summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2015-06-05 20:22:47 +0200
committerLudovic Courtès <ludo@gnu.org>2015-06-05 20:22:47 +0200
commit847658395e399d6d4ef21a247dbad02a9c921400 (patch)
treef673856c3219a507861a4917d791588efdf5bc62
parent343eacbec9d9aa2aed5f9c44b9473cc9dc5e9753 (diff)
system: 'sudoers' is now a file-like object.
Partly fixes <http://bugs.gnu.org/20720> Reported by Alex Kost <alezost@gmail.com>. * gnu/system.scm (etc-directory): Change default #:sudoers value to a 'plain-file'. Don't bind it. Remove #~#$. (maybe-string->file): New procedure. (operating-system-etc-directory): Use it. (%sudoers-specification): Use 'plain-file'. * doc/guix.texi (operating-system Reference): Adjust accordingly.
-rw-r--r--doc/guix.texi3
-rw-r--r--gnu/system.scm32
2 files changed, 27 insertions, 8 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 2082fd765c..ecdfa1b1ce 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -4556,7 +4556,8 @@ List of string-valued G-expressions denoting setuid programs.
@item @code{sudoers} (default: @var{%sudoers-specification})
@cindex sudoers
-The contents of the @file{/etc/sudoers} file as a string.
+The contents of the @file{/etc/sudoers} file as a file-like object
+(@pxref{G-Expressions, @code{local-file} and @code{plain-file}}).
This file specifies which users can use the @command{sudo} command, what
they are allowed to do, and what privileges they may gain. The default
diff --git a/gnu/system.scm b/gnu/system.scm
index c4a3bee0eb..ede0a6f004 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -25,6 +25,7 @@
#:use-module (guix packages)
#:use-module (guix derivations)
#:use-module (guix profiles)
+ #:use-module (guix ui)
#:use-module (gnu packages base)
#:use-module (gnu packages bash)
#:use-module (gnu packages guile)
@@ -147,7 +148,7 @@
(setuid-programs operating-system-setuid-programs
(default %setuid-programs)) ; list of string-valued gexps
- (sudoers operating-system-sudoers ; /etc/sudoers contents
+ (sudoers operating-system-sudoers ; file-like
(default %sudoers-specification)))
@@ -439,11 +440,10 @@ on SHELLS. /etc/shells is used by xterm, polkit, and other programs."
(pam-services '())
(profile "/run/current-system/profile")
hosts-file nss (shells '())
- (sudoers ""))
+ (sudoers (plain-file "sudoers" "")))
"Return a derivation that builds the static part of the /etc directory."
(mlet* %store-monad
((pam.d (pam-services->directory pam-services))
- (sudoers (text-file "sudoers" sudoers))
(login.defs (text-file "login.defs" "# Empty for now.\n"))
(shells (shells-file shells))
(emacs (emacs-site-directory))
@@ -540,7 +540,7 @@ fi\n"))
("hosts" ,#~#$hosts-file)
("localtime" ,#~(string-append #$tzdata "/share/zoneinfo/"
#$timezone))
- ("sudoers" ,#~#$sudoers)))))
+ ("sudoers" ,sudoers)))))
(define (operating-system-profile os)
"Return a derivation that builds the system profile of OS."
@@ -570,6 +570,21 @@ fi\n"))
(return (append users
(append-map service-user-accounts services)))))
+(define (maybe-string->file file-name thing)
+ "If THING is a string, return a <plain-file> with THING as its content.
+Otherwise just return THING.
+
+This is for backward-compatibility of fields that used to be strings and are
+now file-like objects.."
+ (match thing
+ ((? string?)
+ (warning (_ "using a string for file '~a' is deprecated; \
+use 'plain-file' instead~%")
+ file-name)
+ (plain-file file-name thing))
+ (x
+ x)))
+
(define (operating-system-etc-directory os)
"Return that static part of the /etc directory of OS."
(mlet* %store-monad
@@ -591,7 +606,9 @@ fi\n"))
#:timezone (operating-system-timezone os)
#:hosts-file /etc/hosts
#:shells shells
- #:sudoers (operating-system-sudoers os)
+ #:sudoers (maybe-string->file
+ "sudoers"
+ (operating-system-sudoers os))
#:profile profile-drv)))
(define %setuid-programs
@@ -608,8 +625,9 @@ fi\n"))
;; group can do anything. See
;; <http://www.sudo.ws/sudo/man/1.8.10/sudoers.man.html>.
;; TODO: Add a declarative API.
- "root ALL=(ALL) ALL
-%wheel ALL=(ALL) ALL\n")
+ (plain-file "sudoers" "\
+root ALL=(ALL) ALL
+%wheel ALL=(ALL) ALL\n"))
(define (user-group->gexp group)
"Turn GROUP, a <user-group> object, into a list-valued gexp suitable for