diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2021-09-07 11:04:44 +0200 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2021-09-07 14:19:08 +0200 |
| commit | d9dfbf886ddbb92dfdaa118bb9765e78aad5c53a (patch) | |
| tree | 2732020de20a38c09b66a60b0cb36022799f7c2e /gnu/system | |
| parent | b949f34f31a045eb0fb242b81a223178fb6994d3 (diff) | |
| parent | 49922efb11da0f0e9d4f5979d081de5ea8c99d25 (diff) | |
| download | guix-d9dfbf886ddbb92dfdaa118bb9765e78aad5c53a.tar.gz | |
Merge branch 'master' into core-updates-frozen
Diffstat (limited to 'gnu/system')
| -rw-r--r-- | gnu/system/examples/asus-c201.tmpl | 2 | ||||
| -rw-r--r-- | gnu/system/examples/bare-bones.tmpl | 2 | ||||
| -rw-r--r-- | gnu/system/examples/bare-hurd.tmpl | 2 | ||||
| -rw-r--r-- | gnu/system/examples/beaglebone-black.tmpl | 2 | ||||
| -rw-r--r-- | gnu/system/examples/desktop.tmpl | 2 | ||||
| -rw-r--r-- | gnu/system/examples/docker-image.tmpl | 2 | ||||
| -rw-r--r-- | gnu/system/examples/lightweight-desktop.tmpl | 2 | ||||
| -rw-r--r-- | gnu/system/examples/vm-image.tmpl | 2 | ||||
| -rw-r--r-- | gnu/system/examples/yggdrasil.tmpl | 2 | ||||
| -rw-r--r-- | gnu/system/hurd.scm | 22 | ||||
| -rw-r--r-- | gnu/system/images/hurd.scm | 2 | ||||
| -rw-r--r-- | gnu/system/images/novena.scm | 2 | ||||
| -rw-r--r-- | gnu/system/images/pine64.scm | 2 | ||||
| -rw-r--r-- | gnu/system/images/pinebook-pro.scm | 4 | ||||
| -rw-r--r-- | gnu/system/images/rock64.scm | 2 | ||||
| -rw-r--r-- | gnu/system/install.scm | 10 | ||||
| -rw-r--r-- | gnu/system/pam.scm | 21 | ||||
| -rw-r--r-- | gnu/system/vm.scm | 4 |
18 files changed, 52 insertions, 35 deletions
diff --git a/gnu/system/examples/asus-c201.tmpl b/gnu/system/examples/asus-c201.tmpl index c08f85367f..6b6aa706fa 100644 --- a/gnu/system/examples/asus-c201.tmpl +++ b/gnu/system/examples/asus-c201.tmpl @@ -14,7 +14,7 @@ ;; "my-root" is the label of the target root file system. (bootloader (bootloader-configuration (bootloader depthcharge-bootloader) - (target "/dev/mmcblk0p1"))) + (targets '("/dev/mmcblk0p1")))) ;; The ASUS C201PA requires a very particular kernel to boot, ;; as well as the following arguments. diff --git a/gnu/system/examples/bare-bones.tmpl b/gnu/system/examples/bare-bones.tmpl index 1035ab1d60..387e4b12ba 100644 --- a/gnu/system/examples/bare-bones.tmpl +++ b/gnu/system/examples/bare-bones.tmpl @@ -15,7 +15,7 @@ ;; root file system. (bootloader (bootloader-configuration (bootloader grub-bootloader) - (target "/dev/sdX"))) + (targets '("/dev/sdX")))) (file-systems (cons (file-system (device (file-system-label "my-root")) (mount-point "/") diff --git a/gnu/system/examples/bare-hurd.tmpl b/gnu/system/examples/bare-hurd.tmpl index 135ed23cb6..f0dd0cf742 100644 --- a/gnu/system/examples/bare-hurd.tmpl +++ b/gnu/system/examples/bare-hurd.tmpl @@ -32,7 +32,7 @@ (inherit %hurd-default-operating-system) (bootloader (bootloader-configuration (bootloader grub-minimal-bootloader) - (target "/dev/sdX"))) + (targets '("/dev/sdX")))) (file-systems (cons (file-system (device (file-system-label "my-root")) (mount-point "/") diff --git a/gnu/system/examples/beaglebone-black.tmpl b/gnu/system/examples/beaglebone-black.tmpl index def05e807d..90dab62062 100644 --- a/gnu/system/examples/beaglebone-black.tmpl +++ b/gnu/system/examples/beaglebone-black.tmpl @@ -14,7 +14,7 @@ ;; the label of the target root file system. (bootloader (bootloader-configuration (bootloader u-boot-beaglebone-black-bootloader) - (target "/dev/mmcblk1"))) + (targets '("/dev/mmcblk1")))) ;; This module is required to mount the SD card. (initrd-modules (cons "omap_hsmmc" %base-initrd-modules)) diff --git a/gnu/system/examples/desktop.tmpl b/gnu/system/examples/desktop.tmpl