From patchwork Sun Nov 10 13:06:30 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leo Prikler X-Patchwork-Id: 16072 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id AC1A317719; Sun, 10 Nov 2019 13:07:15 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id 52B8017623 for ; Sun, 10 Nov 2019 13:07:15 +0000 (GMT) Received: from localhost ([::1]:43260 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iTmvy-0005Nn-NS for patchwork@mira.cbaines.net; Sun, 10 Nov 2019 08:07:14 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:37156) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iTmvp-0005Nb-4T for guix-patches@gnu.org; Sun, 10 Nov 2019 08:07:06 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iTmvn-0000wt-KQ for guix-patches@gnu.org; Sun, 10 Nov 2019 08:07:05 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:41937) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1iTmvm-0000wc-Aj for guix-patches@gnu.org; Sun, 10 Nov 2019 08:07:03 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1iTmvm-0007IM-1j for guix-patches@gnu.org; Sun, 10 Nov 2019 08:07:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#38160] GNOME Keyring service Resent-From: Leo Prikler Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 10 Nov 2019 13:07:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 38160 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 38160@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.157339121428022 (code B ref -1); Sun, 10 Nov 2019 13:07:01 +0000 Received: (at submit) by debbugs.gnu.org; 10 Nov 2019 13:06:54 +0000 Received: from localhost ([127.0.0.1]:50758 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iTmva-0007Hp-Nh for submit@debbugs.gnu.org; Sun, 10 Nov 2019 08:06:53 -0500 Received: from lists.gnu.org ([209.51.188.17]:48511) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iTmvY-0007Hf-Jk for submit@debbugs.gnu.org; Sun, 10 Nov 2019 08:06:49 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:37120) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iTmvT-0005LD-1C for guix-patches@gnu.org; Sun, 10 Nov 2019 08:06:46 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iTmvQ-0000kD-Ro for guix-patches@gnu.org; Sun, 10 Nov 2019 08:06:42 -0500 Received: from mailrelay.tugraz.at ([129.27.2.202]:19821) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1iTmvP-0000eP-Hd for guix-patches@gnu.org; Sun, 10 Nov 2019 08:06:40 -0500 Received: from nijino.local (194-96-102-81.hdsl.highway.telekom.at [194.96.102.81]) by mailrelay.tugraz.at (Postfix) with ESMTPSA id 479vQw6BNKz1LLyX for ; Sun, 10 Nov 2019 14:06:32 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 mailrelay.tugraz.at 479vQw6BNKz1LLyX DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tugraz.at; s=mailrelay; t=1573391192; bh=S309EgkWTbxlpOeEj5QFPfu6j/OrwLtNw2PreFmlY3g=; h=Subject:From:To:Date:From; b=iWM6M91q03I65v1uCqBgKhPab5IjqTeDqXwxNaQ2lTypvoG8UHYdHxR0BHKw2SMoB auBkar9pbqUMuBjOHV4UHSTwEoLX9gtlag6KTxZiLmX8lv+ALRldIBIZ9lO/rTF/Rm OcgsZFClu9o4mOH8hg82LXiXZVNVGkYmCwYJVx3k= Message-ID: <057a95242009b1560b82547f7e0bec8b41a437c9.camel@student.tugraz.at> From: Leo Prikler Date: Sun, 10 Nov 2019 14:06:30 +0100 User-Agent: Evolution 3.30.5 MIME-Version: 1.0 X-TUG-Backscatter-control: bt4lQm5Tva3SBgCuw0EnZw X-Scanned-By: MIMEDefang 2.74 on 129.27.10.117 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches Hello, If you're using gnome-keyring on Guix with the default configuration, you probably noticed, that you have to put in your login password twice -- once in GDM, once afterwards to unlock the keyring. This is not very user-friendly. It turns out, that there is a solution for this, which is detailed in [1]. The attached patch implements the simple version, i.e. it adds pam_gnome_keyring.so to the end of a block. It will not work in presence of a pam-entry with (control "sufficient"), but it does work for extending the default desktop setup. Regards, Leo [1] https://wiki.gnome.org/Projects/GnomeKeyring/Pam From 9ac5f99a65f0599a3210443305042155f9b06e39 Mon Sep 17 00:00:00 