introduce minifakeroot that also works on macos

nixosModules/clanCore/zerotier/default.nix

@@ -182,15 +182,33 @@ in
         secret.zerotier-identity-secret = { };
         generator.path = [
           config.services.zerotierone.package
-          pkgs.fakeroot
           pkgs.python3
         ];
-        generator.script = ''
+        generator.script =
-          python3 ${./generate.py} --mode network \
+          let
-            --ip "$facts/zerotier-ip" \
+            library = "libfakeroot${pkgs.stdenv.hostPlatform.extensions.sharedLibrary}";
-            --identity-secret "$secrets/zerotier-identity-secret" \
+            minifakeroot = pkgs.stdenv.mkDerivation {
-            --network-id "$facts/zerotier-network-id"
+              name = "minifakeroot";
-        '';
+              dontUnpack = true;
+              installPhase = ''
+                mkdir -p $out/lib
+                ${
+                  if pkgs.stdenv.isDarwin then
+                    "$CC -dynamiclib -o $out/lib/libfakeroot.dylib ${./fake_root.c}"
+                  else
+                    "$CC -shared -o $out/lib/libfakeroot.so ${./fake_root.c}"
+                }
+              '';
+            };
+            varName = if pkgs.stdenv.isDarwin then "DYLD_INSERT_LIBRARIES" else "LD_PRELOAD";
+          in
+          ''
+            export ${varName}=${minifakeroot}/lib/${library}
+            python3 ${./generate.py} --mode network \
+              --ip "$facts/zerotier-ip" \
+              --identity-secret "$secrets/zerotier-identity-secret" \
+              --network-id "$facts/zerotier-network-id"
+          '';
       };
       clan.core.state.zerotier.folders = [ "/var/lib/zerotier-one" ];
 

nixosModules/clanCore/zerotier/fake_root.c

@@ -0,0 +1,28 @@
+#include <stdint.h>
+typedef uint32_t uid_t;
+
+#ifdef __APPLE__
+  struct dyld_interpose {
+    const void * replacement;
+    const void * replacee;
+  };
+  #define WRAPPER(ret, name) static ret _fakeroot_wrapper_##name
+  #define WRAPPER_DEF(name) \
+    __attribute__((used)) static struct dyld_interpose _fakeroot_interpose_##name \
+      __attribute__((section("__DATA,__interpose"))) = { &_fakeroot_wrapper_##name, &name };
+#else
+  #define WRAPPER(ret, name) ret name
+  #define WRAPPER_DEF(name)
+#endif
+
+WRAPPER(uid_t, geteuid)(const char * path, int flags, ...)
+{
+    return 0; // Fake root
+}
+WRAPPER_DEF(geteuid)
+
+WRAPPER(uid_t, getuid)(const char * path, int flags, ...)
+{
+    return 0; // Fake root
+}
+WRAPPER_DEF(getuid)

nixosModules/clanCore/zerotier/generate.py

@@ -111,12 +111,11 @@ def zerotier_controller() -> Iterator[ZerotierController]:
         home = tempdir / "zerotier-one"
         home.mkdir()
         cmd = [
-            "fakeroot",
-            "--",
             "zerotier-one",
             f"-p{controller_port}",
             str(home),
         ]
+
         with subprocess.Popen(
             cmd,
             preexec_fn=os.setsid,

pkgs/clan-cli/clan_cli/facts/generate.py

@@ -3,6 +3,7 @@ import importlib
 import logging
 import os
 import subprocess
+import sys
 from collections.abc import Callable
 from pathlib import Path
 from tempfile import TemporaryDirectory

pkgs/clan-cli/default.nix

@@ -15,7 +15,6 @@
   setuptools,
   sops,
   stdenv,
-  fakeroot,
   rsync,
   bash,
   sshpass,
@@ -38,7 +37,6 @@ let
   runtimeDependencies = [
     bash
     nix
-    fakeroot
     openssh
     sshpass
     zbar