From ce40b1c655edab622b4ad9ff49f948bd65753662 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Mon, 19 Aug 2024 16:41:07 +0200 Subject: [PATCH] =?UTF-8?q?install:=20Set=20=E2=80=98privileged-programs?= =?UTF-8?q?=E2=80=99=20rather=20than=20=E2=80=98setuid-programs=E2=80=99.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/system/install.scm (installation-os)[setuid-programs]: Remove. [privileged-programs]: New field. Change-Id: I5c93f282f5ec790f13ac076e0ab0f6d59d92d59d --- gnu/system/install.scm | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/gnu/system/install.scm b/gnu/system/install.scm index 0195a0804d..78a3cdaaec 100644 --- a/gnu/system/install.scm +++ b/gnu/system/install.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2014-2022 Ludovic Courtès +;;; Copyright © 2014-2022, 2024 Ludovic Courtès ;;; Copyright © 2015 Mark H Weaver ;;; Copyright © 2016 Andreas Enge ;;; Copyright © 2017 Marius Bakke @@ -27,7 +27,7 @@ (define-module (gnu system install) #:use-module (gnu) #:use-module (gnu system) - #:use-module (gnu system setuid) + #:use-module (gnu system privilege) #:use-module (gnu bootloader u-boot) #:use-module (guix gexp) #:use-module (guix store) @@ -540,8 +540,9 @@ (define installation-os ;; We don't need setuid programs, except for 'passwd', which can be handy ;; if one is to allow remote SSH login to the machine being installed. - (setuid-programs (list (setuid-program - (program (file-append shadow "/bin/passwd"))))) + (privileged-programs (list (privileged-program + (program (file-append shadow "/bin/passwd")) + (setuid? #t)))) (pam-services ;; Explicitly allow for empty passwords.