New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
light is not working withough root #48623
Comments
As a workaround I suggest doing (as per https://haikarainen.github.io/light/): services.udev.extraRules = '' services.udev.path = [ then add your user account to the video group (users.extraUsers.<name>.extraGroups) and add light to your systemPackages instead of setting programs.light.enable. |
Hmm do you have #47544 in the commit you're using? It does those things for you, and should have different text in nixos-option. Try updating I suppose, and please report if any of that is needed beyond enabling and adding yourself to the group. |
I'm encountering the same issue. For some reason
However, said chunk of code is missing. Here's my activation script (NixOS Loris, commit 777e94d):
|
`light` no longer uses a suid binary,
instead you should add user(s) to `video` group.
This is in the NixOS manual, for versions since this change.
LMK if this doesn't work for you!
…On Sun, 10 Mar 2019 06:47:30 -0700, Emmanuel Rosa ***@***.***> wrote:
I'm encountering the same issue.
For some reason `light` is not getting wrapped when `programs.light.enable = true`. I've narrowed it down to missing code in the activation script. The activation script is supposed to contain a chunk of code that looks something like this:
```
cp /nix/store/*-security-wrapper/bin/security-wrapper $wrapperDir/light
echo -n "/nix/store/*-light-*/bin/light" > $wrapperDir/light.real
# Prevent races
chmod 0000 $wrapperDir/light
chown root.nogroup $wrapperDir/light
chmod "u+s,g-s,u+rx,g+x,o+x" $wrapperDir/light
```
However, said chunk of code is missing. Here's my activation script (NixOS Loris, commit 777e94d):
```
#! /nix/store/cinw572b38aln37glr0zb8lxwrgaffl4-bash-4.4-p23/bin/bash
systemConfig=/nix/store/v49n276ycj9kwcyqpr76inqmbjscy523-nixos-system-nixos-laptop-19.09.git.777e94d
export PATH=/empty
for i in /nix/store/d9s1kq1bnwqgxwcvv4zrc36ysnxg8gv7-coreutils-8.30 /nix/store/wnjv27b3j6jfdl0968xpcymlc7chpqil-gnugrep-3.3 /nix/store/krhqmaqal0gklh15rs2bwrqzz8mg9lrn-findutils-4.6.0 /nix/store/1dppisyngjln0m2fzvyzh0gj9wf9i12x-getent-1003.1-2008 /nix/store/f5wl80zkrd3fc1jxsljmnpn7y02lz6v1-glibc-2.27-bin /nix/store/hciblqqf5fwasmiac3ciw30h574nf6kk-shadow-4.6 /nix/store/zmbhwb6l8nvqsxligbsvxm99jbbnbx70-net-tools-1.60_p20170221182432 /nix/store/96jfbs5vj01fiiz6s81wzfvrxhdx0rm5-util-linux-2.33.1-bin; do
PATH=$PATH:$i/bin:$i/sbin
done
_status=0
trap "_status=1 _localstatus=\$?" ERR
# Ensure a consistent umask.
umask 0022
#### Activation script snippet stdio:
_localstatus=0
if (( _localstatus > 0 )); then
printf "Activation script snippet '%s' failed (%s)\n" "stdio" "$_localstatus"
fi
#### Activation script snippet binsh:
_localstatus=0
# Create the required /bin/sh symlink; otherwise lots of things
# (notably the system() function) won't work.
mkdir -m 0755 -p /bin
ln -sfn "/nix/store/mcyvp1s45scjkkhyb1m16aqlsb8wr6hs-bash-interactive-4.4-p23/bin/sh" /bin/.sh.tmp
mv /bin/.sh.tmp /bin/sh # atomically replace /bin/sh
if (( _localstatus > 0 )); then
printf "Activation script snippet '%s' failed (%s)\n" "binsh" "$_localstatus"
fi
#### Activation script snippet domain:
_localstatus=0
if (( _localstatus > 0 )); then
printf "Activation script snippet '%s' failed (%s)\n" "domain" "$_localstatus"
fi
#### Activation script snippet users:
_localstatus=0
install -m 0700 -d /root
install -m 0755 -d /home
/nix/store/kiapz3kjvb46jbvswdjkmrzg0s4l2zm7-perl-5.28.1/bin/perl -w \
-I/nix/store/rf4q26ivs49mm45cxgjj35knl08gkx8p-perl5.28.1-File-Slurp-9999.25/lib/perl5/site_perl \
-I/nix/store/b92bmz80n5pj5k50x32bfr97p3d60zyf-perl5.28.1-JSON-4.00/lib/perl5/site_perl \
/nix/store/1hkp2n6hz3ybf2rvkjkwrzgbjkrrakzl-update-users-groups.pl /nix/store/s5bs9c487fv77dh3b8kkamr242gqjiqz-users-groups.json
if (( _localstatus > 0 )); then
printf "Activation script snippet '%s' failed (%s)\n" "users" "$_localstatus"
fi
#### Activation script snippet groups:
_localstatus=0
if (( _localstatus > 0 )); then
printf "Activation script snippet '%s' failed (%s)\n" "groups" "$_localstatus"
