From patchwork Thu May 1 17:55:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Sergio_Pastor_P=C3=A9rez?= X-Patchwork-Id: 42225 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id BDD1927BC4B; Thu, 1 May 2025 18:56:28 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL, RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 1AD0A27BC49 for ; Thu, 1 May 2025 18:56:28 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uAY8t-00089i-Pe; Thu, 01 May 2025 13:56:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uAY8l-00087Z-2V for guix-patches@gnu.org; Thu, 01 May 2025 13:56:07 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uAY8i-0000fe-C5; Thu, 01 May 2025 13:56:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=ZbInTb/YceLWRdPkUfE85Wqfm04fZ+OiP4w02rPxUhk=; b=u4VCk+cUz9QH5FyDtdPXaUhDrjCudFDiWM/yddUxZfTO5rcHnKeftOyl8wcuZoQGOl0UBe6JMhc9Ip/oUWxakD4PcuYslRXAT8BWK/LXlz4CPaI5A5uLO1cEz1ofFUkhXkL8riEdGomaPbb+SIgUhO47pzSbsNgh9zytHZajDKEXZP2tIeJRaGo+oEWbI+27M5Ak28ZgT69HDVkYtYFpXXXlMh1fkhhUNC2ozUtZD6c34dWzndlNSDlrzYljQy1CIerpTm34j27qPt8f9pskNNa3Fd9a05uAZZ0+NL+/f2LhS78Da9ojOKaO06HREpaReWl41hj1jEHui1kXKhZ0/w==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1uAY8g-0001ek-OV; Thu, 01 May 2025 13:56:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#78188] [PATCH v2] services: kwallet: New service. Resent-From: Sergio Pastor =?utf-8?b?UMOpcmV6?= Original-Sender: "Debbugs-submit" Resent-CC: liliana.prikler@gmail.com, ludo@gnu.org, maxim.cournoyer@gmail.com, noelopez@free.fr, vivien@planete-kraus.eu, guix-patches@gnu.org Resent-Date: Thu, 01 May 2025 17:56:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 78188 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 78188@debbugs.gnu.org Cc: Sergio Pastor =?utf-8?b?UMOpcmV6?= , Liliana Marie Prikler , Ludovic =?utf-8?q?Court?= =?utf-8?q?=C3=A8s?= , Maxim Cournoyer , =?utf-8?q?No=C3=A9?= Lopez , Vivien Kraus X-Debbugs-Original-Xcc: Liliana Marie Prikler , Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer , =?utf-8?q?No=C3=A9?= Lopez , Vivien Kraus Received: via spool by 78188-submit@debbugs.gnu.org id=B78188.17461221386287 (code B ref 78188); Thu, 01 May 2025 17:56:02 +0000 Received: (at 78188) by debbugs.gnu.org; 1 May 2025 17:55:38 +0000 Received: from localhost ([127.0.0.1]:53010 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uAY8I-0001dL-5i for submit@debbugs.gnu.org; Thu, 01 May 2025 13:55:38 -0400 Received: from mail-wm1-x32f.google.com ([2a00:1450:4864:20::32f]:55676) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1uAY8F-0001ce-6Z for 78188@debbugs.gnu.org; Thu, 01 May 2025 13:55:36 -0400 Received: by mail-wm1-x32f.google.com with SMTP id 5b1f17b1804b1-43cebe06e9eso6500015e9.3 for <78188@debbugs.gnu.org>; Thu, 01 May 2025 10:55:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1746122129; x=1746726929; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ZbInTb/YceLWRdPkUfE85Wqfm04fZ+OiP4w02rPxUhk=; b=h5n4nhu1ncV8c+9uLrXu7Z4JM0d+XOlEtuNgBQ7PgFBocFbAnZs//pNbkUz7Dkj/dT Fdg3A2nbrQ88oY9zaW6lolrkMweNQMzcAak8Mis/JRpy5nobnpf0AQB+nyCT4MXzrDnX 1rznQC+BkonjH/D5zfGivVY5/Zoil6dYedm/LKfRXbhUBiZIzGnl8Sf1A3GV5+SAyMVg