aboutsummaryrefslogtreecommitdiff
path: root/gnu/system
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2021-09-07 11:04:44 +0200
committerLudovic Courtès <ludo@gnu.org>2021-09-07 14:19:08 +0200
commitd9dfbf886ddbb92dfdaa118bb9765e78aad5c53a (patch)
tree2732020de20a38c09b66a60b0cb36022799f7c2e /gnu/system
parentb949f34f31a045eb0fb242b81a223178fb6994d3 (diff)
parent49922efb11da0f0e9d4f5979d081de5ea8c99d25 (diff)
downloadguix-d9dfbf886ddbb92dfdaa118bb9765e78aad5c53a.tar
guix-d9dfbf886ddbb92dfdaa118bb9765e78aad5c53a.tar.gz
Merge branch 'master' into core-updates-frozen
Diffstat (limited to 'gnu/system')
-rw-r--r--gnu/system/examples/asus-c201.tmpl2
-rw-r--r--gnu/system/examples/bare-bones.tmpl2
-rw-r--r--gnu/system/examples/bare-hurd.tmpl2
-rw-r--r--gnu/system/examples/beaglebone-black.tmpl2
-rw-r--r--gnu/system/examples/desktop.tmpl2
-rw-r--r--gnu/system/examples/docker-image.tmpl2
-rw-r--r--gnu/system/examples/lightweight-desktop.tmpl2
-rw-r--r--gnu/system/examples/vm-image.tmpl2
-rw-r--r--gnu/system/examples/yggdrasil.tmpl2
-rw-r--r--gnu/system/hurd.scm22
-rw-r--r--gnu/system/images/hurd.scm2
-rw-r--r--gnu/system/images/novena.scm2
-rw-r--r--gnu/system/images/pine64.scm2
-rw-r--r--gnu/system/images/pinebook-pro.scm4
-rw-r--r--gnu/system/images/rock64.scm2
-rw-r--r--gnu/system/install.scm10
-rw-r--r--gnu/system/pam.scm21
-rw-r--r--gnu/system/vm.scm4
18 files changed, 52 insertions, 35 deletions
diff --git a/gnu/system/examples/asus-c201.tmpl b/gnu/system/examples/asus-c201.tmpl
index c08f85367f..6b6aa706fa 100644
--- a/gnu/system/examples/asus-c201.tmpl
+++ b/gnu/system/examples/asus-c201.tmpl
@@ -14,7 +14,7 @@
;; "my-root" is the label of the target root file system.
(bootloader (bootloader-configuration
(bootloader depthcharge-bootloader)
- (target "/dev/mmcblk0p1")))
+ (targets '("/dev/mmcblk0p1"))))
;; The ASUS C201PA requires a very particular kernel to boot,
;; as well as the following arguments.
diff --git a/gnu/system/examples/bare-bones.tmpl b/gnu/system/examples/bare-bones.tmpl
index 1035ab1d60..387e4b12ba 100644
--- a/gnu/system/examples/bare-bones.tmpl
+++ b/gnu/system/examples/bare-bones.tmpl
@@ -15,7 +15,7 @@
;; root file system.
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
- (target "/dev/sdX")))
+ (targets '("/dev/sdX"))))
(file-systems (cons (file-system
(device (file-system-label "my-root"))
(mount-point "/")
diff --git a/gnu/system/examples/bare-hurd.tmpl b/gnu/system/examples/bare-hurd.tmpl
index 135ed23cb6..f0dd0cf742 100644
--- a/gnu/system/examples/bare-hurd.tmpl
+++ b/gnu/system/examples/bare-hurd.tmpl
@@ -32,7 +32,7 @@
(inherit %hurd-default-operating-system)
(bootloader (bootloader-configuration
(bootloader grub-minimal-bootloader)
- (target "/dev/sdX")))
+ (targets '("/dev/sdX"))))
(file-systems (cons (file-system
(device (file-system-label "my-root"))
(mount-point "/")
diff --git a/gnu/system/examples/beaglebone-black.tmpl b/gnu/system/examples/beaglebone-black.tmpl
index def05e807d..90dab62062 100644
--- a/gnu/system/examples/beaglebone-black.tmpl
+++ b/gnu/system/examples/beaglebone-black.tmpl
@@ -14,7 +14,7 @@
;; the label of the target root file system.
(bootloader (bootloader-configuration
(bootloader u-boot-beaglebone-black-bootloader)
- (target "/dev/mmcblk1")))
+ (targets '("/dev/mmcblk1"))))
;; This module is required to mount the SD card.
