#!/nix/store/4nmqxajzaf60yjribkgvj5j54x9yvr1r-bash-5.1-p12/bin/bash

systemConfig='/nix/store/64rzl5k9z50748v39jd3213pd53mpxrj-nixos-system-testing-product-22.05.19700101.dirty'

export PATH=/empty
for i in /nix/store/dj89pwrdlycn8iyn08v8znmynjz1zsi9-coreutils-9.0 /nix/store/hcpp0sgqrdd8gc2fya3lf5yibk1n1a87-gnugrep-3.7 /nix/store/bdhm9wxl5mndc8pr5l6ab7a8pvcxi0jz-findutils-4.8.0 /nix/store/19jvdz77pk246wh7xfv5nq3js4bm32fl-getent-glibc-2.33-108 /nix/store/043lz8mvyx5vxl058c1i586yqc8ax4ig-glibc-2.33-108-bin /nix/store/9w5l1zrdd21hjxgjp5jnxxr6jibpjxd4-shadow-4.8.1 /nix/store/3smwq63kw6x70bla4cm7bqn4rncx0qyn-net-tools-2.10 /nix/store/jwqzf74yfhwcg4h4mdwdg2qf881jzdi8-util-linux-2.37.3-bin; do
    PATH=$PATH:$i/bin:$i/sbin
done

_status=0
trap "_status=1 _localstatus=\$?" ERR

# Ensure a consistent umask.
umask 0022

#### Activation script snippet bash:
_localstatus=0
mkdir -p /bin
ln -sf /run/current-system/sw/bin/bash /bin/bash


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "bash" "$_localstatus"
fi

#### Activation script snippet specialfs:
_localstatus=0
specialMount() {
  local device="$1"
  local mountPoint="$2"
  local options="$3"
  local fsType="$4"

  if mountpoint -q "$mountPoint"; then
    local options="remount,$options"
  else
    mkdir -m 0755 -p "$mountPoint"
  fi
  mount -t "$fsType" -o "$options" "$device" "$mountPoint"
}
source /nix/store/brmwyd8m05q3im627fx2rjhh6q633137-mounts.sh


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "specialfs" "$_localstatus"
fi

#### Activation script snippet binfmt:
_localstatus=0
mkdir -p -m 0755 /run/binfmt



if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "binfmt" "$_localstatus"
fi

#### Activation script snippet stdio:
_localstatus=0


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "stdio" "$_localstatus"
fi

#### Activation script snippet binsh:
_localstatus=0
# Create the required /bin/sh symlink; otherwise lots of things
# (notably the system() function) won't work.
mkdir -m 0755 -p /bin
ln -sfn "/nix/store/3pa0xk3mgmx7hqskg63gxviyw7f217i6-bash-interactive-5.1-p12/bin/sh" /bin/.sh.tmp
mv /bin/.sh.tmp /bin/sh # atomically replace /bin/sh


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "binsh" "$_localstatus"
fi

#### Activation script snippet domain:
_localstatus=0


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "domain" "$_localstatus"
fi

#### Activation script snippet users:
_localstatus=0
install -m 0700 -d /root
install -m 0755 -d /home

/nix/store/35yz5k6pbhivzmq2vzxjpcr2rks2qiqb-perl-5.34.0-env/bin/perl \
-w /nix/store/v9jlnw6wx25wjpyprrwv7zk0r7aiiqwg-update-users-groups.pl /nix/store/fa6aj2b33n256y226c1rhy6d4mn3c3bw-users-groups.json


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "users" "$_localstatus"
fi

#### Activation script snippet groups:
_localstatus=0


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "groups" "$_localstatus"
fi

#### Activation script snippet etc:
_localstatus=0
# Set up the statically computed bits of /etc.
echo "setting up /etc..."
/nix/store/p9k7xhx2ifia4d0aicvp64w6mnwg1ssq-perl-5.34.0-env/bin/perl /nix/store/cz6na7w751iv7z78fb9ms8hhvnsd0l8z-setup-etc.pl /nix/store/h5l0yarryridgj4kfq4093x6r5y44fbd-etc/etc


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "etc" "$_localstatus"
fi

#### Activation script snippet hostname:
_localstatus=0
hostname "testing-product"


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "hostname" "$_localstatus"
fi

#### Activation script snippet installInitScript:
_localstatus=0
ln -fs $systemConfig/init /sbin/init


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "installInitScript" "$_localstatus"
fi

