system: Validate sudoers file when building the system.

Suggested by pkill9 <pkill9@runbox.com>.

* gnu/system.scm (validated-sudoers-file): New procedure.
(operating-system-etc-service): Use it.
This commit is contained in:
Ludovic Courtès 2020-08-24 17:02:48 +02:00
parent 0d203eeaa6
commit 384377632c
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5

View file

@ -747,6 +747,18 @@ (define (default-/etc/hosts host-name)
"Return the default /etc/hosts file."
(plain-file "hosts" (local-host-aliases host-name)))
(define (validated-sudoers-file file)
"Return a copy of FILE, a sudoers file, after checking that it is
syntactically correct."
(computed-file "sudoers"
(with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils))
(invoke #+(file-append sudo "/sbin/visudo")
"--check" "--file" #$file)
(copy-file #$file #$output)))))
(define* (operating-system-etc-service os)
"Return a <service> that builds containing the static part of the /etc
directory."
@ -873,7 +885,9 @@ (define* (operating-system-etc-service os)
("timezone" ,(plain-file "timezone" (operating-system-timezone os)))
("localtime" ,(file-append tzdata "/share/zoneinfo/"
(operating-system-timezone os)))
,@(if sudoers `(("sudoers" ,sudoers)) '())
,@(if sudoers
`(("sudoers" ,(validated-sudoers-file sudoers)))
'())
,@(if hurd
`(("login" ,(file-append hurd "/etc/login"))
("motd" ,(file-append hurd "/etc/motd"))