From 847658395e399d6d4ef21a247dbad02a9c921400 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Fri, 5 Jun 2015 20:22:47 +0200 Subject: [PATCH] system: 'sudoers' is now a file-like object. Partly fixes Reported by Alex Kost . * gnu/system.scm (etc-directory): Change default #:sudoers value to a 'plain-file'. Don't bind it. Remove #~#$. (maybe-string->file): New procedure. (operating-system-etc-directory): Use it. (%sudoers-specification): Use 'plain-file'. * doc/guix.texi (operating-system Reference): Adjust accordingly. --- doc/guix.texi | 3 ++- gnu/system.scm | 32 +++++++++++++++++++++++++------- 2 files changed, 27 insertions(+), 8 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 2082fd765c..ecdfa1b1ce 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -4556,7 +4556,8 @@ List of string-valued G-expressions denoting setuid programs. @item @code{sudoers} (default: @var{%sudoers-specification}) @cindex sudoers -The contents of the @file{/etc/sudoers} file as a string. +The contents of the @file{/etc/sudoers} file as a file-like object +(@pxref{G-Expressions, @code{local-file} and @code{plain-file}}). This file specifies which users can use the @command{sudo} command, what they are allowed to do, and what privileges they may gain. The default diff --git a/gnu/system.scm b/gnu/system.scm index c4a3bee0eb..ede0a6f004 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -25,6 +25,7 @@ #:use-module (guix packages) #:use-module (guix derivations) #:use-module (guix profiles) + #:use-module (guix ui) #:use-module (gnu packages base) #:use-module (gnu packages bash) #:use-module (gnu packages guile) @@ -147,7 +148,7 @@ (setuid-programs operating-system-setuid-programs (default %setuid-programs)) ; list of string-valued gexps - (sudoers operating-system-sudoers ; /etc/sudoers contents + (sudoers operating-system-sudoers ; file-like (default %sudoers-specification))) @@ -439,11 +440,10 @@ on SHELLS. /etc/shells is used by xterm, polkit, and other programs." (pam-services '()) (profile "/run/current-system/profile") hosts-file nss (shells '()) - (sudoers "")) + (sudoers (plain-file "sudoers" ""))) "Return a derivation that builds the static part of the /etc directory." (mlet* %store-monad ((pam.d (pam-services->directory pam-services)) - (sudoers (text-file "sudoers" sudoers)) (login.defs (text-file "login.defs" "# Empty for now.\n")) (shells (shells-file shells)) (emacs (emacs-site-directory)) @@ -540,7 +540,7 @@ fi\n")) ("hosts" ,#~#$hosts-file) ("localtime" ,#~(string-append #$tzdata "/share/zoneinfo/" #$timezone)) - ("sudoers" ,#~#$sudoers))))) + ("sudoers" ,sudoers))))) (define (operating-system-profile os) "Return a derivation that builds the system profile of OS." @@ -570,6 +570,21 @@ fi\n")) (return (append users (append-map service-user-accounts services))))) +(define (maybe-string->file file-name thing) + "If THING is a string, return a with THING as its content. +Otherwise just return THING. + +This is for backward-compatibility of fields that used to be strings and are +now file-like objects.." + (match thing + ((? string?) + (warning (_ "using a string for file '~a' is deprecated; \ +use 'plain-file' instead~%") + file-name) + (plain-file file-name thing)) + (x + x))) + (define (operating-system-etc-directory os) "Return that static part of the /etc directory of OS." (mlet* %store-monad @@ -591,7 +606,9 @@ fi\n")) #:timezone (operating-system-timezone os) #:hosts-file /etc/hosts #:shells shells - #:sudoers (operating-system-sudoers os) + #:sudoers (maybe-string->file + "sudoers" + (operating-system-sudoers os)) #:profile profile-drv))) (define %setuid-programs @@ -608,8 +625,9 @@ fi\n")) ;; group can do anything. See ;; . ;; TODO: Add a declarative API. - "root ALL=(ALL) ALL -%wheel ALL=(ALL) ALL\n") + (plain-file "sudoers" "\ +root ALL=(ALL) ALL +%wheel ALL=(ALL) ALL\n")) (define (user-group->gexp group) "Turn GROUP, a object, into a list-valued gexp suitable for