fi
#### Activation script snippet etc:
_localstatus=0
# Set up the statically computed bits of /etc.
echo "setting up /etc..."
/nix/store/kiapz3kjvb46jbvswdjkmrzg0s4l2zm7-perl-5.28.1/bin/perl -I/nix/store/rf4q26ivs49mm45cxgjj35knl08gkx8p-perl5.28.1-File-Slurp-9999.25/lib/perl5/site_perl /nix/store/vn1xs9s2akf79y1pbya2qldydbf2b22m-setup-etc.pl /nix/store/vjib1rlgaznvvqrwmlq3kh139p4r46h1-etc/etc
if (( _localstatus > 0 )); then
printf "Activation script snippet '%s' failed (%s)\n" "etc" "$_localstatus"
fi
#### Activation script snippet hostname:
_localstatus=0
hostname "nixos-laptop"
if (( _localstatus > 0 )); then
printf "Activation script snippet '%s' failed (%s)\n" "hostname" "$_localstatus"
fi
#### Activation script snippet specialfs:
_localstatus=0
specialMount() {
local device="$1"
local mountPoint="$2"
local options="$3"
local fsType="$4"
if mountpoint -q "$mountPoint"; then
local options="remount,$options"
else
mkdir -m 0755 -p "$mountPoint"
fi
mount -t "$fsType" -o "$options" "$device" "$mountPoint"
}
source /nix/store/4pprvrkcfsc560b6v72raymy0f0ziiw6-mounts.sh
if (( _localstatus > 0 )); then
printf "Activation script snippet '%s' failed (%s)\n" "specialfs" "$_localstatus"
fi
#### Activation script snippet modprobe:
_localstatus=0
# Allow the kernel to find our wrapped modprobe (which searches
# in the right location in the Nix store for kernel modules).
# We need this when the kernel (or some module) auto-loads a
# module.
echo /nix/store/9p1j0gh1z3gahl1nvg637f96yb7djyg2-kmod-25/bin/modprobe > /proc/sys/kernel/modprobe
if (( _localstatus > 0 )); then
printf "Activation script snippet '%s' failed (%s)\n" "modprobe" "$_localstatus"
fi
#### Activation script snippet nix:
_localstatus=0
# Nix initialisation.
install -m 0755 -d \
/nix/var/nix/gcroots \
/nix/var/nix/temproots \
/nix/var/nix/userpool \
/nix/var/nix/profiles \
/nix/var/nix/db \
/nix/var/log/nix/drvs
install -m 1777 -d \
/nix/var/nix/gcroots/per-user \
/nix/var/nix/profiles/per-user \
/nix/var/nix/gcroots/tmp
if (( _localstatus > 0 )); then
printf "Activation script snippet '%s' failed (%s)\n" "nix" "$_localstatus"
fi
#### Activation script snippet var:
_localstatus=0
# Various log/runtime directories.
mkdir -m 1777 -p /var/tmp
# Empty, immutable home directory of many system accounts.
mkdir -p /var/empty
# Make sure it's really empty
/nix/store/qzrrw4ycnsj99488xv1v2rwmmjf3q9wr-e2fsprogs-1.44.5-bin/bin/chattr -f -i /var/empty || true
find /var/empty -mindepth 1 -delete
chmod 0555 /var/empty
chown root:root /var/empty
/nix/store/qzrrw4ycnsj99488xv1v2rwmmjf3q9wr-e2fsprogs-1.44.5-bin/bin/chattr -f +i /var/empty || true
if (( _localstatus > 0 )); then
printf "Activation script snippet '%s' failed (%s)\n" "var" "$_localstatus"
fi
#### Activation script snippet resolvconf:
_localstatus=0
# Systemd resolved controls its own resolv.conf
rm -f /run/resolvconf/interfaces/systemd
# Make sure resolv.conf is up to date if not managed manually or by systemd
/nix/store/288qfr48xix808jiz676sfxwdc8ppjp5-openresolv-3.9.0/bin/resolvconf -u
if (( _localstatus > 0 )); then
printf "Activation script snippet '%s' failed (%s)\n" "resolvconf" "$_localstatus"
