Function( Function { head: Destructured( FunctionHeadDestructured { ellipsis: true, identifier: None, arguments: [ FunctionHeadDestructuredArgument { identifier: "config", default: None, }, FunctionHeadDestructuredArgument { identifier: "lib", default: None, }, FunctionHeadDestructuredArgument { identifier: "pkgs", default: None, }, ], }, ), body: LetIn( LetIn { bindings: [ Inherit( BindingInherit { from: Some( PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "config", span: Span { start: Position { line: 4, column: 12, }, end: Position { line: 4, column: 18, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "security", span: Span { start: Position { line: 4, column: 19, }, end: Position { line: 4, column: 27, }, }, }, ), ], default: None, }, ), ), attributes: [ Raw( PartRaw { content: "wrapperDir", span: Span { start: Position { line: 4, column: 29, }, end: Position { line: 4, column: 39, }, }, }, ), Raw( PartRaw { content: "wrappers", span: Span { start: Position { line: 4, column: 40, }, end: Position { line: 4, column: 48, }, }, }, ), ], span: Span { start: Position { line: 2, column: 4, }, end: Position { line: 4, column: 49, }, }, }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "parentWrapperDir", span: Span { start: Position { line: 6, column: 3, }, end: Position { line: 6, column: 19, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "dirOf", span: Span { start: Position { line: 6, column: 22, }, end: Position { line: 6, column: 27, }, }, }, ), arguments: [ Identifier( Identifier { id: "wrapperDir", span: Span { start: Position { line: 6, column: 28, }, end: Position { line: 6, column: 38, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "securityWrapper", span: Span { start: Position { line: 8, column: 3, }, end: Position { line: 8, column: 18, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 8, column: 21, }, end: Position { line: 8, column: 25, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "callPackage", span: Span { start: Position { line: 8, column: 26, }, end: Position { line: 8, column: 37, }, }, }, ), ], default: None, }, ), arguments: [ Path( Path { parts: [ Raw( PartRaw { content: "./wrapper.nix", span: Span { start: Position { line: 8, column: 38, }, end: Position { line: 8, column: 51, }, }, }, ), ], span: Span { start: Position { line: 8, column: 38, }, end: Position { line: 8, column: 51, }, }, }, ), Map( Map { recursive: false, bindings: [ Inherit( BindingInherit { from: None, attributes: [ Raw( PartRaw { content: "parentWrapperDir", span: Span { start: Position { line: 9, column: 13, }, end: Position { line: 9, column: 29, }, }, }, ), ], span: Span { start: Position { line: 8, column: 53, }, end: Position { line: 9, column: 30, }, }, }, ), ], span: Span { start: Position { line: 8, column: 52, }, end: Position { line: 10, column: 4, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "fileModeType", span: Span { start: Position { line: 12, column: 3, }, end: Position { line: 12, column: 15, }, }, }, ), ], to: LetIn( LetIn { bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "symbolic", span: Span { start: Position { line: 15, column: 7, }, end: Position { line: 15, column: 15, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "[ugoa]*([-+=]([rwxXst]*|[ugo]))+|[-+=][0-7]+", span: Span { start: Position { line: 15, column: 19, }, end: Position { line: 15, column: 63, }, }, }, ), ], span: Span { start: Position { line: 15, column: 18, }, end: Position { line: 15, column: 64, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "numeric", span: Span { start: Position { line: 16, column: 7, }, end: Position { line: 16, column: 14, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "[-+=]?[0-7]{0,4}", span: Span { start: Position { line: 16, column: 18, }, end: Position { line: 16, column: 34, }, }, }, ), ], span: Span { start: Position { line: 16, column: 17, }, end: Position { line: 16, column: 35, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "mode", span: Span { start: Position { line: 17, column: 7, }, end: Position { line: 17, column: 11, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "((", span: Span { start: Position { line: 17, column: 15, }, end: Position { line: 17, column: 28, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "symbolic", span: Span { start: Position { line: 17, column: 19, }, end: Position { line: 17, column: 27, }, }, }, ), }, ), Raw( PartRaw { content: ")(,", span: Span { start: Position { line: 17, column: 15, }, end: Position { line: 17, column: 31, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "symbolic", span: Span { start: Position { line: 17, column: 33, }, end: Position { line: 17, column: 41, }, }, }, ), }, ), Raw( PartRaw { content: ")*)|(", span: Span { start: Position { line: 17, column: 15, }, end: Position { line: 17, column: 47, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "numeric", span: Span { start: Position { line: 17, column: 49, }, end: Position { line: 17, column: 56, }, }, }, ), }, ), Raw( PartRaw { content: ")", span: Span { start: Position { line: 17, column: 15, }, end: Position { line: 17, column: 58, }, }, }, ), ], span: Span { start: Position { line: 17, column: 14, }, end: Position { line: 17, column: 59, }, }, }, ), }, ), ], target: BinaryOperation( BinaryOperation { left: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 19, column: 6, }, end: Position { line: 19, column: 9, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "types", span: Span { start: Position { line: 19, column: 10, }, end: Position { line: 19, column: 15, }, }, }, ), Raw( PartRaw { content: "strMatching", span: Span { start: Position { line: 19, column: 16, }, end: Position { line: 19, column: 27, }, }, }, ), ], default: None, }, ), arguments: [ Identifier( Identifier { id: "mode", span: Span { start: Position { line: 19, column: 28, }, end: Position { line: 19, column: 32, }, }, }, ), ], }, ), operator: Update, right: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 20, column: 11, }, end: Position { line: 20, column: 22, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "file mode string", span: Span { start: Position { line: 20, column: 26, }, end: Position { line: 20, column: 42, }, }, }, ), ], span: Span { start: Position { line: 20, column: 25, }, end: Position { line: 20, column: 43, }, }, }, ), }, ), ], span: Span { start: Position { line: 20, column: 9, }, end: Position { line: 20, column: 46, }, }, }, ), }, ), span: Span { start: Position { line: 13, column: 5, }, end: Position { line: 20, column: 46, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "wrapperType", span: Span { start: Position { line: 22, column: 3, }, end: Position { line: 22, column: 14, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 22, column: 17, }, end: Position { line: 22, column: 20, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "types", span: Span { start: Position { line: 22, column: 21, }, end: Position { line: 22, column: 26, }, }, }, ), Raw( PartRaw { content: "submodule", span: Span { start: Position { line: 22, column: 27, }, end: Position { line: 22, column: 36, }, }, }, ), ], default: None, }, ), arguments: [ Function( Function { head: Destructured( FunctionHeadDestructured { ellipsis: true, identifier: None, arguments: [ FunctionHeadDestructuredArgument { identifier: "name", default: None, }, FunctionHeadDestructuredArgument { identifier: "config", default: None, }, ], }, ), body: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "options", span: Span { start: Position { line: 23, column: 5, }, end: Position { line: 23, column: 12, }, }, }, ), Raw( PartRaw { content: "source", span: Span { start: Position { line: 23, column: 13, }, end: Position { line: 23, column: 19, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 23, column: 22, }, end: Position { line: 23, column: 25, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mkOption", span: Span { start: Position { line: 23, column: 26, }, end: Position { line: 23, column: 34, }, }, }, ), ], default: None, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 24, column: 9, }, end: Position { line: 24, column: 13, }, }, }, ), ], to: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 24, column: 16, }, end: Position { line: 24, column: 19, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "types", span: Span { start: Position { line: 24, column: 20, }, end: Position { line: 24, column: 25, }, }, }, ), Raw( PartRaw { content: "path", span: Span { start: Position { line: 24, column: 26, }, end: Position { line: 24, column: 30, }, }, }, ), ], default: None, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 25, column: 9, }, end: Position { line: 25, column: 20, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 25, column: 23, }, end: Position { line: 25, column: 26, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 25, column: 27, }, end: Position { line: 25, column: 32, }, }, }, ), ], default: None, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: "The absolute path to the program to be wrapped.", span: Span { start: Position { line: 25, column: 34, }, end: Position { line: 25, column: 81, }, }, }, ), ], span: Span { start: Position { line: 25, column: 33, }, end: Position { line: 25, column: 82, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 24, column: 7, }, end: Position { line: 26, column: 8, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "options", span: Span { start: Position { line: 27, column: 5, }, end: Position { line: 27, column: 12, }, }, }, ), Raw( PartRaw { content: "program", span: Span { start: Position { line: 27, column: 13, }, end: Position { line: 27, column: 20, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 27, column: 23, }, end: Position { line: 27, column: 26, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mkOption", span: Span { start: Position { line: 27, column: 27, }, end: Position { line: 27, column: 35, }, }, }, ), ], default: None, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 28, column: 9, }, end: Position { line: 28, column: 13, }, }, }, ), ], to: With( With { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 28, column: 21, }, end: Position { line: 28, column: 24, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "types", span: Span { start: Position { line: 28, column: 25, }, end: Position { line: 28, column: 30, }, }, }, ), ], default: None, }, ), target: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "nullOr", span: Span { start: Position { line: 28, column: 32, }, end: Position { line: 28, column: 38, }, }, }, ), arguments: [ Identifier( Identifier { id: "str", span: Span { start: Position { line: 28, column: 39, }, end: Position { line: 28, column: 42, }, }, }, ), ], }, ), span: Span { start: Position { line: 28, column: 16, }, end: Position { line: 28, column: 42, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 29, column: 9, }, end: Position { line: 29, column: 16, }, }, }, ), ], to: Identifier( Identifier { id: "name", span: Span { start: Position { line: 29, column: 19, }, end: Position { line: 29, column: 23, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 30, column: 9, }, end: Position { line: 30, column: 20, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 30, column: 23, }, end: Position { line: 30, column: 26, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 30, column: 27, }, end: Position { line: 30, column: 32, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "The name of the wrapper program. Defaults to the attribute name.