CACerts now populate correctly

author: Ryan Schanzenbacher <ryan@rschanz.org> 2023-05-16 23:52:36 -0400
committer: Ryan Schanzenbacher <ryan@rschanz.org> 2023-05-16 23:52:36 -0400
commit: 4fe3a734d104fa1836255b18f8d8bcf4aeaa407f (patch)
tree: 6e26d0b474a1d26ecf60d3dfea51c2f0e5afa7e5
parent: b081473eaa08537dee157d6810de49ca71adf0e1 (diff)
2 files changed, 39 insertions, 264 deletions
diff --git a/sys b/sys
deleted file mode 100644
index c9747b0..0000000
--- a/sys
+++ /dev/null
@@ -1,212 +0,0 @@
-;; This is an operating system configuration generated
-;; by the graphical installer.
-;;
-;; Once installation is complete, you can learn and modify
-;; this file to tweak the system configuration, and pass it
-;; to the 'guix system reconfigure' command to effect your
-;; changes.
-;; Indicate which modules to import to access the variables
-;; used in this configuration.
-(use-modules (gnu) (nongnu packages linux))
-(use-modules (gnu system setuid))
-(use-modules (gnu packages admin))
-(use-modules (guix packages))
-(use-modules (gnu services authentication))
-(use-modules (gnu packages shells))
-(use-modules (guix build-system trivial))
-(use-modules (guix licenses))
-(use-modules (srfi srfi-1))
-(use-package-modules security-token)
-(use-service-modules cups desktop networking ssh xorg sound security-token docker)
-; Define package that installs my root ca public keys
-(define my-ca-certs
-  (package
-    (name "my-ca-certs")
-    (version "1")
-    (source (local-file "./CACerts"
-                        #:recursive? #t))
-    (build-system trivial-build-system)
-    (license mpl2.0)
-    (home-page "https://rschanz.org")
-    (arguments
-      `(#:modules
-        ((guix build utils))
-        #:builder
-        (begin
-          (use-modules (guix build utils)
-                       (srfi srfi-1)
-                       (srfi srfi-26)
-                       (ice-9 ftw))
-          (let* ((ca-certificates (assoc-ref %build-inputs "source"))
-                 (crt-suffix ".crt")
-                 (is-certificate? (cut string-suffix? crt-suffix <>))
-                 (certificates (filter is-certificate?
-                                       (scandir ca-certificates)))
-                 (out (assoc-ref %outputs "out"
-                                 "/etc/ssl/certs"))
-                 (openssl (assoc-ref %build-inputs
-                                    "openssl")))
-            (mkdir-p certificate-directory)
-            (for-each
-              (lambda (certificate)
-                (invoke
-                  openssl "x509"
-                  "-in" (string-append ca-certificates "/" certificate)
-                  "-outform" "PEM"
-                  "-out" (string-append
-                           certificate-directory "/"
-                           (basename certificate crt-suffix) ".pem")))
-              certificates)
-            #t))))
-    (native-inputs
-      (list openssl))
-    (synopsis "My CA Certs")
-    (description synopsis)))
-; Re-define the base packages to remove sudo
-(define %my-base-packages
-  (remove (lambda (package)
-            (member (package-name package)
-                    (list "sudo" "nano")))
-          %base-packages ))
-(define %backlight-udev-rule
-  (udev-rule
-    "90-backlight.rules"
-    (string-append "ACTION==\"add\", SUBSYSTEM==\"backlight\", "
-                   "RUN+=\"/run/current-system/profile/bin/chgrp video /sys/class/backlight/%k/brightness\""
-                   "\n"
-                   "ACTION==\"add\", SUBSYSTEM==\"backlight\", "
-                    "RUN+=\"/run/current-system/profile/bin/chmod g+w /sys/class/backlight/%k/brightness\"")))
-(operating-system
-  (kernel linux)
-  (firmware (list linux-firmware))
-  (locale "en_US.utf8")
-  (timezone "America/New_York")
-  (keyboard-layout (keyboard-layout "us"))
-  (host-name "RyanThinkpad")
-  ;; The list of user accounts ('root' is implicit).
