From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: [PATCH 3/4] gnu: shadow: User shells point to current profile Date: Fri, 17 Apr 2015 10:50:01 +0200 Message-ID: <87k2xbcf5y.fsf@gnu.org> References: <1429087551.701436.30155@badger> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:41880) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Yj1yU-00066u-V8 for guix-devel@gnu.org; Fri, 17 Apr 2015 04:50:12 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Yj1yP-0004Co-E4 for guix-devel@gnu.org; Fri, 17 Apr 2015 04:50:10 -0400 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:42125) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Yj1yP-0004CW-Az for guix-devel@gnu.org; Fri, 17 Apr 2015 04:50:05 -0400 In-Reply-To: <1429087551.701436.30155@badger> (Andy Wingo's message of "Tue, 7 Apr 2015 19:37:04 +0200") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Andy Wingo Cc: guix-devel@gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Andy Wingo skribis: > - (shell #~(string-append #$shadow "/sbin/nologin")))) > + (shell "/run/current-system/profile/sbin/nologin"))) [...] > - (shell #~(string-append #$shadow > - "/sbin/nologin")))))= )))) > + (shell "/run/current-system/profile/sbin/nol= ogin")))))))) [...] > + (shell user-account-shell ; string > + (default "/run/current-system/profile/bin/bash")) The problem I see with this approach is that it will only work if the shell is actually install in the global profile, and it=E2=80=99s really a workaround: users could still use a gexp as for the =E2=80=98shell=E2=80=99= field. I think we should instead generate /etc/shells based on the =E2=80=98shell= =E2=80=99 field of each user account, so that it matches exactly what=E2=80=99s being used: --=-=-= Content-Type: text/x-patch Content-Disposition: inline diff --git a/gnu/system.scm b/gnu/system.scm index 6cf12df..0df8323 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -405,30 +405,47 @@ settings for 'guix.el' to work out-of-the-box." (chdir #$output) (symlink #$file "site-start.el"))))) +(define (user-shells os) + "Return the list of shells used by the accounts of OS. These may be gexps +or strings." + (mlet %store-monad ((accounts (operating-system-accounts os))) + (return (map user-account-shell accounts)))) + +(define (shells-file shells) + "Return a derivation that builds a shell list for use as /etc/shells based +on SHELLS. /etc/shells is used by xterm, polkit, and other programs." + (gexp->derivation "shells" + #~(begin + (use-modules (srfi srfi-1)) + + (define shells + (delete-duplicates (list #$@shells))) + + (call-with-output-file #$output + (lambda (port) + (display "\ +/bin/sh +/run/current-system/profile/bin/sh +/run/current-system/profile/bin/bash\n" port) + (for-each (lambda (shell) + (display shell port) + (newline port)) + shells)))))) + (define* (etc-directory #:key (locale "C") (timezone "Europe/Paris") (issue "Hello!\n") (skeletons '()) (pam-services '()) (profile "/run/current-system/profile") - hosts-file nss + hosts-file nss (shells '()) (sudoers "")) "Return a derivation that builds the static part of the /etc directory." (mlet* %store-monad ((pam.d (pam-services->directory pam-services)) (sudoers (text-file "sudoers" sudoers)) (login.defs (text-file "login.defs" "# Empty for now.\n")) - - ;; /etc/shells is used by xterm and other programs. We don't check - ;; whether these shells are installed, should be OK. - (shells (text-file "shells" - "\ -/bin/sh -/run/current-system/profile/bin/sh -/run/current-system/profile/bin/bash -/run/current-system/profile/bin/fish -/run/current-system/profile/bin/tcsh -/run/current-system/profile/bin/zsh\n")) + (shells (shells-file shells)) (emacs (emacs-site-directory)) (issue (text-file "issue" issue)) (nsswitch (text-file "nsswitch.conf" @@ -543,7 +560,8 @@ fi\n")) (profile-drv (operating-system-profile os)) (skeletons (operating-system-skeletons os)) (/etc/hosts (or (operating-system-hosts-file os) - (default-/etc/hosts (operating-system-host-name os))))) + (default-/etc/hosts (operating-system-host-name os)))) + (shells (user-shells os))) (etc-directory #:pam-services pam-services #:skeletons skeletons #:issue (operating-system-issue os) @@ -551,6 +569,7 @@ fi\n")) #:nss (operating-system-name-service-switch os) #:timezone (operating-system-timezone os) #:hosts-file /etc/hosts + #:shells shells #:sudoers (operating-system-sudoers os) #:profile profile-drv))) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 DQpUaG91Z2h0cz8gIOWui+aWh+atpiwgV0RZVD8NCg0KVGhhbmtzLA0KTHVkb+KAmS4NCg== --=-=-=--