[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/03: system: Validate sudoers file when building the system.
|
From: |
guix-commits |
|
Subject: |
02/03: system: Validate sudoers file when building the system. |
|
Date: |
Mon, 24 Aug 2020 17:25:15 -0400 (EDT) |
civodul pushed a commit to branch master
in repository guix.
commit 384377632c41c5c42e32889f4a239223aaae1ca9
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Mon Aug 24 17:02:48 2020 +0200
system: Validate sudoers file when building the system.
Suggested by pkill9 <pkill9@runbox.com>.
* gnu/system.scm (validated-sudoers-file): New procedure.
(operating-system-etc-service): Use it.
---
gnu/system.scm | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/gnu/system.scm b/gnu/system.scm
index 5dd2f7f..f092df5 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -747,6 +747,18 @@ This is the GNU system. Welcome.\n")
"Return the default /etc/hosts file."
(plain-file "hosts" (local-host-aliases host-name)))
+(define (validated-sudoers-file file)
+ "Return a copy of FILE, a sudoers file, after checking that it is
+syntactically correct."
+ (computed-file "sudoers"
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+
+ (invoke #+(file-append sudo "/sbin/visudo")
+ "--check" "--file" #$file)
+ (copy-file #$file #$output)))))
+
(define* (operating-system-etc-service os)
"Return a <service> that builds containing the static part of the /etc
directory."
@@ -873,7 +885,9 @@ fi\n")))
("timezone" ,(plain-file "timezone" (operating-system-timezone os)))
("localtime" ,(file-append tzdata "/share/zoneinfo/"
(operating-system-timezone os)))
- ,@(if sudoers `(("sudoers" ,sudoers)) '())
+ ,@(if sudoers
+ `(("sudoers" ,(validated-sudoers-file sudoers)))
+ '())
,@(if hurd
`(("login" ,(file-append hurd "/etc/login"))
("motd" ,(file-append hurd "/etc/motd"))