-  (users (cons* (user-account
-                  (name "ryan")
-                  (comment "Ryan")
-                  (group "users")
-                  ;(shell (file-append zsh "/bin/zsh"))
-                  (home-directory "/home/ryan")
-                  (supplementary-groups '("wheel" "netdev" "audio" "video" "lp" "plugdev" "docker")))
-                %base-user-accounts))
-  ;; Packages installed system-wide.  Users can also install packages
-  ;; under their own account: use 'guix search KEYWORD' to search
-  ;; for packages and 'guix install PACKAGE' to install a package.
-  (packages (append (map specification->package (list   "sway"
-                                                        "swaybg"
-                                                                    "swayidle"
-                                                                    "swaylock-effects"
-                                                                    "fuzzel"
-                                                                    "alacritty"
-                                                        "pinentry-qt"
-                                                        "adwaita-icon-theme"
-                                                        "hicolor-icon-theme"
-                                                                    "git"
-                                                                    "nss-certs"
-                                                                    "waybar"
-                                                                    "gnupg"
-                                                        "light"
-                                                        "mako"
-                                                        "grim"
-                                                        "slurp"
-                                                        "wl-clipboard"
-                                                        "bluez"
-                                                        "blueman"
-                                                        "opendoas"
-                                                        "xdg-desktop-portal-wlr"
-                                                        "xdg-desktop-portal"
-                                                        "pipewire"
-                                                        "fprintd"
-                                                        "docker"
-                                                        "wireplumber"
-                                                        "zsh"))
-                         (list my-ca-certs)
-                         %my-base-packages ))
-  ;; Below is the list of system services.  To search for available
-  ;; services, run 'guix system search KEYWORD' in a terminal.
-  (services
-   (append (list
-                 ;; To configure OpenSSH, pass an 'openssh-configuration'
-                 ;; record as a second argument to 'service' below.
-                 (service openssh-service-type)
-                 (service pcscd-service-type)
-                 (service fprintd-service-type)
-                 (service docker-service-type)
-                 (service bluetooth-service-type)
-                 (udev-rules-service 'fido2 libfido2 #:groups '("plugdev"))
-                 (set-xorg-configuration
-                  (xorg-configuration (keyboard-layout keyboard-layout))))
-           ;; This is the default list of services we
-           ;; are appending to.
-        (modify-services %desktop-services
-        (guix-service-type config =>
-                       (guix-configuration
-                         (inherit config)
-                         (substitute-urls
-                           (append (list "https://substitutes.nonguix.org")
-                                   %default-substitute-urls))
-                         (authorized-keys
-                           (cons* (plain-file "non-guix.pub"
-                                                      "(public-key 
-                                                        (ecc 
-                                                         (curve Ed25519)
-                                                         (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)
-                                                        )
-                                                       )" ) %default-authorized-guix-keys))))
-    (udev-service-type config =>
-                (udev-configuration
-                  (inherit config)
-                  (rules (cons %backlight-udev-rule
-                               (udev-configuration-rules config)))))
-    (delete pulseaudio-service-type)
-    (delete gdm-service-type) )))
-  (setuid-programs
-    (append (list (file-like->setuid-program
-                    (file-append
-                      (specification->package "swaylock-effects")
-                       "/bin/swaylock"))
-                  (file-like->setuid-program
-                    (file-append
-                      (specification->package "opendoas")
-                      "/bin/doas")))
-            (delete sudo %setuid-programs)))
-  (bootloader (bootloader-configuration
-                (bootloader grub-efi-bootloader)
-                (targets (list "/boot/efi"))
-                (keyboard-layout keyboard-layout)))
-  (mapped-devices (list (mapped-device
-                          (source (uuid
-                                   "adcaf322-7ee5-48ec-abf6-4a9b10643878"))
-                          (target "sysroot")
-                          (type luks-device-mapping))))
-  ;; The list of file systems that get "mounted".  The unique
-  ;; file system identifiers there ("UUIDs") can be obtained
-  ;; by running 'blkid' in a terminal.
