From patchwork Fri May 2 07:49:49 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Sergio_Pastor_P=C3=A9rez?= X-Patchwork-Id: 42242 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id DE81927BC4B; Fri, 2 May 2025 08:51:41 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL, RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 2D1DC27BC49 for ; Fri, 2 May 2025 08:51:41 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uAlAu-0004r2-1z; Fri, 02 May 2025 03:51:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uAlAq-0004ql-P8 for guix-patches@gnu.org; Fri, 02 May 2025 03:51:09 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uAlAp-0003n2-Lb; Fri, 02 May 2025 03:51:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=/XpohwHFoQFJUwuH3cH4hk4S0tZaszclH+58evV98LU=; b=dlNqQS4E1iETXHJhUyOXx34yqzE10zBd3kXk7CqM7CnbGmnrBAlH2PQcIJjkc/k9oM65aa8xYIqhdv74slO/PSsX67waBb0JuTUF6cJA3RMLsYeaoCX8E09MU1lHvh4DUZFiDV4SPRcqIrcKfy3yDGk33ZR9mlqJ7zplu52YyWNiujxZ/V0sLiHluVQIOEyg6GKyzQ3QXeB5aoGIj4295P8kvSBbst3a0aJzKU/BwU85IERyp765OZzWpukdeK/jRCuuu8uykAfnJbLoLpTlwl93Fd6IBnzAr55sIyyJUMyNVK2EFbhYGxuPEehFMrdhIenQE1DBymfA9S9mxgUGgA==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1uAlAl-0006yl-Lb; Fri, 02 May 2025 03:51:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#78188] [PATCH v3 2/2] services: kwallet: New service. Resent-From: Sergio Pastor =?utf-8?b?UMOpcmV6?= Original-Sender: "Debbugs-submit" Resent-CC: sergio.pastorperez@gmail.com, z572@z572.online, maxim.cournoyer@gmail.com, liliana.prikler@gmail.com, ludo@gnu.org, noelopez@free.fr, vivien@planete-kraus.eu, guix-patches@gnu.org Resent-Date: Fri, 02 May 2025 07:51:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 78188 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 78188@debbugs.gnu.org Cc: Sergio Pastor =?utf-8?b?UMOpcmV6?= , Sergio Pastor =?utf-8?b?UMOpcmV6?= , Z572 , Maxim Cournoyer , Liliana Marie Prikler , Ludovic =?utf-8?q?Court?= =?utf-8?q?=C3=A8s?= , =?utf-8?q?No=C3=A9?= Lopez , Vivien Kraus X-Debbugs-Original-Xcc: Sergio Pastor =?utf-8?b?UMOpcmV6?= , Z572 , Maxim Cournoyer , Liliana Marie Prikler , Ludovic =?utf-8?q?Court?= =?utf-8?q?=C3=A8s?= , =?utf-8?q?No=C3=A9?= Lopez , Vivien Kraus Received: via spool by 78188-submit@debbugs.gnu.org id=B78188.174617225326785 (code B ref 78188); Fri, 02 May 2025 07:51:03 +0000 Received: (at 78188) by debbugs.gnu.org; 2 May 2025 07:50:53 +0000 Received: from localhost ([127.0.0.1]:56118 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uAlAa-0006xw-NP for submit@debbugs.gnu.org; Fri, 02 May 2025 03:50:53 -0400 Received: from mail-wm1-x32a.google.com ([2a00:1450:4864:20::32a]:53676) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1uAlAX-0006xf-P3 for 78188@debbugs.gnu.org; Fri, 02 May 2025 03:50:50 -0400 Received: by mail-wm1-x32a.google.com with SMTP id 5b1f17b1804b1-43cfba466b2so13052815e9.3 for <78188@debbugs.gnu.org>; Fri, 02 May 2025 00:50:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1746172243; x=1746777043; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=/XpohwHFoQFJUwuH3cH4hk4S0tZaszclH+58evV98LU=; b=IirKJPPZdzzqKwZjrTkgIhBUSNjY0YQp9bY3R7+1431Ko3mcx9OSBFHzGhbw0FETMj qq+JH3p3CMieK1mI51krLtvf/6jjBlCYLjZ9a6dQ/ooMgE6h1A/hNlJ2FnjjDQBvwXpL EqWR5xPel9nwpR1MPrWa7phcxStdSdhOhue32mV5YQB7ehcCfA0N3e8IHfismhvE4Enc