From 0ded70f37d47579ca058f2f4ca27335129a96e25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Wed, 11 Sep 2013 22:36:50 +0200 Subject: [PATCH] =?UTF-8?q?gnu:=20Move=20helper=20code=20to=20(gnu=20syste?= =?UTF-8?q?m=20=E2=80=A6)=20modules.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/grub.scm (, grub-configuration-file): Move to... * gnu/system/grub.scm: ... here. New file. * gnu/packages/linux.scm (, , pam-service->configuration, pam-service->directory, %pam-other-services, unix-pam-service): Move to... * gnu/system/linux.scm: ... here. New file. * gnu/system/vm.scm (passwd-file): Move to... * gnu/system/shadow.scm: ... here. New file. * gnu-system.am (GNU_SYSTEM_MODULES): Add gnu/system/{grub,linux,shadow}.scm. --- gnu-system.am | 4 ++ gnu/packages/grub.scm | 62 +----------------- gnu/packages/linux.scm | 118 +-------------------------------- gnu/system/grub.scm | 84 ++++++++++++++++++++++++ gnu/system/linux.scm | 145 +++++++++++++++++++++++++++++++++++++++++ gnu/system/shadow.scm | 57 ++++++++++++++++ gnu/system/vm.scm | 33 ++-------- 7 files changed, 298 insertions(+), 205 deletions(-) create mode 100644 gnu/system/grub.scm create mode 100644 gnu/system/linux.scm create mode 100644 gnu/system/shadow.scm diff --git a/gnu-system.am b/gnu-system.am index a5000bcdfe..d88f6bf4e8 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -179,6 +179,10 @@ GNU_SYSTEM_MODULES = \ gnu/packages/yasm.scm \ gnu/packages/zile.scm \ gnu/packages/zip.scm \ + \ + gnu/system/grub.scm \ + gnu/system/linux.scm \ + gnu/system/shadow.scm \ gnu/system/vm.scm patchdir = $(guilemoduledir)/gnu/packages/patches diff --git a/gnu/packages/grub.scm b/gnu/packages/grub.scm index 71c4fad781..8c981bf88d 100644 --- a/gnu/packages/grub.scm +++ b/gnu/packages/grub.scm @@ -19,9 +19,6 @@ (define-module (gnu packages grub) #:use-module (guix download) #:use-module (guix packages) - #:use-module (guix records) - #:use-module (guix store) - #:use-module (guix derivations) #:use-module ((guix licenses) #:select (gpl3+)) #:use-module (guix build-system gnu) #:use-module (gnu packages) @@ -33,11 +30,7 @@ #:use-module (gnu packages qemu) #:use-module (gnu packages ncurses) #:use-module (gnu packages cdrom) - #:use-module (srfi srfi-1) - #:use-module (ice-9 match) - #:export (menu-entry - menu-entry? - grub-configuration-file)) + #:use-module (srfi srfi-1)) (define qemu-for-tests ;; Newer QEMU versions, such as 1.5.1, no longer support the 'shutdown' @@ -117,56 +110,3 @@ computer starts. It is responsible for loading and transferring control to the operating system kernel software (such as the Hurd or the Linux). The kernel, in turn, initializes the rest of the operating system (e.g., GNU).") (license gpl3+))) - - -;;; -;;; Configuration. -;;; - -(define-record-type* - menu-entry make-menu-entry - menu-entry? - (label menu-entry-label) - (linux menu-entry-linux) - (linux-arguments menu-entry-linux-arguments - (default '())) - (initrd menu-entry-initrd)) - -(define* (grub-configuration-file store entries - #:key (default-entry 1) (timeout 5) - (system (%current-system))) - "Return the GRUB configuration file in STORE for ENTRIES, a list of - objects, defaulting to DEFAULT-ENTRY and with the given TIMEOUT." - (define prologue - (format #f " -set default=~a -set timeout=~a -search.file ~a~%" - default-entry timeout - (any (match-lambda - (($ _ linux) - (let* ((drv (package-derivation store linux system)) - (out (derivation-path->output-path drv))) - (string-append out "/bzImage")))) - entries))) - - (define entry->text - (match-lambda - (($ label linux arguments initrd) - (let ((linux-drv (package-derivation store linux system)) - (initrd-drv (package-derivation store initrd system))) - ;; XXX: Assume that INITRD is a directory containing an 'initrd' file. - (format #f "menuentry ~s { - linux ~a/bzImage ~a - initrd ~a/initrd -}~%" - label - (derivation-path->output-path linux-drv) - (string-join arguments) - (derivation-path->output-path initrd-drv)))))) - - (add-text-to-store store "grub.cfg" - (string-append prologue - (string-concatenate - (map entry->text