diff options
| author | EuAndreh <eu@euandre.org> | 2022-11-19 08:17:03 -0300 |
|---|---|---|
| committer | EuAndreh <eu@euandre.org> | 2022-11-19 08:17:06 -0300 |
| commit | 7406e924e29f179b2d5aa676c5378866b67ac41c (patch) | |
| tree | bc47650e0521d6673be663daa3a6040cd67927d2 | |
| parent | etc/guix/system.scm: Remove "guile" package from system profile (diff) | |
| download | dotfiles-7406e924e29f179b2d5aa676c5378866b67ac41c.tar.gz dotfiles-7406e924e29f179b2d5aa676c5378866b67ac41c.tar.xz | |
bin/upgrade: Use the current files for the upgrade
Imagine 2 scenarios:
1. I leave home.scm in an intermediary broken state, and an important
security update is available. The "guix pull" command will work, but
the security fixes won't be installed, because the home.scm file
isn't properly formed. Using the current home.scm file addresses
that;
2. a malicious program writes to system.scm, and the upgrade
automatically implements any changes present in it. Instead the
changes to the system, which require root access, shouldn't be
blindly done, and using strictly the existing system.scm addresses
that. It doesn't address many other bad things the malicious program
can do.
| -rwxr-xr-x | bin/upgrade | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/bin/upgrade b/bin/upgrade index 4447a3d..24f905d 100755 --- a/bin/upgrade +++ b/bin/upgrade @@ -62,5 +62,5 @@ shift $((OPTIND - 1)) pass show velhinho/0-andreh-password | head -n1 | - sudo -ES guix system -v3 reconfigure /etc/guix/configuration.scm -guix home -v3 reconfigure "$XDG_CONFIG_HOME"/guix/home.scm + sudo -ES guix system -v3 reconfigure /run/current-system/configuration.scm +guix home -v3 reconfigure ~/.guix/home/configuration.scm |