From 5d959b33c5a75f3053280a8a34c711f964437766 Mon Sep 17 00:00:00 2001
From: John Soo <john.soo@arista.com>
Date: Tue, 30 Nov 2021 14:52:51 -0800
Subject: [PATCH] Use KeepAlive.PathState instead of wait4path.

This allows the spawning program to be the nix-daemon instead of
/bin/sh.  That means that the Full Disk Access permission can be only
for the nix-daemon.
---
 misc/launchd/org.nixos.nix-daemon.plist.in | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/misc/launchd/org.nixos.nix-daemon.plist.in b/misc/launchd/org.nixos.nix-daemon.plist.in
index f1b439840..7fec653e0 100644
--- a/misc/launchd/org.nixos.nix-daemon.plist.in
+++ b/misc/launchd/org.nixos.nix-daemon.plist.in
@@ -12,14 +12,18 @@
     <key>Label</key>
     <string>org.nixos.nix-daemon</string>
     <key>KeepAlive</key>
-    <true/>
+    <dict>
+      <key>PathState</key>
+      <dict>
+        <key>/nix/var/nix/profiles/default/bin/nix-daemon</key>
+        <true/>
+      </dict>
+    </dict>
     <key>RunAtLoad</key>
     <true/>
     <key>ProgramArguments</key>
     <array>
-      <string>/bin/sh</string>
-      <string>-c</string>
-      <string>/bin/wait4path /nix/var/nix/profiles/default/bin/nix-daemon &amp;&amp; exec /nix/var/nix/profiles/default/bin/nix-daemon</string>
+      <string>/nix/var/nix/profiles/default/bin/nix-daemon</string>
     </array>
     <key>StandardErrorPath</key>
     <string>/var/log/nix-daemon.log</string>