entries))) - '())) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index a479d791b6..38bff72933 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -32,18 +32,7 @@ #:use-module (gnu packages algebra) #:use-module (guix packages) #:use-module (guix download) - #:use-module (guix build-system gnu) - #:use-module (guix store) - #:use-module (guix derivations) - #:use-module (guix records) - #:use-module (srfi srfi-1) - #:use-module (srfi srfi-26) - #:use-module (ice-9 match) - #:export (pam-service - pam-entry - pam-services->directory - %pam-other-services - unix-pam-service)) + #:use-module (guix build-system gnu)) (define-public (system->linux-architecture arch) "Return the Linux architecture name for ARCH, a Guix system name such as @@ -271,111 +260,6 @@ be used through the PAM API to perform tasks, like authenticating a user at login. Local and dynamic reconfiguration are its key features") (license bsd-3))) -;; PAM services (see -;; .) -(define-record-type* pam-service - make-pam-service - pam-service? - (name pam-service-name) ; string - - ;; The four "management groups". - (account pam-service-account ; list of - (default '())) - (auth pam-service-auth - (default '())) - (password pam-service-password - (default '())) - (session pam-service-session - (default '()))) - -(define-record-type* pam-entry - make-pam-entry - pam-entry? - (control pam-entry-control) ; string - (module pam-entry-module) ; file name - (arguments pam-entry-arguments ; list of strings - (default '()))) - -(define (pam-service->configuration service) - "Return the configuration string for SERVICE, to be dumped in -/etc/pam.d/NAME, where NAME is the name of SERVICE." - (define (entry->string type entry) - (match entry - (($ control module (arguments ...)) - (string-append type " " - control " " module " " - (string-join arguments) - "\n")))) - - (match service - (($ name account auth password session) - (string-concatenate - (append (map (cut entry->string "account" <>) account) - (map (cut entry->string "auth" <>) auth) - (map (cut entry->string "password" <>) password) - (map (cut entry->string "session" <>) session)))))) - -(define (pam-services->directory store services) - "Return the derivation to build the configuration directory to be used as -/etc/pam.d for SERVICES." - (let ((names (map pam-service-name services)) - (files (map (match-lambda - ((and service ($ name)) - (let ((config (pam-service->configuration service))) - (add-text-to-store store - (string-append name ".pam") - config '())))) - services))) - (define builder - '(begin - (use-modules (ice-9 match)) - - (let ((out (assoc-ref %outputs "out"))) - (mkdir out) - (for-each (match-lambda - ((name . file) - (symlink file (string-append out "/" name)))) - %build-inputs) - #t))) - - (build-expression->derivation store "pam.d" (%current-system) - builder - (zip names files)))) - -(define %pam-other-services - ;; The "other" PAM configuration, which denies everything (see - ;; .) - (let ((deny (pam-entry - (control "required") - (module "pam_deny.so")))) - (pam-service - (name "other") - (account (list deny)) - (auth (list deny)) - (password (list deny)) - (session (list deny))))) - -(define unix-pam-service - (let ((unix (pam-entry - (control "required") - (module "pam_unix.so")))) - (lambda* (name #:key allow-empty-passwords?) - "Return a standard Unix-style PAM service for NAME. When -ALLOW-EMPTY-PASSWORDS? is true, allow empty passwords." - ;; See . - (let ((name* name)) - (pam-service - (name name*) - (account (list unix)) - (auth (list (if allow-empty-passwords? - (pam-entry - (control "required") - (module "pam_unix.so") - (arguments '("nullok"))) - unix))) - (password (list unix)) - (session (list unix))))))) - ;;; ;;; Miscellaneous. diff --git a/gnu/system/grub.scm b/gnu/system/grub.scm new file mode 100644 index 0000000000..695a044bfa --- /dev/null +++ b/gnu/system/grub.scm @@ -0,0 +1,84 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2013 Ludovic Courtès +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu system grub) + #:use-module (guix store) + #:use-module (guix