From 7406e924e29f179b2d5aa676c5378866b67ac41c Mon Sep 17 00:00:00 2001
From: EuAndreh <eu@euandre.org>
Date: Sat, 19 Nov 2022 08:17:03 -0300
Subject: bin/upgrade: Use the current files for the upgrade

Imagine 2 scenarios:
1. I leave home.scm in an intermediary broken state, and an important
   security update is available.  The "guix pull" command will work, but
   the security fixes won't be installed, because the home.scm file
   isn't properly formed.  Using the current home.scm file addresses
   that;
2. a malicious program writes to system.scm, and the upgrade
   automatically implements any changes present in it.  Instead the
   changes to the system, which require root access, shouldn't be
   blindly done, and using strictly the existing system.scm addresses
   that.  It doesn't address many other bad things the malicious program
   can do.
---
 bin/upgrade | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bin/upgrade b/bin/upgrade
index 4447a3d..24f905d 100755
--- a/bin/upgrade
+++ b/bin/upgrade
@@ -62,5 +62,5 @@ shift $((OPTIND - 1))
 
 pass show velhinho/0-andreh-password |
 	head -n1 |
-	sudo -ES guix system -v3 reconfigure /etc/guix/configuration.scm
-guix home -v3 reconfigure "$XDG_CONFIG_HOME"/guix/home.scm
+	sudo -ES guix system -v3 reconfigure /run/current-system/configuration.scm
+guix home -v3 reconfigure ~/.guix/home/configuration.scm
-- 
cgit v1.2.3