From 8d8b213c4c91efa388560037b40b19d8c2b59549 Mon Sep 17 00:00:00 2001
From: Richard Ipsum <richardipsum@fastmail.co.uk>
Date: Thu, 22 Jun 2017 19:02:53 +0100
Subject: setuid only if root

Running the sandbox without setuid is less secure, but it will still work,
it is not possible for nix to make binaries setuid when being used as a
pkg manager outside of NixOS, i.e. on Debian.
---
 Makefile | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index f3d9d62..1a1bd94 100644
--- a/Makefile
+++ b/Makefile
@@ -59,8 +59,10 @@ install: build
 	mkdir -p $(CINST_ROOT)/supple
 	mkdir -p $(BINST_ROOT)
 	cp wrapper $(DESTDIR)$(WRAPPER_PATH)
-	chown root:root $(DESTDIR)$(WRAPPER_PATH)
-	chmod u+s $(DESTDIR)$(WRAPPER_PATH)
+	if [ "$$(whoami)" = "root" ]; then \
+		chown root:root $(DESTDIR)$(WRAPPER_PATH); \
+		chmod u+s $(DESTDIR)$(WRAPPER_PATH); \
+	fi
 	for MOD in $(sort $(LMOD_FILES)); do \
 		$(COPY_LMOD) lib/$${MOD} > $(LINST_ROOT)/$${MOD}; \
 	done
-- 
cgit v1.2.1