Commit Graph

12 Commits

Author SHA1 Message Date
宋文武 9297065a2b system: Make PAM store SHA-512 encrypted passwords in /etc/shadow.
Fixes <http://bugs.gnu.org/21318>.

* gnu/system/linux.scm (unix-pam-service)[password]: Add 'sha512' and
  'shadow' to arguments.
2015-08-24 08:13:32 +08:00
Ludovic Courtès 11dddd8a3e system: Don't compare <pam-service> objects with 'equal?'.
Fixes <http://bugs.gnu.org/20037>.
Reported by 宋文武 <iyzsong@gmail.com> and Tomáš Čech.

* gnu/system.scm (operating-system-etc-directory): Remove call to
  'delete-duplicates'.
* gnu/system/linux.scm (pam-services->directory)[builder]: Add call to
  'delete-duplicates'.
2015-03-10 18:07:48 +01:00
Ludovic Courtès f9d53de105 system: Add default PAM entries for xlock and xscreensaver.
* gnu/system/linux.scm (base-pam-services): Add "xlock" and
  "xscreensaver".
2014-09-12 00:14:52 +02:00
Ludovic Courtès da417ffe3b system: Allow root to use 'groupadd' & co. without authenticating.
This fixes a bug whereby, if #:allow-root-passwords was #f, 'groupadd'
would ask for a password.  This is particularly problematic during
activation.

* gnu/system/linux.scm (rootok-pam-service): New procedure.
  (base-pam-services): Use it for all the user* and group* commands.
2014-07-11 23:20:48 +02:00
Ludovic Courtès ab6a279abb system: Make accounts and groups at activation time.
* gnu/services/base.scm (guix-build-accounts): Remove #:gid parameter;
  add #:group.  Remove 'password' and 'gid' fields in 'user-account'
  form, and add 'group'.
  (guix-service): Remove #:build-user-gid parameter.  Remove 'id' field
  in 'user-group' form.
* gnu/system.scm (etc-directory): Remove #:groups and #:accounts.  No
  longer produce files "passwd", "shadow", and "group".  Adjust caller
  accordingly.
  (%root-account): New variable.
  (operating-system-accounts): Add 'users' variable.  Add %ROOT-ACCOUNT
  only of 'operating-system-users' doesn't already contain a root
  account.
  (user-group->gexp, user-account->gexp): New procedures.
  (operating-system-boot-script): Add calls to 'setenv' and
  'activate-users+groups' in gexp.
* gnu/system/linux.scm (base-pam-services): Add PAM services for
  "user{add,del,mode}" and "group{add,del,mod}".
* gnu/system/shadow.scm (<user-account>)[gid]: Rename to...
  [group]: ... this.
  [supplementary-groups]: New field.
  [uid, password]: Default to #f.
  (<user-group>)[id]: Default to #f.
  (group-file, passwd-file): Remove.
* gnu/system/vm.scm (operating-system-default-contents)[user-directories]:
  Remove.  Add "/home" to the directives.
* guix/build/activation.scm (add-group, add-user,
  activate-users+groups): New procedures.
2014-05-11 22:41:58 +02:00
Ludovic Courtès 696893801c system: Add 'sudo' to the setuid programs, and handle /etc/sudoers.
* gnu/system.scm (<operating-system>)[groups]: Change default to just
  the 'root' group.
  [sudoers]: New field.
  (etc-directory): Add #:sudoers parameter.  Add 'sudoers' to the
  file union.
  (operating-system-etc-directory): Pass #:sudoers to 'etc-directory'.
  (%setuid-programs): Add 'sudo'.
  (%sudoers-specification): New variable.
* gnu/system/linux.scm (base-pam-services): Add 'sudo'.
* build-aux/hydra/demo-os.scm: Add 'groups' field; add 'guest' to the
  'wheel' group.
2014-05-01 22:31:36 +02:00
Ludovic Courtès 09e028f45f system: Add support for setuid binaries.
* gnu/system.scm (<operating-system>)[pam-services, setuid-programs]:
  New fields.
  (etc-directory)[bashrc]: Prepend /run/setuid-programs to $PATH.
  (operating-system-etc-directory): Honor
  'operating-system-pam-services'.
  (%setuid-programs): New variable.
  (operating-system-boot-script): Add (guix build utils) to the set of
  imported modules.  Call 'activate-setuid-programs' in boot script.
* gnu/system/linux.scm (base-pam-services): New procedure.
* guix/build/activation.scm (%setuid-directory): New variable.
  (activate-setuid-programs): New procedure.
* build-aux/hydra/demo-os.scm: Add 'pam-services' field.
2014-04-30 23:16:23 +02:00
Ludovic Courtès b5f4e68635 services: Rewrite using gexps.
* gnu/services.scm (<service>)[inputs]: Remove.
* gnu/system.scm (links): Remove.
  (etc-directory): Add PASSWD and SHADOW to #:inputs.
  (operating-system-boot-script): Pass ETC to 'dmd-configuration-file'.
  (operating-system-derivation): Remove EXTRAS from the union.
* gnu/system/linux.scm (pam-service->configuration): Rewrite in terms of
  'gexp->derivation'.  Compute the contents on the build side.  Expect
  'arguments' to contain a list of gexps.
  (pam-services->directory): Rewrite in terms of 'gexp->derivation'.
  (unix-pam-service): Change 'arguments' to a list of one gexp.
* gnu/system/shadow.scm (<user-account>)[inputs]: Remove.
  [shell]: Change default value to a gexp.
  (passwd-file): Rewrite in terms of 'gexp->derivation'.  Compute
  contents on the build side.
* gnu/services/base.scm (host-name-service, mingetty-service,
  nscd-service, syslog-service, guix-service): Change 'start' and 'stop'
  to gexps; remove 'inputs' field.
  (guix-build-accounts): Change 'shell' field to a gexp.
* gnu/services/networking.scm (static-networking-service): Change
  'start' and 'stop' to gexps; remove 'inputs' field.
* gnu/services/xorg.scm (slim-service): Likewise.
* gnu/services/dmd.scm (dmd-configuration-file): Expect ETC to be a
  derivation.  Change 'config' to a gexp.  Use 'gexp->file' instead of
  'text-file'.
* doc/guix.texi (Defining Services): Update nscd example with gexps, and
  without 'inputs'.  Add xref to "G-Expressions".
2014-04-28 23:24:18 +02:00
Ludovic Courtès dd1a5a152c derivations: Use more keyword parameters for 'build-expression->derivation'.
* guix/derivations.scm (build-expression->derivation): Turn 'system' and
  'inputs' into keyword parameters.
  Adjust callers accordingly.
* gnu/system/linux.scm, gnu/system/vm.scm, guix/build-system/cmake.scm,
  guix/build-system/gnu.scm, guix/build-system/perl.scm,
  guix/build-system/python.scm, guix/build-system/trivial.scm,
  guix/download.scm, guix/packages.scm, guix/profiles.scm,
  guix/scripts/pull.scm, tests/derivations.scm, tests/guix-build.sh,
  tests/monads.scm, tests/store.scm, tests/union.scm: Adjust users of
  'build-expression->derivation' and 'derivation-expression'
  accordingly.
* doc/guix.texi (Derivations): Adjust 'build-expression->derivation'
  documentation accordingly.
  (The Store Monad): Likewise for 'derivation-expression'.
2013-12-04 16:07:53 +01:00
Ludovic Courtès d9f0a23704 gnu: vm: Rewrite helper functions as monadic functions.
* gnu/system/dmd.scm (host-name-service, nscd-service, mingetty-service,
  syslog-service, guix-service, static-networking-service): Rewrite as
  monadic functions.
  (dmd-configuration-file): Use 'text-file' instead of
  'add-text-to-store'.
* gnu/system/grub.scm (grub-configuration-file): Rewrite as a monadic
  function.
* gnu/system/linux.scm (pam-services->directory): Likewise.
* gnu/system/shadow.scm (group-file, passwd-file, guix-build-accounts):
  Likewise.
* gnu/system/vm.scm (expression->derivation-in-linux-vm, qemu-image,
  union, system-qemu-image): Likewise.
2013-10-03 23:12:20 +02:00
Ludovic Courtès 43a2779876 gnu: vm: Add /etc/issue and a motd.
* gnu/system/vm.scm (system-qemu-image): Build a 'motd' and an 'issue'
  file.  Pass 'unix-pam-service' that motd.  Have /etc/issue point to
  the 'issue' file.
2013-09-25 21:47:10 +02:00
Ludovic Courtès 0ded70f37d gnu: Move helper code to (gnu system …) modules.
* gnu/packages/grub.scm (<menu-entry>, grub-configuration-file): Move
  to...
* gnu/system/grub.scm: ... here.  New file.
* gnu/packages/linux.scm (<pam-service>, <pam-entry>,
  pam-service->configuration, pam-service->directory,
  %pam-other-services, unix-pam-service): Move to...
* gnu/system/linux.scm: ... here.  New file.
* gnu/system/vm.scm (passwd-file): Move to...
* gnu/system/shadow.scm: ... here.  New file.
* gnu-system.am (GNU_SYSTEM_MODULES): Add
  gnu/system/{grub,linux,shadow}.scm.
2013-09-11 22:36:50 +02:00