activation: Set the permissions of /etc/sudoers to 440.
* gnu/build/activation.scm (activate-etc): Move 'rm-f' to a local
'define'. When TARGET is "sudoers", make it 440.
activation: Make the /bin/sh symlink at activation time.
* gnu/build/install.scm (directives): Remove "/bin/sh".
* gnu/build/activation.scm (activate-/bin/sh): New procedure.
* gnu/system.scm (operating-system-activation-script): Use it.
activation: Make sure /etc/sudoers & co. are regular files.
Before that, 'sudo' would exit with:
sudo: /etc/sudoers is not a regular file
sudo: no valid sudoers sources found, quitting
* gnu/build/activation.scm (activate-etc): Check if SOURCE matches
'file-is-directory?'. If not, use 'copy-file' instead of 'symlink'.
activation: Remove outdated comment.
* gnu/build/activation.scm (activate-etc): Remove outdated comment.
activation: Factorize the link-or-copy trick.
* gnu/build/activation.scm (link-or-copy): New procedure.
(activate-setuid-programs): Use it.
Rename (gnu build linux-initrd) to (gnu build linux-boot).
* gnu/build/linux-initrd.scm: Rename to...
* gnu/build/linux-boot.scm: ... this.
* gnu-system.am (GNU_SYSTEM_MODULES): Adjust accordingly.
* gnu/build/activation.scm, gnu/build/vm.scm, gnu/services/base.scm,
gnu/services/dmd.scm, gnu/system.scm, gnu/system/linux-initrd.scm,
gnu/system/vm.scm: Adjust accordingly.
Move operating system helpers from (guix build …) to (gnu build …).
* guix/build/activation.scm, guix/build/install.scm,
guix/build/linux-initrd.scm, guix/build/vm.scm: Move to...
* gnu/build: ... here.
* Makefile.am (MODULES): Remove the above guix/build/ files.
* gnu-system.am (GNU_SYSTEM_MODULES): Add the above gnu/build/ files
here.
* gnu/services/base.scm, gnu/services/dmd.scm, gnu/system.scm,
gnu/system/linux-initrd.scm, gnu/system/vm.scm,
guix/scripts/system.scm: Adjust to the new module names.
system: Add the 'system?' field for user groups.
Suggested by Mark H. Weaver.
* gnu/system/shadow.scm (<user-group>)[system?]: New field.
(%base-groups): Introduce 'system-group' macro, and use it.
* gnu/system.scm (user-group->gexp): Pass the 'system?' field.
* guix/build/activation.scm (add-group): Add #:system? and honor it.
(activate-users+groups): Handle the 'system?' field.
* gnu/system/file-systems.scm (%tty-gid): Choose an ID below 1000.
* doc/guix.texi (User Accounts): Document the 'system?' field.
system: Add a 'system?' field to user accounts.
* gnu/system/shadow.scm (<user-account>)[system?]: New field.
* gnu/system.scm (user-account->gexp): Add it.
* guix/build/activation.scm (add-user): Add #:system? parameter and
honor it.
(activate-users+groups): Handle the 'system?' part of user tuples.
Pass it to 'add-user'. Don't create PROFILE-DIR when SYSTEM? is
true.
* gnu/services/dbus.scm (dbus-service): Add 'system?' field for
"messagebus" account.
* gnu/services/base.scm (guix-build-accounts): Likewise.
* gnu/services/avahi.scm (avahi-service): Likewise.
activation: Preserve /etc/groups upon reboots.
This is a followup to e2fcc23. The /etc/group file would be cleared
when booting.
* guix/build/activation.scm (activate-users+groups)[touch]: Rewrite so
it does not wipe out FILE's contents.
Merge branch 'master' into core-updates
activation: Only create groups that do not exist yet.
Before that the effect would be to re-create groups at each boot, and
thus remove any members of the groups.
* guix/build/activation.scm (activate-users+groups): Call 'add-group'
only when (getgrname name) fails.
Merge branch 'master' into core-updates
system: Separate the activation script from the boot script.
* gnu/system.scm (operating-system-activation-script): New procedure,
containing most of the former 'operating-system-boot-script'.
(operating-system-boot-script): Call it, and 'primitive-load' its
result.
* guix/build/activation.scm (%booted-system): Remove.
(activate-current-system): Remove #:boot? parameter and related code.
system: Make /run/current-system at activation time.
