aboutsummaryrefslogtreecommitdiff
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
;;; Copyright © 2022 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu system setuid)
  #:use-module (gnu system privilege)
  #:use-module (ice-9 match)
  #:use-module (srfi srfi-1)
  #:re-export (file-like->setuid-program)
  #:export (setuid-program
            setuid-program?
            setuid-program-program
            setuid-program-setuid?
            setuid-program-setgid?
            setuid-program-user
            setuid-program-group))

;;; Commentary:
;;;
;;; Do not use this module in new code.  It used to define data structures
;;; representing setuid/setgid programs, but is now a mere compatibility shim
;;; wrapping a subset of (gnu system privilege).
;;;
;;; Code:

(define-syntax setuid-program
  (lambda (fields)
    (syntax-case fields ()
      ((_ (field value) ...)
       #`(privileged-program
          (setuid? (match (assoc-ref '((field value) ...) 'setuid?)
                     ((#f) #f)
                     (_ #t)))
          #,@(remove (match-lambda ((f _) (eq? (syntax->datum f) 'setuid?)))
                     #'((field value) ...)))))))

(define setuid-program?        privileged-program?)
(define setuid-program-program privileged-program-program)
(define setuid-program-setuid? privileged-program-setuid?)
(define setuid-program-setgid? privileged-program-setgid?)
(define setuid-program-user    privileged-program-user)
(define setuid-program-group   privileged-program-group)
Maxim Cournoyer 2022-02-09Revert kernel modules changes to support the Coreboot framebuffer...These changes broke the creation of the 'linux-modules-database' for all kernel series besides 5.15, 5.4, and 5.10, like this: ------ gnu/build/linux-modules.scm:257:5: kernel module not found "framebuffer_coreboot" "/gnu/store/yff45fr6q93mw44zdql9ffr95zcvwxcn-linux-libre-4.9.299/lib/modules" ------ We should support the coreboot framebuffer, but we need to test that change more completely before deploying it. This effectively reverts the following commits: 1dfe8c372163d481ebebb97dd3b4cafa49906b28 "gnu: linux-libre: Build simplefb into all x86{,_64} kernels." bc09e7ab569d5306ce99c5525150695c9d539ef0 "gnu: linux-libre: Support the Coreboot framebuffer." Fixes <https://issues.guix.gnu.org/52667> "System reconfiguration fails to build linux-modules.drv". Leo Famulari 2021-12-25gnu: linux-libre: Build simplefb into all x86{,_64} kernels....This attempts to mitigate <https://issues.guix.gnu.org/52667>. It makes linux-libre@5.15 consistent with older versions which do not support a modular simplefb, allowing a single %base-initrd-modules simple list for all of them. Unlike CONFIG_FB_SIMPLE=m, CONFIG_FB_SIMPLE=y conflicts with CONFIG_DRM_SIMPLEDRM, so the latter is now disabled. Let us hope it is not missed. * gnu/packages/aux-files/linux-libre/5.15-i686.conf, gnu/packages/aux-files/linux-libre/5.15-x86_64.conf: Unset CONFIG_DRM_SIMPLEDRM to build in CONFIG_FB_SIMPLE=y. * gnu/system/linux-initrd.scm (default-initrd-modules): Remove "simplefb". Tobias Geerinckx-Rice 2021-12-16gnu: linux-libre: Support the Coreboot framebuffer....Without this, the kernel cannot write to the display until the full-featured driver module (often i915) is loaded from the root file system. If the root file system is encrypted, the initrd's passphrase prompt won't make it to the screen, and the fully responsive system will appear frozen whilst waiting for user input. * gnu/packages/aux-files/linux-libre/4.4-i686.conf, gnu/packages/aux-files/linux-libre/4.4-x86_64.conf, gnu/packages/aux-files/linux-libre/4.14-i686.conf, gnu/packages/aux-files/linux-libre/4.14-x86_64.conf, gnu/packages/aux-files/linux-libre/4.19-i686.conf, gnu/packages/aux-files/linux-libre/4.19-x86_64.conf, gnu/packages/aux-files/linux-libre/5.4-i686.conf, gnu/packages/aux-files/linux-libre/5.4-x86_64.conf, gnu/packages/aux-files/linux-libre/5.10-i686.conf, gnu/packages/aux-files/linux-libre/5.10-x86_64.conf, gnu/packages/aux-files/linux-libre/5.15-i686.conf, gnu/packages/aux-files/linux-libre/5.15-x86_64.conf: Mark simple framebuffers as generic system ones and enable ‘Google’ firmware drivers to enable Coreboot table support and its dependent framebuffer driver module. * gnu/system/linux-initrd.scm (default-initrd-modules): Add the framebuffer_coreboot and simplefb modules on x86 systems. Tobias Geerinckx-Rice via Guix-patches via 2021-10-13linux-initrd: Support checking NTFS volumes on boot....* gnu/system/linux-initrd.scm (file-system-packages): Add ntfsfix/static when needed. Tobias Geerinckx-Rice 2021-09-23linux-initrd: Support XFS....* gnu/system/linux-initrd.scm (file-system-packages): Add xfs_repair/static when needed. (file-system-type-modules): Add ‘xfs’ module when needed. Tobias Geerinckx-Rice 2021-09-23linux-initrd: Include only the single ‘bcachefs’ binary....* gnu/system/linux-initrd.scm (file-system-packages): Substitute bcachefs/static for bcachefs-tools/static. Tobias Geerinckx-Rice 2021-09-23gnu: Don't abuse check-btrfs-file-system to scan....It was never guaranteed to be run for non-root file systems. It was for root file systems only due to a bug now fixed. * gnu/build/file-systems.scm (check-btrfs-file-system): Don't invoke ‘btrfs device scan’ here. * gnu/system/linux-initrd.scm (raw-initrd): Do so here if any btrfs file systems are present. Tobias Geerinckx-Rice 2021-07-08gnu: %guile-3.0-static-stripped: Rename to %guile-static-stripped....* gnu/packages/make-bootstrap.scm (%guile-3.0-static-stripped): Rename to %guile-static-stripped. (%guile-bootstrap-tarball): Adjust accordingly. * gnu/system/linux-initrd.scm (expression->initrd): Use %guile-static-stripped as default guile. * doc/guix.texi (initial RAM disk)[expression->initrd]: Adjust documentation accordingly. Efraim Flashner