com>
Date: Sat, 28 Jan 2017 20:48:03 -0800
Subject: Addressing PR feedback

---
 pkgs/applications/editors/sublime3/default.nix                      | 2 +-
 pkgs/applications/networking/browsers/chromium/default.nix          | 4 ++--
 .../networking/instant-messengers/gale/gale-install.in.patch        | 2 +-
 .../version-management/gitlab/remove-hardcoded-locations.patch      | 2 +-
 pkgs/applications/virtualization/virtualbox/hardened.patch          | 6 +++---
 pkgs/build-support/build-fhs-userenv/env.nix                        | 2 +-
 pkgs/desktops/enlightenment/enlightenment.nix                       | 6 +++---
 .../libraries/kde-frameworks/kinit/start_kdeinit-path.patch         | 2 +-
 pkgs/development/libraries/libgksu/default.nix                      | 4 ++--
 pkgs/development/libraries/polkit/default.nix                       | 2 +-
 pkgs/development/tools/unity3d/default.nix                          | 2 +-
 pkgs/os-specific/linux/fuse/default.nix                             | 2 +-
 pkgs/os-specific/linux/mdadm/4.nix                                  | 2 +-
 pkgs/os-specific/linux/mdadm/default.nix                            | 2 +-
 pkgs/os-specific/linux/pam/default.nix                              | 2 +-
 pkgs/os-specific/linux/util-linux/default.nix                       | 2 +-
 pkgs/servers/interlock/default.nix                                  | 2 +-
 pkgs/servers/mail/petidomo/default.nix                              | 2 +-
 pkgs/servers/monitoring/nagios/plugins/official-2.x.nix             | 4 ++--
 pkgs/tools/X11/x11vnc/default.nix                                   | 4 ++--
 pkgs/tools/admin/certbot/default.nix                                | 2 +-
 pkgs/tools/misc/debian-devscripts/default.nix                       | 2 +-
 pkgs/tools/security/ecryptfs/default.nix                            | 2 +-
 pkgs/tools/security/ecryptfs/helper.nix                             | 2 +-
 pkgs/tools/security/sudo/default.nix                                | 2 +-
 pkgs/tools/system/at/default.nix                                    | 2 +-
 pkgs/tools/system/cron/default.nix                                  | 2 +-
 pkgs/tools/system/ts/default.nix                                    | 2 +-
 28 files changed, 36 insertions(+), 36 deletions(-)

(limited to 'pkgs')

diff --git a/pkgs/applications/editors/sublime3/default.nix b/pkgs/applications/editors/sublime3/default.nix
index 0f7d50088a9dd..1c24ff4737b9b 100644
--- a/pkgs/applications/editors/sublime3/default.nix
+++ b/pkgs/applications/editors/sublime3/default.nix
@@ -1,5 +1,5 @@
 { fetchurl, stdenv, glib, xorg, cairo, gtk2, pango, makeWrapper, openssl, bzip2,
-  pkexecPath ? "/var/permissions-wrappers/pkexec", libredirect,
+  pkexecPath ? "/run/wrappers/pkexec", libredirect,
   gksuSupport ? false, gksu}:
 
 assert stdenv.system == "i686-linux" || stdenv.system == "x86_64-linux";
diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index dd8fd32adfde2..7009cf17fab72 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -83,9 +83,9 @@ in stdenv.mkDerivation {
     ed -v -s "$out/bin/chromium" << EOF
     2i
 
