From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?utf-8?B?5a6L5paH5q2m?= Subject: Re: [PATCH 3/4] gnu: shadow: User shells point to current profile Date: Fri, 17 Apr 2015 18:49:58 +0800 Message-ID: <87r3rjghbd.fsf@gmail.com> References: <1429087551.701436.30155@badger> <87k2xbcf5y.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:39917) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Yj3q3-0003h5-F8 for guix-devel@gnu.org; Fri, 17 Apr 2015 06:49:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Yj3q2-000177-6Z for guix-devel@gnu.org; Fri, 17 Apr 2015 06:49:35 -0400 In-Reply-To: <87k2xbcf5y.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Ludovic =?utf-8?Q?Court=C3=A8s?= , Andy Wingo Cc: guix-devel@gnu.org Ludovic Court=C3=A8s writes: > Andy Wingo skribis: > >> - (shell #~(string-append #$shadow "/sbin/nologin")))) >> + (shell "/run/current-system/profile/sbin/nologin"))) > > [...] > >> - (shell #~(string-append #$shadow >> - "/sbin/nologin"))))= ))))) >> + (shell "/run/current-system/profile/sbin/no= login")))))))) > > [...] > >> + (shell user-account-shell ; string >> + (default "/run/current-system/profile/bin/bash")) > > The problem I see with this approach is that it will only work if the > shell is actually install in the global profile, and it=E2=80=99s really a > workaround: users could still use a gexp as for the =E2=80=98shell=E2=80= =99 field. > > I think we should instead generate /etc/shells based on the =E2=80=98shel= l=E2=80=99 > field of each user account, so that it matches exactly what=E2=80=99s bei= ng > used: > > diff --git a/gnu/system.scm b/gnu/system.scm > index 6cf12df..0df8323 100644 > --- a/gnu/system.scm > +++ b/gnu/system.scm > @@ -405,30 +405,47 @@ settings for 'guix.el' to work out-of-the-box." > (chdir #$output) > (symlink #$file "site-start.el"))))) >=20=20 > +(define (user-shells os) > + "Return the list of shells used by the accounts of OS. These may be g= exps > +or strings." > + (mlet %store-monad ((accounts (operating-system-accounts os))) > + (return (map user-account-shell accounts)))) > + > +(define (shells-file shells) > + "Return a derivation that builds a shell list for use as /etc/shells b= ased > +on SHELLS. /etc/shells is used by xterm, polkit, and other programs." > + (gexp->derivation "shells" > + #~(begin > + (use-modules (srfi srfi-1)) > + > + (define shells > + (delete-duplicates (list #$@shells))) > + > + (call-with-output-file #$output > + (lambda (port) > + (display "\ > +/bin/sh > +/run/current-system/profile/bin/sh > +/run/current-system/profile/bin/bash\n" port) > + (for-each (lambda (shell) > + (display shell port) > + (newline port)) > + shells)))))) > + > (define* (etc-directory #:key > (locale "C") (timezone "Europe/Paris") > (issue "Hello!\n") > (skeletons '()) > (pam-services '()) > (profile "/run/current-system/profile") > - hosts-file nss > + hosts-file nss (shells '()) > (sudoers "")) > "Return a derivation that builds the static part of the /etc directory= ." > (mlet* %store-monad > ((pam.d (pam-services->directory pam-services)) > (sudoers (text-file "sudoers" sudoers)) > (login.defs (text-file "login.defs" "# Empty for now.\n")) > - > - ;; /etc/shells is used by xterm and other programs. We don't ch= eck > - ;; whether these shells are installed, should be OK. > - (shells (text-file "shells" > - "\ > -/bin/sh > -/run/current-system/profile/bin/sh > -/run/current-system/profile/bin/bash > -/run/current-system/profile/bin/fish > -/run/current-system/profile/bin/tcsh > -/run/current-system/profile/bin/zsh\n")) > + (shells (shells-file shells)) > (emacs (emacs-site-directory)) > (issue (text-file "issue" issue)) > (nsswitch (text-file "nsswitch.conf" > @@ -543,7 +560,8 @@ fi\n")) > (profile-drv (operating-system-profile os)) > (skeletons (operating-system-skeletons os)) > (/etc/hosts (or (operating-system-hosts-file os) > - (default-/etc/hosts (operating-system-host-name = os))))) > + (default-/etc/hosts (operating-system-host-name = os)))) > + (shells (user-shells os))) > (etc-directory #:pam-services pam-services > #:skeletons skeletons > #:issue (operating-system-issue os) > @@ -551,6 +569,7 @@ fi\n")) > #:nss (operating-system-name-service-switch os) > #:timezone (operating-system-timezone os) > #:hosts-file /etc/hosts > + #:shells shells > #:sudoers (operating-system-sudoers os) > #:profile profile-drv))) >=20=20 > > Thoughts? =E5=AE=8B=E6=96=87=E6=AD=A6, WDYT? Totally argee, and I find that my xterm will only work correctly when /etc/shell contains '/gnu/store/...-bash-.../bin/bash', otherwise launch a new xterm in an opened one will spawn 'sh' instead of 'bash'. > > Thanks, > Ludo=E2=80=99.