eY0i3yuM62iKVV+x6bWVzyICRvqDVNPcvfemWYyXfqUQYPnWqmCIMkw2EJWqE4TTGMEc DWMcYxV4fKAUiAawPuE9dz1POLFm014Q+WHyz5wMj/WDyWu1H4HOesinPdjl8Zp3SxsS 8BRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1746172243; x=1746777043; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/XpohwHFoQFJUwuH3cH4hk4S0tZaszclH+58evV98LU=; b=m5DmvkV9EPsUZCYU+ZT4bJO/4U3JQ2eA/AJmP/c3C5fjjdYDyNYrXOJmNcprCqATri q5LeB0iK4vFHbRdPDS3UP/bcITYmqTlBxkt1kd7sTiTeo41wufb91yerDQjI3jv3+Ss/ emRCKsubvfYPLMAjkY5b76w0w69fAi5ZxtgRn1wOimjjOwtmjeIV6WTeL2jxo9JHy/m6 H2vOhabfOlMtBnTWfIx8QFn3J9duyfAW2jYD3bY7XB1e27KeU3DWlc9Xg9isE9cPvmqi 7ZnXl/SOiK5kXg8/D9dg4oAeDksy+bGuwEw5EhS/+wcIXF45G2zH/tdhoca/TNuqH3XU CS+g== X-Gm-Message-State: AOJu0YwbAgpWYrmx7pI7FoVJA1OCzsJ75W/rDXSsSPEc1KqJPYWwoRim dGgabv6hr64UgB5e5KXr5xQuoqjWQ4x7umvTmJCcEJADfMFDlhReOlIIv4v4 X-Gm-Gg: ASbGncsRBtACSVi+CEMlG8PRS/hiyiKxNRZemOHCqYVOrBYQTBuAvwubbfxMBQxXe4w Q/jFMChkVGuRpR5PHoQIuu3zKf8RWB7SNDF3jcBVzu1F6VT+ZhQseXuPlkJXSMuiU+TRiD4EiKq 5Fx3iYKWa80BveEOP0swZ/PNGPseeSz5wXBiPz8sOw/SNH7k/zM+Lw1EzoesezTjpwMo7vNpBw4 M9JAFsefKvWikg+BeAIIfIYoUo8dnwaf1L+J+6UkFKXg8SF/buN0wV4YzoFUpOnwNWTOp5t38BZ YiRITSi2IcHz35Izre8rxMIXBprzf/2tBVeViW8UerhOKqcw7QVCNg== X-Google-Smtp-Source: AGHT+IE98NFZCJvPgquNJZUK4wsPagL0Luint+0mMP8x8GiwDoaMQ9zRvxKfq8fXs5HvMONWuMf95Q== X-Received: by 2002:a05:600c:1da6:b0:43d:fa59:be39 with SMTP id 5b1f17b1804b1-441bbf38afemr12492225e9.33.1746172243159; Fri, 02 May 2025 00:50:43 -0700 (PDT) Received: from localhost ([2a0c:5a85:d206:4200:cd7d:99ee:cee8:cc4a]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3a09a7ad055sm613618f8f.11.2025.05.02.00.50.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 May 2025 00:50:42 -0700 (PDT) From: Sergio Pastor =?utf-8?b?UMOpcmV6?= Date: Fri, 2 May 2025 09:49:49 +0200 Message-ID: <1077ee8d351fbfd51679522ec7673db563a86f8b.1746172189.git.sergio.pastorperez@gmail.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <18a91352e08ac5bf800a24f744dc8ed812fa34a0.1746172189.git.sergio.pastorperez@gmail.com> References: <18a91352e08ac5bf800a24f744dc8ed812fa34a0.1746172189.git.sergio.pastorperez@gmail.com> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Change-Id: I1330ce5e1648a8ddf6ddd507255a73335d6baa51 --- doc/guix.texi | 39 +++++++++++++++++++++++++ gnu/services/desktop.scm | 63 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 102 insertions(+) diff --git a/doc/guix.texi b/doc/guix.texi index 7b418a4089..0df428bb8d 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -27131,6 +27131,45 @@ Desktop Services @end table @end deftp +@defvar kwallet-service-type +This is the type of the service that adds the +@uref{https://invent.kde.org/plasma/kwallet-pam, KWallet keyring}. Its +value is a @code{kwallet-configuration} object (see below). Note that, +contrary to @code{gnome-desktop-service-type}, which includes the +respective keyring for that service, @code{gnome-keyring-service-type}, +@code{plasma-desktop-service-type} does not include +@code{kwallet-service-type}. + +This service adds the @code{kwallet-pam} package to the system profile +and extends PAM with entries using @code{pam_kwallet5.so}, unlocking a +user's login keyring when they log in or setting its password with +@command{passwd}. +@end defvar + +@deftp {Data Type} kwallet-configuration +Configuration record for the KWallet Keyring service. + +@table @asis +@item @code{keyring} (default: @code{kwallet-pam}) +The KWallet keyring package to use. + +@item @code{pam-services} +A list of @code{(@var{service} . @var{kind})} pairs denoting PAM +services to extend, where @var{service} is the name of an existing +service to extend and @var{kind} is one of @code{login} or @code{passwd} +symbols. + +If @code{login} is given, it adds an optional +@code{pam_kwallet5.so} to the auth block without arguments and to +the session block with @code{auto_start}. If @code{passwd} is given, it +adds an optional @code{pam_kwallet5.so} to the password block +without arguments. + +By default, this field contains ``sddm'' with the value @code{login} +and ``passwd'' is with the value @code{passwd}. +@end table +@end deftp + @defvar seatd-service-type @uref{https://sr.ht/~kennylevinsen/seatd/, seatd} is a minimal seat management daemon. diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm index a586746cc5..2127c2d389 100644 --- a/gnu/services/desktop.scm +++ b/gnu/services/desktop.scm @@ -20,6 +20,7 @@ ;;; Copyright © 2024 45mg <45mg.writes@gmail.com> ;;; Copyright © 2024 Raven Hallsby ;;; Copyright © 2025 Jonathan Brielmaier +;;; Copyright © 2025 Sergio Pastor Pérez ;;; ;;; This file is part of GNU Guix. ;;; @@ -197,6 +198,10 @@ (define-module (gnu services desktop) gnome-keyring-configuration? gnome-keyring-service-type + kwallet-configuration + kwallet-configuration? + kwallet-service-type + seatd-configuration seatd-service-type @@ -2148,6 +2153,64 @@ (define enlightenment-desktop-service-type thumbnails and privileges the programs which enlightenment needs to function as expected."))) + +;;; +;;; kwallet-service-type. +;;; + +(define-record-type* kwallet-configuration + make-kwallet-configuration + kwallet-configuration? + (wallet kwallet-package (default kwallet-pam)) + (pam-services kwallet-pam-services (default '(("sddm" . login) + ("passwd" . passwd))))) + +(define (pam-kwallet config) + "Return a PAM extension for KWallet." + (match config + (#f '()) ;explicitly disabled by user + (_ + (define (%pam-keyring-entry . arguments) + (pam-entry + (control "optional") + (module (file-append (kwallet-package config) + "/lib/security/pam_kwallet5.so")) + (arguments arguments))) + + (list + (pam-extension + (transformer + (lambda (service) + (case (assoc-ref (kwallet-pam-services config) + (pam-service-name service)) + ((login) + (pam-service + (inherit service) + (auth (append (pam-service-auth service) + (list (%pam-keyring-entry)))) + (session (append (pam-service-session service) + (list (%pam-keyring-entry "auto_start")))))) + ((passwd) + (pam-service + (inherit service) + (password (append (pam-service-password service) + (list (%pam-keyring-entry)))))) + (else service))))))))) + +;; TODO: consider integrating service in `' as +;; done in `'. This requires rewritting the +;; `' as done for `'. +(define kwallet-service-type + (service-type + (name 'kwallet) + (extensions (list + (service-extension pam-root-service-type pam-kwallet))) + (default-value (kwallet-configuration)) + (description "Return a service that extends PAM with entries using +@code{pam_kwallet5.so}, unlocking the user's login keyring when they log in or +setting its password with @command{passwd}."))) + + ;;; ;;; KDE Plasma desktop service. ;;;