-    if [ -x "/var/permissions-wrappers/${sandboxExecutableName}" ]
+    if [ -x "/run/wrappers/${sandboxExecutableName}" ]
     then
-      export CHROME_DEVEL_SANDBOX="/var/permissions-wrappers/${sandboxExecutableName}"
+      export CHROME_DEVEL_SANDBOX="/run/wrappers/${sandboxExecutableName}"
     else
       export CHROME_DEVEL_SANDBOX="$sandbox/bin/${sandboxExecutableName}"
     fi
diff --git a/pkgs/applications/networking/instant-messengers/gale/gale-install.in.patch b/pkgs/applications/networking/instant-messengers/gale/gale-install.in.patch
index 9a83fc09e4e78..4b59f1a376dda 100644
--- a/pkgs/applications/networking/instant-messengers/gale/gale-install.in.patch
+++ b/pkgs/applications/networking/instant-messengers/gale/gale-install.in.patch
@@ -26,7 +26,7 @@ index 50e8ad8..eec0ed2 100644
 +	is_nixos=no
 +fi
 +
-+if [ -u /var/permissions-wrappers/gksign ]; then
++if [ -u /run/wrappers/gksign ]; then
 +	cat <<EOM
 +
 +Gale appears to have already been set up via the NixOS module system (check
diff --git a/pkgs/applications/version-management/gitlab/remove-hardcoded-locations.patch b/pkgs/applications/version-management/gitlab/remove-hardcoded-locations.patch
index 5377ddb9a62b2..6603e8d4b601d 100644
--- a/pkgs/applications/version-management/gitlab/remove-hardcoded-locations.patch
+++ b/pkgs/applications/version-management/gitlab/remove-hardcoded-locations.patch
@@ -11,7 +11,7 @@ index a9d8ac4..85f13f5 100644
 -  # #   arguments: '-i -t'
 -  # # }
 +  config.action_mailer.sendmail_settings = {
-+    location: '/var/permissions-wrappers/sendmail',
++    location: '/run/wrappers/sendmail',
 +    arguments: '-i -t'
 +  }
    config.action_mailer.perform_deliveries = true
diff --git a/pkgs/applications/virtualization/virtualbox/hardened.patch b/pkgs/applications/virtualization/virtualbox/hardened.patch
index cae4abe8612c2..a788a1df3caa6 100644
--- a/pkgs/applications/virtualization/virtualbox/hardened.patch
+++ b/pkgs/applications/virtualization/virtualbox/hardened.patch
@@ -96,7 +96,7 @@ index 95dc9a7..39170bc 100644
      /* get the path to the executable */
      char szPath[RTPATH_MAX];
 -    RTPathAppPrivateArch(szPath, sizeof(szPath) - 1);
-+    RTStrCopy(szPath, sizeof(szPath) - 1, "/var/permissions-wrappers");
++    RTStrCopy(szPath, sizeof(szPath) - 1, "/run/wrappers");
      size_t cchBufLeft = strlen(szPath);
      szPath[cchBufLeft++] = RTPATH_DELIMITER;
      szPath[cchBufLeft] = 0;
@@ -154,7 +154,7 @@ index be2ad8f..7ddf105 100644
  
 +RTDECL(int) RTPathSuidDir(char *pszPath, size_t cchPath)
 +{
-+    return RTStrCopy(pszPath, cchPath, "/var/permissions-wrappers");
++    return RTStrCopy(pszPath, cchPath, "/run/wrappers");
 +}
 +
 +
@@ -174,7 +174,7 @@ index 7bde6af..2656cae 100644
 + * will cut off everything after the rightmost / as this function is analogous
 + * to RTProcGetExecutablePath().
 + */
-+#define SUIDDIR "/var/permissions-wrappers/"
++#define SUIDDIR "/run/wrappers/"
 +
 +RTR3DECL(char *) RTProcGetSuidPath(char *pszExecPath, size_t cbExecPath)
 +{
diff --git a/pkgs/build-support/build-fhs-userenv/env.nix b/pkgs/build-support/build-fhs-userenv/env.nix
index b30e1362aba98..98381d9023f02 100644
--- a/pkgs/build-support/build-fhs-userenv/env.nix
+++ b/pkgs/build-support/build-fhs-userenv/env.nix
@@ -51,7 +51,7 @@ let
     export PS1='${name}-chrootenv:\u@\h:\w\$ '
     export LOCALE_ARCHIVE='/usr/lib/locale/locale-archive'
     export LD_LIBRARY_PATH='/run/opengl-driver/lib:/run/opengl-driver-32/lib:/usr/lib:/usr/lib32'
-    export PATH='/var/permissions-wrappers:/usr/bin:/usr/sbin'
+    export PATH='/run/wrappers:/usr/bin:/usr/sbin'
     export PKG_CONFIG_PATH=/usr/lib/pkgconfig
 