#### Activation script snippet nix:
_localstatus=0
install -m 0755 -d /nix/var/nix/{gcroots,profiles}/per-user

# Subscribe the root user to the NixOS channel by default.
if [ ! -e "/root/.nix-channels" ]; then
    echo "https://nixos.org/channels/nixos-unstable nixos" > "/root/.nix-channels"
fi


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "nix" "$_localstatus"
fi

#### Activation script snippet usrbinenv:
_localstatus=0
mkdir -m 0755 -p /usr/bin
ln -sfn /nix/store/dj89pwrdlycn8iyn08v8znmynjz1zsi9-coreutils-9.0/bin/env /usr/bin/.env.tmp
mv /usr/bin/.env.tmp /usr/bin/env # atomically replace /usr/bin/env


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "usrbinenv" "$_localstatus"
fi

#### Activation script snippet var:
_localstatus=0
# Various log/runtime directories.

mkdir -m 1777 -p /var/tmp

# Empty, immutable home directory of many system accounts.
mkdir -p /var/empty
# Make sure it's really empty
/nix/store/ki0x4wywp5b7rixwk1miq222wybdl3si-e2fsprogs-1.46.5-bin/bin/chattr -f -i /var/empty || true
find /var/empty -mindepth 1 -delete
chmod 0555 /var/empty
chown root:root /var/empty
/nix/store/ki0x4wywp5b7rixwk1miq222wybdl3si-e2fsprogs-1.46.5-bin/bin/chattr -f +i /var/empty || true


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "var" "$_localstatus"
fi

#### Activation script snippet wrappers:
_localstatus=0
chmod 755 "/run/wrappers"

# We want to place the tmpdirs for the wrappers to the parent dir.
wrapperDir=$(mktemp --directory --tmpdir="/run/wrappers" wrappers.XXXXXXXXXX)
chmod a+rx "$wrapperDir"

cp /nix/store/r2qihyhf82lfz7h8r40i2qwnzg01x67z-security-wrapper/bin/security-wrapper "$wrapperDir/apps.plugin"
echo -n "/nix/store/ak6shpgammzfpm10xb50vrdv7016jw4l-netdata-1.33.1/libexec/netdata/plugins.d/apps.plugin.org" > "$wrapperDir/apps.plugin.real"

# Prevent races
chmod 0000 "$wrapperDir/apps.plugin"
chown netdata.netdata "$wrapperDir/apps.plugin"

# Set desired capabilities on the file plus cap_setpcap so
# the wrapper program can elevate the capabilities set on
# its file into the Ambient set.
/nix/store/2lk60ck1m41lvkbisv97zlx4914nhnqh-libcap-2.49/bin/setcap "cap_setpcap,cap_dac_read_search,cap_sys_ptrace+ep" "$wrapperDir/apps.plugin"

# Set the executable bit
chmod u+rx,g+x,o-rwx "$wrapperDir/apps.plugin"

cp /nix/store/r2qihyhf82lfz7h8r40i2qwnzg01x67z-security-wrapper/bin/security-wrapper "$wrapperDir/cgroup-network"
echo -n "/nix/store/ak6shpgammzfpm10xb50vrdv7016jw4l-netdata-1.33.1/libexec/netdata/plugins.d/cgroup-network.org" > "$wrapperDir/cgroup-network.real"

# Prevent races
chmod 0000 "$wrapperDir/cgroup-network"
chown netdata.netdata "$wrapperDir/cgroup-network"

# Set desired capabilities on the file plus cap_setpcap so
# the wrapper program can elevate the capabilities set on
# its file into the Ambient set.
/nix/store/2lk60ck1m41lvkbisv97zlx4914nhnqh-libcap-2.49/bin/setcap "cap_setpcap,cap_setuid+ep" "$wrapperDir/cgroup-network"

# Set the executable bit
chmod u+rx,g+x,o-rwx "$wrapperDir/cgroup-network"

cp /nix/store/r2qihyhf82lfz7h8r40i2qwnzg01x67z-security-wrapper/bin/security-wrapper "$wrapperDir/chsh"
echo -n "/nix/store/9w5l1zrdd21hjxgjp5jnxxr6jibpjxd4-shadow-4.8.1/bin/chsh" > "$wrapperDir/chsh.real"

# Prevent races
chmod 0000 "$wrapperDir/chsh"
chown root.root "$wrapperDir/chsh"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/chsh"

cp /nix/store/r2qihyhf82lfz7h8r40i2qwnzg01x67z-security-wrapper/bin/security-wrapper "$wrapperDir/dbus-daemon-launch-helper"
echo -n "/nix/store/1bjb1viyvci75xbayy1a56nw0s2n7rzc-dbus-1.12.20/libexec/dbus-daemon-launch-helper" > "$wrapperDir/dbus-daemon-launch-helper.real"