(initrd-modules (cons "omap_hsmmc" %base-initrd-modules))
diff --git a/gnu/system/examples/desktop.tmpl b/gnu/system/examples/desktop.tmpl
index 716b9feb8d..c928008c92 100644
--- a/gnu/system/examples/desktop.tmpl
+++ b/gnu/system/examples/desktop.tmpl
@@ -19,7 +19,7 @@
;; Partition mounted on /boot/efi.
(bootloader (bootloader-configuration
(bootloader grub-efi-bootloader)
- (target "/boot/efi")
+ (targets '("/boot/efi"))
(keyboard-layout keyboard-layout)))
;; Specify a mapped device for the encrypted root partition.
diff --git a/gnu/system/examples/docker-image.tmpl b/gnu/system/examples/docker-image.tmpl
index ca633cc838..bdc6afa6f0 100644
--- a/gnu/system/examples/docker-image.tmpl
+++ b/gnu/system/examples/docker-image.tmpl
@@ -35,7 +35,7 @@
;; This will be ignored.
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
- (target "does-not-matter")))
+ (targets '("does-not-matter"))))
;; This will be ignored, too.
(file-systems (list (file-system
(device "does-not-matter")
diff --git a/gnu/system/examples/lightweight-desktop.tmpl b/gnu/system/examples/lightweight-desktop.tmpl
index d5a63dc457..d4330ecc8e 100644
--- a/gnu/system/examples/lightweight-desktop.tmpl
+++ b/gnu/system/examples/lightweight-desktop.tmpl
@@ -16,7 +16,7 @@
;; Partition mounted on /boot/efi.
(bootloader (bootloader-configuration
(bootloader grub-efi-bootloader)
- (target "/boot/efi")))
+ (targets '("/boot/efi"))))
;; Assume the target root file system is labelled "my-root",
;; and the EFI System Partition has UUID 1234-ABCD.
diff --git a/gnu/system/examples/vm-image.tmpl b/gnu/system/examples/vm-image.tmpl
index 697019e877..a59d91587b 100644
--- a/gnu/system/examples/vm-image.tmpl
+++ b/gnu/system/examples/vm-image.tmpl
@@ -51,7 +51,7 @@ accounts.\x1b[0m
;; Adjust as needed.
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
- (target "/dev/vda")
+ (targets '("/dev/vda"))
(terminal-outputs '(console))))
(file-systems (cons (file-system
(mount-point "/")
diff --git a/gnu/system/examples/yggdrasil.tmpl b/gnu/system/examples/yggdrasil.tmpl
index be80bf4de9..4d34f49b54 100644
--- a/gnu/system/examples/yggdrasil.tmpl
+++ b/gnu/system/examples/yggdrasil.tmpl
@@ -15,7 +15,7 @@
;; root file system.
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
- (target "/dev/sdX")))
+ (targets '("/dev/sdX"))))
(file-systems (cons (file-system
(device (file-system-label "my-root"))
(mount-point "/")
diff --git a/gnu/system/hurd.scm b/gnu/system/hurd.scm
index 8f3a27834b..e976494d74 100644
--- a/gnu/system/hurd.scm
+++ b/gnu/system/hurd.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2020 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2020, 2021 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
;;;
;;; This file is part of GNU Guix.
@@ -39,6 +39,7 @@
#:use-module (gnu services hurd)
#:use-module (gnu services shepherd)
#:use-module (gnu system)
+ #:use-module (gnu system setuid)
#:use-module (gnu system shadow)
#:use-module (gnu system vm)
#:export (%base-packages/hurd
@@ -92,14 +93,15 @@
(define %setuid-programs/hurd
;; Default set of setuid-root programs.