-  (file-systems (cons* (file-system
-                         (mount-point "/")
-                         (device "/dev/mapper/sysroot")
-                         (type "ext4")
-                         (dependencies mapped-devices))
-                       (file-system
-                         (mount-point "/boot/efi")
-                         (device (uuid "DFE8-32EF"
-                                       'fat32))
-                         (type "vfat")) %base-file-systems))
-  (swap-devices
-    (list
-      (swap-space (target (uuid "7e1bb7c5-da2a-4509-8263-f707fc752993"))) )))
diff --git a/system.scm b/system.scm
index 7a9cfb4..c4114be 100644
--- a/system.scm
+++ b/system.scm
@@ -15,9 +15,9 @@
 (use-modules (guix packages))
 (use-modules (gnu services authentication))
 (use-modules (gnu packages shells))
-(use-modules (gnu packages perl))
 (use-modules (guix build-system trivial))
 (use-modules (guix licenses))
+(use-modules (gnu packages tls))
 (use-modules (srfi srfi-1))
 (use-package-modules security-token)
 (use-service-modules cups desktop networking ssh xorg sound security-token docker)
@@ -25,57 +25,44 @@
 ; Define package that installs my root ca public keys
 (define my-ca-certs
  (package
-   (name "my-ca-certs")
+    (name "my-ca-certs")
-   (version "1")
+    (version "1")
-   (source (local-file "./CACerts/"
+    (source (local-file "./CACerts"
-                       #:recursive? #t))
+                        #:recursive? #t))
-   (home-page "https://rschanz.org")
+    (build-system trivial-build-system)
-   (license agpl3+)
+    (license mpl2.0)
-   (build-system trivial-build-system)
+    (home-page "https://rschanz.org")
-   (arguments
+    (arguments
-    `(#:modules
+      `(#:modules
-      ((guix build utils))
+        ((guix build utils))
-      #:builder
+        #:builder
-      (begin
+        (begin
-        (use-modules (guix build utils)
+          (use-modules (guix build utils)
-                     (srfi srfi-1)
+                       (srfi srfi-1)
-                     (srfi srfi-26)
+                       (srfi srfi-26)
-                     (ice-9 ftw))
+                       (ice-9 ftw))
-        (let* ((ca-certificates (assoc-ref %build-inputs "source"))
+          (let* ((ca-certificates (assoc-ref %build-inputs "source"))
-               (crt-suffix ".crt")
+                 (crt-suffix ".crt")
-               (is-certificate? (cut string-suffix? crt-suffix <>))
+                 (is-certificate? (cut string-suffix? crt-suffix <>))
-               (certificates (filter is-certificate?
+                 (certificates (filter is-certificate?
-                                     (scandir ca-certificates)))
+                                       (scandir ca-certificates)))
-               (out (assoc-ref %outputs "out"))
+                 (out (assoc-ref %outputs "out"))
-               (certificate-directory (string-append out
+                 (certificate-directory (string-append out "/etc/ssl/certs"))
-                                                     "/etc/ssl/certs"))
+                 (openssl (string-append (assoc-ref %build-inputs "openssl") "/bin/openssl")))
-               (openssl (string-append (assoc-ref %build-inputs
+            (mkdir-p certificate-directory)
-                                                  "openssl")
+            (for-each
-                                       "/bin/openssl")))
+              (lambda (cert)
-          (mkdir-p certificate-directory)
+                (invoke
-          ;; When this package is installed into a profile, any files in the
+                  openssl "x509"
-          ;; package output's etc/ssl/certs directory ending in ".pem" will
+                  "-in" (string-append ca-certificates "/" cert)
-          ;; also be put into a ca-certificates.crt bundle.  In the case of a
+                  "-outform" "PEM"
-          ;; system profile, this bundle will be made available to the system
+                  "-out" (string-append certificate-directory "/" cert ".pem")))
-          ;; at activation time.  See the profile hooks defined in (guix
+              certificates)
-          ;; profiles) and the etc-service-type define in (gnu services) for
+            #t))))
-          ;; details.
+    (native-inputs
-          (for-each
+      (list openssl))
-           ;; Ensure the certificate is in an appropriate format.
