system: 'sudoers' is now a file-like object.

Partly fixes <http://bugs.gnu.org/20720>
Reported by Alex Kost <alezost@gmail.com>.

* gnu/system.scm (etc-directory): Change default #:sudoers value to a
  'plain-file'.  Don't bind it.  Remove #~#$.
  (maybe-string->file): New procedure.
  (operating-system-etc-directory): Use it.
  (%sudoers-specification): Use 'plain-file'.
* doc/guix.texi (operating-system Reference): Adjust accordingly.
This commit is contained in:
Ludovic Courtès 2015-06-05 20:22:47 +02:00
parent 343eacbec9
commit 847658395e
2 changed files with 27 additions and 8 deletions

View file

@ -4556,7 +4556,8 @@ List of string-valued G-expressions denoting setuid programs.
@item @code{sudoers} (default: @var{%sudoers-specification}) @item @code{sudoers} (default: @var{%sudoers-specification})
@cindex sudoers @cindex sudoers
The contents of the @file{/etc/sudoers} file as a string. The contents of the @file{/etc/sudoers} file as a file-like object
(@pxref{G-Expressions, @code{local-file} and @code{plain-file}}).
This file specifies which users can use the @command{sudo} command, what This file specifies which users can use the @command{sudo} command, what
they are allowed to do, and what privileges they may gain. The default they are allowed to do, and what privileges they may gain. The default

View file

@ -25,6 +25,7 @@ (define-module (gnu system)
#:use-module (guix packages) #:use-module (guix packages)
#:use-module (guix derivations) #:use-module (guix derivations)
#:use-module (guix profiles) #:use-module (guix profiles)
#:use-module (guix ui)
#:use-module (gnu packages base) #:use-module (gnu packages base)
#:use-module (gnu packages bash) #:use-module (gnu packages bash)
#:use-module (gnu packages guile) #:use-module (gnu packages guile)
@ -147,7 +148,7 @@ (define-record-type* <operating-system> operating-system
(setuid-programs operating-system-setuid-programs (setuid-programs operating-system-setuid-programs
(default %setuid-programs)) ; list of string-valued gexps (default %setuid-programs)) ; list of string-valued gexps
(sudoers operating-system-sudoers ; /etc/sudoers contents (sudoers operating-system-sudoers ; file-like
(default %sudoers-specification))) (default %sudoers-specification)))
@ -439,11 +440,10 @@ (define* (etc-directory #:key
(pam-services '()) (pam-services '())
(profile "/run/current-system/profile") (profile "/run/current-system/profile")
hosts-file nss (shells '()) hosts-file nss (shells '())
(sudoers "")) (sudoers (plain-file "sudoers" "")))
"Return a derivation that builds the static part of the /etc directory." "Return a derivation that builds the static part of the /etc directory."
(mlet* %store-monad (mlet* %store-monad
((pam.d (pam-services->directory pam-services)) ((pam.d (pam-services->directory pam-services))
(sudoers (text-file "sudoers" sudoers))
(login.defs (text-file "login.defs" "# Empty for now.\n")) (login.defs (text-file "login.defs" "# Empty for now.\n"))
(shells (shells-file shells)) (shells (shells-file shells))
(emacs (emacs-site-directory)) (emacs (emacs-site-directory))
@ -540,7 +540,7 @@ (define* (etc-directory #:key
("hosts" ,#~#$hosts-file) ("hosts" ,#~#$hosts-file)
("localtime" ,#~(string-append #$tzdata "/share/zoneinfo/" ("localtime" ,#~(string-append #$tzdata "/share/zoneinfo/"
#$timezone)) #$timezone))
("sudoers" ,#~#$sudoers))))) ("sudoers" ,sudoers)))))
(define (operating-system-profile os) (define (operating-system-profile os)
"Return a derivation that builds the system profile of OS." "Return a derivation that builds the system profile of OS."
@ -570,6 +570,21 @@ (define users
(return (append users (return (append users
(append-map service-user-accounts services))))) (append-map service-user-accounts services)))))
(define (maybe-string->file file-name thing)
"If THING is a string, return a <plain-file> with THING as its content.
Otherwise just return THING.
This is for backward-compatibility of fields that used to be strings and are
now file-like objects.."
(match thing
((? string?)
(warning (_ "using a string for file '~a' is deprecated; \
use 'plain-file' instead~%")
file-name)
(plain-file file-name thing))
(x
x)))
(define (operating-system-etc-directory os) (define (operating-system-etc-directory os)
"Return that static part of the /etc directory of OS." "Return that static part of the /etc directory of OS."
(mlet* %store-monad (mlet* %store-monad
@ -591,7 +606,9 @@ (define (operating-system-etc-directory os)
#:timezone (operating-system-timezone os) #:timezone (operating-system-timezone os)
#:hosts-file /etc/hosts #:hosts-file /etc/hosts
#:shells shells #:shells shells
#:sudoers (operating-system-sudoers os) #:sudoers (maybe-string->file
"sudoers"
(operating-system-sudoers os))
#:profile profile-drv))) #:profile profile-drv)))
(define %setuid-programs (define %setuid-programs
@ -608,8 +625,9 @@ (define %sudoers-specification
;; group can do anything. See ;; group can do anything. See
;; <http://www.sudo.ws/sudo/man/1.8.10/sudoers.man.html>. ;; <http://www.sudo.ws/sudo/man/1.8.10/sudoers.man.html>.
;; TODO: Add a declarative API. ;; TODO: Add a declarative API.
"root ALL=(ALL) ALL (plain-file "sudoers" "\
%wheel ALL=(ALL) ALL\n") root ALL=(ALL) ALL
%wheel ALL=(ALL) ALL\n"))
(define (user-group->gexp group) (define (user-group->gexp group)
"Turn GROUP, a <user-group> object, into a list-valued gexp suitable for "Turn GROUP, a <user-group> object, into a list-valued gexp suitable for