\n", span: Span { start: Position { line: 31, column: 1, }, end: Position { line: 32, column: 9, }, }, }, ), ], span: Span { start: Position { line: 30, column: 33, }, end: Position { line: 32, column: 11, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 28, column: 7, }, end: Position { line: 33, column: 8, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "options", span: Span { start: Position { line: 34, column: 5, }, end: Position { line: 34, column: 12, }, }, }, ), Raw( PartRaw { content: "owner", span: Span { start: Position { line: 34, column: 13, }, end: Position { line: 34, column: 18, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 34, column: 21, }, end: Position { line: 34, column: 24, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mkOption", span: Span { start: Position { line: 34, column: 25, }, end: Position { line: 34, column: 33, }, }, }, ), ], default: None, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 35, column: 9, }, end: Position { line: 35, column: 13, }, }, }, ), ], to: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 35, column: 16, }, end: Position { line: 35, column: 19, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "types", span: Span { start: Position { line: 35, column: 20, }, end: Position { line: 35, column: 25, }, }, }, ), Raw( PartRaw { content: "str", span: Span { start: Position { line: 35, column: 26, }, end: Position { line: 35, column: 29, }, }, }, ), ], default: None, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 36, column: 9, }, end: Position { line: 36, column: 20, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 36, column: 23, }, end: Position { line: 36, column: 26, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 36, column: 27, }, end: Position { line: 36, column: 32, }, }, }, ), ], default: None, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: "The owner of the wrapper program.", span: Span { start: Position { line: 36, column: 34, }, end: Position { line: 36, column: 67, }, }, }, ), ], span: Span { start: Position { line: 36, column: 33, }, end: Position { line: 36, column: 68, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 35, column: 7, }, end: Position { line: 37, column: 8, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "options", span: Span { start: Position { line: 38, column: 5, }, end: Position { line: 38, column: 12, }, }, }, ), Raw( PartRaw { content: "group", span: Span { start: Position { line: 38, column: 13, }, end: Position { line: 38, column: 18, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 38, column: 21, }, end: Position { line: 38, column: 24, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mkOption", span: Span { start: Position { line: 38, column: 25, }, end: Position { line: 38, column: 33, }, }, }, ), ], default: None, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 39, column: 9, }, end: Position { line: 39, column: 13, }, }, }, ), ], to: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 39, column: 16, }, end: Position { line: 39, column: 19, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "types", span: Span { start: Position { line: 39, column: 20, }, end: Position { line: 39, column: 25, }, }, }, ), Raw( PartRaw { content: "str", span: Span { start: Position { line: 39, column: 26, }, end: Position { line: 39, column: 29, }, }, }, ), ], default: None, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 40, column: 9, }, end: Position { line: 40, column: 20, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 40, column: 23, }, end: Position { line: 40, column: 26, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 40, column: 27, }, end: Position { line: 40, column: 32, }, }, }, ), ], default: None, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: "The group of the wrapper program.", span: Span { start: Position { line: 40, column: 34, }, end: Position { line: 40, column: 67, }, }, }, ), ], span: Span { start: Position { line: 40, column: 33, }, end: Position { line: 40, column: 68, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 39, column: 7, }, end: Position { line: 41, column: 8, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "options", span: Span { start: Position { line: 42, column: 5, }, end: Position { line: 42, column: 12, }, }, }, ), Raw( PartRaw { content: "permissions", span: Span { start: Position { line: 42, column: 13, }, end: Position { line: 42, column: 24, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 42, column: 27, }, end: Position { line: 42, column: 30, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mkOption", span: Span { start: Position { line: 42, column: 31, }, end: Position { line: 42, column: 39, }, }, }, ), ], default: None, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 43, column: 9, }, end: Position { line: 43, column: 13, }, }, }, ), ], to: Identifier( Identifier { id: "fileModeType", span: Span { start: Position { line: 43, column: 16, }, end: Position { line: 43, column: 28, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 44, column: 9, }, end: Position { line: 44, column: 16, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "u+rx,g+x,o+x", span: Span { start: Position { line: 44, column: 21, }, end: Position { line: 44, column: 33, }, }, }, ), ], span: Span { start: Position { line: 44, column: 20, }, end: Position { line: 44, column: 34, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "example", span: Span { start: Position { line: 45, column: 9, }, end: Position { line: 45, column: 16, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "a+rx", span: Span { start: Position { line: 45, column: 20, }, end: Position { line: 45, column: 24, }, }, }, ), ], span: Span { start: Position { line: 45, column: 19, }, end: Position { line: 45, column: 25, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 46, column: 9, }, end: Position { line: 46, column: 20, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 46, column: 23, }, end: Position { line: 46, column: 26, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 46, column: 27, }, end: Position { line: 46, column: 32, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "The permissions of the wrapper program. The format is that of a\nsymbolic or numeric file mode understood by {command}`chmod`.\n", span: Span { start: Position { line: 47, column: 1, }, end: Position { line: 49, column: 9, }, }, }, ), ], span: Span { start: Position { line: 46, column: 33, }, end: Position { line: 49, column: 11, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 43, column: 7, }, end: Position { line: 50, column: 8, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "options", span: Span { start: Position { line: 51, column: 5, }, end: Position { line: 51, column: 12, }, }, }, ), Raw( PartRaw { content: "capabilities", span: Span { start: Position { line: 51, column: 13, }, end: Position { line: 51, column: 25, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 51, column: 28, }, end: Position { line: 51, column: 31, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mkOption", span: Span { start: Position { line: 51, column: 32, }, end: Position { line: 51, column: 40, }, }, }, ), ], default: None, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 52, column: 9, }, end: Position { line: 52, column: 13, }, }, }, ), ], to: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 52, column: 16, }, end: Position { line: 52, column: 19, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "types", span: Span { start: Position { line: 52, column: 20, }, end: Position { line: 52, column: 25, }, }, }, ), Raw( PartRaw { content: "commas", span: Span { start: Position { line: 52, column: 26, }, end: Position { line: 52, column: 32, }, }, }, ), ], default: None, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 53, column: 9, }, end: Position { line: 53, column: 16, }, }, }, ), ], to: String( String_ { parts: [], span: Span { start: Position { line: 53, column: 19, }, end: Position { line: 53, column: 21, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 54, column: 9, }, end: Position { line: 54, column: 20, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 54, column: 23, }, end: Position { line: 54, column: 26, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 54, column: 27, }, end: Position { line: 54, column: 32, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "A comma-separated list of capability clauses to be given to the\nwrapper program. The format for capability clauses is described in the\n“TEXTUAL REPRESENTATION” section of the {manpage}`cap_from_text(3)`\nmanual page. For a list of capabilities supported by the system, check\nthe {manpage}`capabilities(7)` manual page.\n\n::: {.note}\n`cap_setpcap`, which is required for the wrapper\nprogram to be able to raise caps into the Ambient set is NOT raised\nto the Ambient set so that the real program cannot modify its own\ncapabilities!! This may be too restrictive for cases in which the\nreal program needs cap_setpcap but it at least leans on the side\nsecurity paranoid vs. too relaxed.