From 0eecbcffc4529c1d44a4916a5ce451e33d6804ab Mon Sep 17 00:00:00 2001
From: Ben Grande <ben.grande.b@gmail.com>
Date: Wed, 3 Jan 2024 14:30:40 +0100
Subject: [PATCH] fix: unconfined qfile-unpacker

Upstream-commit: 0648b2329f0d142a2e24ecf376b28603fb04abb4
---
 .../qubes-builder/files/admin/policy/default.policy |  3 ++-
 .../files/server/rpc/qubesbuilder.FileCopyIn        | 13 ++++++++++---
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/salt/qubes-builder/files/admin/policy/default.policy b/salt/qubes-builder/files/admin/policy/default.policy
index a0d669c..1051544 100644
--- a/salt/qubes-builder/files/admin/policy/default.policy
+++ b/salt/qubes-builder/files/admin/policy/default.policy
@@ -1,6 +1,7 @@
+# SPDX-FileCopyrightText: 2023 The Qubes OS Project <https://www.qubes-os.org>
 # SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 #
-# SPDX-License-Identifier: AGPL-3.0-or-later
+# SPDX-License-Identifier: GPL-2.0-only
 
 ## Do not modify this file, create a new policy with with a lower number in the
 ## file name instead. For example `30-user.policy`.
diff --git a/salt/qubes-builder/files/server/rpc/qubesbuilder.FileCopyIn b/salt/qubes-builder/files/server/rpc/qubesbuilder.FileCopyIn
index 8fbab7b..5cd1475 100755
--- a/salt/qubes-builder/files/server/rpc/qubesbuilder.FileCopyIn
+++ b/salt/qubes-builder/files/server/rpc/qubesbuilder.FileCopyIn
@@ -1,4 +1,4 @@
-#!/usr/bin/bash
+#!/usr/bin/sh
 
 # SPDX-FileCopyrightText: 2022 - 2023 The Qubes OS Project <https://www.qubes-os.org>
 #
@@ -7,5 +7,12 @@
 set -e
 
 sudo bash -c "mkdir -p /builder/incoming && chown -R user:user /builder"
-id="$(id -u user)"
-exec /usr/lib/qubes/qfile-unpacker "${id}" "/builder/incoming"
+
+id=$(id -u user)
+
+if test -x /usr/lib/qubes/qfile-unpacker; then
+  # shellcheck disable=SC2123
+  PATH="${PATH+"$PATH:"}/usr/lib/qubes"
+fi
+
+exec qfile-unpacker "$id" "/builder/incoming"