fi
#### Activation script snippet udevd:
_localstatus=0
# The deprecated hotplug uevent helper is not used anymore
if [ -e /proc/sys/kernel/hotplug ]; then
echo "" > /proc/sys/kernel/hotplug
fi
# Allow the kernel to find our firmware.
if [ -e /sys/module/firmware_class/parameters/path ]; then
echo -n "/nix/store/l520474vfisll1z5hv60aa5h163072hl-firmware/lib/firmware" > /sys/module/firmware_class/parameters/path
fi
if (( _localstatus > 0 )); then
printf "Activation script snippet '%s' failed (%s)\n" "udevd" "$_localstatus"
fi
#### Activation script snippet udisks2:
_localstatus=0
mkdir -m 0755 -p /var/lib/udisks2
if (( _localstatus > 0 )); then
printf "Activation script snippet '%s' failed (%s)\n" "udisks2" "$_localstatus"
fi
#### Activation script snippet usrbinenv:
_localstatus=0
mkdir -m 0755 -p /usr/bin
ln -sfn /nix/store/d9s1kq1bnwqgxwcvv4zrc36ysnxg8gv7-coreutils-8.30/bin/env /usr/bin/.env.tmp
mv /usr/bin/.env.tmp /usr/bin/env # atomically replace /usr/bin/env
if (( _localstatus > 0 )); then
printf "Activation script snippet '%s' failed (%s)\n" "usrbinenv" "$_localstatus"
fi
#### Activation script snippet wrappers:
_localstatus=0
# Look in the system path and in the default profile for
# programs to be wrapped.
WRAPPER_PATH=/nix/store/z3hhfzm5w7nniy9d19v2yp342mjbmfnj-system-path/bin:/nix/store/z3hhfzm5w7nniy9d19v2yp342mjbmfnj-system-path/sbin
# We want to place the tmpdirs for the wrappers to the parent dir.
wrapperDir=$(mktemp --directory --tmpdir="/run/wrappers" wrappers.XXXXXXXXXX)
chmod a+rx $wrapperDir
cp /nix/store/r49crjh43kjiis3pvbkb1562innv1j9v-security-wrapper/bin/security-wrapper $wrapperDir/dbus-daemon-launch-helper
echo -n "/nix/store/vf3kimm17wqbs63zh5kz85q114q28p0z-dbus-1.12.12/libexec/dbus-daemon-launch-helper" > $wrapperDir/dbus-daemon-launch-helper.real
# Prevent races
chmod 0000 $wrapperDir/dbus-daemon-launch-helper
chown root.messagebus $wrapperDir/dbus-daemon-launch-helper
chmod "u+s,g-s,u+rx,g+rx,o-rx" $wrapperDir/dbus-daemon-launch-helper
cp /nix/store/r49crjh43kjiis3pvbkb1562innv1j9v-security-wrapper/bin/security-wrapper $wrapperDir/fusermount
echo -n "/nix/store/0rz1lb2lmx250ga94y9zrffzwgh1qx9s-fuse-2.9.9/bin/fusermount" > $wrapperDir/fusermount.real
# Prevent races
chmod 0000 $wrapperDir/fusermount
chown root.root $wrapperDir/fusermount
chmod "u+s,g-s,u+rx,g+x,o+x" $wrapperDir/fusermount
cp /nix/store/r49crjh43kjiis3pvbkb1562innv1j9v-security-wrapper/bin/security-wrapper $wrapperDir/fusermount3
echo -n "/nix/store/47yj0mrlx5ybslpfyi7js9v3hgpmwznx-fuse-3.4.1/bin/fusermount3" > $wrapperDir/fusermount3.real
# Prevent races
chmod 0000 $wrapperDir/fusermount3
chown root.root $wrapperDir/fusermount3
chmod "u+s,g-s,u+rx,g+x,o+x" $wrapperDir/fusermount3
cp /nix/store/r49crjh43kjiis3pvbkb1562innv1j9v-security-wrapper/bin/security-wrapper $wrapperDir/newgidmap
echo -n "/nix/store/hciblqqf5fwasmiac3ciw30h574nf6kk-shadow-4.6/bin/newgidmap" > $wrapperDir/newgidmap.real
# Prevent races
chmod 0000 $wrapperDir/newgidmap
chown root.root $wrapperDir/newgidmap
chmod "u+s,g-s,u+rx,g+x,o+x" $wrapperDir/newgidmap
cp /nix/store/r49crjh43kjiis3pvbkb1562innv1j9v-security-wrapper/bin/security-wrapper $wrapperDir/newgrp