index 716b9feb8d..c928008c92 100644 --- a/gnu/system/examples/desktop.tmpl +++ b/gnu/system/examples/desktop.tmpl @@ -19,7 +19,7 @@ ;; Partition mounted on /boot/efi. (bootloader (bootloader-configuration (bootloader grub-efi-bootloader) - (target "/boot/efi") + (targets '("/boot/efi")) (keyboard-layout keyboard-layout))) ;; Specify a mapped device for the encrypted root partition. diff --git a/gnu/system/examples/docker-image.tmpl b/gnu/system/examples/docker-image.tmpl index ca633cc838..bdc6afa6f0 100644 --- a/gnu/system/examples/docker-image.tmpl +++ b/gnu/system/examples/docker-image.tmpl @@ -35,7 +35,7 @@ ;; This will be ignored. (bootloader (bootloader-configuration (bootloader grub-bootloader) - (target "does-not-matter"))) + (targets '("does-not-matter")))) ;; This will be ignored, too. (file-systems (list (file-system (device "does-not-matter") diff --git a/gnu/system/examples/lightweight-desktop.tmpl b/gnu/system/examples/lightweight-desktop.tmpl index d5a63dc457..d4330ecc8e 100644 --- a/gnu/system/examples/lightweight-desktop.tmpl +++ b/gnu/system/examples/lightweight-desktop.tmpl @@ -16,7 +16,7 @@ ;; Partition mounted on /boot/efi. (bootloader (bootloader-configuration (bootloader grub-efi-bootloader) - (target "/boot/efi"))) + (targets '("/boot/efi")))) ;; Assume the target root file system is labelled "my-root", ;; and the EFI System Partition has UUID 1234-ABCD. diff --git a/gnu/system/examples/vm-image.tmpl b/gnu/system/examples/vm-image.tmpl index 697019e877..a59d91587b 100644 --- a/gnu/system/examples/vm-image.tmpl +++ b/gnu/system/examples/vm-image.tmpl @@ -51,7 +51,7 @@ accounts.\x1b[0m ;; Adjust as needed. (bootloader (bootloader-configuration (bootloader grub-bootloader) - (target "/dev/vda") + (targets '("/dev/vda")) (terminal-outputs '(console)))) (file-systems (cons (file-system (mount-point "/") diff --git a/gnu/system/examples/yggdrasil.tmpl b/gnu/system/examples/yggdrasil.tmpl index be80bf4de9..4d34f49b54 100644 --- a/gnu/system/examples/yggdrasil.tmpl +++ b/gnu/system/examples/yggdrasil.tmpl @@ -15,7 +15,7 @@ ;; root file system. (bootloader (bootloader-configuration (bootloader grub-bootloader) - (target "/dev/sdX"))) + (targets '("/dev/sdX")))) (file-systems (cons (file-system (device (file-system-label "my-root")) (mount-point "/") diff --git a/gnu/system/hurd.scm b/gnu/system/hurd.scm index 8f3a27834b..e976494d74 100644 --- a/gnu/system/hurd.scm +++ b/gnu/system/hurd.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2020 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2020, 2021 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org> ;;; ;;; This file is part of GNU Guix. @@ -39,6 +39,7 @@ #:use-module (gnu services hurd) #:use-module (gnu services shepherd) #:use-module (gnu system) + #:use-module (gnu system setuid) #:use-module (gnu system shadow) #:use-module (gnu system vm) #:export (%base-packages/hurd @@ -92,14 +93,15 @@ (define %setuid-programs/hurd ;; Default set of setuid-root programs. - (list (file-append shadow "/bin/passwd") - (file-append shadow "/bin/sg") - (file-append shadow "/bin/su") - (file-append shadow "/bin/newgrp") - (file-append shadow "/bin/newuidmap") - (file-append shadow "/bin/newgidmap") - (file-append sudo "/bin/sudo") - (file-append sudo "/bin/sudoedit"))) + (map file-like->setuid-program + (list (file-append shadow "/bin/passwd") + (file-append shadow "/bin/sg") + (file-append shadow "/bin/su") + (file-append shadow "/bin/newgrp") + (file-append shadow "/bin/newuidmap") + (file-append shadow "/bin/newgidmap") + (file-append sudo "/bin/sudo") + (file-append sudo "/bin/sudoedit")))) (define %hurd-default-operating-system (operating-system @@ -108,7 +110,7 @@ (hurd hurd) (bootloader (bootloader-configuration (bootloader grub-minimal-bootloader) - (target "/dev/vda"))) + (targets '("/dev/vda")))) (initrd #f) (initrd-modules (lambda _ '())) (firmware '()) diff --git a/gnu/system/images/hurd.scm b/gnu/system/images/hurd.scm index eac5b7f7e6..fc2dbe3209 100644 --- a/gnu/system/images/hurd.scm +++ b/gnu/system/images/hurd.scm @@ -42,7 +42,7 @@ (inherit %hurd-default-operating-system) (bootloader (bootloader-configuration (bootloader grub-minimal-bootloader) - (target "/dev/sdX"))) + (targets '("/dev/sdX")))) (file-systems (cons (file-system (device (file-system-label "my-root")) (mount-point "/") diff --git a/gnu/system/images/novena.scm b/gnu/system/images/novena.scm index 1cd724ff88..63227af509 100644 --- a/gnu/system/images/novena.scm +++ b/gnu/system/images/novena.scm @@ -39,7 +39,7 @@ (locale "en_US.utf8") (bootloader (bootloader-configuration (bootloader u-boot-novena-bootloader) - (target "/dev/vda"))) + (targets '("/dev/vda")))) (initrd-modules '("sdhci-esdhc-imx" "ahci_imx" "i2c-dev")) ;(kernel linux-libre-arm-generic) (kernel-arguments '("console=ttymxc1,115200")) diff --git a/gnu/system/images/pine64.scm b/gnu/system/images/pine64.scm index 613acd5cfd..808c71295f 100644 --- a/gnu/system/images/pine64.scm +++ b/gnu/system/images/pine64.scm @@ -38,7 +38,7 @@ (locale "en_US.utf8") (bootloader (bootloader-configuration (bootloader u-boot-pine64-lts-bootloader) - (target "/dev/vda"))) + (targets '("/dev/vda")))) (initrd-modules '()) (kernel linux-libre-arm64-generic) (file-systems (cons (file-system diff --git a/gnu/system/images/pinebook-pro.scm b/gnu/system/images/pinebook-pro.scm index b56a7ea409..b6b844cef6 100644 --- a/gnu/system/images/pinebook-pro.scm +++ b/gnu/system/images/pinebook-pro.scm @@ -38,7 +38,7 @@ (locale "en_US.utf8") (bootloader (bootloader-configuration (bootloader u-boot-pinebook-pro-rk3399-bootloader) - (target "/dev/vda"))) + (targets '("/dev/vda")))) (initrd-modules '()) (kernel linux-libre-arm64-generic) (file-systems (cons (file-system @@ -49,7 +49,7 @@ (services (cons (service agetty-service-type (agetty-configuration (extra-options '("-L")) ; no carrier detect - (baud-rate "115200") + (baud-rate "1500000") (term "vt100") (tty "ttyS2"))) %base-services)))) diff --git a/gnu/system/images/rock64.scm b/gnu/system/images/rock64.scm index 3f193e8528..68d3742adc 100644 --- a/gnu/system/images/rock64.scm +++ b/gnu/system/images/rock64.scm @@ -39,7 +39,7 @@ (locale "en_US.utf8") (bootloader (bootloader-configuration (bootloader u-boot-rock64-rk3328-bootloader) - (target "/dev/sda"))) + (targets '("/dev/sda")))) (initrd-modules '()) (kernel linux-libre-arm64-generic) (file-systems (cons (file-system diff --git a/gnu/system/install.scm b/gnu/system/install.scm index 7fa5c15324..7b394184ad 100644 --- a/gnu/system/install.scm +++ b/gnu/system/install.scm @@ -25,6 +25,7 @@ (define-module (gnu system install) #:use-module (gnu) #:use-module (gnu system) + #:use-module (gnu system setuid) #:use-module (gnu bootloader u-boot) #:use-module (guix gexp) #:use-module (guix store) @@ -453,7 +454,7 @@ Access documentation at any time by pressing Alt-F2.\x1b[0m (name-service-switch %mdns-host-lookup-nss) (bootloader (bootloader-configuration (bootloader grub-bootloader) - (target "/dev/sda"))) + (targets '("/dev/sda")))) (label (string-append "GNU Guix installation " (package-version guix))) @@ -502,7 +503,8 @@ Access documentation at any time by pressing Alt-F2.