     # Force compilers to look in default search paths
diff --git a/pkgs/desktops/enlightenment/enlightenment.nix b/pkgs/desktops/enlightenment/enlightenment.nix
index 753b939bd486a..65e3bf2d642cd 100644
--- a/pkgs/desktops/enlightenment/enlightenment.nix
+++ b/pkgs/desktops/enlightenment/enlightenment.nix
@@ -42,13 +42,13 @@ stdenv.mkDerivation rec {
   # this is a hack and without this cpufreq module is not working. does the following:
   #   1. moves the "freqset" binary to "e_freqset",
   #   2. linkes "e_freqset" to enlightenment/bin so that,
-  #   3. permissionsWrappers.setuid detects it and places wrappers in /var/permissions-wrappers/e_freqset,
-  #   4. and finally, links /var/permissions-wrappers/e_freqset to original destination where enlightenment wants it
+  #   3. wrappers.setuid detects it and places wrappers in /run/wrappers/e_freqset,
+  #   4. and finally, links /run/wrappers/e_freqset to original destination where enlightenment wants it
   postInstall = ''
     export CPUFREQ_DIRPATH=`readlink -f $out/lib/enlightenment/modules/cpufreq/linux-gnu-*`;
     mv $CPUFREQ_DIRPATH/freqset $CPUFREQ_DIRPATH/e_freqset
     ln -sv $CPUFREQ_DIRPATH/e_freqset $out/bin/e_freqset
-    ln -sv /var/permissions-wrappers/e_freqset $CPUFREQ_DIRPATH/freqset
+    ln -sv /run/wrappers/e_freqset $CPUFREQ_DIRPATH/freqset
   '';
 
   meta = with stdenv.lib; {
diff --git a/pkgs/development/libraries/kde-frameworks/kinit/start_kdeinit-path.patch b/pkgs/development/libraries/kde-frameworks/kinit/start_kdeinit-path.patch
index a16d35757255f..61aa49f70e59f 100644
--- a/pkgs/development/libraries/kde-frameworks/kinit/start_kdeinit-path.patch
+++ b/pkgs/development/libraries/kde-frameworks/kinit/start_kdeinit-path.patch
@@ -7,7 +7,7 @@ Index: kinit-5.24.0/src/start_kdeinit/start_kdeinit_wrapper.c
  #include <unistd.h>
  
 -#define EXECUTE CMAKE_INSTALL_FULL_LIBEXECDIR_KF5 "/start_kdeinit"
-+#define EXECUTE "/var/permissions-wrappers/start_kdeinit"
++#define EXECUTE "/run/wrappers/start_kdeinit"
  
  #if KDEINIT_OOM_PROTECT
  
diff --git a/pkgs/development/libraries/libgksu/default.nix b/pkgs/development/libraries/libgksu/default.nix
index 7da4a900b7e7c..6d57ca2397e5e 100644
--- a/pkgs/development/libraries/libgksu/default.nix
+++ b/pkgs/development/libraries/libgksu/default.nix
@@ -57,8 +57,8 @@ stdenv.mkDerivation rec {
 
     # Fix some binary paths
     sed -i -e 's|/usr/bin/xauth|${xauth}/bin/xauth|g' libgksu/gksu-run-helper.c libgksu/libgksu.c
-    sed -i -e 's|/usr/bin/sudo|/var/permissions-wrappers/sudo|g' libgksu/libgksu.c
-    sed -i -e 's|/bin/su\([^d]\)|/var/permissions-wrappers/su\1|g' libgksu/libgksu.c
+    sed -i -e 's|/usr/bin/sudo|/run/wrappers/sudo|g' libgksu/libgksu.c
+    sed -i -e 's|/bin/su\([^d]\)|/run/wrappers/su\1|g' libgksu/libgksu.c
 
     touch NEWS README
   '';
diff --git a/pkgs/development/libraries/polkit/default.nix b/pkgs/development/libraries/polkit/default.nix
index 0f7106181b8a3..b2e2ecf04930c 100644
--- a/pkgs/development/libraries/polkit/default.nix
+++ b/pkgs/development/libraries/polkit/default.nix
@@ -5,7 +5,7 @@
 let
 
   system = "/var/run/current-system/sw";
-  setuid = "/var/permissions-wrappers"; #TODO: from <nixos> config.security.wrapperDir;
+  setuid = "/run/wrappers"; #TODO: from <nixos> config.security.wrapperDir;
 
   foolVars = {
     SYSCONF = "/etc";
diff --git a/pkgs/development/tools/unity3d/default.nix b/pkgs/development/tools/unity3d/default.nix
index 1fc56b9865673..2d4977a319580 100644
--- a/pkgs/development/tools/unity3d/default.nix
+++ b/pkgs/development/tools/unity3d/default.nix
@@ -94,7 +94,7 @@ in stdenv.mkDerivation rec {
     unitydir="$out/opt/Unity/Editor"
     mkdir -p $unitydir
     mv Editor/* $unitydir
-    ln -sf /var/permissions-wrappers/${chromium.sandboxExecutableName} $unitydir/chrome-sandbox
+    ln -sf /run/wrappers/${chromium.sandboxExecutableName} $unitydir/chrome-sandbox
 
     mkdir -p $out/share/applications
     sed "/^Exec=/c\Exec=$out/bin/unity-editor" \
diff --git a/pkgs/os-specific/linux/fuse/default.nix b/pkgs/os-specific/linux/fuse/default.nix
index a36934004d2ed..29bcc58c7c07f 100644
--- a/pkgs/os-specific/linux/fuse/default.nix
+++ b/pkgs/os-specific/linux/fuse/default.nix
@@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
       # Ensure that FUSE calls the setuid wrapper, not
       # $out/bin/fusermount. It falls back to calling fusermount in
       # $PATH, so it should also work on non-NixOS systems.
-      export NIX_CFLAGS_COMPILE="-DFUSERMOUNT_DIR=\"/var/permissions-wrappers\""
+      export NIX_CFLAGS_COMPILE="-DFUSERMOUNT_DIR=\"/run/wrappers\""
 
       sed -e 's@/bin/@${utillinux}/bin/@g' -i lib/mount_util.c
       sed -e 's@CONFIG_RPATH=/usr/share/gettext/config.rpath@CONFIG_RPATH=${gettext}/share/gettext/config.rpath@' -i makeconf.sh
diff --git a/pkgs/os-specific/linux/mdadm/4.nix b/pkgs/os-specific/linux/mdadm/4.nix
index abe8632773f3d..af8e53ec3a207 100644
--- a/pkgs/os-specific/linux/mdadm/4.nix
+++ b/pkgs/os-specific/linux/mdadm/4.nix
@@ -31,7 +31,7 @@ stdenv.mkDerivation rec {
   preConfigure = ''
     sed -e 's@/lib/udev@''${out}/lib/udev@' \
         -e 's@ -Werror @ @' \
-        -e 's@/usr/sbin/sendmail@/var/permissions-wrappers/sendmail@' -i Makefile
+        -e 's@/usr/sbin/sendmail@/run/wrappers/sendmail@' -i Makefile
   '';
 