KyCRehpFY9WgtF1FBCSNVmtYGoo68l8h5qvNuGwrQdetrMXPrz/eoaCWBhWIFgCUJW78 CmP8dfrbK7YFLigCpVK+cwpv144zValzEFXCsxTdqtRGq2jV9Uje6bZwAhwtGjDvqg/5 6Ikg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1746122129; x=1746726929; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZbInTb/YceLWRdPkUfE85Wqfm04fZ+OiP4w02rPxUhk=; b=NVnUXjcyJftReWO1DPZHooC5KjT368AQv6sAHl9g29u7AYeufTgajuWgj2dMPvTfcQ 4OI59jlDtfpLuhP3XH4DJ7PIg57w7+VtLSUCHxkgwh9jE/5E41CVcvLtl5inYNe7J2OH vkMtXfL5brZMi/zhJjp0MD5/gahkjyllXsqL5hB1OwLWeNGE169AnltMzuCIsgD/RYon /FRreq1pbfL5CHwSkO/m8rqprL+NPYFKjvwJXJW6GUuALmJYukAUnaQa7rdKqV1kZeRa XpPbFDzqYCY7mzol64XPOSng5Nb5TP7UJgusjIchLcAHX8qWXV4WEZdB+m2RQqEI1e/w kWVA== X-Gm-Message-State: AOJu0Yxbx7UD2wJ06qEO18v0T8h+bpuCW0/oFZTvldkpUyQU6nxN0Eh9 /I1Q0RQQLhauuJO3zP9LZ83OJPY143HVYRojhJ9CYaByX0FHwLLRujdNQuJP X-Gm-Gg: ASbGnctghshnZ704TXE9i+Fzg7TAxzNe/+PNAN4L8308F5oc/WqzrbhePXY0RoHxKfs qQtvOLg1kMmlZSsaYwUVgTOHKWnq6UrLd7OamOPqA3Ughac8Alf89EjJD/GorYN/RT87HY1s8ko AeQ+7dFQtTKeuE+WNVP3cFgSYLIyUwpr43YQpPnQSVGHvjD8wULiIOKkAvuudaNjDdzlc7ymmDS APQiEaEXSSRubr7kPrClAlkpMirWAh9BcxyCum+u5EEmWVVMi76XvJyzoAEJIWA9h8SOKDgqxTa qgDNfl+M2Kwn7nNPlhDo8V9GG+ww06JPQlSsifefjRmJaSa+6/Rxpw== X-Google-Smtp-Source: AGHT+IEamAiV1mf99NUeYOa/S3wd/JSKykxUWPhX/05WnX8Cs34nhKldZcA3vntoRI0XY1y17rbFYw== X-Received: by 2002:a05:600c:1d99:b0:43b:ce36:7574 with SMTP id 5b1f17b1804b1-441b263a250mr67143045e9.11.1746122128647; Thu, 01 May 2025 10:55:28 -0700 (PDT) Received: from localhost ([2a0c:5a85:d206:4200:cd7d:99ee:cee8:cc4a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-441b2aed5e8sm64664025e9.16.2025.05.01.10.55.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 May 2025 10:55:28 -0700 (PDT) From: Sergio Pastor =?utf-8?b?UMOpcmV6?= Date: Thu, 1 May 2025 19:55:07 +0200 Message-ID: <05d64ca757730e334021a4f68e65dc503acc7bb6.1746122107.git.sergio.pastorperez@gmail.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <1b8f1e2c24fb227d77a4617635842fb16db5d7f0.1746122107.git.sergio.pastorperez@gmail.com> References: <1b8f1e2c24fb227d77a4617635842fb16db5d7f0.1746122107.git.sergio.pastorperez@gmail.com> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Change-Id: I1330ce5e1648a8ddf6ddd507255a73335d6baa51 --- doc/guix.texi | 37 ++++++++++++++++++++++++ gnu/services/desktop.scm | 61 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 98 insertions(+) diff --git a/doc/guix.texi b/doc/guix.texi index 7b418a4089..c6861b3182 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -27131,6 +27131,43 @@ Desktop Services @end table @end deftp +@defvar kwallet-service-type +This is the type of the service that adds the +@uref{https://invent.kde.org/plasma/kwallet-pam, KWallet keyring}. Its +value is a @code{kwallet-configuration} object (see below). Note that, +contrary to @code{gnome-desktop-service-type}, +@code{plasma-desktop-service-type} does not include this service. + +This service adds the @code{kwallet-pam} package to the system profile +and extends PAM with entries using @code{pam_kwallet5.so}, +unlocking a user's login keyring when they log in or setting its +password with passwd. +@end defvar + +@deftp {Data Type} kwallet-configuration +Configuration record for the KWallet Keyring service. + +@table @asis +@item @code{keyring} (default: @code{kwallet-pam}) +The KWallet keyring package to use. + +@item @code{pam-services} +A list of @code{(@var{service} . @var{kind})} pairs denoting PAM +services to extend, where @var{service} is the name of an existing +service to extend and @var{kind} is one of @code{login} or +@code{passwd}. + +If @code{login} is given, it adds an optional +@code{pam_kwallet5.so} to the auth block without arguments and to +the session block with @code{auto_start}. If @code{passwd} is given, it +adds an optional @code{pam_kwallet5.so} to the password block +without arguments. + +By default, this field contains ``sddm'' with the value @code{login} +and ``passwd'' is with the value @code{passwd}. +@end table +@end deftp + @defvar seatd-service-type @uref{https://sr.ht/~kennylevinsen/seatd/, seatd} is a minimal seat management daemon. diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm index a586746cc5..a3cbf3f397 100644 --- a/gnu/services/desktop.scm +++ b/gnu/services/desktop.scm @@ -197,6 +197,10 @@ (define-module (gnu services desktop) gnome-keyring-configuration? gnome-keyring-service-type + kwallet-configuration + kwallet-configuration? + kwallet-service-type + seatd-configuration seatd-service-type @@ -2148,6 +2152,63 @@ (define enlightenment-desktop-service-type thumbnails and privileges the programs which enlightenment needs to function as expected."))) + +;;; +;;; kwallet-service-type +;;; + +(define-record-type* kwallet-configuration + make-kwallet-configuration + kwallet-configuration? + (wallet kwallet-package (default kwallet-pam)) + (pam-services kwallet-pam-services (default '(("sddm" . login) + ("passwd" . passwd))))) + +(define (pam-kwallet config) + (match config + (#f '()) ;explicitly disabled by user + (_ + (define (%pam-keyring-entry . arguments) + (pam-entry + (control "optional") + (module (file-append (kwallet-package config) + "/lib/security/pam_kwallet5.so")) + (arguments arguments))) + + (list + (pam-extension + (transformer + (lambda (service) + (case (assoc-ref (kwallet-pam-services config) + (pam-service-name service)) + ((login) + (pam-service + (inherit service) + (auth (append (pam-service-auth service) + (list (%pam-keyring-entry)))) + (session (append (pam-service-session service) + (list (%pam-keyring-entry "auto_start")))))) + ((passwd) + (pam-service + (inherit service) + (password (append (pam-service-password service) + (list (%pam-keyring-entry)))))) + (else service))))))))) + +;; TODO: consider integrating service in `' as +;; done in `'. This requires rewritting the +;; `' as done for `'. +(define kwallet-service-type + (service-type + (name 'kwallet) + (extensions (list + (service-extension pam-root-service-type pam-kwallet))) + (default-value (kwallet-configuration)) + (description "Return a service, that extends PAM with entries using +@code{pam_kwallet5.so}, unlocking a user's login keyring when they log in or +setting its password with passwd."))) + + ;;; ;;; KDE Plasma desktop service. ;;;