# Prevent races
chmod 0000 "$wrapperDir/dbus-daemon-launch-helper"
chown root.messagebus "$wrapperDir/dbus-daemon-launch-helper"

chmod "u+s,g-s,u+rx,g+rx,o-rx" "$wrapperDir/dbus-daemon-launch-helper"

cp /nix/store/r2qihyhf82lfz7h8r40i2qwnzg01x67z-security-wrapper/bin/security-wrapper "$wrapperDir/freeipmi.plugin"
echo -n "/nix/store/ak6shpgammzfpm10xb50vrdv7016jw4l-netdata-1.33.1/libexec/netdata/plugins.d/freeipmi.plugin.org" > "$wrapperDir/freeipmi.plugin.real"

# Prevent races
chmod 0000 "$wrapperDir/freeipmi.plugin"
chown netdata.netdata "$wrapperDir/freeipmi.plugin"

# Set desired capabilities on the file plus cap_setpcap so
# the wrapper program can elevate the capabilities set on
# its file into the Ambient set.
/nix/store/2lk60ck1m41lvkbisv97zlx4914nhnqh-libcap-2.49/bin/setcap "cap_setpcap,cap_dac_override,cap_fowner+ep" "$wrapperDir/freeipmi.plugin"

# Set the executable bit
chmod u+rx,g+x,o-rwx "$wrapperDir/freeipmi.plugin"

cp /nix/store/r2qihyhf82lfz7h8r40i2qwnzg01x67z-security-wrapper/bin/security-wrapper "$wrapperDir/fusermount"
echo -n "/nix/store/mvgg2fk5wwrcmm3wbrjhjn034aivrik2-fuse-2.9.9/bin/fusermount" > "$wrapperDir/fusermount.real"

# Prevent races
chmod 0000 "$wrapperDir/fusermount"
chown root.root "$wrapperDir/fusermount"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/fusermount"

cp /nix/store/r2qihyhf82lfz7h8r40i2qwnzg01x67z-security-wrapper/bin/security-wrapper "$wrapperDir/fusermount3"
echo -n "/nix/store/1m2zhldijbwh8kzdbpj4zic3c4ly5w7q-fuse-3.10.5/bin/fusermount3" > "$wrapperDir/fusermount3.real"

# Prevent races
chmod 0000 "$wrapperDir/fusermount3"
chown root.root "$wrapperDir/fusermount3"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/fusermount3"

cp /nix/store/r2qihyhf82lfz7h8r40i2qwnzg01x67z-security-wrapper/bin/security-wrapper "$wrapperDir/mount"
echo -n "/nix/store/jwqzf74yfhwcg4h4mdwdg2qf881jzdi8-util-linux-2.37.3-bin/bin/mount" > "$wrapperDir/mount.real"

# Prevent races
chmod 0000 "$wrapperDir/mount"
chown root.root "$wrapperDir/mount"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/mount"

cp /nix/store/r2qihyhf82lfz7h8r40i2qwnzg01x67z-security-wrapper/bin/security-wrapper "$wrapperDir/newgidmap"
echo -n "/nix/store/9w5l1zrdd21hjxgjp5jnxxr6jibpjxd4-shadow-4.8.1/bin/newgidmap" > "$wrapperDir/newgidmap.real"

# Prevent races
chmod 0000 "$wrapperDir/newgidmap"
chown root.root "$wrapperDir/newgidmap"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/newgidmap"

cp /nix/store/r2qihyhf82lfz7h8r40i2qwnzg01x67z-security-wrapper/bin/security-wrapper "$wrapperDir/newgrp"
echo -n "/nix/store/9w5l1zrdd21hjxgjp5jnxxr6jibpjxd4-shadow-4.8.1/bin/newgrp" > "$wrapperDir/newgrp.real"

# Prevent races
chmod 0000 "$wrapperDir/newgrp"
chown root.root "$wrapperDir/newgrp"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/newgrp"

cp /nix/store/r2qihyhf82lfz7h8r40i2qwnzg01x67z-security-wrapper/bin/security-wrapper "$wrapperDir/newuidmap"
echo -n "/nix/store/9w5l1zrdd21hjxgjp5jnxxr6jibpjxd4-shadow-4.8.1/bin/newuidmap" > "$wrapperDir/newuidmap.real"

# Prevent races
chmod 0000 "$wrapperDir/newuidmap"
chown root.root "$wrapperDir/newuidmap"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/newuidmap"

cp /nix/store/r2qihyhf82lfz7h8r40i2qwnzg01x67z-security-wrapper/bin/security-wrapper "$wrapperDir/passwd"
echo -n "/nix/store/9w5l1zrdd21hjxgjp5jnxxr6jibpjxd4-shadow-4.8.1/bin/passwd" > "$wrapperDir/passwd.real"

# Prevent races
chmod 0000 "$wrapperDir/passwd"
chown root.root "$wrapperDir/passwd"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/passwd"

cp /nix/store/r2qihyhf82lfz7h8r40i2qwnzg01x67z-security-wrapper/bin/security-wrapper "$wrapperDir/perf.plugin"
echo -n "/nix/store/ak6shpgammzfpm10xb50vrdv7016jw4l-netdata-1.33.1/libexec/netdata/plugins.d/perf.plugin.org" > "$wrapperDir/perf.plugin.real"

# Prevent races
chmod 0000 "$wrapperDir/perf.plugin"
chown netdata.netdata "$wrapperDir/perf.plugin"

# Set desired capabilities on the file plus cap_setpcap so
# the wrapper program can elevate the capabilities set on
# its file into the Ambient set.
/nix/store/2lk60ck1m41lvkbisv97zlx4914nhnqh-libcap-2.49/bin/setcap "cap_setpcap,cap_sys_admin+ep" "$wrapperDir/perf.plugin"

# Set the executable bit
chmod u+rx,g+x,o-rwx "$wrapperDir/perf.plugin"

cp /nix/store/r2qihyhf82lfz7h8r40i2qwnzg01x67z-security-wrapper/bin/security-wrapper "$wrapperDir/ping"
echo -n "/nix/store/kavbqyick3rw48zj5dk655vw5607vv3k-iputils-20211215/bin/ping" > "$wrapperDir/ping.real"

# Prevent races
chmod 0000 "$wrapperDir/ping"
chown root.root "$wrapperDir/ping"

# Set desired capabilities on the file plus cap_setpcap so
# the wrapper program can elevate the capabilities set on
# its file into the Ambient set.
/nix/store/2lk60ck1m41lvkbisv97zlx4914nhnqh-libcap-2.49/bin/setcap "cap_setpcap,cap_net_raw+p" "$wrapperDir/ping"

# Set the executable bit
chmod u+rx,g+x,o+x "$wrapperDir/ping"

cp /nix/store/r2qihyhf82lfz7h8r40i2qwnzg01x67z-security-wrapper/bin/security-wrapper "$wrapperDir/pkexec"
echo -n "/nix/store/14vz0gwcgs19xqg370hcvj0wqc2maf8v-polkit-0.120-bin/bin/pkexec" > "$wrapperDir/pkexec.real"

# Prevent races
chmod 0000 "$wrapperDir/pkexec"
chown root.root "$wrapperDir/pkexec"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/pkexec"

cp /nix/store/r2qihyhf82lfz7h8r40i2qwnzg01x67z-security-wrapper/bin/security-wrapper "$wrapperDir/polkit-agent-helper-1"
echo -n "/nix/store/i9m44wig3dxw72md52szmym6g7xalgzv-polkit-0.120/lib/polkit-1/polkit-agent-helper-1" > "$wrapperDir/polkit-agent-helper-1.real"

# Prevent races
chmod 0000 "$wrapperDir/polkit-agent-helper-1"
chown root.root "$wrapperDir/polkit-agent-helper-1"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/polkit-agent-helper-1"

cp /nix/store/r2qihyhf82lfz7h8r40i2qwnzg01x67z-security-wrapper/bin/security-wrapper "$wrapperDir/sg"
echo -n "/nix/store/9w5l1zrdd21hjxgjp5jnxxr6jibpjxd4-shadow-4.8.1/bin/sg" > "$wrapperDir/sg.real"

# Prevent races
chmod 0000 "$wrapperDir/sg"
chown root.root "$wrapperDir/sg"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/sg"

cp /nix/store/r2qihyhf82lfz7h8r40i2qwnzg01x67z-security-wrapper/bin/security-wrapper "$wrapperDir/slabinfo.plugin"
echo -n "/nix/store/ak6shpgammzfpm10xb50vrdv7016jw4l-netdata-1.33.1/libexec/netdata/plugins.d/slabinfo.plugin.org" > "$wrapperDir/slabinfo.plugin.real"

