;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2018 Mathieu Othacehe ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . (define-module (gnu installer newt) #:use-module (gnu installer record) #:use-module (gnu installer utils) #:use-module (gnu installer newt ethernet) #:use-module (gnu installer newt final) #:use-module (gnu installer newt hostname) #:use-module (gnu installer newt keymap) #:use-module (gnu installer newt locale) #:use-module (gnu installer newt menu) #:use-module (gnu installer newt network) #:use-module (gnu installer newt page) #:use-module (gnu installer newt partition) #:use-module (gnu installer newt services) #:use-module (gnu installer newt timezone) #:use-module (gnu installer newt user) #:use-module (gnu installer newt utils) #:use-module (gnu installer newt welcome) #:use-module (gnu installer newt wifi) #:use-module (guix config) #:use-module (guix discovery) #:use-module (guix i18n) #:use-module (srfi srfi-26) #:use-module (newt) #:export (newt-installer)) (define (init) (newt-init) (clear-screen) (set-screen-size!)) (define (exit) (newt-finish) (clear-screen)) (define (exit-error file key args) (newt-set-color COLORSET-ROOT "white" "red") (let ((width (nearest-exact-integer (* (screen-columns) 0.8))) (height (nearest-exact-integer (* (screen-rows) 0.7)))) (run-file-textbox-page #:info-text (format #f (G_ "The installer has encountered an unexpected \ problem. The backtrace is displayed below. Please report it by email to \ <~a>.") %guix-bug-report-address) #:title (G_ "Unexpected problem") #:file file #:exit-button? #f #:info-textbox-width width #:file-textbox-width width #:file-textbox-height height)) (newt-set-color COLORSET-ROOT "white" "blue") (newt-finish) (clear-screen)) (define (final-page result prev-steps) (run-final-page result prev-steps)) (define* (locale-page #:key supported-locales iso639-languages iso3166-territories) (run-locale-page #:supported-locales supported-locales #:iso639-languages iso639-languages #:iso3166-territories iso3166-territories)) (define (timezone-page zonetab) (run-timezone-page zonetab)) (define (welcome-page logo) (run-welcome-page logo)) (define (menu-page steps) (run-menu-page steps)) (define* (keymap-page layouts) (run-keymap-page layouts)) (define (network-page) (run-network-page)) (define (hostname-page) (run-hostname-page)) (define (user-page) (run-user-page)) (define (partition-page) (run-partioning-page)) (define (services-page) (run-services-page)) (define newt-installer (installer (name 'newt) (init init) (exit exit) (exit-error exit-error) (final-page final-page) (keymap-page keymap-page) (locale-page locale-page) (menu-page menu-page) (network-page network-page) (timezone-page timezone-page) (hostname-page hostname-page) (user-page user-page) (partition-page partition-page) (services-page services-page) (welcome-page welcome-page))) td>activation: Lock /etc/.pwd.lock before accessing databases....Suggested by Florian Pelz <pelzflorian@pelzflorian.de> in <http://bugs.gnu.org/35996>. * gnu/build/accounts.scm (%password-lock-file): New variable. * gnu/build/activation.scm (activate-users+groups): Wrap calls to 'user+group-databases', 'write-group', etc. into 'with-file-lock'. Ludovic Courtès 2019-03-08activation: Shared system home directories are now 555 and root-owned....Fixes <https://bugs.gnu.org/34788>. Reported by Jack Hill <jackhill@jackhill.us>. Regression introduced by the combination of 8bb76f3d44c1f5ffec8011819494db306a51d801 and 0ae735bcc8ff7fdc89d67b492bdee9091ee19e86: /var/empty would be 700 and owned by one of the system accounts (thus inaccessible to others), and /var/run/dbus would be 700 as well, thereby preventing D-Bus clients from connecting to the daemon. * gnu/build/activation.scm (duplicates): New procedure. (activate-users+groups)[system-accounts]: New variable. Use it. Make shared system account home directories #o555 and root-owned. * gnu/services/dbus.scm (dbus-activation): Make /var/run/dbus #o755. * gnu/tests/base.scm (run-basic-test): Test the ownership and permissions of /var/empty. Ludovic Courtès 2019-03-07activation: Build account databases with (gnu build accounts)....* gnu/build/activation.scm (enumerate, current-users, current-groups) (add-group, add-user, modify-user, ensure-user): Remove. (activate-users+groups)[touch, activate-user]: Remove. [make-home-directory]: New procedure. Rewrite in terms of 'user+group-databases', 'write-group', etc. * gnu/build/install.scm (directives): Remove "/root". * gnu/system/shadow.scm (account-activation): Remove (setenv "PATH" ...) expression, which is now unneeded. Ludovic Courtès 2019-03-07activation: Operate on <user-account> and <user-group> records....* gnu/system/accounts.scm (sexp->user-group, sexp->user-account): New procedures. * gnu/system/shadow.scm (account-activation): Call them in the arguments to 'activate-users+groups'. (account-shepherd-service): Likewise. * gnu/build/activation.scm (activate-users+groups): Expect a list of <user-account> and a list of <user-group>. Replace uses of 'match' on tuples with calls to record accessors. (activate-user-home): Likewise. Ludovic Courtès 2019-03-04activation: Make home directories #o700 by default....Until now they'd be #o755, except for /root, which is treated specially in (gnu build install). * gnu/build/activation.scm (activate-user-home): Chmod HOME to #o700. Remove redundant 'unless system?'. Ludovic Courtès