+    (synopsis "My CA Certs")
-           (lambda (certificate)
+    (description synopsis)))
-             (invoke
-              openssl "x509"
-              "-in" (string-append ca-certificates "/" certificate)
-              "-outform" "PEM"
-              "-out" (string-append
-                      certificate-directory "/"
-                      (basename certificate crt-suffix) ".pem")))
-           certificates)
-          #t))))
-   (inputs
-    (list openssl))
-   (synopsis "My certificate authority certificates")
-   (description synopsis)))
 ; Re-define the base packages to remove sudo
 (define %my-base-packages
author	Ryan Schanzenbacher <ryan@rschanz.org>	2023-05-16 23:52:36 -0400
committer	Ryan Schanzenbacher <ryan@rschanz.org>	2023-05-16 23:52:36 -0400
commit	4fe3a734d104fa1836255b18f8d8bcf4aeaa407f (patch)
tree	6e26d0b474a1d26ecf60d3dfea51c2f0e5afa7e5
parent	b081473eaa08537dee157d6810de49ca71adf0e1 (diff)

diff --git a/sys b/sys deleted file mode 100644 index c9747b0..0000000 --- a/sys +++ /dev/null
@@ -1,212 +0,0 @@
1	;; This is an operating system configuration generated
2	;; by the graphical installer.
3	;;
4	;; Once installation is complete, you can learn and modify
5	;; this file to tweak the system configuration, and pass it
6	;; to the 'guix system reconfigure' command to effect your
7	;; changes.
8
9
10	;; Indicate which modules to import to access the variables
11	;; used in this configuration.
12	(use-modules (gnu) (nongnu packages linux))
13	(use-modules (gnu system setuid))
14	(use-modules (gnu packages admin))
15	(use-modules (guix packages))
16	(use-modules (gnu services authentication))
17	(use-modules (gnu packages shells))
18	(use-modules (guix build-system trivial))
19	(use-modules (guix licenses))
20	(use-modules (srfi srfi-1))
21	(use-package-modules security-token)
22	(use-service-modules cups desktop networking ssh xorg sound security-token docker)
23
24	; Define package that installs my root ca public keys
25	(define my-ca-certs
26	(package
27	(name "my-ca-certs")
28	(version "1")
29	(source (local-file "./CACerts"
30	#:recursive? #t))
31	(build-system trivial-build-system)
32	(license mpl2.0)
33	(home-page "https://rschanz.org")
34	(arguments
35	`(#:modules
36	((guix build utils))
37	#:builder
38	(begin
39	(use-modules (guix build utils)
40	(srfi srfi-1)
41	(srfi srfi-26)
42	(ice-9 ftw))
43	(let* ((ca-certificates (assoc-ref %build-inputs "source"))
44	(crt-suffix ".crt")
45	(is-certificate? (cut string-suffix? crt-suffix <>))
46	(certificates (filter is-certificate?
47	(scandir ca-certificates)))
48	(out (assoc-ref %outputs "out"
49	"/etc/ssl/certs"))
50	(openssl (assoc-ref %build-inputs
51	"openssl")))
52	(mkdir-p certificate-directory)
53	(for-each
54	(lambda (certificate)
55	(invoke
56	openssl "x509"
57	"-in" (string-append ca-certificates "/" certificate)
58	"-outform" "PEM"
59	"-out" (string-append
60	certificate-directory "/"
61	(basename certificate crt-suffix) ".pem")))
62	certificates)
63	#t))))
64	(native-inputs
65	(list openssl))
66	(synopsis "My CA Certs")
67	(description synopsis)))
68
69	; Re-define the base packages to remove sudo
70	(define %my-base-packages
71	(remove (lambda (package)
72	(member (package-name package)
73	(list "sudo" "nano")))
74	%base-packages ))
75
76	(define %backlight-udev-rule
77	(udev-rule
78	"90-backlight.rules"
79	(string-append "ACTION==\"add\", SUBSYSTEM==\"backlight\", "
80	"RUN+=\"/run/current-system/profile/bin/chgrp video /sys/class/backlight/%k/brightness\""
81	"\n"
82	"ACTION==\"add\", SUBSYSTEM==\"backlight\", "
83	"RUN+=\"/run/current-system/profile/bin/chmod g+w /sys/class/backlight/%k/brightness\"")))
84
85	(operating-system
86	(kernel linux)
87	(firmware (list linux-firmware))
88	(locale "en_US.utf8")
89	(timezone "America/New_York")
90	(keyboard-layout (keyboard-layout "us"))
91	(host-name "RyanThinkpad")
92
93	;; The list of user accounts ('root' is implicit).