echo -n "/nix/store/hciblqqf5fwasmiac3ciw30h574nf6kk-shadow-4.6/bin/newgrp" > $wrapperDir/newgrp.real
# Prevent races
chmod 0000 $wrapperDir/newgrp
chown root.root $wrapperDir/newgrp
chmod "u+s,g-s,u+rx,g+x,o+x" $wrapperDir/newgrp
cp /nix/store/r49crjh43kjiis3pvbkb1562innv1j9v-security-wrapper/bin/security-wrapper $wrapperDir/newuidmap
echo -n "/nix/store/hciblqqf5fwasmiac3ciw30h574nf6kk-shadow-4.6/bin/newuidmap" > $wrapperDir/newuidmap.real
# Prevent races
chmod 0000 $wrapperDir/newuidmap
chown root.root $wrapperDir/newuidmap
chmod "u+s,g-s,u+rx,g+x,o+x" $wrapperDir/newuidmap
cp /nix/store/r49crjh43kjiis3pvbkb1562innv1j9v-security-wrapper/bin/security-wrapper $wrapperDir/passwd
echo -n "/nix/store/hciblqqf5fwasmiac3ciw30h574nf6kk-shadow-4.6/bin/passwd" > $wrapperDir/passwd.real
# Prevent races
chmod 0000 $wrapperDir/passwd
chown root.root $wrapperDir/passwd
chmod "u+s,g-s,u+rx,g+x,o+x" $wrapperDir/passwd
cp /nix/store/r49crjh43kjiis3pvbkb1562innv1j9v-security-wrapper/bin/security-wrapper $wrapperDir/ping
echo -n "/nix/store/22nfcbw7n7yd87yql537pma23h47bfzz-iputils-20180629/bin/ping" > $wrapperDir/ping.real
# Prevent races
chmod 0000 $wrapperDir/ping
chown root.root $wrapperDir/ping
# Set desired capabilities on the file plus cap_setpcap so
# the wrapper program can elevate the capabilities set on
# its file into the Ambient set.
/nix/store/22qfvavs0hmg1vh2jwh0cal7apj0g0x0-libcap-2.26/bin/setcap "cap_setpcap,cap_net_raw+p" $wrapperDir/ping
# Set the executable bit
chmod u+rx,g+x,o+x $wrapperDir/ping
cp /nix/store/r49crjh43kjiis3pvbkb1562innv1j9v-security-wrapper/bin/security-wrapper $wrapperDir/pkexec
echo -n "/nix/store/g5r63nlmlzn8n6v7ahrfii0b5pk55lar-polkit-0.115-bin/bin/pkexec" > $wrapperDir/pkexec.real
# Prevent races
chmod 0000 $wrapperDir/pkexec
chown root.root $wrapperDir/pkexec
chmod "u+s,g-s,u+rx,g+x,o+x" $wrapperDir/pkexec
cp /nix/store/r49crjh43kjiis3pvbkb1562innv1j9v-security-wrapper/bin/security-wrapper $wrapperDir/polkit-agent-helper-1
echo -n "/nix/store/r1b8ggg8w9kmdv9fjrir17qxbh1p38sj-polkit-0.115/lib/polkit-1/polkit-agent-helper-1" > $wrapperDir/polkit-agent-helper-1.real
# Prevent races
chmod 0000 $wrapperDir/polkit-agent-helper-1
chown root.root $wrapperDir/polkit-agent-helper-1
chmod "u+s,g-s,u+rx,g+x,o+x" $wrapperDir/polkit-agent-helper-1
cp /nix/store/r49crjh43kjiis3pvbkb1562innv1j9v-security-wrapper/bin/security-wrapper $wrapperDir/sg
echo -n "/nix/store/hciblqqf5fwasmiac3ciw30h574nf6kk-shadow-4.6/bin/sg" > $wrapperDir/sg.real
# Prevent races
chmod 0000 $wrapperDir/sg
chown root.root $wrapperDir/sg
chmod "u+s,g-s,u+rx,g+x,o+x" $wrapperDir/sg
cp /nix/store/r49crjh43kjiis3pvbkb1562innv1j9v-security-wrapper/bin/security-wrapper $wrapperDir/su
echo -n "/nix/store/c4w7l847prnan6zzhx718c788bdkrg02-shadow-4.6-su/bin/su" > $wrapperDir/su.real
# Prevent races
chmod 0000 $wrapperDir/su
chown root.root $wrapperDir/su
chmod "u+s,g-s,u+rx,g+x,o+x" $wrapperDir/su
cp /nix/store/r49crjh43kjiis3pvbkb1562innv1j9v-security-wrapper/bin/security-wrapper $wrapperDir/sudo
echo -n "/nix/store/nik1ylfpjy80pi7qq0llvv7r359bq9s9-sudo-1.8.27/bin/sudo" > $wrapperDir/sudo.real