   meta = {
diff --git a/pkgs/os-specific/linux/mdadm/default.nix b/pkgs/os-specific/linux/mdadm/default.nix
index 531d55a7f12bf..d9bdf21723b28 100644
--- a/pkgs/os-specific/linux/mdadm/default.nix
+++ b/pkgs/os-specific/linux/mdadm/default.nix
@@ -31,7 +31,7 @@ stdenv.mkDerivation rec {
   preConfigure = ''
     sed -e 's@/lib/udev@''${out}/lib/udev@' \
         -e 's@ -Werror @ @' \
-        -e 's@/usr/sbin/sendmail@/var/permissions-wrappers/sendmail@' -i Makefile
+        -e 's@/usr/sbin/sendmail@/run/wrappers/sendmail@' -i Makefile
   '';
 
   meta = {
diff --git a/pkgs/os-specific/linux/pam/default.nix b/pkgs/os-specific/linux/pam/default.nix
index 196af58183ffb..dc61b3f27f6cc 100644
--- a/pkgs/os-specific/linux/pam/default.nix
+++ b/pkgs/os-specific/linux/pam/default.nix
@@ -34,7 +34,7 @@ stdenv.mkDerivation rec {
 
   postInstall = ''
     mv -v $out/sbin/unix_chkpwd{,.orig}
-    ln -sv /var/permissions-wrappers/unix_chkpwd $out/sbin/unix_chkpwd
+    ln -sv /run/wrappers/unix_chkpwd $out/sbin/unix_chkpwd
   ''; /*
     rm -rf $out/etc
     mkdir -p $modules/lib
diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix
index 1c4a7b798ce1e..90fbf861448a9 100644
--- a/pkgs/os-specific/linux/util-linux/default.nix
+++ b/pkgs/os-specific/linux/util-linux/default.nix
@@ -36,7 +36,7 @@ stdenv.mkDerivation rec {
     --enable-last
     --enable-mesg
     --disable-use-tty-group
-    --enable-fs-paths-default=/var/permissions-wrappers:/var/run/current-system/sw/bin:/sbin
+    --enable-fs-paths-default=/run/wrappers:/var/run/current-system/sw/bin:/sbin
     ${if ncurses == null then "--without-ncurses" else ""}
     ${if systemd == null then "" else ''
       --with-systemd
diff --git a/pkgs/servers/interlock/default.nix b/pkgs/servers/interlock/default.nix
index af733540ff355..b58c1b50e033e 100644
--- a/pkgs/servers/interlock/default.nix
+++ b/pkgs/servers/interlock/default.nix
@@ -30,7 +30,7 @@ buildGoPackage rec {
       -e 's|/bin/chown|${coreutils}/bin/chown|' \
       -e 's|/bin/date|${coreutils}/bin/date|' \
       -e 's|/sbin/poweroff|${systemd}/sbin/poweroff|' \
-      -e 's|/usr/bin/sudo|/var/permissions-wrappers/sudo|' \
+      -e 's|/usr/bin/sudo|/run/wrappers/sudo|' \
       -e 's|/sbin/cryptsetup|${cryptsetup}/bin/cryptsetup|'
   '';
 }
diff --git a/pkgs/servers/mail/petidomo/default.nix b/pkgs/servers/mail/petidomo/default.nix
index c112af567fd40..1770517047fa3 100644
--- a/pkgs/servers/mail/petidomo/default.nix
+++ b/pkgs/servers/mail/petidomo/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, flex, bison, sendmailPath ? "/var/permissions-wrappers/sendmail" }:
+{ stdenv, fetchurl, flex, bison, sendmailPath ? "/run/wrappers/sendmail" }:
 
