Revert "k 5 Reaktor: harden sed-plugin"

This reverts commit dbb25f7288.

krebs/5pkgs/Reaktor/plugins.nix

@@ -59,7 +59,7 @@ rec {
   };
 
   sed-plugin = buildSimpleReaktorPlugin "sed-plugin" {
-    path = [ pkgs.gnused pkgs.proot pkgs.python3 ];
+    path = [ pkgs.gnused pkgs.python3 ];
     # only support s///gi the plugin needs to see every msg
     # TODO: this will eat up the last regex, fix Reaktor to support fallthru
     append_rule = true;

krebs/5pkgs/Reaktor/scripts/sed-plugin.py

@@ -34,22 +34,9 @@ if m:
         flagstr = ''
     last = d.get(usr,None)
     if last:
+        #print(re.sub(fn,tn,last,count=count,flags=flags))
         from subprocess import Popen,PIPE
-        import shutil
+        p = Popen(['sed','s/{}/{}/{}'.format(f,t,flagstr)],stdin=PIPE,stdout=PIPE )
-        from os.path import realpath
-        # sed only needs stdin/stdout, we protect state_dir with this
-        # input to read/write arbitrary files:
-        #   s/.\/\/; w /tmp/i       (props to waldi)
-        # conclusion: sed is untrusted and we handle it like this
-        p = Popen(['proot',
-            # '-v','1',
-            '-w','/', # cwd is root
-            '-b','/nix/store', # mount important folders
-            '-b','/usr',
-            '-b','/bin',
-            '-r','/var/empty', # chroot to /var/empty
-            realpath(shutil.which('sed')),
-            's/{}/{}/{}'.format(f,t,flagstr)],stdin=PIPE,stdout=PIPE )
         so,se = p.communicate(bytes("{}\n".format(last),"UTF-8"))
         if p.returncode:
             print("something went wrong when trying to process your regex: {}".format(se.decode()))