From 98bc13b9ea5f22a60de6c289d59072638001e08e Mon Sep 17 00:00:00 2001
From: Tobias Geerinckx-Rice <me@tobias.gr>
Date: Sun, 1 Sep 2024 02:00:00 +0200
Subject: [PATCH] services: singularity: Migrate to (gnu system privilege).
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* gnu/services/docker.scm (singularity-setuid-programs): Rename from this…
(singularity-privileged-programs): …to this.  Use <privileged-program>.
(singularity-service-type): Extend the PRIVILEGED-PROGRAM-SERVICE-TYPE.

Change-Id: I4d90f9a6d4759a24a818baab49b61be67c419bad
---
 gnu/services/docker.scm | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm
index 1963f3c4bd..f0ac69a87e 100644
--- a/gnu/services/docker.scm
+++ b/gnu/services/docker.scm
@@ -31,7 +31,7 @@
   #:use-module (gnu services shepherd)
   #:use-module (gnu system)
   #:use-module (gnu system image)
-  #:use-module (gnu system setuid)
+  #:use-module (gnu system privilege)
   #:use-module (gnu system shadow)
   #:use-module (gnu packages admin)               ;shadow
   #:use-module (gnu packages docker)
@@ -268,11 +268,11 @@ bundles in Docker containers.")
                   '("container" "final" "overlay" "session"))
         (chmod %mount-directory #o755))))
 
-(define (singularity-setuid-programs singularity)
-  "Return the setuid-root programs that SINGULARITY needs."
+(define (singularity-privileged-programs singularity)
+  "Return the privileged programs that SINGULARITY needs."
   (define helpers
     ;; The helpers, under a meaningful name.
-    (computed-file "singularity-setuid-helpers"
+    (computed-file "singularity-privileged-helpers"
                    #~(begin
                        (mkdir #$output)
                        (for-each (lambda (program)
@@ -286,7 +286,8 @@ bundles in Docker containers.")
                                                            "-helper")))
                                  '("action" "mount" "start")))))
 
-  (map file-like->setuid-program
+  (map (lambda (program) (privileged-program (program program)
+                                        (setuid? #t)))
        (list (file-append helpers "/singularity-action-helper")
              (file-append helpers "/singularity-mount-helper")
              (file-append helpers "/singularity-start-helper"))))
@@ -296,8 +297,8 @@ bundles in Docker containers.")
                 (description
                  "Install the Singularity application bundle tool.")
                 (extensions
-                 (list (service-extension setuid-program-service-type
-                                          singularity-setuid-programs)
+                 (list (service-extension privileged-program-service-type
+                                          singularity-privileged-programs)
                        (service-extension activation-service-type
                                           (const %singularity-activation))))
                 (default-value singularity)))