94	(users (cons* (user-account
95	(name "ryan")
96	(comment "Ryan")
97	(group "users")
98	;(shell (file-append zsh "/bin/zsh"))
99	(home-directory "/home/ryan")
100	(supplementary-groups '("wheel" "netdev" "audio" "video" "lp" "plugdev" "docker")))
101	%base-user-accounts))
102
103	;; Packages installed system-wide. Users can also install packages
104	;; under their own account: use 'guix search KEYWORD' to search
105	;; for packages and 'guix install PACKAGE' to install a package.
106	(packages (append (map specification->package (list "sway"
107	"swaybg"
108	"swayidle"
109	"swaylock-effects"
110	"fuzzel"
111	"alacritty"
112	"pinentry-qt"
113	"adwaita-icon-theme"
114	"hicolor-icon-theme"
115	"git"
116	"nss-certs"
117	"waybar"
118	"gnupg"
119	"light"
120	"mako"
121	"grim"
122	"slurp"
123	"wl-clipboard"
124	"bluez"
125	"blueman"
126	"opendoas"
127	"xdg-desktop-portal-wlr"
128	"xdg-desktop-portal"
129	"pipewire"
130	"fprintd"
131	"docker"
132	"wireplumber"
133	"zsh"))
134	(list my-ca-certs)
135	%my-base-packages ))
136
137	;; Below is the list of system services. To search for available
138	;; services, run 'guix system search KEYWORD' in a terminal.
139	(services
140	(append (list
141
142	;; To configure OpenSSH, pass an 'openssh-configuration'
143	;; record as a second argument to 'service' below.
144	(service openssh-service-type)
145	(service pcscd-service-type)
146	(service fprintd-service-type)
147	(service docker-service-type)
148	(service bluetooth-service-type)
149	(udev-rules-service 'fido2 libfido2 #:groups '("plugdev"))
150	(set-xorg-configuration
151	(xorg-configuration (keyboard-layout keyboard-layout))))
152
153	;; This is the default list of services we
154	;; are appending to.
155	(modify-services %desktop-services
156	(guix-service-type config =>
157	(guix-configuration
158	(inherit config)
159	(substitute-urls
160	(append (list "https://substitutes.nonguix.org")
161	%default-substitute-urls))
162	(authorized-keys
163	(cons* (plain-file "non-guix.pub"
164	"(public-key
165	(ecc
166	(curve Ed25519)
167	(q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)
168	)
169	)" ) %default-authorized-guix-keys))))
170	(udev-service-type config =>
171	(udev-configuration
172	(inherit config)
173	(rules (cons %backlight-udev-rule
174	(udev-configuration-rules config)))))
175	(delete pulseaudio-service-type)
176	(delete gdm-service-type) )))
177	(setuid-programs
178	(append (list (file-like->setuid-program
179	(file-append
180	(specification->package "swaylock-effects")
181	"/bin/swaylock"))
182	(file-like->setuid-program
183	(file-append
184	(specification->package "opendoas")
185	"/bin/doas")))
186	(delete sudo %setuid-programs)))
187	(bootloader (bootloader-configuration
188	(bootloader grub-efi-bootloader)
189	(targets (list "/boot/efi"))
190	(keyboard-layout keyboard-layout)))
191	(mapped-devices (list (mapped-device
192	(source (uuid
193	"adcaf322-7ee5-48ec-abf6-4a9b10643878"))
194	(target "sysroot")
195	(type luks-device-mapping))))
196
197	;; The list of file systems that get "mounted". The unique
198	;; file system identifiers there ("UUIDs") can be obtained
199	;; by running 'blkid' in a terminal.