packages) + #:use-module (guix derivations) + #:use-module (guix records) + #:use-module (ice-9 match) + #:use-module (srfi srfi-1) + #:export (menu-entry + menu-entry? + grub-configuration-file)) + +;;; Commentary: +;;; +;;; Configuration of GNU GRUB. +;;; +;;; Code: + +(define-record-type* + menu-entry make-menu-entry + menu-entry? + (label menu-entry-label) + (linux menu-entry-linux) + (linux-arguments menu-entry-linux-arguments + (default '())) + (initrd menu-entry-initrd)) + +(define* (grub-configuration-file store entries + #:key (default-entry 1) (timeout 5) + (system (%current-system))) + "Return the GRUB configuration file in STORE for ENTRIES, a list of + objects, defaulting to DEFAULT-ENTRY and with the given TIMEOUT." + (define prologue + (format #f " +set default=~a +set timeout=~a +search.file ~a~%" + default-entry timeout + (any (match-lambda + (($ _ linux) + (let* ((drv (package-derivation store linux system)) + (out (derivation-path->output-path drv))) + (string-append out "/bzImage")))) + entries))) + + (define entry->text + (match-lambda + (($ label linux arguments initrd) + (let ((linux-drv (package-derivation store linux system)) + (initrd-drv (package-derivation store initrd system))) + ;; XXX: Assume that INITRD is a directory containing an 'initrd' file. + (format #f "menuentry ~s { + linux ~a/bzImage ~a + initrd ~a/initrd +}~%" + label + (derivation-path->output-path linux-drv) + (string-join arguments) + (derivation-path->output-path initrd-drv)))))) + + (add-text-to-store store "grub.cfg" + (string-append prologue + (string-concatenate + (map entry->text entries))) + '())) + +;;; grub.scm ends here diff --git a/gnu/system/linux.scm b/gnu/system/linux.scm new file mode 100644 index 0000000000..b2daa13e06 --- /dev/null +++ b/gnu/system/linux.scm @@ -0,0 +1,145 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2013 Ludovic Courtès +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu system linux) + #:use-module (guix store) + #:use-module (guix records) + #:use-module (guix derivations) + #:use-module (ice-9 match) + #:use-module (srfi srfi-1) + #:use-module (srfi srfi-26) + #:use-module ((guix utils) #:select (%current-system)) + #:export (pam-service + pam-entry + pam-services->directory + %pam-other-services + unix-pam-service)) + +;;; Commentary: +;;; +;;; Configuration of Linux-related things, including pluggable authentication +;;; modules (PAM). +;;; +;;; Code: + +;; PAM services (see +;; .) +(define-record-type* pam-service + make-pam-service + pam-service? + (name pam-service-name) ; string + + ;; The four "management groups". + (account pam-service-account ; list of + (default '())) + (auth pam-service-auth + (default '())) + (password pam-service-password + (default '())) + (session pam-service-session + (default '()))) + +(define-record-type* pam-entry + make-pam-entry + pam-entry? + (control pam-entry-control) ; string + (module pam-entry-module) ; file name + (arguments pam-entry-arguments ; list of strings + (default '()))) + +(define (pam-service->configuration service) + "Return the configuration string for SERVICE, to be dumped in +/etc/pam.d/NAME, where NAME is the name of SERVICE." + (define (entry->string type entry) + (match entry + (($ control module (arguments ...)) + (string-append type " " + control " " module " " + (string-join arguments) + "\n")))) + + (match service + (($ name account auth password session) + (string-concatenate + (append (map (cut entry->string "account" <>) account) + (map (cut entry->string "auth" <>) auth) + (map (cut entry->string "password" <>) password) + (map (cut entry->string "session" <>) session)))))) + +(define (pam-services->directory store services) + "Return the derivation to build the configuration directory to be used as +/etc/pam.d for SERVICES." + (let ((names (map pam-service-name services)) + (files (map (match-lambda + ((and service ($ name)) + (let ((config (pam-service->configuration service))) + (add-text-to-store store + (string-append name ".pam") + config '())))) + services))) + (define builder + '(begin + (use-modules (ice-9 match)) + + (let ((out (assoc-ref %outputs "out"))) + (mkdir out) + (for-each (match-lambda + ((name . file) + (symlink file (string-append out "/" name)))) + %build-inputs) + #t))) + + (build-expression->derivation store "pam.d" (%current-system) + builder + (zip names files)))) + +(define %pam-other-services + ;; The "other" PAM configuration, which denies everything (see + ;; .) + (let ((deny (pam-entry + (control "required") + (module "pam_deny.so")))) + (pam-service + (name "other") + (account (list deny)) + (auth (list deny)) + (password (list deny)) + (session (list deny))))) + +(define unix-pam-service + (let ((unix (pam-entry + (control "required") + (module "pam_unix.so")))) + (lambda* (name #:key allow-empty-passwords?) + "Return a standard Unix-style PAM service for NAME. When +ALLOW-EMPTY-PASSWORDS? is true, allow empty passwords." + ;; See . + (let ((name* name)) + (pam-service + (name name*) + (account (list unix)) + (auth (list (if allow-empty-passwords? + (pam-entry + (control "required") + (module "pam_unix.so") + (arguments '("nullok"))) + unix))) + (password (list unix)) + (session (list unix))))))) + +;;; linux.scm ends here diff --git a/gnu/system/shadow.scm b/gnu/system/shadow.scm new file mode 100644 index 0000000000..71f8e0d771 --- /dev/null +++ b/gnu/system/shadow.scm @@ -0,0 +1,57 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2013 Ludovic Courtès +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu system shadow) + #:use-module (guix store) + #:use-module (ice-9 match) + #:export (passwd-file)) + +;;; Commentary: +;;; +;;; Utilities for configuring the Shadow tool suite ('login', 'passwd', etc.) +;;; +;;; Code: + +(define* (passwd-file store accounts #:key shadow?) + "Return a password file for ACCOUNTS, a list of vectors as returned by +'getpwnam'. If SHADOW? is true, then it is a /etc/shadow file, otherwise it +is a /etc/passwd file." + ;; XXX: The resulting file is world-readable, so beware when SHADOW? is #t! + (define contents + (let loop ((accounts accounts) + (result '())) + (match accounts + ((#(name pass uid gid comment home-dir shell) rest ...) + (loop rest + (cons (if shadow? + (string-append name + ":" ; XXX: use (crypt PASS …)? + ":::::::") + (string-append name + ":" "x" + ":" (number->string uid) + ":" (number->string gid) + ":" comment ":" home-dir ":" shell)) + result))) + (() + (string-join (reverse result) "\n" 'suffix))))) + + (add-text-to-store store (if shadow? "shadow" "passwd") + contents '())) + +;;; shadow.scm ends here diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm index 6886e67c21..192ed1d5a3 100644 --- a/gnu/system/vm.scm +++ b/gnu/system/vm.scm @@ -34,9 +34,15 @@ #:use-module ((gnu packages make-bootstrap) #:select (%guile-static-stripped)) #:use-module (gnu packages system) + + #:use-module (gnu system shadow) + #:use-module (gnu system linux) + #:use-module (gnu system grub) + #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) #:use-module (ice-9 match) + #:export (expression->derivation-in-linux-vm qemu-image system-qemu-image)) @@ -346,33 +352,6 @@ It can be used to provide additional files, such as /etc files." ;;; Stand-alone VM image. ;;; -(define* (passwd-file store accounts #:key shadow?) - "Return a password file for ACCOUNTS, a list of vectors as returned by -'getpwnam'. If SHADOW? is true, then it is a /etc/shadow file, otherwise it -is a /etc/passwd file." - ;; XXX: The resulting file is world-readable, so beware when SHADOW? is #t! - (define contents - (let loop ((accounts accounts) - (result '())) - (match accounts - ((#(name pass uid gid comment home-dir shell) rest ...) - (loop rest - (cons (if shadow? - (string-append name - ":" ; XXX: use (crypt PASS …)? - ":::::::") - (string-append name - ":" "x" - ":" (number->string uid) - ":" (number->string gid) - ":" comment ":" home-dir ":" shell)) - result))) - (() - (string-join (reverse result) "\n" 'suffix))))) - - (add-text-to-store store (if shadow? "shadow" "passwd") - contents '())) - (define (system-qemu-image store) "Return the derivation of a QEMU image of the GNU system." (define %pam-services