[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/03: system: 'sudoers' is now a file-like object.
From: |
Ludovic Courtès |
Subject: |
02/03: system: 'sudoers' is now a file-like object. |
Date: |
Fri, 05 Jun 2015 20:43:37 +0000 |
civodul pushed a commit to branch master
in repository guix.
commit 847658395e399d6d4ef21a247dbad02a9c921400
Author: Ludovic Courtès <address@hidden>
Date: Fri Jun 5 20:22:47 2015 +0200
system: 'sudoers' is now a file-like object.
Partly fixes <http://bugs.gnu.org/20720>
Reported by Alex Kost <address@hidden>.
* gnu/system.scm (etc-directory): Change default #:sudoers value to a
'plain-file'. Don't bind it. Remove #~#$.
(maybe-string->file): New procedure.
(operating-system-etc-directory): Use it.
(%sudoers-specification): Use 'plain-file'.
* doc/guix.texi (operating-system Reference): Adjust accordingly.
---
doc/guix.texi | 3 ++-
gnu/system.scm | 32 +++++++++++++++++++++++++-------
2 files changed, 27 insertions(+), 8 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 2082fd7..ecdfa1b 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -4556,7 +4556,8 @@ List of string-valued G-expressions denoting setuid
programs.
@item @code{sudoers} (default: @var{%sudoers-specification})
@cindex sudoers
-The contents of the @file{/etc/sudoers} file as a string.
+The contents of the @file{/etc/sudoers} file as a file-like object
+(@pxref{G-Expressions, @code{local-file} and @code{plain-file}}).
This file specifies which users can use the @command{sudo} command, what
they are allowed to do, and what privileges they may gain. The default
diff --git a/gnu/system.scm b/gnu/system.scm
index c4a3bee..ede0a6f 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -25,6 +25,7 @@
#:use-module (guix packages)
#:use-module (guix derivations)
#:use-module (guix profiles)
+ #:use-module (guix ui)
#:use-module (gnu packages base)
#:use-module (gnu packages bash)
#:use-module (gnu packages guile)
@@ -147,7 +148,7 @@
(setuid-programs operating-system-setuid-programs
(default %setuid-programs)) ; list of string-valued gexps
- (sudoers operating-system-sudoers ; /etc/sudoers contents
+ (sudoers operating-system-sudoers ; file-like
(default %sudoers-specification)))
@@ -439,11 +440,10 @@ on SHELLS. /etc/shells is used by xterm, polkit, and
other programs."
(pam-services '())
(profile "/run/current-system/profile")
hosts-file nss (shells '())
- (sudoers ""))
+ (sudoers (plain-file "sudoers" "")))
"Return a derivation that builds the static part of the /etc directory."
(mlet* %store-monad
((pam.d (pam-services->directory pam-services))
- (sudoers (text-file "sudoers" sudoers))
(login.defs (text-file "login.defs" "# Empty for now.\n"))
(shells (shells-file shells))
(emacs (emacs-site-directory))
@@ -540,7 +540,7 @@ fi\n"))
("hosts" ,#~#$hosts-file)
("localtime" ,#~(string-append #$tzdata "/share/zoneinfo/"
#$timezone))
- ("sudoers" ,#~#$sudoers)))))
+ ("sudoers" ,sudoers)))))
(define (operating-system-profile os)
"Return a derivation that builds the system profile of OS."
@@ -570,6 +570,21 @@ fi\n"))
(return (append users
(append-map service-user-accounts services)))))
+(define (maybe-string->file file-name thing)
+ "If THING is a string, return a <plain-file> with THING as its content.
+Otherwise just return THING.
+
+This is for backward-compatibility of fields that used to be strings and are
+now file-like objects.."
+ (match thing
+ ((? string?)
+ (warning (_ "using a string for file '~a' is deprecated; \
+use 'plain-file' instead~%")
+ file-name)
+ (plain-file file-name thing))
+ (x
+ x)))
+
(define (operating-system-etc-directory os)
"Return that static part of the /etc directory of OS."
(mlet* %store-monad
@@ -591,7 +606,9 @@ fi\n"))
#:timezone (operating-system-timezone os)
#:hosts-file /etc/hosts
#:shells shells
- #:sudoers (operating-system-sudoers os)
+ #:sudoers (maybe-string->file
+ "sudoers"
+ (operating-system-sudoers os))
#:profile profile-drv)))
(define %setuid-programs
@@ -608,8 +625,9 @@ fi\n"))
;; group can do anything. See
;; <http://www.sudo.ws/sudo/man/1.8.10/sudoers.man.html>.
;; TODO: Add a declarative API.
- "root ALL=(ALL) ALL
-%wheel ALL=(ALL) ALL\n")
+ (plain-file "sudoers" "\
+root ALL=(ALL) ALL
+%wheel ALL=(ALL) ALL\n"))
(define (user-group->gexp group)
"Turn GROUP, a <user-group> object, into a list-valued gexp suitable for