\n:::\n", span: Span { start: Position { line: 55, column: 1, }, end: Position { line: 69, column: 9, }, }, }, ), ], span: Span { start: Position { line: 54, column: 33, }, end: Position { line: 69, column: 11, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 52, column: 7, }, end: Position { line: 70, column: 8, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "options", span: Span { start: Position { line: 71, column: 5, }, end: Position { line: 71, column: 12, }, }, }, ), Raw( PartRaw { content: "setuid", span: Span { start: Position { line: 71, column: 13, }, end: Position { line: 71, column: 19, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 71, column: 22, }, end: Position { line: 71, column: 25, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mkOption", span: Span { start: Position { line: 71, column: 26, }, end: Position { line: 71, column: 34, }, }, }, ), ], default: None, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 72, column: 9, }, end: Position { line: 72, column: 13, }, }, }, ), ], to: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 72, column: 16, }, end: Position { line: 72, column: 19, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "types", span: Span { start: Position { line: 72, column: 20, }, end: Position { line: 72, column: 25, }, }, }, ), Raw( PartRaw { content: "bool", span: Span { start: Position { line: 72, column: 26, }, end: Position { line: 72, column: 30, }, }, }, ), ], default: None, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 73, column: 9, }, end: Position { line: 73, column: 16, }, }, }, ), ], to: Identifier( Identifier { id: "false", span: Span { start: Position { line: 73, column: 19, }, end: Position { line: 73, column: 24, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 74, column: 9, }, end: Position { line: 74, column: 20, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 74, column: 23, }, end: Position { line: 74, column: 26, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 74, column: 27, }, end: Position { line: 74, column: 32, }, }, }, ), ], default: None, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: "Whether to add the setuid bit the wrapper program.", span: Span { start: Position { line: 74, column: 34, }, end: Position { line: 74, column: 84, }, }, }, ), ], span: Span { start: Position { line: 74, column: 33, }, end: Position { line: 74, column: 85, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 72, column: 7, }, end: Position { line: 75, column: 8, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "options", span: Span { start: Position { line: 76, column: 5, }, end: Position { line: 76, column: 12, }, }, }, ), Raw( PartRaw { content: "setgid", span: Span { start: Position { line: 76, column: 13, }, end: Position { line: 76, column: 19, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 76, column: 22, }, end: Position { line: 76, column: 25, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mkOption", span: Span { start: Position { line: 76, column: 26, }, end: Position { line: 76, column: 34, }, }, }, ), ], default: None, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 77, column: 9, }, end: Position { line: 77, column: 13, }, }, }, ), ], to: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 77, column: 16, }, end: Position { line: 77, column: 19, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "types", span: Span { start: Position { line: 77, column: 20, }, end: Position { line: 77, column: 25, }, }, }, ), Raw( PartRaw { content: "bool", span: Span { start: Position { line: 77, column: 26, }, end: Position { line: 77, column: 30, }, }, }, ), ], default: None, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 78, column: 9, }, end: Position { line: 78, column: 16, }, }, }, ), ], to: Identifier( Identifier { id: "false", span: Span { start: Position { line: 78, column: 19, }, end: Position { line: 78, column: 24, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 79, column: 9, }, end: Position { line: 79, column: 20, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 79, column: 23, }, end: Position { line: 79, column: 26, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 79, column: 27, }, end: Position { line: 79, column: 32, }, }, }, ), ], default: None, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: "Whether to add the setgid bit the wrapper program.", span: Span { start: Position { line: 79, column: 34, }, end: Position { line: 79, column: 84, }, }, }, ), ], span: Span { start: Position { line: 79, column: 33, }, end: Position { line: 79, column: 85, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 77, column: 7, }, end: Position { line: 80, column: 8, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 22, column: 61, }, end: Position { line: 81, column: 4, }, }, }, ), span: Span { start: Position { line: 22, column: 38, }, end: Position { line: 81, column: 4, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "mkSetcapProgram", span: Span { start: Position { line: 84, column: 3, }, end: Position { line: 84, column: 18, }, }, }, ), ], to: Function( Function { head: Destructured( FunctionHeadDestructured { ellipsis: true, identifier: None, arguments: [ FunctionHeadDestructuredArgument { identifier: "program", default: None, }, FunctionHeadDestructuredArgument { identifier: "capabilities", default: None, }, FunctionHeadDestructuredArgument { identifier: "source", default: None, }, FunctionHeadDestructuredArgument { identifier: "owner", default: None, }, FunctionHeadDestructuredArgument { identifier: "group", default: None, }, FunctionHeadDestructuredArgument { identifier: "permissions", default: None, }, ], }, ), body: IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "cp ", span: Span { start: Position { line: 94, column: 1, }, end: Position { line: 94, column: 10, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "securityWrapper", span: Span { start: Position { line: 94, column: 12, }, end: Position { line: 94, column: 27, }, }, }, ), }, ), Raw( PartRaw { content: "/bin/security-wrapper \"$wrapperDir/", span: Span { start: Position { line: 94, column: 1, }, end: Position { line: 94, column: 63, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "program", span: Span { start: Position { line: 94, column: 65, }, end: Position { line: 94, column: 72, }, }, }, ), }, ), Raw( PartRaw { content: "\"\necho -n \"", span: Span { start: Position { line: 94, column: 1, }, end: Position { line: 95, column: 16, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "source", span: Span { start: Position { line: 95, column: 18, }, end: Position { line: 95, column: 24, }, }, }, ), }, ), Raw( PartRaw { content: "\" > \"$wrapperDir/", span: Span { start: Position { line: 94, column: 1, }, end: Position { line: 95, column: 42, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "program", span: Span { start: Position { line: 95, column: 44, }, end: Position { line: 95, column: 51, }, }, }, ), }, ), Raw( PartRaw { content: ".real\"\n\n# Prevent races\nchmod 0000 \"$wrapperDir/", span: Span { start: Position { line: 94, column: 1, }, end: Position { line: 98, column: 31, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "program", span: Span { start: Position { line: 98, column: 33, }, end: Position { line: 98, column: 40, }, }, }, ), }, ), Raw( PartRaw { content: "\"\nchown ", span: Span { start: Position { line: 94, column: 1, }, end: Position { line: 99, column: 13, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "owner", span: Span { start: Position { line: 99, column: 15, }, end: Position { line: 99, column: 20, }, }, }, ), }, ), Raw( PartRaw { content: ":", span: Span { start: Position { line: 94, column: 1, }, end: Position { line: 99, column: 22, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "group", span: Span { start: Position { line: 99, column: 24, }, end: Position { line: 99, column: 29, }, }, }, ), }, ), Raw( PartRaw { content: " \"$wrapperDir/", span: Span { start: Position { line: 94, column: 1, }, end: Position { line: 99, column: 44, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "program", span: Span { start: Position { line: 99, column: 46, }, end: Position { line: 99, column: 53, }, }, }, ), }, ), Raw( PartRaw { content: "\"\n\n# Set desired capabilities on the file plus cap_setpcap so\n# the wrapper program can elevate the capabilities set on\n# its file into the Ambient set.\n", span: Span { start: Position { line: 94, column: 1, }, end: Position { line: 104, column: 7, }, }, }, ), Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 104, column: 9, }, end: Position { line: 104, column: 13, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "libcap", span: Span { start: Position { line: 104, column: 14, }, end: Position { line: 104, column: 20, }, }, }, ), Raw( PartRaw { content: "out", span: Span { start: Position { line: 104, column: 21, }, end: Position { line: 104, column: 24, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: "/bin/setcap \"cap_setpcap,", span: Span { start: Position { line: 94, column: 1, }, end: Position { line: 104, column: 50, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "capabilities", span: Span { start: Position { line: 104, column: 52, }, end: Position { line: 104, column: 64, }, }, }, ), }, ), Raw( PartRaw { content: "\" \"$wrapperDir/", span: Span { start: Position { line: 94, column: 1, }, end: Position { line: 104, column: 80, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "program", span: Span { start: Position { line: 104, column: 82, }, end: Position { line: 104, column: 89, }, }, }, ), }, ), Raw( PartRaw { content: "\"\n\n# Set the executable bit\nchmod ", span: Span { start: Position { line: 94, column: 1, }, end: Position { line: 107, column: 13, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "permissions", span: Span { start: Position { line: 107, column: 15, }, end: Position { line: 107, column: 26, }, }, }, ), }, ), Raw( PartRaw { content: " \"$wrapperDir/", span: Span { start: Position { line: 94, column: 1, }, end: Position { line: 107, column: 41, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "program", span: Span { start: Position { line: 107, column: 43, }, end: Position { line: 107, column: 50, }, }, }, ), }, ), Raw( PartRaw { content: "\"\n", span: Span { start: Position { line: 94, column: 1, }, end: Position { line: 108, column: 5, }, }, }, ), ], span: Span { start: Position { line: 93, column: 5, }, end: Position { line: 