# Prevent races
chmod 0000 $wrapperDir/sudo
chown root.root $wrapperDir/sudo
chmod "u+s,g-s,u+rx,g+x,o+x" $wrapperDir/sudo
cp /nix/store/r49crjh43kjiis3pvbkb1562innv1j9v-security-wrapper/bin/security-wrapper $wrapperDir/sudoedit
echo -n "/nix/store/nik1ylfpjy80pi7qq0llvv7r359bq9s9-sudo-1.8.27/bin/sudoedit" > $wrapperDir/sudoedit.real
# Prevent races
chmod 0000 $wrapperDir/sudoedit
chown root.root $wrapperDir/sudoedit
chmod "u+s,g-s,u+rx,g+x,o+x" $wrapperDir/sudoedit
cp /nix/store/r49crjh43kjiis3pvbkb1562innv1j9v-security-wrapper/bin/security-wrapper $wrapperDir/unix_chkpwd
echo -n "/nix/store/wm300mkfk9sfx2lv3rcblqm8bza673g0-linux-pam-1.3.0/sbin/unix_chkpwd.orig" > $wrapperDir/unix_chkpwd.real
# Prevent races
chmod 0000 $wrapperDir/unix_chkpwd
chown root.nogroup $wrapperDir/unix_chkpwd
chmod "u+s,g-s,u+rx,g+x,o+x" $wrapperDir/unix_chkpwd
if [ -L /run/wrappers/bin ]; then
# Atomically replace the symlink
# See https://axialcorps.com/2013/07/03/atomically-replacing-files-and-directories/
old=$(readlink -f /run/wrappers/bin)
ln --symbolic --force --no-dereference $wrapperDir /run/wrappers/bin-tmp
mv --no-target-directory /run/wrappers/bin-tmp /run/wrappers/bin
rm --force --recursive $old
else
# For initial setup
ln --symbolic $wrapperDir /run/wrappers/bin
fi
if (( _localstatus > 0 )); then
printf "Activation script snippet '%s' failed (%s)\n" "wrappers" "$_localstatus"
fi
# Make this configuration the current configuration.
# The readlink is there to ensure that when $systemConfig = /system
# (which is a symlink to the store), /run/current-system is still
# used as a garbage collection root.
ln -sfn "$(readlink -f "$systemConfig")" /run/current-system
# Prevent the current configuration from being garbage-collected.
ln -sfn /run/current-system /nix/var/nix/gcroots/current-system
exit $_status
```
--
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
#48623 (comment) part: text/html
|
Thank you @dtzWill Adding myself to the video group worked 👍 |
Good, that udev rule is now set up! |
Sounds like it, yes! |
Adding myself to the video group doesn't seem to do the trick. Here's the user data:
Scratch that, I was doing something silly. |
Sorry, I know the issue is closed but I was wondering if it'd be worth it to update https://nixos.wiki/wiki/Backlight with the |
I have this problem at the moment. Light is working with sudo, but does nothing without. Has something changed? or is there something I can do to investigate further? |
did you set |
Hi, yes it was set... but also began to work now. I don't know why or what changed... maybe a restart? but I thought I already had tried to reboot. |
Okso
|
Issue description
Since a few days, around the 14th october, light is not working without root.
Using sudo light -S works fine.
Since #nixos didn't know any further answers, I opened this issue.
Steps to reproduce
/etc/nixos/configuration.nix
programs.light.enable = true;
Technical details
Please run
nix-shell -p nix-info --run "nix-info -m"
and paste theresults.
Yes, this is the full output of nixos-option security.wrappers.light.source
yes, it has no output at all
The text was updated successfully, but these errors were encountered: