gnu: system: Privilege programs after creating accounts.

Ensure that users and groups are already created when the privileging script runs. The order these scripts appear in the folded activation-service depends on the order these services are instantiated in the operating-system. Fixes <https://issues.guix.gnu.org/73680>. * gnu/system.scm (operating-system-default-essential-services): Move privileged-program-service above account-service. (hurd-default-essential-services): Likewise. * gnu/tests/base.scm (%activation-os): New variable. (run-activation-test): New procedure. (%test-activation): New variable. Change-Id: I59a191c5519475f256e81bdf2dc4cb01b96c31fe Signed-off-by: Ludovic Courtès <ludo@gnu.org>
author: Dariqq <dariqq@posteo.net> 2024-10-18 13:21:22 +0000
committer: Ludovic Courtès <ludo@gnu.org> 2024-10-24 14:50:09 +0200
commit: cc67a0b71d4a7d98a3732c3edf2eb340c2799697 (patch)
tree: e21eb6eff0a4355df8c426fa13991f4d0855086c /gnu/system.scm
parent: 952682fca61d73ee52a086e552e3985c7f539fde (diff)
1 files changed, 10 insertions, 6 deletions
diff --git a/gnu/system.scm b/gnu/system.scm
index 44f93f91d1..c19730b331 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -809,6 +809,11 @@ bookkeeping."
            %shepherd-root-service
 
            (pam-root-service (operating-system-pam-services os))
+           ;; Make sure that privileged-programs activation script
+           ;; runs after accounts are created
+           (service privileged-program-service-type
+                    (append (operating-system-privileged-programs os)
+                            (operating-system-setuid-programs os)))
            (account-service (append (operating-system-accounts os)
                                     (operating-system-groups os))
                             (operating-system-skeletons os))
@@ -826,9 +831,6 @@ bookkeeping."
             (operating-system-environment-variables os))
            (service host-name-service-type host-name)
            procs root-fs
-           (service privileged-program-service-type
-                    (append (operating-system-privileged-programs os)
-                            (operating-system-setuid-programs os)))
            (service profile-service-type
                     (operating-system-packages os))
            boot-fs non-boot-fs
@@ -850,6 +852,11 @@ bookkeeping."
           (service shepherd-root-service-type)
 
           (service user-processes-service-type)
+          ;; Make sure that privileged-programs activation script
+          ;; runs after accounts are created
+          (service privileged-program-service-type
+                   (append (operating-system-privileged-programs os)
+                           (operating-system-setuid-programs os)))
           (account-service (append (operating-system-accounts os)
                                    (operating-system-groups os))
                            (operating-system-skeletons os))
@@ -866,9 +873,6 @@ bookkeeping."
                               (list `("hosts" ,hosts-file)))
               (service hosts-service-type
                        (local-host-entries host-name)))
-          (service privileged-program-service-type
-                   (append (operating-system-privileged-programs os)
-                           (operating-system-setuid-programs os)))
           (service profile-service-type (operating-system-packages os)))))
 
 (define* (operating-system-services os)
author	Dariqq <dariqq@posteo.net>	2024-10-18 13:21:22 +0000
committer	Ludovic Courtès <ludo@gnu.org>	2024-10-24 14:50:09 +0200
commit	cc67a0b71d4a7d98a3732c3edf2eb340c2799697 (patch)
tree	e21eb6eff0a4355df8c426fa13991f4d0855086c /gnu/system.scm
parent	952682fca61d73ee52a086e552e3985c7f539fde (diff)