- (list (file-append shadow "/bin/passwd")
- (file-append shadow "/bin/sg")
- (file-append shadow "/bin/su")
- (file-append shadow "/bin/newgrp")
- (file-append shadow "/bin/newuidmap")
- (file-append shadow "/bin/newgidmap")
- (file-append sudo "/bin/sudo")
- (file-append sudo "/bin/sudoedit")))
+ (map file-like->setuid-program
+ (list (file-append shadow "/bin/passwd")
+ (file-append shadow "/bin/sg")
+ (file-append shadow "/bin/su")
+ (file-append shadow "/bin/newgrp")
+ (file-append shadow "/bin/newuidmap")
+ (file-append shadow "/bin/newgidmap")
+ (file-append sudo "/bin/sudo")
+ (file-append sudo "/bin/sudoedit"))))
(define %hurd-default-operating-system
(operating-system
@@ -108,7 +110,7 @@
(hurd hurd)
(bootloader (bootloader-configuration
(bootloader grub-minimal-bootloader)
- (target "/dev/vda")))
+ (targets '("/dev/vda"))))
(initrd #f)
(initrd-modules (lambda _ '()))
(firmware '())
diff --git a/gnu/system/images/hurd.scm b/gnu/system/images/hurd.scm
index eac5b7f7e6..fc2dbe3209 100644
--- a/gnu/system/images/hurd.scm
+++ b/gnu/system/images/hurd.scm
@@ -42,7 +42,7 @@
(inherit %hurd-default-operating-system)
(bootloader (bootloader-configuration
(bootloader grub-minimal-bootloader)
- (target "/dev/sdX")))
+ (targets '("/dev/sdX"))))
(file-systems (cons (file-system
(device (file-system-label "my-root"))
(mount-point "/")
diff --git a/gnu/system/images/novena.scm b/gnu/system/images/novena.scm
index 1cd724ff88..63227af509 100644
--- a/gnu/system/images/novena.scm
+++ b/gnu/system/images/novena.scm
@@ -39,7 +39,7 @@
(locale "en_US.utf8")
(bootloader (bootloader-configuration
(bootloader u-boot-novena-bootloader)
- (target "/dev/vda")))
+ (targets '("/dev/vda"))))
(initrd-modules '("sdhci-esdhc-imx" "ahci_imx" "i2c-dev"))
;(kernel linux-libre-arm-generic)
(kernel-arguments '("console=ttymxc1,115200"))
diff --git a/gnu/system/images/pine64.scm b/gnu/system/images/pine64.scm
index 613acd5cfd..808c71295f 100644
--- a/gnu/system/images/pine64.scm
+++ b/gnu/system/images/pine64.scm
@@ -38,7 +38,7 @@
(locale "en_US.utf8")
(bootloader (bootloader-configuration
(bootloader u-boot-pine64-lts-bootloader)
- (target "/dev/vda")))
+ (targets '("/dev/vda"))))
(initrd-modules '())
(kernel linux-libre-arm64-generic)
(file-systems (cons (file-system
diff --git a/gnu/system/images/pinebook-pro.scm b/gnu/system/images/pinebook-pro.scm
index b56a7ea409..b6b844cef6 100644
--- a/gnu/system/images/pinebook-pro.scm
+++ b/gnu/system/images/pinebook-pro.scm
@@ -38,7 +38,7 @@
(locale "en_US.utf8")
(bootloader (bootloader-configuration
(bootloader u-boot-pinebook-pro-rk3399-bootloader)
- (target "/dev/vda")))
+ (targets '("/dev/vda"))))
(initrd-modules '())
(kernel linux-libre-arm64-generic)
(file-systems (cons (file-system
@@ -49,7 +49,7 @@
(services (cons (service agetty-service-type
(agetty-configuration
(extra-options '("-L")) ; no carrier detect
- (baud-rate "115200")
+ (baud-rate "1500000")
(term "vt100")
(tty "ttyS2")))
%base-services))))
diff --git a/gnu/system/images/rock64.scm b/gnu/system/images/rock64.scm
index 3f193e8528..68d3742adc 100644
--- a/gnu/system/images/rock64.scm
+++ b/gnu/system/images/rock64.scm
@@ -39,7 +39,7 @@
(locale "en_US.utf8")
(bootloader (bootloader-configuration
(bootloader u-boot-rock64-rk3328-bootloader)
- (target "/dev/sda")))
+ (targets '("/dev/sda"))))
(initrd-modules '())
(kernel linux-libre-arm64-generic)
(file-systems (cons (file-system
diff --git a/gnu/system/install.scm b/gnu/system/install.scm
index 7fa5c15324..7b394184ad 100644
--- a/gnu/system/install.scm
+++ b/gnu/system/install.scm
@@ -25,6 +25,7 @@
(define-module (gnu system install)
#:use-module (gnu)
#:use-module (gnu system)
+ #:use-module (gnu system setuid)
#:use-module (gnu bootloader u-boot)
#:use-module (guix gexp)
#:use-module (guix store)
@@ -453,7 +454,7 @@ Access documentation at any time by pressing Alt-F2.\x1b[0m
(name-service-switch %mdns-host-lookup-nss)
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
- (target "/dev/sda")))
+ (targets '("/dev/sda"))))
(label (string-append "GNU Guix installation "
(package-version guix)))
@@ -502,7 +503,8 @@ Access documentation at any time by pressing Alt-F2.\x1b[0m
;; We don't need setuid programs, except for 'passwd', which can be handy
;; if one is to allow remote SSH login to the machine being installed.
