1 files changed, 21 insertions, 4 deletions
diff --git a/gnu/packages/gl.scm b/gnu/packages/gl.scm
index c14e7c0d53..4a1a7001fe 100644
--- a/gnu/packages/gl.scm
+++ b/gnu/packages/gl.scm
@@ -14,6 +14,7 @@
 ;;; Copyright © 2020 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2020 Giacomo Leidi <goodoldpaul@autistici.org>
 ;;; Copyright © 2020 Kei Kebreau <kkebreau@posteo.net>
+;;; Copyright © 2021 Ivan Gankevich <i.gankevich@spbu.ru>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -475,10 +476,26 @@ from software emulation to complete hardware acceleration for modern GPUs.")
   (package/inherit mesa-opencl
     (name "mesa-opencl-icd")
     (arguments
-     (substitute-keyword-arguments (package-arguments mesa)
-       ((#:configure-flags flags)
-        `(cons "-Dgallium-opencl=icd"
-               ,(delete "-Dgallium-opencl=standalone" flags)))))))
+      (substitute-keyword-arguments (package-arguments mesa)
+        ((#:configure-flags flags)
+         `(cons "-Dgallium-opencl=icd"
+                ,(delete "-Dgallium-opencl=standalone" flags)))
+        ((#:phases phases)
+         `(modify-phases ,phases
+            (add-after 'install 'mesa-icd-absolute-path
+              (lambda _
+                ;; Use absolute path for OpenCL platform library.
+                ;; Otherwise we would have to set LD_LIBRARY_PATH=LIBRARY_PATH
+                ;; for ICD in our applications to find OpenCL platform.
+                (use-modules (guix build utils)
+                             (ice-9 textual-ports))
+                (let* ((out (assoc-ref %outputs "out"))
+                       (mesa-icd (string-append out "/etc/OpenCL/vendors/mesa.icd"))
+                       (old-path (call-with-input-file mesa-icd get-string-all))
+                       (new-path (string-append out "/lib/" (string-trim-both old-path))))
+                  (if (file-exists? new-path)
+                    (call-with-output-file mesa-icd
+                      (lambda (port) (format port "~a\n" new-path)))))))))))))
 
 (define-public mesa-headers
   (package/inherit mesa
diff --git a/Makefile.am b/Makefile.am
index 2fef3b05ab..8c06125f93 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -371,10 +371,6 @@ AUX_FILES =						\
   gnu/packages/aux-files/linux-libre/5.13-arm64.conf	\
   gnu/packages/aux-files/linux-libre/5.13-i686.conf	\
   gnu/packages/aux-files/linux-libre/5.13-x86_64.conf	\
-  gnu/packages/aux-files/linux-libre/5.12-arm.conf	\
-  gnu/packages/aux-files/linux-libre/5.12-arm64.conf	\
-  gnu/packages/aux-files/linux-libre/5.12-i686.conf	\
-  gnu/packages/aux-files/linux-libre/5.12-x86_64.conf	\
   gnu/packages/aux-files/linux-libre/5.10-arm.conf	\
   gnu/packages/aux-files/linux-libre/5.10-arm64.conf	\
   gnu/packages/aux-files/linux-libre/5.10-i686.conf	\
diff --git a/doc/guix.texi b/doc/guix.texi
index 9a3e8ae12c..2f52a23c18 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -46,7 +46,7 @@ Copyright @copyright{} 2017 Federico Beffa@*
 Copyright @copyright{} 2017, 2018 Carlo Zancanaro@*
 Copyright @copyright{} 2017 Thomas Danckaert@*
 Copyright @copyright{} 2017 humanitiesNerd@*
-Copyright @copyright{} 2017, 2021 Christopher Lemmer Webber@*
+Copyright @copyright{} 2017, 2021 Christine Lemmer-Webber@*
 Copyright @copyright{} 2017, 2018, 2019, 2020 Marius Bakke@*
 Copyright @copyright{} 2017, 2019, 2020 Hartmut Goebel@*
 Copyright @copyright{} 2017, 2019, 2020, 2021 Maxim Cournoyer@*
@@ -14108,8 +14108,8 @@ Linux @dfn{pluggable authentication module} (PAM) services.
 @c FIXME: Add xref to PAM services section.
 
 @item @code{setuid-programs} (default: @code{%setuid-programs})
-List of string-valued G-expressions denoting setuid programs.
-@xref{Setuid Programs}.
+List of @code{<setuid-program>}.  @xref{Setuid Programs}, for more
+information.
 
 @item @code{sudoers-file} (default: @code{%sudoers-specification})
 @cindex sudoers file
@@ -32598,20 +32598,47 @@ the store, we let the system administrator @emph{declare} which programs
 should be setuid root.
 