108, column: 7, }, }, }, ), span: Span { start: Position { line: 85, column: 5, }, end: Position { line: 108, column: 7, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "mkSetuidProgram", span: Span { start: Position { line: 111, column: 3, }, end: Position { line: 111, column: 18, }, }, }, ), ], to: Function( Function { head: Destructured( FunctionHeadDestructured { ellipsis: true, identifier: None, arguments: [ FunctionHeadDestructuredArgument { identifier: "program", default: None, }, FunctionHeadDestructuredArgument { identifier: "source", default: None, }, FunctionHeadDestructuredArgument { identifier: "owner", default: None, }, FunctionHeadDestructuredArgument { identifier: "group", default: None, }, FunctionHeadDestructuredArgument { identifier: "setuid", default: None, }, FunctionHeadDestructuredArgument { identifier: "setgid", default: None, }, FunctionHeadDestructuredArgument { identifier: "permissions", default: None, }, ], }, ), body: IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "cp ", span: Span { start: Position { line: 122, column: 1, }, end: Position { line: 122, column: 10, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "securityWrapper", span: Span { start: Position { line: 122, column: 12, }, end: Position { line: 122, column: 27, }, }, }, ), }, ), Raw( PartRaw { content: "/bin/security-wrapper \"$wrapperDir/", span: Span { start: Position { line: 122, column: 1, }, end: Position { line: 122, column: 63, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "program", span: Span { start: Position { line: 122, column: 65, }, end: Position { line: 122, column: 72, }, }, }, ), }, ), Raw( PartRaw { content: "\"\necho -n \"", span: Span { start: Position { line: 122, column: 1, }, end: Position { line: 123, column: 16, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "source", span: Span { start: Position { line: 123, column: 18, }, end: Position { line: 123, column: 24, }, }, }, ), }, ), Raw( PartRaw { content: "\" > \"$wrapperDir/", span: Span { start: Position { line: 122, column: 1, }, end: Position { line: 123, column: 42, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "program", span: Span { start: Position { line: 123, column: 44, }, end: Position { line: 123, column: 51, }, }, }, ), }, ), Raw( PartRaw { content: ".real\"\n\n# Prevent races\nchmod 0000 \"$wrapperDir/", span: Span { start: Position { line: 122, column: 1, }, end: Position { line: 126, column: 31, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "program", span: Span { start: Position { line: 126, column: 33, }, end: Position { line: 126, column: 40, }, }, }, ), }, ), Raw( PartRaw { content: "\"\nchown ", span: Span { start: Position { line: 122, column: 1, }, end: Position { line: 127, column: 13, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "owner", span: Span { start: Position { line: 127, column: 15, }, end: Position { line: 127, column: 20, }, }, }, ), }, ), Raw( PartRaw { content: ":", span: Span { start: Position { line: 122, column: 1, }, end: Position { line: 127, column: 22, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "group", span: Span { start: Position { line: 127, column: 24, }, end: Position { line: 127, column: 29, }, }, }, ), }, ), Raw( PartRaw { content: " \"$wrapperDir/", span: Span { start: Position { line: 122, column: 1, }, end: Position { line: 127, column: 44, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "program", span: Span { start: Position { line: 127, column: 46, }, end: Position { line: 127, column: 53, }, }, }, ), }, ), Raw( PartRaw { content: "\"\n\nchmod \"u", span: Span { start: Position { line: 122, column: 1, }, end: Position { line: 129, column: 15, }, }, }, ), Interpolation( PartInterpolation { expression: IfThenElse( IfThenElse { predicate: Identifier( Identifier { id: "setuid", span: Span { start: Position { line: 129, column: 20, }, end: Position { line: 129, column: 26, }, }, }, ), then: String( String_ { parts: [ Raw( PartRaw { content: "+", span: Span { start: Position { line: 129, column: 33, }, end: Position { line: 129, column: 34, }, }, }, ), ], span: Span { start: Position { line: 129, column: 32, }, end: Position { line: 129, column: 35, }, }, }, ), else_: String( String_ { parts: [ Raw( PartRaw { content: "-", span: Span { start: Position { line: 129, column: 42, }, end: Position { line: 129, column: 43, }, }, }, ), ], span: Span { start: Position { line: 129, column: 41, }, end: Position { line: 129, column: 44, }, }, }, ), span: Span { start: Position { line: 129, column: 17, }, end: Position { line: 129, column: 44, }, }, }, ), }, ), Raw( PartRaw { content: "s,g", span: Span { start: Position { line: 122, column: 1, }, end: Position { line: 129, column: 48, }, }, }, ), Interpolation( PartInterpolation { expression: IfThenElse( IfThenElse { predicate: Identifier( Identifier { id: "setgid", span: Span { start: Position { line: 129, column: 53, }, end: Position { line: 129, column: 59, }, }, }, ), then: String( String_ { parts: [ Raw( PartRaw { content: "+", span: Span { start: Position { line: 129, column: 66, }, end: Position { line: 129, column: 67, }, }, }, ), ], span: Span { start: Position { line: 129, column: 65, }, end: Position { line: 129, column: 68, }, }, }, ), else_: String( String_ { parts: [ Raw( PartRaw { content: "-", span: Span { start: Position { line: 129, column: 75, }, end: Position { line: 129, column: 76, }, }, }, ), ], span: Span { start: Position { line: 129, column: 74, }, end: Position { line: 129, column: 77, }, }, }, ), span: Span { start: Position { line: 129, column: 50, }, end: Position { line: 129, column: 77, }, }, }, ), }, ), Raw( PartRaw { content: "s,", span: Span { start: Position { line: 122, column: 1, }, end: Position { line: 129, column: 80, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "permissions", span: Span { start: Position { line: 129, column: 82, }, end: Position { line: 129, column: 93, }, }, }, ), }, ), Raw( PartRaw { content: "\" \"$wrapperDir/", span: Span { start: Position { line: 122, column: 1, }, end: Position { line: 129, column: 109, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "program", span: Span { start: Position { line: 129, column: 111, }, end: Position { line: 129, column: 118, }, }, }, ), }, ), Raw( PartRaw { content: "\"\n", span: Span { start: Position { line: 122, column: 1, }, end: Position { line: 130, column: 5, }, }, }, ), ], span: Span { start: Position { line: 121, column: 5, }, end: Position { line: 130, column: 7, }, }, }, ), span: Span { start: Position { line: 112, column: 5, }, end: Position { line: 130, column: 7, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "mkWrappedPrograms", span: Span { start: Position { line: 132, column: 3, }, end: Position { line: 132, column: 20, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "builtins", span: Span { start: Position { line: 133, column: 5, }, end: Position { line: 133, column: 13, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "map", span: Span { start: Position { line: 133, column: 14, }, end: Position { line: 133, column: 17, }, }, }, ), ], default: None, }, ), arguments: [ Function( Function { head: Simple( FunctionHeadSimple { identifier: "opts", }, ), body: IfThenElse( IfThenElse { predicate: BinaryOperation( BinaryOperation { left: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "opts", span: Span { start: Position { line: 135, column: 12, }, end: Position { line: 135, column: 16, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "capabilities", span: Span { start: Position { line: 135, column: 17, }, end: Position { line: 135, column: 29, }, }, }, ), ], default: None, }, ), operator: NotEqualTo, right: String( String_ { parts: [], span: Span { start: Position { line: 135, column: 33, }, end: Position { line: 135, column: 35, }, }, }, ), }, ), then: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkSetcapProgram", span: Span { start: Position { line: 136, column: 14, }, end: Position { line: 136, column: 29, }, }, }, ), arguments: [ Identifier( Identifier { id: "opts", span: Span { start: Position { line: 136, column: 30, }, end: Position { line: 136, column: 34, }, }, }, ), ], }, ), else_: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkSetuidProgram", span: Span { start: Position { line: 137, column: 14, }, end: Position { line: 137, column: 29, }, }, }, ), arguments: [ Identifier( Identifier { id: "opts", span: Span { start: Position { line: 137, column: 30, }, end: Position { line: 137, column: 34, }, }, }, ), ], }, ), span: Span { start: Position { line: 135, column: 9, }, end: Position { line: 137, column: 34, }, }, }, ), span: Span { start: Position { line: 134, column: 8, }, end: Position { line: 137, column: 34, }, }, }, ), FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 138, column: 10, }, end: Position { line: 138, column: 13, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "attrValues", span: Span { start: Position { line: 138, column: 14, }, end: Position { line: 138, column: 24, }, }, }, ), ], default: None, }, ), arguments: [ Identifier( Identifier { id: "wrappers", span: Span { start: Position { line: 138, column: 25, }, end: Position { line: 138, column: 33, }, }, }, ), ], }, ), ], }, ), }, ), ], target: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "imports", span: Span { start: Position { line: 141, column: 3, }, end: Position { line: 141, column: 10, }, }, }, ), ], to: List( List { elements: [ FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 142, column: 6, }, end: Position { line: 142, column: 9, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mkRemovedOptionModule", span: Span { start: Position { line: 142, column: 10, }, end: Position { line: 142, column: 31, }, }, }, ), ], default: None, }, ), arguments: [ List( List { elements: [ String( String_ { parts: [ Raw( PartRaw { content: "security", span: Span { start: Position { line: 142, column: 35, }, end: Position { line: 142, column: 43, }, }, }, ), ], span: Span { start: Position { line: 142, column: 34, }, end: Position { line: 142, column: 44, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "setuidOwners", span: Span { start: Position { line: 142, column: 46, }, end: Position { line: 142, column: 58, }, }, }, ), ], span: Span { start: Position { line: 142, column: 45, }, end: Position { line: 142, column: 59, }, }, }, ), ], span: Span { start: Position { line: 142, column: 32, }, end: Position { line: 142, column: 61, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "Use security.wrappers instead", span: Span { start: Position { line: 142, column: 63, }, end: Position { line: 142, column: 92, }, }, }, ), ], span: Span { start: Position { line: 142, column: 62, }, end: Position { line: 142, column: 93, }, }, }, ), ], }, ), FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 143, column: 6, }, end: Position { line: 143, column: 9, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mkRemovedOptionModule", span: Span { start: Position { line: 143, column: 10, }, end: Position { line: 143, column: 31, }, }, }, ), ], default: None, }, ), arguments: [ List( List { elements: [ String( String_ { parts: [ Raw( PartRaw { content: "security", span: Span { start: Position { line: 143, column: 35, }, end: Position { line: 143, column: 43, }, }, }, ), ], span: Span { start: Position { line: 143, column: 34, }, end: Position { line: 143, column: 44, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "setuidPrograms", span: Span { start: Position { line: 143, column: 46, }, end: Position { line: 143, column: 60, }, }, }, ), ], span: Span { start: Position { line: 143, column: 45, }, end: Position { line: 143, column: 61, }, }, }, ), ], span: Span { start: Position { line: 143, column: 32, }, end: Position { line: 143, column: 63, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "Use security.wrappers instead", span: Span { start: Position { line: 143, column: 65, }, end: Position { line: 143, column: 94, }, }, }, ), ], span: Span { start: Position { line: 143, column: 64, }, end: Position { line: 143, column: 95, }, }, }, ), ], }, ), ], span: Span { start: Position { line: 141, column: 13, }, end: Position { line: 144, column: 4, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "options", span: Span { start: Position { line: 148, column: 3, }, end: Position { line: 148, column: 10, }, }, }, ), ], to: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "security", span: Span { start: Position { line: 149, column: 5, }, end: Position { line: 149, column: 13, }, }, }, ), Raw( PartRaw { content: "wrappers", span: Span { start: Position { line: 149, column: 14, }, end: Position { line: 149, column: 22, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 149, column: 25, }, end: Position { line: 149, column: 28, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mkOption", span: Span { start: Position { line: 149, column: 29, }, end: Position { line: 149, column: 37, }, }, }, ), ], default: None, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 150, column: 7, }, end: Position { line: 150, column: 11, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 150, column: 14, }, end: Position { line: 150, column: 17, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "types", span: Span { start: Position { line: 150, column: 18, }, end: Position { line: 150, column: 23, }, }, }, ), Raw( PartRaw { content: "attrsOf", span: Span { start: Position { line: 150, column: 24, }, end: Position { line: 150, column: 31, }, }, }, ), ], default: None, }, ), arguments: [ Identifier( Identifier { id: "wrapperType", span: Span { start: Position { line: 150, column: 32, }, end: Position { line: 150, column: 43, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 151, column: 7, }, end: Position { line: 151, column: 14, }, }, }, ), ], to: Map( Map { recursive: false, bindings: [], span: Span { start: Position { line: 151, column: 17, }, end: Position { line: 151, column: 19, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "example", span: Span { start: Position { line: 152, column: 7, }, end: Position { line: 152, column: 14, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 152, column: 17, }, end: Position { line: 152, column: 20, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "literalExpression", span: Span { start: Position { line: 152, column: 21, }, end: Position { line: 152, column: 38, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "{\n # a setuid root program\n doas =\n { setuid = true;\n owner = \"root\";\n group = \"root\";\n source = \"", span: Span { start: Position { line: 154, column: 1, }, end: Position { line: 160, column: 27, }, }, }, ), Raw( PartRaw { content: "$", span: Span { start: Position { line: 154, column: 1, }, end: Position { line: 160, column: 30, }, }, }, ), Raw( PartRaw { content: "{pkgs.doas}/bin/doas\";\n };\n\n # a setgid program\n locate =\n { setgid = true;\n owner = \"root\";\n group = \"mlocate\";\n source = \"", span: Span { start: Position { line: 154, column: 1, }, end: Position { line: 168, column: 27, }, }, }, ), Raw( PartRaw { content: "$", span: Span { start: Position { line: 154, column: 1, }, end: Position { line: 168, column: 30, }, }, }, ), Raw( PartRaw { content: "{pkgs.locate}/bin/locate\";\n };\n\n # a program with the CAP_NET_RAW capability\n ping =\n { owner = \"root\";\n group = \"root\";\n capabilities = \"cap_net_raw+ep\";\n source = \"", span: Span { start: Position { line: 154, column: 1, }, end: Position { line: 176, column: 27, }, }, }, ), Raw( PartRaw { content: "$", span: Span { start: Position { line: 154, column: 1, }, end: Position { line: 176, column: 30, }, }, }, ), Raw( PartRaw { content: "{pkgs.iputils.out}/bin/ping\";\n };\n}\n", span: Span { start: Position { line: 154, column: 1, }, end: Position { line: 179, column: 9, }, }, }, ), ], span: Span { start: Position { line: 153, column: 9, }, end: Position { line: 179, column: 11, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 180, column: 7, }, end: Position { line: 180, column: 18, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 180, column: 21, }, end: Position { line: 180, column: 24, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 180, column: 25, }, end: Position { line: 180, column: 30, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "This option effectively allows adding setuid/setgid bits, capabilities,\nchanging file ownership and permissions of a program without directly\nmodifying it. This works by creating a wrapper program under the\n{option}`security.wrapperDir` directory, which is then added to\nthe shell `PATH`.\n", span: Span { start: Position { line: 181, column: 1, }, end: Position { line: 186, column: 7, }, }, }, ), ], span: Span { start: Position { line: 180, column: 31, }, end: Position { line: 186, column: 9, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 149, column: 38, }, end: Position { line: 187, column: 6, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "security", span: Span { start: Position { line: 189, column: 5, }, end: Position { line: 189, column: 13, }, }, }, ), Raw( PartRaw { content: "wrapperDirSize", span: Span { start: Position { line: 189, column: 14, }, end: Position { line: 189, column: 28, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 189, column: 31, }, end: Position { line: 189, column: 34, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mkOption", span: Span { start: Position { line: 189, column: 35, }, end: Position { line: 189, column: 43, }, }, }, ), ], default: None, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 190, column: 7, }, end: Position { line: 190, column: 14, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "50%", span: Span { start: Position { line: 190, column: 18, }, end: Position { line: 190, column: 21, }, }, }, ), ], span: Span { start: Position { line: 190, column: 17, }, end: Position { line: 190, column: 22, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "example", span: Span { start: Position { line: 191, column: 7, }, end: Position { line: 191, column: 14, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "10G", span: Span { start: Position { line: 191, column: 18, }, end: Position { line: 191, column: 21, }, }, }, ), ], span: Span { start: Position { line: 191, column: 17, }, end: Position { line: 191, column: 22, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 192, column: 7, }, end: Position { line: 192, column: 11, }, }, }, ), ], to: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 192, column: 14, }, end: Position { line: 192, column: 17, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "types", span: Span { start: Position { line: 192, column: 18, }, end: Position { line: 192, column: 23, }, }, }, ), Raw( PartRaw { content: "str", span: Span { start: Position { line: 192, column: 24, }, end: Position { line: 192, column: 27, }, }, }, ), ], default: None, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 193, column: 7, }, end: Position { line: 193, column: 18, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 193, column: 21, }, end: Position { line: 193, column: 24, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 193, column: 25, }, end: Position { line: 193, column: 30, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "Size limit for the /run/wrappers tmpfs. Look at mount(8), tmpfs size option,\nfor the accepted syntax. WARNING: don't set to less than 64MB.