#!/nix/store/ciarnmsx8lvsrmdbjddpmx0pqjrm8imb-bash-5.3p3/bin/bash
set -e

chmod 755 "/run/wrappers"

# We want to place the tmpdirs for the wrappers to the parent dir.
wrapperDir=$(mktemp --directory --tmpdir="/run/wrappers" wrappers.XXXXXXXXXX)
chmod a+rx "$wrapperDir"

cp /nix/store/75xi95m60gk6m2fw88v1y1lfzgl7zkfv-security-wrapper-chsh-x86_64-unknown-linux-musl/bin/security-wrapper "$wrapperDir/chsh"

# Prevent races
chmod 0000 "$wrapperDir/chsh"
chown root:root "$wrapperDir/chsh"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/chsh"

cp /nix/store/lb47yc67zpkxwb7kxws3y23m2m90wwz2-security-wrapper-dbus-daemon-launch-helper-x86_64-unknown-linux-musl/bin/security-wrapper "$wrapperDir/dbus-daemon-launch-helper"

# Prevent races
chmod 0000 "$wrapperDir/dbus-daemon-launch-helper"
chown root:messagebus "$wrapperDir/dbus-daemon-launch-helper"

chmod "u+s,g-s,u+rx,g+rx,o-rx" "$wrapperDir/dbus-daemon-launch-helper"

cp /nix/store/4bnldmgj405hbynsmf9s0zapa7dgx37l-security-wrapper-fusermount-x86_64-unknown-linux-musl/bin/security-wrapper "$wrapperDir/fusermount"

# Prevent races
chmod 0000 "$wrapperDir/fusermount"
chown root:root "$wrapperDir/fusermount"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/fusermount"

cp /nix/store/ip67y8zzgpjwk70mpdm6vr4c4s7kw27c-security-wrapper-fusermount3-x86_64-unknown-linux-musl/bin/security-wrapper "$wrapperDir/fusermount3"

# Prevent races
chmod 0000 "$wrapperDir/fusermount3"
chown root:root "$wrapperDir/fusermount3"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/fusermount3"

cp /nix/store/qqpbgws19labrkgi3bf3nzk6mzri3y3s-security-wrapper-mount-x86_64-unknown-linux-musl/bin/security-wrapper "$wrapperDir/mount"

# Prevent races
chmod 0000 "$wrapperDir/mount"
chown root:root "$wrapperDir/mount"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/mount"

cp /nix/store/2rr0wqr0bk2sjvkd1xxla5qg30725drf-security-wrapper-newgidmap-x86_64-unknown-linux-musl/bin/security-wrapper "$wrapperDir/newgidmap"

# Prevent races
chmod 0000 "$wrapperDir/newgidmap"
chown root:root "$wrapperDir/newgidmap"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/newgidmap"

cp /nix/store/m55xnxc5zgqlvb79lx76awifr1bk3ifw-security-wrapper-newgrp-x86_64-unknown-linux-musl/bin/security-wrapper "$wrapperDir/newgrp"

# Prevent races
chmod 0000 "$wrapperDir/newgrp"
chown root:root "$wrapperDir/newgrp"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/newgrp"

cp /nix/store/zvxzivzh1j0jgrr2pcwqb22zs6ncdka8-security-wrapper-newuidmap-x86_64-unknown-linux-musl/bin/security-wrapper "$wrapperDir/newuidmap"

# Prevent races
chmod 0000 "$wrapperDir/newuidmap"
chown root:root "$wrapperDir/newuidmap"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/newuidmap"

cp /nix/store/9q42anwnhzcbwm2ckcak6g0vw22dkdz1-security-wrapper-passwd-x86_64-unknown-linux-musl/bin/security-wrapper "$wrapperDir/passwd"

# Prevent races
chmod 0000 "$wrapperDir/passwd"
chown root:root "$wrapperDir/passwd"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/passwd"

cp /nix/store/n0phfz38jjj2hsz2mz0cd6rbvavlbygi-security-wrapper-sg-x86_64-unknown-linux-musl/bin/security-wrapper "$wrapperDir/sg"

# Prevent races
chmod 0000 "$wrapperDir/sg"
chown root:root "$wrapperDir/sg"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/sg"

cp /nix/store/szm8k9hlx6cccxp27yjpxnygvcghzfqa-security-wrapper-su-x86_64-unknown-linux-musl/bin/security-wrapper "$wrapperDir/su"

# Prevent races
chmod 0000 "$wrapperDir/su"
chown root:root "$wrapperDir/su"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/su"

cp /nix/store/yb2xfknq2rs1qk07maaysph33ji8r9sn-security-wrapper-sudo-x86_64-unknown-linux-musl/bin/security-wrapper "$wrapperDir/sudo"

# Prevent races
chmod 0000 "$wrapperDir/sudo"
chown root:root "$wrapperDir/sudo"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/sudo"

cp /nix/store/nfabsc7bk4xb5nj2a2yvqfyd8pjqagqa-security-wrapper-sudoedit-x86_64-unknown-linux-musl/bin/security-wrapper "$wrapperDir/sudoedit"

# Prevent races
chmod 0000 "$wrapperDir/sudoedit"
chown root:root "$wrapperDir/sudoedit"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/sudoedit"

cp /nix/store/m65capqd0794ixych8aq30c4lr3yl9b6-security-wrapper-umount-x86_64-unknown-linux-musl/bin/security-wrapper "$wrapperDir/umount"

# Prevent races
chmod 0000 "$wrapperDir/umount"
chown root:root "$wrapperDir/umount"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/umount"

cp /nix/store/848284123j3rka90glmim3bv6ydjyl6h-security-wrapper-unix_chkpwd-x86_64-unknown-linux-musl/bin/security-wrapper "$wrapperDir/unix_chkpwd"

# Prevent races
chmod 0000 "$wrapperDir/unix_chkpwd"
chown root:root "$wrapperDir/unix_chkpwd"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/unix_chkpwd"


if [ -L /run/wrappers/bin ]; then
  # Atomically replace the symlink
  # See https://axialcorps.com/2013/07/03/atomically-replacing-files-and-directories/
  old=$(readlink -f /run/wrappers/bin)
  if [ -e "/run/wrappers/bin-tmp" ]; then
    rm --force --recursive "/run/wrappers/bin-tmp"
  fi
  ln --symbolic --force --no-dereference "$wrapperDir" "/run/wrappers/bin-tmp"
  mv --no-target-directory "/run/wrappers/bin-tmp" "/run/wrappers/bin"
  rm --force --recursive "$old"
else
  # For initial setup
  ln --symbolic "$wrapperDir" "/run/wrappers/bin"
fi


