summary refs log tree commit diff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2015-06-05 20:22:47 +0200
committerLudovic Courtès <ludo@gnu.org>2015-06-05 20:22:47 +0200
commit847658395e399d6d4ef21a247dbad02a9c921400 (patch)
treef673856c3219a507861a4917d791588efdf5bc62
parent343eacbec9d9aa2aed5f9c44b9473cc9dc5e9753 (diff)
downloadguix-847658395e399d6d4ef21a247dbad02a9c921400.tar.gz
system: 'sudoers' is now a file-like object.
Partly fixes <http://bugs.gnu.org/20720>
Reported by Alex Kost <alezost@gmail.com>.

* gnu/system.scm (etc-directory): Change default #:sudoers value to a
  'plain-file'.  Don't bind it.  Remove #~#$.
  (maybe-string->file): New procedure.
  (operating-system-etc-directory): Use it.
  (%sudoers-specification): Use 'plain-file'.
* doc/guix.texi (operating-system Reference): Adjust accordingly.
-rw-r--r--doc/guix.texi3
-rw-r--r--gnu/system.scm32
2 files changed, 27 insertions, 8 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 2082fd765c..ecdfa1b1ce 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -4556,7 +4556,8 @@ List of string-valued G-expressions denoting setuid programs.
 
 @item @code{sudoers} (default: @var{%sudoers-specification})
 @cindex sudoers
-The contents of the @file{/etc/sudoers} file as a string.
+The contents of the @file{/etc/sudoers} file as a file-like object
+(@pxref{G-Expressions, @code{local-file} and @code{plain-file}}).
 
 This file specifies which users can use the @command{sudo} command, what
 they are allowed to do, and what privileges they may gain.  The default
diff --git a/gnu/system.scm b/gnu/system.scm
index c4a3bee0eb..ede0a6f004 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -25,6 +25,7 @@
   #:use-module (guix packages)
   #:use-module (guix derivations)
   #:use-module (guix profiles)
+  #:use-module (guix ui)
   #:use-module (gnu packages base)
   #:use-module (gnu packages bash)
   #:use-module (gnu packages guile)
@@ -147,7 +148,7 @@
   (setuid-programs operating-system-setuid-programs
                    (default %setuid-programs))    ; list of string-valued gexps
 
-  (sudoers operating-system-sudoers               ; /etc/sudoers contents
+  (sudoers operating-system-sudoers               ; file-like
            (default %sudoers-specification)))
 
 
@@ -439,11 +440,10 @@ on SHELLS.  /etc/shells is used by xterm, polkit, and other programs."
                         (pam-services '())
                         (profile "/run/current-system/profile")
                         hosts-file nss (shells '())
-                        (sudoers ""))
+                        (sudoers (plain-file "sudoers" "")))
   "Return a derivation that builds the static part of the /etc directory."
   (mlet* %store-monad
       ((pam.d      (pam-services->directory pam-services))
-       (sudoers    (text-file "sudoers" sudoers))
        (login.defs (text-file "login.defs" "# Empty for now.\n"))
        (shells     (shells-file shells))
        (emacs      (emacs-site-directory))
@@ -540,7 +540,7 @@ fi\n"))
                   ("hosts" ,#~#$hosts-file)
                   ("localtime" ,#~(string-append #$tzdata "/share/zoneinfo/"
                                                  #$timezone))
-                  ("sudoers" ,#~#$sudoers)))))
+                  ("sudoers" ,sudoers)))))
 
 (define (operating-system-profile os)
   "Return a derivation that builds the system profile of OS."
@@ -570,6 +570,21 @@ fi\n"))
     (return (append users
                     (append-map service-user-accounts services)))))
 
+(define (maybe-string->file file-name thing)
+  "If THING is a string, return a <plain-file> with THING as its content.
+Otherwise just return THING.
+
+This is for backward-compatibility of fields that used to be strings and are
+now file-like objects.."
+  (match thing
+    ((? string?)
+     (warning (_ "using a string for file '~a' is deprecated; \
+use 'plain-file' instead~%")
+              file-name)
+     (plain-file file-name thing))
+    (x
+     x)))
+
 (define (operating-system-etc-directory os)
   "Return that static part of the /etc directory of OS."
   (mlet* %store-monad
@@ -591,7 +606,9 @@ fi\n"))
                   #:timezone (operating-system-timezone os)
                   #:hosts-file /etc/hosts
                   #:shells shells
-                  #:sudoers (operating-system-sudoers os)
+                  #:sudoers (maybe-string->file
+                             "sudoers"
+                             (operating-system-sudoers os))
                   #:profile profile-drv)))
 
 (define %setuid-programs
@@ -608,8 +625,9 @@ fi\n"))
   ;; group can do anything.  See
   ;; <http://www.sudo.ws/sudo/man/1.8.10/sudoers.man.html>.
   ;; TODO: Add a declarative API.
-  "root ALL=(ALL) ALL
-%wheel ALL=(ALL) ALL\n")
+  (plain-file "sudoers" "\
+root ALL=(ALL) ALL
+%wheel ALL=(ALL) ALL\n"))
 
 (define (user-group->gexp group)
   "Turn GROUP, a <user-group> object, into a list-valued gexp suitable for