diff options
author | Ludovic Courtès <ludo@gnu.org> | 2020-08-24 17:02:48 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2020-08-24 23:23:57 +0200 |
commit | 384377632c41c5c42e32889f4a239223aaae1ca9 (patch) | |
tree | b080c748f35e710e51fbec3979ddfe3a930f3cfb | |
parent | 0d203eeaa69a42a914a9981449805014ab6b7b77 (diff) | |
download | guix-384377632c41c5c42e32889f4a239223aaae1ca9.tar guix-384377632c41c5c42e32889f4a239223aaae1ca9.tar.gz |
system: Validate sudoers file when building the system.
Suggested by pkill9 <pkill9@runbox.com>.
* gnu/system.scm (validated-sudoers-file): New procedure.
(operating-system-etc-service): Use it.
-rw-r--r-- | gnu/system.scm | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/gnu/system.scm b/gnu/system.scm index 5dd2f7f680..f092df56ce 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -747,6 +747,18 @@ This is the GNU system. Welcome.\n") "Return the default /etc/hosts file." (plain-file "hosts" (local-host-aliases host-name))) +(define (validated-sudoers-file file) + "Return a copy of FILE, a sudoers file, after checking that it is +syntactically correct." + (computed-file "sudoers" + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + + (invoke #+(file-append sudo "/sbin/visudo") + "--check" "--file" #$file) + (copy-file #$file #$output))))) + (define* (operating-system-etc-service os) "Return a <service> that builds containing the static part of the /etc directory." @@ -873,7 +885,9 @@ fi\n"))) ("timezone" ,(plain-file "timezone" (operating-system-timezone os))) ("localtime" ,(file-append tzdata "/share/zoneinfo/" (operating-system-timezone os))) - ,@(if sudoers `(("sudoers" ,sudoers)) '()) + ,@(if sudoers + `(("sudoers" ,(validated-sudoers-file sudoers))) + '()) ,@(if hurd `(("login" ,(file-append hurd "/etc/login")) ("motd" ,(file-append hurd "/etc/motd")) |