 stdenv.mkDerivation rec {
   name = "petidomo-4.3";
diff --git a/pkgs/servers/monitoring/nagios/plugins/official-2.x.nix b/pkgs/servers/monitoring/nagios/plugins/official-2.x.nix
index ac1cb1a5398e8..30bd7e8a7c3c9 100644
--- a/pkgs/servers/monitoring/nagios/plugins/official-2.x.nix
+++ b/pkgs/servers/monitoring/nagios/plugins/official-2.x.nix
@@ -16,8 +16,8 @@ stdenv.mkDerivation rec {
   # configured on the build machine).
   preConfigure= "
     configureFlagsArray=(
-      --with-ping-command='/var/permissions-wrappers/ping -n -U -w %d -c %d %s'
-      --with-ping6-command='/var/permissions-wrappers/ping6 -n -U -w %d -c %d %s'
+      --with-ping-command='/run/wrappers/ping -n -U -w %d -c %d %s'
+      --with-ping6-command='/run/wrappers/ping6 -n -U -w %d -c %d %s'
     )
   ";
 
diff --git a/pkgs/tools/X11/x11vnc/default.nix b/pkgs/tools/X11/x11vnc/default.nix
index 5f96a35af6fe7..b343a7da378c2 100644
--- a/pkgs/tools/X11/x11vnc/default.nix
+++ b/pkgs/tools/X11/x11vnc/default.nix
@@ -20,10 +20,10 @@ stdenv.mkDerivation rec {
     configureFlags="--mandir=$out/share/man"
 
     substituteInPlace x11vnc/unixpw.c \
-        --replace '"/bin/su"' '"/var/permissions-wrappers/su"' \
+        --replace '"/bin/su"' '"/run/wrappers/su"' \
         --replace '"/bin/true"' '"${coreutils}/bin/true"'
 
-    sed -i -e '/#!\/bin\/sh/a"PATH=${xorg.xdpyinfo}\/bin:${xorg.xauth}\/bin:$PATH\\n"' -e 's|/bin/su|/var/permissions-wrappers/su|g' x11vnc/ssltools.h
+    sed -i -e '/#!\/bin\/sh/a"PATH=${xorg.xdpyinfo}\/bin:${xorg.xauth}\/bin:$PATH\\n"' -e 's|/bin/su|/run/wrappers/su|g' x11vnc/ssltools.h
   '';
 
   meta = {
diff --git a/pkgs/tools/admin/certbot/default.nix b/pkgs/tools/admin/certbot/default.nix
index 23eb02e294a74..366213d2e1e24 100644
--- a/pkgs/tools/admin/certbot/default.nix
+++ b/pkgs/tools/admin/certbot/default.nix
@@ -31,7 +31,7 @@ python2Packages.buildPythonApplication rec {
   buildInputs = [ dialog ] ++ (with python2Packages; [ nose mock gnureadline ]);
 
   patchPhase = ''
-    substituteInPlace certbot/notify.py --replace "/usr/sbin/sendmail" "/var/permissions-wrappers/sendmail"
+    substituteInPlace certbot/notify.py --replace "/usr/sbin/sendmail" "/run/wrappers/sendmail"
     substituteInPlace certbot/util.py --replace "sw_vers" "/usr/bin/sw_vers"
   '';
 
diff --git a/pkgs/tools/misc/debian-devscripts/default.nix b/pkgs/tools/misc/debian-devscripts/default.nix
index 2261bfc66379a..be3b674de0497 100644
--- a/pkgs/tools/misc/debian-devscripts/default.nix
+++ b/pkgs/tools/misc/debian-devscripts/default.nix
@@ -2,7 +2,7 @@
 , FileDesktopEntry, libxslt, docbook_xsl, makeWrapper
 , python3Packages
 , perlPackages, curl, gnupg, diffutils
-, sendmailPath ? "/var/permissions-wrappers/sendmail"
+, sendmailPath ? "/run/wrappers/sendmail"
 }:
 
 let
diff --git a/pkgs/tools/security/ecryptfs/default.nix b/pkgs/tools/security/ecryptfs/default.nix
index 7e941e5378a71..98e06d1de3e9a 100644
--- a/pkgs/tools/security/ecryptfs/default.nix
+++ b/pkgs/tools/security/ecryptfs/default.nix
@@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
   };
 
