From 8b9a5641bc1b6acb62e0e0467ee03cefde2d1757 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Thu, 12 Aug 2021 12:28:26 +0200 Subject: system: install, hurd: Use 'setuid-programs'. This is a followup to a7ac19851baab3fbcc40c4b2cf5b00a6ac9cd2f3. * gnu/system/install.scm (installation-os)[setuid-programs]: Use 'setuid-program'. * gnu/system/hurd.scm (%setuid-programs/hurd): Use 'file-like->setuid-program'. --- gnu/system/hurd.scm | 20 +++++++++++--------- gnu/system/install.scm | 4 +++- 2 files changed, 14 insertions(+), 10 deletions(-) (limited to 'gnu') diff --git a/gnu/system/hurd.scm b/gnu/system/hurd.scm index 8f3a27834b..95e511196a 100644 --- a/gnu/system/hurd.scm +++ b/gnu/system/hurd.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2020 Ludovic Courtès +;;; Copyright © 2020, 2021 Ludovic Courtès ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen ;;; ;;; This file is part of GNU Guix. @@ -39,6 +39,7 @@ #:use-module (gnu services hurd) #:use-module (gnu services shepherd) #:use-module (gnu system) + #:use-module (gnu system setuid) #:use-module (gnu system shadow) #:use-module (gnu system vm) #:export (%base-packages/hurd @@ -92,14 +93,15 @@ (define %setuid-programs/hurd ;; Default set of setuid-root programs. - (list (file-append shadow "/bin/passwd") - (file-append shadow "/bin/sg") - (file-append shadow "/bin/su") - (file-append shadow "/bin/newgrp") - (file-append shadow "/bin/newuidmap") - (file-append shadow "/bin/newgidmap") - (file-append sudo "/bin/sudo") - (file-append sudo "/bin/sudoedit"))) + (map file-like->setuid-program + (list (file-append shadow "/bin/passwd") + (file-append shadow "/bin/sg") + (file-append shadow "/bin/su") + (file-append shadow "/bin/newgrp") + (file-append shadow "/bin/newuidmap") + (file-append shadow "/bin/newgidmap") + (file-append sudo "/bin/sudo") + (file-append sudo "/bin/sudoedit")))) (define %hurd-default-operating-system (operating-system diff --git a/gnu/system/install.scm b/gnu/system/install.scm index 7fa5c15324..87da89e3fb 100644 --- a/gnu/system/install.scm +++ b/gnu/system/install.scm @@ -25,6 +25,7 @@ (define-module (gnu system install) #:use-module (gnu) #:use-module (gnu system) + #:use-module (gnu system setuid) #:use-module (gnu bootloader u-boot) #:use-module (guix gexp) #:use-module (guix store) @@ -502,7 +503,8 @@ Access documentation at any time by pressing Alt-F2.\x1b[0m ;; We don't need setuid programs, except for 'passwd', which can be handy ;; if one is to allow remote SSH login to the machine being installed. - (setuid-programs (list (file-append shadow "/bin/passwd"))) + (setuid-programs (list (setuid-program + (program (file-append shadow "/bin/passwd"))))) (pam-services ;; Explicitly allow for empty passwords. -- cgit v1.2.3