\n", span: Span { start: Position { line: 194, column: 1, }, end: Position { line: 196, column: 7, }, }, }, ), ], span: Span { start: Position { line: 193, column: 31, }, end: Position { line: 196, column: 9, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 189, column: 44, }, end: Position { line: 197, column: 6, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "security", span: Span { start: Position { line: 199, column: 5, }, end: Position { line: 199, column: 13, }, }, }, ), Raw( PartRaw { content: "wrapperDir", span: Span { start: Position { line: 199, column: 14, }, end: Position { line: 199, column: 24, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 199, column: 27, }, end: Position { line: 199, column: 30, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mkOption", span: Span { start: Position { line: 199, column: 31, }, end: Position { line: 199, column: 39, }, }, }, ), ], default: None, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 200, column: 7, }, end: Position { line: 200, column: 11, }, }, }, ), ], to: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 200, column: 21, }, end: Position { line: 200, column: 24, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "types", span: Span { start: Position { line: 200, column: 25, }, end: Position { line: 200, column: 30, }, }, }, ), Raw( PartRaw { content: "path", span: Span { start: Position { line: 200, column: 31, }, end: Position { line: 200, column: 35, }, }, }, ), ], default: None, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 201, column: 7, }, end: Position { line: 201, column: 14, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "/run/wrappers/bin", span: Span { start: Position { line: 201, column: 22, }, end: Position { line: 201, column: 39, }, }, }, ), ], span: Span { start: Position { line: 201, column: 21, }, end: Position { line: 201, column: 40, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "internal", span: Span { start: Position { line: 202, column: 7, }, end: Position { line: 202, column: 15, }, }, }, ), ], to: Identifier( Identifier { id: "true", span: Span { start: Position { line: 202, column: 21, }, end: Position { line: 202, column: 25, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 203, column: 7, }, end: Position { line: 203, column: 18, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 203, column: 21, }, end: Position { line: 203, column: 24, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 203, column: 25, }, end: Position { line: 203, column: 30, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "This option defines the path to the wrapper programs. It\nshould not be overriden.\n", span: Span { start: Position { line: 204, column: 1, }, end: Position { line: 206, column: 7, }, }, }, ), ], span: Span { start: Position { line: 203, column: 31, }, end: Position { line: 206, column: 9, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 199, column: 40, }, end: Position { line: 207, column: 6, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 148, column: 13, }, end: Position { line: 208, column: 4, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "config", span: Span { start: Position { line: 211, column: 3, }, end: Position { line: 211, column: 9, }, }, }, ), ], to: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "assertions", span: Span { start: Position { line: 213, column: 5, }, end: Position { line: 213, column: 15, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 213, column: 18, }, end: Position { line: 213, column: 21, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mapAttrsToList", span: Span { start: Position { line: 213, column: 22, }, end: Position { line: 213, column: 36, }, }, }, ), ], default: None, }, ), arguments: [ Function( Function { head: Simple( FunctionHeadSimple { identifier: "name", }, ), body: Function( Function { head: Simple( FunctionHeadSimple { identifier: "opts", }, ), body: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "assertion", span: Span { start: Position { line: 215, column: 11, }, end: Position { line: 215, column: 20, }, }, }, ), ], to: BinaryOperation( BinaryOperation { left: BinaryOperation( BinaryOperation { left: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "opts", span: Span { start: Position { line: 215, column: 23, }, end: Position { line: 215, column: 27, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "setuid", span: Span { start: Position { line: 215, column: 28, }, end: Position { line: 215, column: 34, }, }, }, ), ], default: None, }, ), operator: LogicalOr, right: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "opts", span: Span { start: Position { line: 215, column: 38, }, end: Position { line: 215, column: 42, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "setgid", span: Span { start: Position { line: 215, column: 43, }, end: Position { line: 215, column: 49, }, }, }, ), ], default: None, }, ), }, ), operator: Implication, right: BinaryOperation( BinaryOperation { left: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "opts", span: Span { start: Position { line: 215, column: 53, }, end: Position { line: 215, column: 57, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "capabilities", span: Span { start: Position { line: 215, column: 58, }, end: Position { line: 215, column: 70, }, }, }, ), ], default: None, }, ), operator: EqualTo, right: String( String_ { parts: [], span: Span { start: Position { line: 215, column: 74, }, end: Position { line: 215, column: 76, }, }, }, ), }, ), }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "message", span: Span { start: Position { line: 216, column: 11, }, end: Position { line: 216, column: 18, }, }, }, ), ], to: IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "The security.wrappers.", span: Span { start: Position { line: 217, column: 1, }, end: Position { line: 217, column: 35, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "name", span: Span { start: Position { line: 217, column: 37, }, end: Position { line: 217, column: 41, }, }, }, ), }, ), Raw( PartRaw { content: " wrapper is not valid:\n setuid/setgid and capabilities are mutually exclusive.\n", span: Span { start: Position { line: 217, column: 1, }, end: Position { line: 219, column: 11, }, }, }, ), ], span: Span { start: Position { line: 216, column: 21, }, end: Position { line: 219, column: 13, }, }, }, ), }, ), ], span: Span { start: Position { line: 215, column: 9, }, end: Position { line: 220, column: 10, }, }, }, ), span: Span { start: Position { line: 214, column: 14, }, end: Position { line: 220, column: 10, }, }, }, ), span: Span { start: Position { line: 214, column: 8, }, end: Position { line: 220, column: 10, }, }, }, ), Identifier( Identifier { id: "wrappers", span: Span { start: Position { line: 221, column: 9, }, end: Position { line: 221, column: 17, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "security", span: Span { start: Position { line: 223, column: 5, }, end: Position { line: 223, column: 13, }, }, }, ), Raw( PartRaw { content: "wrappers", span: Span { start: Position { line: 223, column: 14, }, end: Position { line: 223, column: 22, }, }, }, ), ], to: LetIn( LetIn { bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "mkSetuidRoot", span: Span { start: Position { line: 225, column: 9, }, end: Position { line: 225, column: 21, }, }, }, ), ], to: Function( Function { head: Simple( FunctionHeadSimple { identifier: "source", }, ), body: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "setuid", span: Span { start: Position { line: 226, column: 13, }, end: Position { line: 226, column: 19, }, }, }, ), ], to: Identifier( Identifier { id: "true", span: Span { start: Position { line: 226, column: 22, }, end: Position { line: 226, column: 26, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "owner", span: Span { start: Position { line: 227, column: 13, }, end: Position { line: 227, column: 18, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "root", span: Span { start: Position { line: 227, column: 22, }, end: Position { line: 227, column: 26, }, }, }, ), ], span: Span { start: Position { line: 227, column: 21, }, end: Position { line: 227, column: 27, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "group", span: Span { start: Position { line: 228, column: 13, }, end: Position { line: 228, column: 18, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "root", span: Span { start: Position { line: 228, column: 22, }, end: Position { line: 228, column: 26, }, }, }, ), ], span: Span { start: Position { line: 228, column: 21, }, end: Position { line: 228, column: 27, }, }, }, ), }, ), Inherit( BindingInherit { from: None, attributes: [ Raw( PartRaw { content: "source", span: Span { start: Position { line: 229, column: 21, }, end: Position { line: 229, column: 27, }, }, }, ), ], span: Span { start: Position { line: 226, column: 12, }, end: Position { line: 229, column: 28, }, }, }, ), ], span: Span { start: Position { line: 226, column: 11, }, end: Position { line: 230, column: 12, }, }, }, ), span: Span { start: Position { line: 225, column: 24, }, end: Position { line: 230, column: 12, }, }, }, ), }, ), ], target: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "fusermount", span: Span { start: Position { line: 233, column: 9, }, end: Position { line: 233, column: 19, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkSetuidRoot", span: Span { start: Position { line: 233, column: 23, }, end: Position { line: 233, column: 35, }, }, }, ), arguments: [ String( String_ { parts: [ Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 233, column: 39, }, end: Position { line: 233, column: 43, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "fuse", span: Span { start: Position { line: 233, column: 44, }, end: Position { line: 233, column: 48, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: "/bin/fusermount", span: Span { start: Position { line: 233, column: 37, }, end: Position { line: 233, column: 64, }, }, }, ), ], span: Span { start: Position { line: 233, column: 36, }, end: Position { line: 233, column: 65, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "fusermount3", span: Span { start: Position { line: 234, column: 9, }, end: Position { line: 234, column: 20, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkSetuidRoot", span: Span { start: Position { line: 234, column: 23, }, end: Position { line: 234, column: 35, }, }, }, ), arguments: [ String( String_ { parts: [ Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 234, column: 39, }, end: Position { line: 234, column: 43, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "fuse3", span: Span { start: Position { line: 234, column: 44, }, end: Position { line: 234, column: 49, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: "/bin/fusermount3", span: Span { start: Position { line: 234, column: 37, }, end: Position { line: 234, column: 66, }, }, }, ), ], span: Span { start: Position { line: 234, column: 36, }, end: Position { line: 234, column: 67, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "mount", span: Span { start: Position { line: 235, column: 9, }, end: Position { line: 235, column: 14, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkSetuidRoot", span: Span { start: Position { line: 235, column: 18, }, end: Position { line: 235, column: 30, }, }, }, ), arguments: [ String( String_ { parts: [ Interpolation( PartInterpolation { expression: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 235, column: 34, }, end: Position { line: 235, column: 37, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "getBin", span: Span { start: Position { line: 235, column: 38, }, end: Position { line: 235, column: 44, }, }, }, ), ], default: None, }, ), arguments: [ PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 235, column: 45, }, end: Position { line: 235, column: 49, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "util-linux", span: Span { start: Position { line: 235, column: 50, }, end: Position { line: 235, column: 60, }, }, }, ), ], default: None, }, ), ], }, ), }, ), Raw( PartRaw { content: "/bin/mount", span: Span { start: Position { line: 235, column: 32, }, end: Position { line: 235, column: 71, }, }, }, ), ], span: Span { start: Position { line: 235, column: 31, }, end: Position { line: 235, column: 72, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "umount", span: Span { start: Position { line: 236, column: 9, }, end: Position { line: 236, column: 15, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkSetuidRoot", span: Span { start: Position { line: 236, column: 18, }, end: Position { line: 236, column: 30, }, }, }, ), arguments: [ String( String_ { parts: [ Interpolation( PartInterpolation { expression: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 236, column: 34, }, end: Position { line: 236, column: 37, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "getBin", span: Span { start: Position { line: 236, column: 38, }, end: Position { line: 236, column: 44, }, }, }, ), ], default: None, }, ), arguments: [ PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 236, column: 45, }, end: Position { line: 236, column: 49, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "util-linux", span: Span { start: Position { line: 236, column: 50, }, end: Position { line: 236, column: 60, }, }, }, ), ], default: None, }, ), ], }, ), }, ), Raw( PartRaw { content: "/bin/umount", span: Span { start: Position { line: 236, column: 32, }, end: Position { line: 236, column: 72, }, }, }, ), ], span: Span { start: Position { line: 236, column: 31, }, end: Position { line: 236, column: 73, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 232, column: 7, }, end: Position { line: 237, column: 8, }, }, }, ), span: Span { start: Position { line: 224, column: 7, }, end: Position { line: 237, column: 8, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "boot", span: Span { start: Position { line: 239, column: 5, }, end: Position { line: 239, column: 9, }, }, }, ), Raw( PartRaw { content: "specialFileSystems", span: Span { start: Position { line: 239, column: 10, }, end: Position { line: 239, column: 28, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "parentWrapperDir", span: Span { start: Position { line: 239, column: 31, }, end: Position { line: 239, column: 47, }, }, }, ), }, ), ], to: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "fsType", span: Span { start: Position { line: 240, column: 7, }, end: Position { line: 240, column: 13, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "tmpfs", span: Span { start: Position { line: 240, column: 17, }, end: Position { line: 240, column: 22, }, }, }, ), ], span: Span { start: Position { line: 240, column: 16, }, end: Position { line: 240, column: 23, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "options", span: Span { start: Position { line: 241, column: 7, }, end: Position { line: 241, column: 14, }, }, }, ), ], to: List( List { elements: [ String( String_ { parts: [ Raw( PartRaw { content: "nodev", span: Span { start: Position { line: 241, column: 20, }, end: Position { line: 241, column: 25, }, }, }, ), ], span: Span { start: Position { line: 241, column: 19, }, end: Position { line: 241, column: 26, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "mode=755", span: Span { start: Position { line: 241, column: 28, }, end: Position { line: 241, column: 36, }, }, }, ), ], span: Span { start: Position { line: 241, column: 27, }, end: Position { line: 241, column: 37, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "size=", span: Span { start: Position { line: 241, column: 39, }, end: Position { line: 241, column: 77, }, }, }, ), Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "config", span: Span { start: Position { line: 241, column: 46, }, end: Position { line: 241, column: 52, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "security", span: Span { start: Position { line: 241, column: 53, }, end: Position { line: 241, column: 61, }, }, }, ), Raw( PartRaw { content: "wrapperDirSize", span: Span { start: Position { line: 241, column: 62, }, end: Position { line: 241, column: 76, }, }, }, ), ], default: None, }, ), }, ), ], span: Span { start: Position { line: 241, column: 38, }, end: Position { line: 241, column: 78, }, }, }, ), ], span: Span { start: Position { line: 241, column: 17, }, end: Position { line: 241, column: 80, }, }, }, ), }, ), ], span: Span { start: Position { line: 239, column: 51, }, end: Position { line: 242, column: 6, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "environment", span: Span { start: Position { line: 246, column: 5, }, end: Position { line: 246, column: 16, }, }, }, ), Raw( PartRaw { content: "extraInit", span: Span { start: Position { line: 246, column: 17, }, end: Position { line: 246, column: 26, }, }, }, ), ], to: IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "# Wrappers override other bin directories.\nexport PATH=\"", span: Span { start: Position { line: 247, column: 1, }, end: Position { line: 248, column: 20, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "wrapperDir", span: Span { start: Position { line: 248, column: 22, }, end: Position { line: 248, column: 32, }, }, }, ), }, ), Raw( PartRaw { content: ":$PATH\"\n", span: Span { start: Position { line: 247, column: 1, }, end: Position { line: 249, column: 5, }, }, }, ), ], span: Span { start: Position { line: 246, column: 29, }, end: Position { line: 249, column: 7, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "security", span: Span { start: Position { line: 251, column: 5, }, end: Position { line: 251, column: 13, }, }, }, ), Raw( PartRaw { content: "apparmor", span: Span { start: Position { line: 251, column: 14, }, end: Position { line: 251, column: 22, }, }, }, ), Raw( PartRaw { content: "includes", span: Span { start: Position { line: 251, column: 23, }, end: Position { line: 251, column: 31, }, }, }, ), Expression( PartExpression { expression: String( String_ { parts: [ Raw( PartRaw { content: "nixos/security.wrappers", span: Span { start: Position { line: 251, column: 33, }, end: Position { line: 251, column: 56, }, }, }, ), ], span: Span { start: Position { line: 251, column: 32, }, end: Position { line: 251, column: 57, }, }, }, ), }, ), ], to: IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "include \"", span: Span { start: Position { line: 252, column: 1, }, end: Position { line: 252, column: 16, }, }, }, ), Interpolation( PartInterpolation { expression: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 252, column: 18, }, end: Position { line: 252, column: 22, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "apparmorRulesFromClosure", span: Span { start: Position { line: 252, column: 23, }, end: Position { line: 252, column: 47, }, }, }, ), ], default: None, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "name", span: Span { start: Position { line: 252, column: 50, }, end: Position { line: 252, column: 54, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "security.wrappers", span: Span { start: Position { line: 252, column: 56, }, end: Position { line: 252, column: 73, }, }, }, ), ], span: Span { start: Position { line: 252, column: 55, }, end: Position { line: 252, column: 74, }, }, }, ), }, ), ], span: Span { start: Position { line: 252, column: 48, }, end: Position { line: 252, column: 77, }, }, }, ), List( List { elements: [ Identifier( Identifier { id: "securityWrapper", span: Span { start: Position { line: 253, column: 9, }, end: Position { line: 253, column: 24, }, }, }, ), ], span: Span { start: Position { line: 252, column: 78, }, end: Position { line: 254, column: 8, }, }, }, ), ], }, ), }, ), Raw( PartRaw { content: "\"\n", span: Span { start: Position { line: 252, column: 1, }, end: Position { line: 255, column: 5, }, }, }, ), ], span: Span { start: Position { line: 251, column: 60, }, end: Position { line: 255, column: 7, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "system", span: Span { start: Position { line: 258, column: 5, }, end: Position { line: 258, column: 11, }, }, }, ), Raw( PartRaw { content: "activationScripts", span: Span { start: Position { line: 258, column: 12, }, end: Position { line: 258, column: 29, }, }, }, ), Raw( PartRaw { content: "wrappers", span: Span { start: Position { line: 258, column: 30, }, end: Position { line: 258, column: 38, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 259, column: 7, }, end: Position { line: 259, column: 10, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "stringAfter", span: Span { start: Position { line: 259, column: 11, }, end: Position { line: 259, column: 22, }, }, }, ), ], default: None, }, ), arguments: [ List( List { elements: [ String( String_ { parts: [ Raw( PartRaw { content: "specialfs", span: Span { start: Position { line: 259, column: 26, }, end: Position { line: 259, column: 35, }, }, }, ), ], span: Span { start: Position { line: 259, column: 25, }, end: Position { line: 259, column: 36, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "users", span: Span { start: Position { line: 259, column: 38, }, end: Position { line: 259, column: 43, }, }, }, ), ], span: Span { start: Position { line: 259, column: 37, }, end: Position { line: 259, column: 44, }, }, }, ), ], span: Span { start: Position { line: 259, column: 23, }, end: Position { line: 259, column: 46, }, }, }, ), IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "chmod 755 \"", span: Span { start: Position { line: 261, column: 1, }, end: Position { line: 261, column: 22, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "parentWrapperDir", span: Span { start: Position { line: 261, column: 24, }, end: Position { line: 261, column: 40, }, }, }, ), }, ), Raw( PartRaw { content: "\"\n\n# We want to place the tmpdirs for the wrappers to the parent dir.