   # TODO: replace wrapperDir below with from <nixos> config.security.wrapperDir;
-  wrapperDir = "/var/permissions-wrappers";
+  wrapperDir = "/run/wrappers";
 
   postPatch = ''
     FILES="$(grep -r '/bin/sh' src/utils -l; find src -name \*.c)"
diff --git a/pkgs/tools/security/ecryptfs/helper.nix b/pkgs/tools/security/ecryptfs/helper.nix
index 6e3e6766a28ed..3daaadcaad6a9 100644
--- a/pkgs/tools/security/ecryptfs/helper.nix
+++ b/pkgs/tools/security/ecryptfs/helper.nix
@@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ makeWrapper ];
 
-  # Do not hardcode PATH to ${ecryptfs} as we need the script to invoke executables from /var/permissions-wrappers
+  # Do not hardcode PATH to ${ecryptfs} as we need the script to invoke executables from /run/wrappers
   installPhase = ''
     mkdir -p $out/bin $out/libexec
     cp $src $out/libexec/ecryptfs-helper.py
diff --git a/pkgs/tools/security/sudo/default.nix b/pkgs/tools/security/sudo/default.nix
index a3a13f1980375..0d2953c6f45e9 100644
--- a/pkgs/tools/security/sudo/default.nix
+++ b/pkgs/tools/security/sudo/default.nix
@@ -1,5 +1,5 @@
 { stdenv, fetchurl, coreutils, pam, groff
-, sendmailPath ? "/var/permissions-wrappers/sendmail"
+, sendmailPath ? "/run/wrappers/sendmail"
 , withInsults ? false
 }:
 
diff --git a/pkgs/tools/system/at/default.nix b/pkgs/tools/system/at/default.nix
index 2fb5b9670c887..9f8bad00ca4fa 100644
--- a/pkgs/tools/system/at/default.nix
+++ b/pkgs/tools/system/at/default.nix
@@ -1,4 +1,4 @@
-{ fetchurl, stdenv, bison, flex, pam, sendmailPath ? "/var/permissions-wrappers/sendmail" }:
+{ fetchurl, stdenv, bison, flex, pam, sendmailPath ? "/run/wrappers/sendmail" }:
 
 stdenv.mkDerivation {
   name = "at-3.1.16";
diff --git a/pkgs/tools/system/cron/default.nix b/pkgs/tools/system/cron/default.nix
index f7f2a6158a268..8a6a5dc15d364 100644
--- a/pkgs/tools/system/cron/default.nix
+++ b/pkgs/tools/system/cron/default.nix
@@ -23,7 +23,7 @@ stdenv.mkDerivation {
     #define _PATH_SENDMAIL "${sendmailPath}"
 
     #undef _PATH_DEFPATH
-    #define _PATH_DEFPATH "/var/permissions-wrappers:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/run/current-system/sw/bin:/run/current-system/sw/sbin:/usr/bin:/bin"
+    #define _PATH_DEFPATH "/run/wrappers:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/run/current-system/sw/bin:/run/current-system/sw/sbin:/usr/bin:/bin"
     __EOT__
 
     # Implicit saved uids do not work here due to way NixOS uses setuid wrappers
diff --git a/pkgs/tools/system/ts/default.nix b/pkgs/tools/system/ts/default.nix
index 1384ea04fb627..1dfb856d4d6fd 100644
--- a/pkgs/tools/system/ts/default.nix
+++ b/pkgs/tools/system/ts/default.nix
@@ -1,5 +1,5 @@
 {stdenv, fetchurl,
-sendmailPath ? "/var/permissions-wrappers/sendmail" }:
+sendmailPath ? "/run/wrappers/sendmail" }:
 
 stdenv.mkDerivation rec {
 
-- 
cgit 1.4.1