- (setuid-programs (list (file-append shadow "/bin/passwd")))
+ (setuid-programs (list (setuid-program
+ (program (file-append shadow "/bin/passwd")))))
(pam-services
;; Explicitly allow for empty passwords.
@@ -528,7 +530,7 @@ operating-system's kernel-arguments (\"console=ttyS0\" or similar)."
(bootloader (bootloader-configuration
(bootloader (bootloader (inherit u-boot-bootloader)
(package (make-u-boot-package board triplet))))
- (target bootloader-target)))))
+ (targets (list bootloader-target))))))
(define* (embedded-installation-os bootloader bootloader-target tty
#:key (extra-modules '()))
@@ -540,7 +542,7 @@ The bootloader BOOTLOADER is installed to BOOTLOADER-TARGET."
(inherit installation-os)
(bootloader (bootloader-configuration
(bootloader bootloader)
- (target bootloader-target)))
+ (targets (list bootloader-target))))
(kernel linux-libre)
(kernel-arguments
(cons (string-append "console=" tty)
diff --git a/gnu/system/pam.scm b/gnu/system/pam.scm
index ad02586be8..a31daada59 100644
--- a/gnu/system/pam.scm
+++ b/gnu/system/pam.scm
@@ -27,6 +27,7 @@
#:use-module (srfi srfi-11)
#:use-module (srfi srfi-26)
#:use-module ((guix utils) #:select (%current-system))
+ #:use-module (gnu packages linux)
#:export (pam-service
pam-service-name
pam-service-account
@@ -207,14 +208,16 @@ dumped in /etc/pam.d/NAME, where NAME is the name of SERVICE."
(env (pam-entry ; to honor /etc/environment.
(control "required")
(module "pam_env.so"))))
- (lambda* (name #:key allow-empty-passwords? (allow-root? #f) motd
- login-uid?)
+ (lambda* (name #:key allow-empty-passwords? allow-root? motd
+ login-uid? gnupg?)
"Return a standard Unix-style PAM service for NAME. When
ALLOW-EMPTY-PASSWORDS? is true, allow empty passwords. When ALLOW-ROOT? is
true, allow root to run the command without authentication. When MOTD is
true, it should be a file-like object used as the message-of-the-day.
When LOGIN-UID? is true, require the 'pam_loginuid' module; that module sets
-/proc/self/loginuid, which the libc 'getlogin' function relies on."
+/proc/self/loginuid, which the libc 'getlogin' function relies on. When
+GNUPG? is true, require the 'pam_gnupg.so' module; that module hands over
+the login password to 'gpg-agent'."
;; See <http://www.linux-pam.org/Linux-PAM-html/sag-configuration-example.html>.
(pam-service
(name name)
@@ -229,7 +232,12 @@ When LOGIN-UID? is true, require the 'pam_loginuid' module; that module sets
(control "required")
(module "pam_unix.so")
(arguments '("nullok")))
- unix))))
+ unix))
+ (if gnupg?
+ (list (pam-entry
+ (control "required")
+ (module (file-append pam-gnupg "/lib/security/pam_gnupg.so"))))
+ '())))
(password (list (pam-entry
(control "required")
(module "pam_unix.so")
@@ -247,6 +255,11 @@ When LOGIN-UID? is true, require the 'pam_loginuid' module; that module sets
(control "required")
(module "pam_loginuid.so")))
'())
+ ,@(if gnupg?
+ (list (pam-entry
+ (control "required")
+ (module (file-append pam-gnupg "/lib/security/pam_gnupg.so"))))
+ '())
,env ,unix))))))
(define (rootok-pam-service command)
diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm
index da076a95f9..72b2656ccb 100644
--- a/gnu/system/vm.scm
+++ b/gnu/system/vm.scm
@@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
+;;; Copyright © 2016 Christine Lemmer-Webber <cwebber@dustycloud.org>
;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
@@ -630,7 +630,7 @@ environment with the store shared with the host. MAPPINGS is a list of
(bootloader (bootloader-configuration
(inherit (operating-system-bootloader os))
(bootloader grub-bootloader)
- (target "/dev/vda")))
+ (targets '("/dev/vda"))))
(initrd (lambda (file-systems . rest)
(apply (operating-system-initrd os)