2001 From: Leo Prikler Date: Sat, 9 Nov 2019 16:14:45 +0100 Subject: [PATCH] gnu: Add GNOME Keyring service * gnu/services/desktop.scm: (): New record type. (gnome-keyring-service-type): New service type. * doc/guix.texi: Document it. --- doc/guix.texi | 30 +++++++++++++++++++++++ gnu/services/desktop.scm | 53 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 83 insertions(+) diff --git a/doc/guix.texi b/doc/guix.texi index 27cb31dde5..5f693ed3ac 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -15609,6 +15609,36 @@ bluetooth keyboard or mouse. Users need to be in the @code{lp} group to access the D-Bus service. @end deffn +@defvr {Scheme Variable} gnome-keyring-service-type +This is the type of the service that adds the +@uref{https://wiki.gnome.org/Projects/GnomeKeyring, GNOME Keyring}. Its value is a @code{gnome-keyring-configuration} object (see below.) + +This service adds the @code{gnome-keyring} package to the system profile +and extends PAM with entries using @code{pam_gnome_keyring.so}, unlocking +a user's login keyring when they log in or setting its password with passwd. +@end defvr + +@deftp {Data Type} gnome-keyring-configuration +Configuration record for the GNOME Keyring service. + +@table @asis +@item @code{keyring} (default: @code{gnome-keyring}) +The GNOME keyring package to use. +@item @code{pam-services} +An alist (SERVICE . KIND) of PAM services to extend. SERVICE is the name +of an existing service to extend and KIND is one of @code{login} or +@code{passwd}. If @code{login} is given, it adds an optional +@code{pam_gnome_keyring.so} to the auth block without arguments and to +the session block with @code{auto_start}. +If @code{passwd} is given, it adds an optional @code{pam_gnome_keyring.so} +to the password block without arguments. + +By default, this field contains ``gdm-password'' with the value @code{login} +and ``passwd'' is with the value @code{passwd}. +@end table +@end deftp + + @node Sound Services @subsection Sound Services diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm index 0152e86e8a..3e0a33dba8 100644 --- a/gnu/services/desktop.scm +++ b/gnu/services/desktop.scm @@ -135,6 +135,10 @@ inputattach-configuration? inputattach-service-type + gnome-keyring-configuration + gnome-keyring-configuration? + gnome-keyring-service-type + %desktop-services)) ;;; Commentary: @@ -1064,6 +1068,55 @@ as expected."))) (description "Return a service that runs inputattach on a device and dispatches events from it."))) + +;;; +;;; gnome-keyring-service-type +;;; + +(define-record-type* gnome-keyring-configuration + make-gnome-keyring-configuration + gnome-keyring-configuration? + (keyring gnome-keyring-package (default gnome-keyring)) + (pam-services gnome-keyring-pam-services (default '(("gdm-password" . login) + ("passwd" . passwd))))) + +(define (pam-gnome-keyring config) + (define (%pam-keyring-entry . arguments) + (pam-entry + (control "optional") + (module (file-append (gnome-keyring-package config) + "/lib/security/pam_gnome_keyring.so")) + (arguments arguments))) + + (list + (lambda (service) + (case (assoc-ref (gnome-keyring-pam-services config) + (pam-service-name service)) + ((login) + (pam-service + (inherit service) + (auth (append (pam-service-auth service) + (list (%pam-keyring-entry)))) + (session (append (pam-service-session service) + (list (%pam-keyring-entry "auto_start")))))) + ((passwd) + (pam-service + (inherit service) + (password (append (pam-service-password service) + (list (%pam-keyring-entry)))))) + (else service))))) + +(define gnome-keyring-service-type + (service-type + (name 'gnome-keyring) + (extensions (list + (service-extension pam-root-service-type pam-gnome-keyring))) + (default-value (gnome-keyring-configuration)) + (description "Return a service, that adds the @code{gnome-keyring} package +to the system profile and extends PAM with entries using +@code{pam_gnome_keyring.so}, unlocking a user's login keyring when they log in +or setting its password with passwd."))) + ;;; ;;; The default set of desktop services. -- 2.24.0