\nwrapperDir=$(mktemp --directory --tmpdir=\"", span: Span { start: Position { line: 261, column: 1, }, end: Position { line: 264, column: 53, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "parentWrapperDir", span: Span { start: Position { line: 264, column: 55, }, end: Position { line: 264, column: 71, }, }, }, ), }, ), Raw( PartRaw { content: "\" wrappers.XXXXXXXXXX)\nchmod a+rx \"$wrapperDir\"\n\n", span: Span { start: Position { line: 261, column: 1, }, end: Position { line: 267, column: 11, }, }, }, ), Interpolation( PartInterpolation { expression: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 267, column: 13, }, end: Position { line: 267, column: 16, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "concatStringsSep", span: Span { start: Position { line: 267, column: 17, }, end: Position { line: 267, column: 33, }, }, }, ), ], default: None, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: "\n", span: Span { start: Position { line: 267, column: 35, }, end: Position { line: 267, column: 37, }, }, }, ), ], span: Span { start: Position { line: 267, column: 34, }, end: Position { line: 267, column: 38, }, }, }, ), Identifier( Identifier { id: "mkWrappedPrograms", span: Span { start: Position { line: 267, column: 39, }, end: Position { line: 267, column: 56, }, }, }, ), ], }, ), }, ), Raw( PartRaw { content: "\n\nif [ -L ", span: Span { start: Position { line: 261, column: 1, }, end: Position { line: 269, column: 19, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "wrapperDir", span: Span { start: Position { line: 269, column: 21, }, end: Position { line: 269, column: 31, }, }, }, ), }, ), Raw( PartRaw { content: " ]; then\n # Atomically replace the symlink\n # See https://axialcorps.com/2013/07/03/atomically-replacing-files-and-directories/\n old=$(readlink -f ", span: Span { start: Position { line: 261, column: 1, }, end: Position { line: 272, column: 31, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "wrapperDir", span: Span { start: Position { line: 272, column: 33, }, end: Position { line: 272, column: 43, }, }, }, ), }, ), Raw( PartRaw { content: ")\n if [ -e \"", span: Span { start: Position { line: 261, column: 1, }, end: Position { line: 273, column: 22, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "wrapperDir", span: Span { start: Position { line: 273, column: 24, }, end: Position { line: 273, column: 34, }, }, }, ), }, ), Raw( PartRaw { content: "-tmp\" ]; then\n rm --force --recursive \"", span: Span { start: Position { line: 261, column: 1, }, end: Position { line: 274, column: 39, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "wrapperDir", span: Span { start: Position { line: 274, column: 41, }, end: Position { line: 274, column: 51, }, }, }, ), }, ), Raw( PartRaw { content: "-tmp\"\n fi\n ln --symbolic --force --no-dereference \"$wrapperDir\" \"", span: Span { start: Position { line: 261, column: 1, }, end: Position { line: 276, column: 67, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "wrapperDir", span: Span { start: Position { line: 276, column: 69, }, end: Position { line: 276, column: 79, }, }, }, ), }, ), Raw( PartRaw { content: "-tmp\"\n mv --no-target-directory \"", span: Span { start: Position { line: 261, column: 1, }, end: Position { line: 277, column: 39, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "wrapperDir", span: Span { start: Position { line: 277, column: 41, }, end: Position { line: 277, column: 51, }, }, }, ), }, ), Raw( PartRaw { content: "-tmp\" \"", span: Span { start: Position { line: 261, column: 1, }, end: Position { line: 277, column: 59, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "wrapperDir", span: Span { start: Position { line: 277, column: 61, }, end: Position { line: 277, column: 71, }, }, }, ), }, ), Raw( PartRaw { content: "\"\n rm --force --recursive \"$old\"\nelse\n # For initial setup\n ln --symbolic \"$wrapperDir\" \"", span: Span { start: Position { line: 261, column: 1, }, end: Position { line: 281, column: 42, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "wrapperDir", span: Span { start: Position { line: 281, column: 44, }, end: Position { line: 281, column: 54, }, }, }, ), }, ), Raw( PartRaw { content: "\"\nfi\n", span: Span { start: Position { line: 261, column: 1, }, end: Position { line: 283, column: 9, }, }, }, ), ], span: Span { start: Position { line: 260, column: 9, }, end: Position { line: 283, column: 11, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "system", span: Span { start: Position { line: 286, column: 5, }, end: Position { line: 286, column: 11, }, }, }, ), Raw( PartRaw { content: "extraDependencies", span: Span { start: Position { line: 286, column: 12, }, end: Position { line: 286, column: 29, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 286, column: 32, }, end: Position { line: 286, column: 35, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "singleton", span: Span { start: Position { line: 286, column: 36, }, end: Position { line: 286, column: 45, }, }, }, ), ], default: None, }, ), arguments: [ FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 286, column: 47, }, end: Position { line: 286, column: 51, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "runCommandLocal", span: Span { start: Position { line: 286, column: 52, }, end: Position { line: 286, column: 67, }, }, }, ), ], default: None, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: "ensure-all-wrappers-paths-exist", span: Span { start: Position { line: 287, column: 8, }, end: Position { line: 287, column: 39, }, }, }, ), ], span: Span { start: Position { line: 287, column: 7, }, end: Position { line: 287, column: 40, }, }, }, ), Map( Map { recursive: false, bindings: [], span: Span { start: Position { line: 287, column: 41, }, end: Position { line: 287, column: 44, }, }, }, ), IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "# make sure we produce output\nmkdir -p $out\n\necho -n \"Checking that Nix store paths of all wrapped programs exist... \"\n\ndeclare -A wrappers\n", span: Span { start: Position { line: 289, column: 1, }, end: Position { line: 295, column: 9, }, }, }, ), Interpolation( PartInterpolation { expression: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 295, column: 11, }, end: Position { line: 295, column: 14, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "concatStringsSep", span: Span { start: Position { line: 295, column: 15, }, end: Position { line: 295, column: 31, }, }, }, ), ], default: None, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: "\n", span: Span { start: Position { line: 295, column: 33, }, end: Position { line: 295, column: 35, }, }, }, ), ], span: Span { start: Position { line: 295, column: 32, }, end: Position { line: 295, column: 36, }, }, }, ), FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 295, column: 38, }, end: Position { line: 295, column: 41, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mapAttrsToList", span: Span { start: Position { line: 295, column: 42, }, end: Position { line: 295, column: 56, }, }, }, ), ], default: None, }, ), arguments: [ Function( Function { head: Simple( FunctionHeadSimple { identifier: "n", }, ), body: Function( Function { head: Simple( FunctionHeadSimple { identifier: "v", }, ), body: String( String_ { parts: [ Raw( PartRaw { content: "wrappers['", span: Span { start: Position { line: 296, column: 12, }, end: Position { line: 296, column: 26, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "n", span: Span { start: Position { line: 296, column: 24, }, end: Position { line: 296, column: 25, }, }, }, ), }, ), Raw( PartRaw { content: "']='", span: Span { start: Position { line: 296, column: 12, }, end: Position { line: 296, column: 30, }, }, }, ), Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "v", span: Span { start: Position { line: 296, column: 32, }, end: Position { line: 296, column: 33, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "source", span: Span { start: Position { line: 296, column: 34, }, end: Position { line: 296, column: 40, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: "'", span: Span { start: Position { line: 296, column: 12, }, end: Position { line: 296, column: 42, }, }, }, ), ], span: Span { start: Position { line: 296, column: 11, }, end: Position { line: 296, column: 43, }, }, }, ), span: Span { start: Position { line: 295, column: 61, }, end: Position { line: 296, column: 43, }, }, }, ), span: Span { start: Position { line: 295, column: 58, }, end: Position { line: 296, column: 43, }, }, }, ), Identifier( Identifier { id: "wrappers", span: Span { start: Position { line: 296, column: 45, }, end: Position { line: 296, column: 53, }, }, }, ), ], }, ), ], }, ), }, ), Raw( PartRaw { content: "\n\nfor name in \"", span: Span { start: Position { line: 289, column: 1, }, end: Position { line: 298, column: 22, }, }, }, ), Raw( PartRaw { content: "$", span: Span { start: Position { line: 289, column: 1, }, end: Position { line: 298, column: 25, }, }, }, ), Raw( PartRaw { content: "{!wrappers[@]}\"; do\n path=\"", span: Span { start: Position { line: 289, column: 1, }, end: Position { line: 299, column: 17, }, }, }, ), Raw( PartRaw { content: "$", span: Span { start: Position { line: 289, column: 1, }, end: Position { line: 299, column: 20, }, }, }, ), Raw( PartRaw { content: "{wrappers[$name]}\"\n if [[ \"$path\" =~ /nix/store ]] && [ ! -e \"$path\" ]; then\n test -t 1 && echo -ne '\\033[1;31m'\n echo \"FAIL\"\n echo \"The path $path does not exist!\"\n echo 'Please, check the value of `security.wrappers.\"", span: Span { start: Position { line: 289, column: 1, }, end: Position { line: 304, column: 66, }, }, }, ), Raw( PartRaw { content: "'", span: Span { start: Position { line: 289, column: 1, }, end: Position { line: 304, column: 67, }, }, }, ), Raw( PartRaw { content: "$name'\".source`.'\n test -t 1 && echo -ne '\\033[0m'\n exit 1\n fi\ndone\n\necho \"OK\"\n", span: Span { start: Position { line: 289, column: 1, }, end: Position { line: 311, column: 7, }, }, }, ), ], span: Span { start: Position { line: 288, column: 7, }, end: Position { line: 311, column: 9, }, }, }, ), ], }, ), ], }, ), }, ), ], span: Span { start: Position { line: 211, column: 12, }, end: Position { line: 312, column: 4, }, }, }, ), }, ), ], span: Span { start: Position { line: 140, column: 1, }, end: Position { line: 313, column: 2, }, }, }, ), span: Span { start: Position { line: 2, column: 1, }, end: Position { line: 313, column: 2, }, }, }, ), span: Span { start: Position { line: 1, column: 1, }, end: Position { line: 313, column: 2, }, }, }, )