* gnu/system.scm (etc-directory): Change default value of #:profile.
Change contents of SHELLS. Use /run/current-system/profile/{s,}bin in
BASHRC.
(operating-system-boot-script)[%modules]: Add (guix build
linux-initrd). Add call to 'activate-current-system' in gexp.
(operating-system-initrd-file, operating-system-grub.cfg): New
procedures.
(operating-system-derivation): Don't build grub.cfg here and remove it
from the file union.
* gnu/system/vm.scm (qemu-image): Remove #:populate.
(operating-system-build-gid, operating-system-default-contents):
Remove.
(system-qemu-image): Remove call to
'operating-system-default-contents'. Use 'operating-system-grub.cfg'
to get grub.cfg. Add GRUB.CFG to #:inputs.
(system-qemu-image/shared-store): Likewise, but don't add GRUB.CFG to
#:inputs.
(system-qemu-image/shared-store-script): Pass --system kernel option.
* guix/build/activation.scm (%booted-system, %current-system): New
variables.
(boot-time-system, activate-current-system): New procedures.
* guix/build/install.scm (evaluate-populate-directive): Add case
for ('directory name uid gid mode).
(directives, populate-root-file-system): New procedures.
* guix/build/vm.scm (initialize-hard-disk): Replace calls to
'evaluate-populate-directive' by a call to
'populate-root-file-system'.
* gnu/services/dmd.scm (dmd-configuration-file): Use
/run/current-system/profile/bin.
* gnu/services/xorg.scm (slim-service): Likewise.
activation: Silence warning from 'useradd'.
* guix/build/activation.scm (add-user): Don't pass '--create-home' when
HOME already exists.
system: Make accounts and groups at activation time.
* gnu/services/base.scm (guix-build-accounts): Remove #:gid parameter;
add #:group. Remove 'password' and 'gid' fields in 'user-account'
form, and add 'group'.
(guix-service): Remove #:build-user-gid parameter. Remove 'id' field
in 'user-group' form.
* gnu/system.scm (etc-directory): Remove #:groups and #:accounts. No
longer produce files "passwd", "shadow", and "group". Adjust caller
accordingly.
(%root-account): New variable.
(operating-system-accounts): Add 'users' variable. Add %ROOT-ACCOUNT
only of 'operating-system-users' doesn't already contain a root
account.
(user-group->gexp, user-account->gexp): New procedures.
(operating-system-boot-script): Add calls to 'setenv' and
'activate-users+groups' in gexp.
* gnu/system/linux.scm (base-pam-services): Add PAM services for
"user{add,del,mode}" and "group{add,del,mod}".
* gnu/system/shadow.scm (<user-account>)[gid]: Rename to...
[group]: ... this.
[supplementary-groups]: New field.
[uid, password]: Default to #f.
(<user-group>)[id]: Default to #f.
(group-file, passwd-file): Remove.
* gnu/system/vm.scm (operating-system-default-contents)[user-directories]:
Remove. Add "/home" to the directives.
* guix/build/activation.scm (add-group, add-user,
activate-users+groups): New procedures.
activation: Fix deletion of setuid programs.
* guix/build/activation.scm (activate-setuid-programs): When
%SETUID-DIRECTORY exists, pass the right file names to 'delete-file'.
system: Add support for setuid binaries.
* gnu/system.scm (<operating-system>)[pam-services, setuid-programs]:
New fields.
(etc-directory)[bashrc]: Prepend /run/setuid-programs to $PATH.
(operating-system-etc-directory): Honor
'operating-system-pam-services'.
(%setuid-programs): New variable.
(operating-system-boot-script): Add (guix build utils) to the set of
imported modules. Call 'activate-setuid-programs' in boot script.
* gnu/system/linux.scm (base-pam-services): New procedure.
* guix/build/activation.scm (%setuid-directory): New variable.
(activate-setuid-programs): New procedure.
* build-aux/hydra/demo-os.scm: Add 'pam-services' field.
system: Add (guix build activation).
* gnu/services/dmd.scm (dmd-configuration-file): Remove 'etc'
parameter. Move /etc activation code to...
* guix/build/activation.scm: ... here; new file.
* gnu/system.scm (operating-system-boot-script): Augment script: add
(guix build activation) to the load path; call 'activate-etc'.
* Makefile.am (MODULES): Add guix/build/activation.scm.