diff options
Diffstat (limited to 'gnu/system')
| -rw-r--r-- | gnu/system/grub.scm | 20 | ||||
| -rw-r--r-- | gnu/system/pam.scm | 31 | ||||
| -rw-r--r-- | gnu/system/shadow.scm | 4 | ||||
| -rw-r--r-- | gnu/system/vm.scm | 7 |
4 files changed, 40 insertions, 22 deletions
diff --git a/gnu/system/grub.scm b/gnu/system/grub.scm index cde4b9e23a..58096429fe 100644 --- a/gnu/system/grub.scm +++ b/gnu/system/grub.scm @@ -144,15 +144,15 @@ denoting a file name." (with-imported-modules '((gnu build svg)) #~(begin ;; We need these two libraries. - (add-to-load-path (string-append #$guile-rsvg + (add-to-load-path (string-append #+guile-rsvg "/share/guile/site/" (effective-version))) - (add-to-load-path (string-append #$guile-cairo + (add-to-load-path (string-append #+guile-cairo "/share/guile/site/" (effective-version))) (use-modules (gnu build svg)) - (svg->png #$svg #$output + (svg->png #+svg #$output #:width #$width #:height #$height))))) @@ -267,6 +267,16 @@ code." (#f #~(format #f "search --file --set ~a" #$file))))) +(define (boot-parameters->menu-entry conf) + "Convert a <boot-parameters> instance to a corresponding <menu-entry>." + (menu-entry + (label (boot-parameters-label conf)) + (device (boot-parameters-store-device conf)) + (device-mount-point (boot-parameters-store-mount-point conf)) + (linux (boot-parameters-kernel conf)) + (linux-arguments (boot-parameters-kernel-arguments conf)) + (initrd (boot-parameters-initrd conf)))) + (define* (grub-configuration-file config entries #:key (system (%current-system)) @@ -276,7 +286,7 @@ code." <file-system> object. OLD-ENTRIES is taken to be a list of menu entries corresponding to old generations of the system." (define all-entries - (append entries + (append (map boot-parameters->menu-entry entries) (grub-configuration-menu-entries config))) (define entry->gexp @@ -323,7 +333,7 @@ set timeout=~a~%" #$@(if (pair? old-entries) #~((format port " submenu \"GNU system, old configurations...\" {~%") - #$@(map entry->gexp old-entries) + #$@(map entry->gexp (map boot-parameters->menu-entry old-entries)) (format port "}~%")) #~())))) diff --git a/gnu/system/pam.scm b/gnu/system/pam.scm index 4546c1a73a..eedf933946 100644 --- a/gnu/system/pam.scm +++ b/gnu/system/pam.scm @@ -204,21 +204,27 @@ dumped in /etc/pam.d/NAME, where NAME is the name of SERVICE." (env (pam-entry ; to honor /etc/environment. (control "required") (module "pam_env.so")))) - (lambda* (name #:key allow-empty-passwords? motd) + (lambda* (name #:key allow-empty-passwords? (allow-root? #f) motd) "Return a standard Unix-style PAM service for NAME. When -ALLOW-EMPTY-PASSWORDS? is true, allow empty passwords. When MOTD is true, it -should be a file-like object used as the message-of-the-day." +ALLOW-EMPTY-PASSWORDS? is true, allow empty passwords. When ALLOW-ROOT? is +true, allow root to run the command without authentication. When MOTD is +true, it should be a file-like object used as the message-of-the-day." ;; See <http://www.linux-pam.org/Linux-PAM-html/sag-configuration-example.html>. (let ((name* name)) (pam-service (name name*) (account (list unix)) - (auth (list (if allow-empty-passwords? - (pam-entry - (control "required") - (module "pam_unix.so") - (arguments '("nullok"))) - unix))) + (auth (append (if allow-root? + (list (pam-entry + (control "sufficient") + (module "pam_rootok.so"))) + '()) + (list (if allow-empty-passwords? + (pam-entry + (control "required") + (module "pam_unix.so") + (arguments '("nullok"))) + unix)))) (password (list (pam-entry (control "required") (module "pam_unix.so") @@ -256,7 +262,12 @@ authenticate to run COMMAND." ;; These programs are setuid-root. (map (cut unix-pam-service <> #:allow-empty-passwords? allow-empty-passwords?) - '("su" "passwd" "sudo")) + '("passwd" "sudo")) + ;; This is setuid-root, as well. Allow root to run "su" without + ;; authenticating. + (list (unix-pam-service "su" + #:allow-empty-passwords? allow-empty-passwords? + #:allow-root? #t)) ;; These programs are not setuid-root, and we want root to be able ;; to run them without having to authenticate (notably because diff --git a/gnu/system/shadow.scm b/gnu/system/shadow.scm index 1acfcc4866..b30ef8e390 100644 --- a/gnu/system/shadow.scm +++ b/gnu/system/shadow.scm @@ -220,7 +220,7 @@ set debug-file-directory ~/.guix-profile/lib/debug\n"))) (raise (condition (&message (message - (format #f (_ "supplementary group '~a' \ + (format #f (G_ "supplementary group '~a' \ of user '~a' is undeclared") group (user-account-name user)))))))) @@ -230,7 +230,7 @@ of user '~a' is undeclared") (raise (condition (&message (message - (format #f (_ "primary group '~a' \ + (format #f (G_ "primary group '~a' \ of user '~a' is undeclared") (user-account-group user) (user-account-name user))))))) diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm index 4f915c4f95..2c8b954c80 100644 --- a/gnu/system/vm.scm +++ b/gnu/system/vm.scm @@ -490,11 +490,8 @@ it is mostly useful when FULL-BOOT? is true." #:full-boot? full-boot? #:disk-image-size disk-image-size))) (define kernel-arguments - #~(list "--root=/dev/vda1" - (string-append "--system=" #$os-drv) - (string-append "--load=" #$os-drv "/boot") - #$@(if graphic? #~() #~("console=ttyS0")) - #+@(operating-system-user-kernel-arguments os))) + #~(list #$@(if graphic? #~() #~("console=ttyS0")) + #+@(operating-system-kernel-arguments os os-drv "/dev/vda1"))) (define qemu-exec #~(list (string-append #$qemu "/bin/" #$(qemu-command (%current-system))) |