200	(file-systems (cons* (file-system
201	(mount-point "/")
202	(device "/dev/mapper/sysroot")
203	(type "ext4")
204	(dependencies mapped-devices))
205	(file-system
206	(mount-point "/boot/efi")
207	(device (uuid "DFE8-32EF"
208	'fat32))
209	(type "vfat")) %base-file-systems))
210	(swap-devices
211	(list
212	(swap-space (target (uuid "7e1bb7c5-da2a-4509-8263-f707fc752993"))) )))


diff --git a/system.scm b/system.scm index 7a9cfb4..c4114be 100644 --- a/system.scm +++ b/system.scm
@@ -15,9 +15,9 @@
15	(use-modules (guix packages))	15	(use-modules (guix packages))
16	(use-modules (gnu services authentication))	16	(use-modules (gnu services authentication))
17	(use-modules (gnu packages shells))	17	(use-modules (gnu packages shells))
18	(use-modules (gnu packages perl))
19	(use-modules (guix build-system trivial))	18	(use-modules (guix build-system trivial))
20	(use-modules (guix licenses))	19	(use-modules (guix licenses))
		20	(use-modules (gnu packages tls))
21	(use-modules (srfi srfi-1))	21	(use-modules (srfi srfi-1))
22	(use-package-modules security-token)	22	(use-package-modules security-token)
23	(use-service-modules cups desktop networking ssh xorg sound security-token docker)	23	(use-service-modules cups desktop networking ssh xorg sound security-token docker)
@@ -25,57 +25,44 @@
25	; Define package that installs my root ca public keys	25	; Define package that installs my root ca public keys
26	(define my-ca-certs	26	(define my-ca-certs
27	(package	27	(package
28	(name "my-ca-certs")	28	(name "my-ca-certs")
29	(version "1")	29	(version "1")
30	(source (local-file "./CACerts/"	30	(source (local-file "./CACerts"
31	#:recursive? #t))	31	#:recursive? #t))
32	(home-page "https://rschanz.org")	32	(build-system trivial-build-system)
33	(license agpl3+)	33	(license mpl2.0)
34	(build-system trivial-build-system)	34	(home-page "https://rschanz.org")
35	(arguments	35	(arguments
36	`(#:modules	36	`(#:modules
37	((guix build utils))	37	((guix build utils))
38	#:builder	38	#:builder
39	(begin	39	(begin
40	(use-modules (guix build utils)	40	(use-modules (guix build utils)
41	(srfi srfi-1)	41	(srfi srfi-1)
42	(srfi srfi-26)	42	(srfi srfi-26)
43	(ice-9 ftw))	43	(ice-9 ftw))
44	(let* ((ca-certificates (assoc-ref %build-inputs "source"))	44	(let* ((ca-certificates (assoc-ref %build-inputs "source"))
45	(crt-suffix ".crt")	45	(crt-suffix ".crt")
46	(is-certificate? (cut string-suffix? crt-suffix <>))	46	(is-certificate? (cut string-suffix? crt-suffix <>))
47	(certificates (filter is-certificate?	47	(certificates (filter is-certificate?
48	(scandir ca-certificates)))	48	(scandir ca-certificates)))
49	(out (assoc-ref %outputs "out"))	49	(out (assoc-ref %outputs "out"))
50	(certificate-directory (string-append out	50	(certificate-directory (string-append out "/etc/ssl/certs"))
51	"/etc/ssl/certs"))	51	(openssl (string-append (assoc-ref %build-inputs "openssl") "/bin/openssl")))
52	(openssl (string-append (assoc-ref %build-inputs	52	(mkdir-p certificate-directory)
53	"openssl")	53	(for-each
54	"/bin/openssl")))	54	(lambda (cert)
55	(mkdir-p certificate-directory)	55	(invoke
56	;; When this package is installed into a profile, any files in the	56	openssl "x509"
57	;; package output's etc/ssl/certs directory ending in ".pem" will	57	"-in" (string-append ca-certificates "/" cert)
58	;; also be put into a ca-certificates.crt bundle. In the case of a	58	"-outform" "PEM"
59	;; system profile, this bundle will be made available to the system	59	"-out" (string-append certificate-directory "/" cert ".pem")))
60	;; at activation time. See the profile hooks defined in (guix	60	certificates)
61	;; profiles) and the etc-service-type define in (gnu services) for	61	#t))))
62	;; details.	62	(native-inputs
63	(for-each	63	(list openssl))
64	;; Ensure the certificate is in an appropriate format.	64	(synopsis "My CA Certs")
65	(lambda (certificate)	65	(description synopsis)))
66	(invoke
67	openssl "x509"
68	"-in" (string-append ca-certificates "/" certificate)
69	"-outform" "PEM"
70	"-out" (string-append
71	certificate-directory "/"
72	(basename certificate crt-suffix) ".pem")))
73	certificates)
74	#t))))
75	(inputs
76	(list openssl))
77	(synopsis "My certificate authority certificates")
78	(description synopsis)))
79		66
80	; Re-define the base packages to remove sudo	67	; Re-define the base packages to remove sudo
81	(define %my-base-packages	68	(define %my-base-packages