# Prevent races
chmod 0000 "$wrapperDir/slabinfo.plugin"
chown netdata.netdata "$wrapperDir/slabinfo.plugin"

# Set desired capabilities on the file plus cap_setpcap so
# the wrapper program can elevate the capabilities set on
# its file into the Ambient set.
/nix/store/2lk60ck1m41lvkbisv97zlx4914nhnqh-libcap-2.49/bin/setcap "cap_setpcap,cap_dac_override+ep" "$wrapperDir/slabinfo.plugin"

# Set the executable bit
chmod u+rx,g+x,o-rwx "$wrapperDir/slabinfo.plugin"

cp /nix/store/r2qihyhf82lfz7h8r40i2qwnzg01x67z-security-wrapper/bin/security-wrapper "$wrapperDir/su"
echo -n "/nix/store/k15b817jqz4ckp8rp1mgpkvvx78xxp2n-shadow-4.8.1-su/bin/su" > "$wrapperDir/su.real"

# Prevent races
chmod 0000 "$wrapperDir/su"
chown root.root "$wrapperDir/su"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/su"

cp /nix/store/r2qihyhf82lfz7h8r40i2qwnzg01x67z-security-wrapper/bin/security-wrapper "$wrapperDir/sudo"
echo -n "/nix/store/0m1mrk7mqhksfpxnmn3ra0w3dg333vi9-sudo-1.9.9/bin/sudo" > "$wrapperDir/sudo.real"

# Prevent races
chmod 0000 "$wrapperDir/sudo"
chown root.root "$wrapperDir/sudo"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/sudo"

cp /nix/store/r2qihyhf82lfz7h8r40i2qwnzg01x67z-security-wrapper/bin/security-wrapper "$wrapperDir/sudoedit"
echo -n "/nix/store/0m1mrk7mqhksfpxnmn3ra0w3dg333vi9-sudo-1.9.9/bin/sudoedit" > "$wrapperDir/sudoedit.real"

# Prevent races
chmod 0000 "$wrapperDir/sudoedit"
chown root.root "$wrapperDir/sudoedit"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/sudoedit"

cp /nix/store/r2qihyhf82lfz7h8r40i2qwnzg01x67z-security-wrapper/bin/security-wrapper "$wrapperDir/umount"
echo -n "/nix/store/jwqzf74yfhwcg4h4mdwdg2qf881jzdi8-util-linux-2.37.3-bin/bin/umount" > "$wrapperDir/umount.real"

# Prevent races
chmod 0000 "$wrapperDir/umount"
chown root.root "$wrapperDir/umount"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/umount"

cp /nix/store/r2qihyhf82lfz7h8r40i2qwnzg01x67z-security-wrapper/bin/security-wrapper "$wrapperDir/unix_chkpwd"
echo -n "/nix/store/pnp5qkmj8m07jl8pghhglfdczz2840r9-linux-pam-1.5.2/bin/unix_chkpwd" > "$wrapperDir/unix_chkpwd.real"

# Prevent races
chmod 0000 "$wrapperDir/unix_chkpwd"
chown root.root "$wrapperDir/unix_chkpwd"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/unix_chkpwd"


if [ -L /run/wrappers/bin ]; then
  # Atomically replace the symlink
  # See https://axialcorps.com/2013/07/03/atomically-replacing-files-and-directories/
  old=$(readlink -f /run/wrappers/bin)
  if [ -e "/run/wrappers/bin-tmp" ]; then
    rm --force --recursive "/run/wrappers/bin-tmp"
  fi
  ln --symbolic --force --no-dereference "$wrapperDir" "/run/wrappers/bin-tmp"
  mv --no-target-directory "/run/wrappers/bin-tmp" "/run/wrappers/bin"
  rm --force --recursive "$old"
else
  # For initial setup
  ln --symbolic "$wrapperDir" "/run/wrappers/bin"
fi


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "wrappers" "$_localstatus"
fi


# Make this configuration the current configuration.
# The readlink is there to ensure that when $systemConfig = /system
# (which is a symlink to the store), /run/current-system is still
# used as a garbage collection root.
ln -sfn "$(readlink -f "$systemConfig")" /run/current-system

# Prevent the current configuration from being garbage-collected.
mkdir -p /nix/var/nix/gcroots
ln -sfn /run/current-system /nix/var/nix/gcroots/current-system

exit $_status

