diff options
Diffstat (limited to 'gnu/installer/final.scm')
-rw-r--r-- | gnu/installer/final.scm | 90 |
1 files changed, 86 insertions, 4 deletions
diff --git a/gnu/installer/final.scm b/gnu/installer/final.scm index e1c62f5ce0..855b640030 100644 --- a/gnu/installer/final.scm +++ b/gnu/installer/final.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2018 Mathieu Othacehe <m.othacehe@gmail.com> +;;; Copyright © 2019 Ludovic Courtès <ludo@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -20,17 +21,98 @@ #:use-module (gnu installer newt page) #:use-module (gnu installer steps) #:use-module (gnu installer utils) + #:use-module (gnu installer user) #:use-module (gnu services herd) #:use-module (guix build utils) + #:use-module (gnu build accounts) + #:use-module ((gnu system shadow) #:prefix sys:) + #:use-module (rnrs io ports) #:export (install-system)) -(define (install-system) - "Start COW-STORE service on target directory and launch guix install command -in a subshell." +(define %seed + (seed->random-state + (logxor (getpid) (car (gettimeofday))))) + +(define (integer->alphanumeric-char n) + "Map N, an integer in the [0..62] range, to an alphanumeric character." + (cond ((< n 10) + (integer->char (+ (char->integer #\0) n))) + ((< n 36) + (integer->char (+ (char->integer #\A) (- n 10)))) + ((< n 62) + (integer->char (+ (char->integer #\a) (- n 36)))) + (else + (error "integer out of bounds" n)))) + +(define (random-string len) + "Compute a random string of size LEN where each character is alphanumeric." + (let loop ((chars '()) + (len len)) + (if (zero? len) + (list->string chars) + (let ((n (random 62 %seed))) + (loop (cons (integer->alphanumeric-char n) chars) + (- len 1)))))) + +(define (create-user-database users root) + "Create /etc/passwd, /etc/shadow, and /etc/group under ROOT for the given +USERS." + (define etc + (string-append root "/etc")) + + (define (salt) + ;; "$6" gives us a SHA512 password hash; the random string must be taken + ;; from the './0-9A-Za-z' alphabet (info "(libc) Passphrase Storage"). + (string-append "$6$" (random-string 10))) + + (define users* + (map (lambda (user) + (define root? + (string=? "root" (user-name user))) + + (sys:user-account (name (user-name user)) + (comment (user-real-name user)) + (group "users") + (uid (if root? 0 #f)) + (home-directory + (user-home-directory user)) + (password (crypt (user-password user) + (salt))) + + ;; We need a string here, not a file-like, hence + ;; this choice. + (shell + "/run/current-system/profile/bin/bash"))) + users)) + + (define-values (group password shadow) + (user+group-databases users* sys:%base-groups + #:current-passwd '() + #:current-groups '() + #:current-shadow '())) + + (mkdir-p etc) + (write-group group (string-append etc "/group")) + (write-passwd password (string-append etc "/passwd")) + (write-shadow shadow (string-append etc "/shadow"))) + +(define* (install-system locale #:key (users '())) + "Create /etc/shadow and /etc/passwd on the installation target for USERS. +Start COW-STORE service on target directory and launch guix install command in +a subshell. LOCALE must be the locale name under which that command will run, +or #f. Return #t on success and #f on failure." (let ((install-command (format #f "guix system init ~a ~a" (%installer-configuration-file) (%installer-target-dir)))) (mkdir-p (%installer-target-dir)) + + ;; We want to initialize user passwords but we don't want to store them in + ;; the config file since the password hashes would end up world-readable + ;; in the store. Thus, create /etc/shadow & co. here such that, on the + ;; first boot, the activation snippet that creates accounts will reuse the + ;; passwords that we've put in there. + (create-user-database users (%installer-target-dir)) + (start-service 'cow-store (list (%installer-target-dir))) - (false-if-exception (run-shell-command install-command)))) + (run-shell-command install-command #:locale locale))) |