\x1b[0m ;; We don't need setuid programs, except for 'passwd', which can be handy ;; if one is to allow remote SSH login to the machine being installed. - (setuid-programs (list (file-append shadow "/bin/passwd"))) + (setuid-programs (list (setuid-program + (program (file-append shadow "/bin/passwd"))))) (pam-services ;; Explicitly allow for empty passwords. @@ -528,7 +530,7 @@ operating-system's kernel-arguments (\"console=ttyS0\" or similar)." (bootloader (bootloader-configuration (bootloader (bootloader (inherit u-boot-bootloader) (package (make-u-boot-package board triplet)))) - (target bootloader-target))))) + (targets (list bootloader-target)))))) (define* (embedded-installation-os bootloader bootloader-target tty #:key (extra-modules '())) @@ -540,7 +542,7 @@ The bootloader BOOTLOADER is installed to BOOTLOADER-TARGET." (inherit installation-os) (bootloader (bootloader-configuration (bootloader bootloader) - (target bootloader-target))) + (targets (list bootloader-target)))) (kernel linux-libre) (kernel-arguments (cons (string-append "console=" tty) diff --git a/gnu/system/pam.scm b/gnu/system/pam.scm index ad02586be8..a31daada59 100644 --- a/gnu/system/pam.scm +++ b/gnu/system/pam.scm @@ -27,6 +27,7 @@ #:use-module (srfi srfi-11) #:use-module (srfi srfi-26) #:use-module ((guix utils) #:select (%current-system)) + #:use-module (gnu packages linux) #:export (pam-service pam-service-name pam-service-account @@ -207,14 +208,16 @@ dumped in /etc/pam.d/NAME, where NAME is the name of SERVICE." (env (pam-entry ; to honor /etc/environment. (control "required") (module "pam_env.so")))) - (lambda* (name #:key allow-empty-passwords? (allow-root? #f) motd - login-uid?) + (lambda* (name #:key allow-empty-passwords? allow-root? motd + login-uid? gnupg?) "Return a standard Unix-style PAM service for NAME. When ALLOW-EMPTY-PASSWORDS? is true, allow empty passwords. When ALLOW-ROOT? is true, allow root to run the command without authentication. When MOTD is true, it should be a file-like object used as the message-of-the-day. When LOGIN-UID? is true, require the 'pam_loginuid' module; that module sets -/proc/self/loginuid, which the libc 'getlogin' function relies on." +/proc/self/loginuid, which the libc 'getlogin' function relies on. When +GNUPG? is true, require the 'pam_gnupg.so' module; that module hands over +the login password to 'gpg-agent'." ;; See <http://www.linux-pam.org/Linux-PAM-html/sag-configuration-example.html>. (pam-service (name name) @@ -229,7 +232,12 @@ When LOGIN-UID? is true, require the 'pam_loginuid' module; that module sets (control "required") (module "pam_unix.so") (arguments '("nullok"))) - unix)))) + unix)) + (if gnupg? + (list (pam-entry + (control "required") + (module (file-append pam-gnupg "/lib/security/pam_gnupg.so")))) + '()))) (password (list (pam-entry (control "required") (module "pam_unix.so") @@ -247,6 +255,11 @@ When LOGIN-UID? is true, require the 'pam_loginuid' module; that module sets (control "required") (module "pam_loginuid.so"))) '()) + ,@(if gnupg? + (list (pam-entry + (control "required") + (module (file-append pam-gnupg "/lib/security/pam_gnupg.so")))) + '()) ,env ,unix)))))) (define (rootok-pam-service command) diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm index da076a95f9..72b2656ccb 100644 --- a/gnu/system/vm.scm +++ b/gnu/system/vm.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org> -;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org> +;;; Copyright © 2016 Christine Lemmer-Webber <cwebber@dustycloud.org> ;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name> ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> @@ -630,7 +630,7 @@ environment with the store shared with the host. MAPPINGS is a list of (bootloader (bootloader-configuration (inherit (operating-system-bootloader os)) (bootloader grub-bootloader) - (target "/dev/vda"))) + (targets '("/dev/vda")))) (initrd (lambda (file-systems . rest) (apply (operating-system-initrd os) |