Merge branch 'master' into core-updates

author: Marius Bakke <mbakke@fastmail.com> 2019-05-01 23:11:41 +0200
committer: Marius Bakke <mbakke@fastmail.com> 2019-05-01 23:11:41 +0200
commit: 3b458d5462e6bbd852c2dc5c6670d5655abf53f5 (patch)
tree: 4f3ccec0de1c355134369333c17e948e3258d546 /guix/scripts/environment.scm
parent: 2ca3fdc2db1aef96fbf702a2f26f5e18ce832038 (diff)
parent: 14da3daafc8dd92fdabd3367694c930440fd72cb (diff)
1 files changed, 22 insertions, 42 deletions
diff --git a/guix/scripts/environment.scm b/guix/scripts/environment.scm
index 63f6129279..99c351ae43 100644
--- a/guix/scripts/environment.scm
+++ b/guix/scripts/environment.scm
@@ -33,6 +33,7 @@
   #:use-module (guix scripts)
   #:use-module (guix scripts build)
   #:use-module (gnu build linux-container)
+  #:use-module (gnu build accounts)
   #:use-module (gnu system linux-container)
   #:use-module (gnu system file-systems)
   #:use-module (gnu packages)
@@ -191,7 +192,7 @@ COMMAND or an interactive shell in that environment.\n"))
     (print-extended-build-trace? . #t)
     (multiplexed-build-output? . #t)
     (debug . 0)
-    (verbosity . 2)))
+    (verbosity . 1)))
 
 (define (tag-package-arg opts arg)
   "Return a two-element list with the form (TAG ARG) that tags ARG with either
@@ -458,10 +459,22 @@ will be used for the passwd entry.  LINK-PROFILE? creates a symbolic link from
     (return
      (let* ((cwd      (getcwd))
             (home     (getenv "HOME"))
-            (passwd   (mock-passwd (getpwuid (getuid))
-                                   user
-                                   bash))
-            (home-dir (passwd:dir passwd))
+            (uid      (if user 1000 (getuid)))
+            (gid      (if user 1000 (getgid)))
+            (passwd   (let ((pwd (getpwuid (getuid))))
+                        (password-entry
+                         (name (or user (passwd:name pwd)))
+                         (real-name (if user
+                                        ""
+                                        (passwd:gecos pwd)))
+                         (uid uid) (gid gid) (shell bash)
+                         (directory (if user
+                                        (string-append "/home/" user)
+                                        (passwd:dir pwd))))))
+            (groups   (list (group-entry (name "users") (gid gid))
+                            (group-entry (gid 65534) ;the overflow GID
+                                         (name "overflow"))))
+            (home-dir (password-entry-directory passwd))
             ;; Bind-mount all requisite store items, user-specified mappings,
             ;; /bin/sh, the current working directory, and possibly networking
             ;; configuration files within the container.
@@ -519,17 +532,8 @@ will be used for the passwd entry.  LINK-PROFILE? creates a symbolic link from
             ;; to read it, such as 'git clone' over SSH, a valid use-case when
             ;; sharing the host's network namespace.
             (mkdir-p "/etc")
-            (call-with-output-file "/etc/passwd"
-              (lambda (port)
-                (display (string-join (list (passwd:name passwd)
-                                            "x" ; but there is no shadow
-                                            "0" "0" ; user is now root
-                                            (passwd:gecos passwd)
-                                            (passwd:dir passwd)
-                                            bash)
-                                      ":")
-                         port)
-                (newline port)))
+            (write-passwd (list passwd))
+            (write-group groups)
 
             ;; For convenience, start in the user's current working
             ;; directory rather than the root directory.
@@ -539,36 +543,12 @@ will be used for the passwd entry.  LINK-PROFILE? creates a symbolic link from
              ;; A container's environment is already purified, so no need to
              ;; request it be purified again.
              (launch-environment command profile manifest #:pure? #f)))
+          #:guest-uid uid
+          #:guest-gid gid
           #:namespaces (if network?
                            (delq 'net %namespaces) ; share host network
                            %namespaces)))))))
 
-(define (mock-passwd passwd user-override shell)
-  "Generate mock information for '/etc/passwd'.  If USER-OVERRIDE is not '#f',
-it is expected to be a string representing the mock username; it will produce
-a user of that name, with a home directory of '/home/USER-OVERRIDE', and no
-GECOS field.  If USER-OVERRIDE is '#f', data will be inherited from PASSWD.
-In either case, the shadow password and UID/GID are cleared, since the user
-runs as root within the container.  SHELL will always be used in place of the
-shell in PASSWD.
-
-The resulting vector is suitable for use with Guile's POSIX user procedures.
-
-See passwd(5) for more information each of the fields."
-  (if user-override
-      (vector
-       user-override
-        "x" "0" "0"  ;; no shadow, user is now root
-        ""           ;; no personal information
-        (user-override-home user-override)
-        shell)
-      (vector
-       (passwd:name passwd)
-        "x" "0" "0"  ;; no shadow, user is now root
-        (passwd:gecos passwd)
-        (passwd:dir passwd)
-        shell)))
-
 (define (user-override-home user)
   "Return home directory for override user USER."
   (string-append "/home/" user))
author	Marius Bakke <mbakke@fastmail.com>	2019-05-01 23:11:41 +0200
committer	Marius Bakke <mbakke@fastmail.com>	2019-05-01 23:11:41 +0200
commit	3b458d5462e6bbd852c2dc5c6670d5655abf53f5 (patch)
tree	4f3ccec0de1c355134369333c17e948e3258d546 /guix/scripts/environment.scm
parent	2ca3fdc2db1aef96fbf702a2f26f5e18ce832038 (diff)
parent	14da3daafc8dd92fdabd3367694c930440fd72cb (diff)