 The @code{setuid-programs} field of an @code{operating-system}
-declaration contains a list of G-expressions denoting the names of
-programs to be setuid-root (@pxref{Using the Configuration System}).
-For instance, the @command{passwd} program, which is part of the Shadow
-package, can be designated by this G-expression (@pxref{G-Expressions}):
+declaration contains a list of @code{<setuid-program>} denoting the
+names of programs to have a setuid or setgid bit set (@pxref{Using the
+Configuration System}).  For instance, the @command{passwd} program,
+which is part of the Shadow package, with a setuid root can be
+designated like this:
 
 @example
-#~(string-append #$shadow "/bin/passwd")
+(setuid-program
+  (program (file-append #$shadow "/bin/passwd")))
 @end example
 
+@deftp {Data Type} setuid-program
+This data type represents a program with a setuid or setgid bit set.
+
+@table @asis
+@item @code{program}
+A file-like object having its setuid and/or setgid bit set.
+
+@item @code{setuid?} (default: @code{#t})
+Whether to set user setuid bit.
+
+@item @code{setgid?} (default: @code{#f})
+Whether to set group setgid bit.
+
+@item @code{user} (default: @code{0})
+UID (integer) or user name (string) for the user owner of the program,
+defaults to root.
+
+@item @code{group} (default: @code{0})
+GID (integer) goup name (string) for the group owner of the program,
+defaults to root.
+
+@end table
+@end deftp
+
 A default set of setuid programs is defined by the
 @code{%setuid-programs} variable of the @code{(gnu system)} module.
 
 @defvr {Scheme Variable} %setuid-programs
-A list of G-expressions denoting common programs that are setuid-root.
+A list of @code{<setuid-program>} denoting common programs that are
+setuid-root.
 
 The list includes commands such as @command{passwd}, @command{ping},
 @command{su}, and @command{sudo}.
diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm
index 2af1d44b5f..9f6126023c 100644
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@@ -6,6 +6,8 @@
 ;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2018, 2019 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2021 Maxime Devos <maximedevos@telenet.be>
+;;; Copyright © 2020 Christine Lemmer-Webber <cwebber@dustycloud.org>
+;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -24,6 +26,7 @@
 
 (define-module (gnu build activation)
   #:use-module (gnu system accounts)
+  #:use-module (gnu system setuid)
   #:use-module (gnu build accounts)
   #:use-module (gnu build linux-boot)
   #:use-module (guix build utils)
@@ -279,14 +282,17 @@ they already exist."
   "/run/setuid-programs")
 
 (define (activate-setuid-programs programs)
-  "Turn PROGRAMS, a list of file names, into setuid programs stored under
-%SETUID-DIRECTORY."
-  (define (make-setuid-program prog)
+  "Turn PROGRAMS, a list of file setuid-programs record, into setuid programs
+stored under %SETUID-DIRECTORY."
+  (define (make-setuid-program program setuid? setgid? uid gid)
     (let ((target (string-append %setuid-directory
-                                 "/" (basename prog))))
-      (copy-file prog target)
-      (chown target 0 0)
-      (chmod target #o4555)))
+                                 "/" (basename program)))
+          (mode (+ #o0555                   ; base permissions
+                   (if setuid? #o4000 0)    ; setuid bit
+                   (if setgid? #o2000 0)))) ; setgid bit
+      (copy-file program target)
+      (chown target uid gid)
+      (chmod target mode)))
 
   (format #t "setting up setuid programs in '~a'...~%"
           %setuid-directory)
@@ -302,15 +308,27 @@ they already exist."
   (for-each (lambda (program)
               (catch 'system-error
                 (lambda ()
-                  (make-setuid-program program))
+                  (let* ((program-name (setuid-program-program program))
+                         (setuid?      (setuid-program-setuid? program))
+                         (setgid?      (setuid-program-setgid? program))
+                         (user         (setuid-program-user program))
+                         (group        (setuid-program-group program))
+                         (uid (match user
+                                ((? string?) (passwd:uid (getpwnam user)))
+                                ((? integer?) user)))
+                         (gid (match group
+                                ((? string?) (group:gid (getgrnam group)))
+                                ((? integer?) group))))
+                    (make-setuid-program program-name setuid? setgid? uid gid)))
                 (lambda args
                   ;; If we fail to create a setuid program, better keep going
                   ;; so that we don't leave %SETUID-DIRECTORY empty or
                   ;; half-populated.  This can happen if PROGRAMS contains
                   ;; incorrect file names: <https://bugs.gnu.org/38800>.
                   (format (current-error-port)
-                          "warning: failed to make '~a' setuid-root: ~a~%"
-                          program (strerror (system-error-errno args))))))
+                          "warning: failed to make ~s setuid/setgid: ~a~%"
+                          (setuid-program-program program)
+                          (strerror (system-error-errno args))))))
             programs))
 
 (define (activate-special-files special-files)
diff --git a/gnu/local.mk b/gnu/local.mk
index 20f0b8f081..812c997e04 100644
--- a/gnu/local.mk
+++ b/