From patchwork Sat Mar 8 12:41:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Maxim Cournoyer X-Patchwork-Id: 39905 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id C1F3F27BBEA; Sat, 8 Mar 2025 12:43:37 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,DKIM_VALID,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_CERTIFIED, RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id B88A927BBE9 for ; Sat, 8 Mar 2025 12:43:36 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tqtWP-0006qz-2U; Sat, 08 Mar 2025 07:43:17 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tqtWD-0006qN-Pq for guix-patches@gnu.org; Sat, 08 Mar 2025 07:43:05 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tqtWD-00068K-5U; Sat, 08 Mar 2025 07:43:05 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:Subject; bh=RYKRbva+14AjwrTk95B2moMG6Ufwl3WJidXrFV30Eu0=; b=TDBMRpgtJDN9otRpigp1R1S9AXvONeKZWXQQJojAo5AcCtKItDfwzFlX0J0idfuT7BF8cStJ/6HxNfl3wEwk741u1o3JMpppSf+7KMPXDIDimKkRv4JbTSFzIdONtxmArzJyYrusWoG4wbSPh/UWlLXDdl60xULGR4N36oqFkRQPn1VMJeZ9YWq2cyfO5MULh0+yKyLGeOAzszkDCuDlbNZzcbYzFeG6qwT/iGDaZEtZNdJyb73Gdj+mSIW4bSXDGPsaI8Sb7DZdAgeZDju52qR7iKH2DxSkm0MpM+UrBWPaNxzAh/XEHmlUp8CYXs7oveCU+lJXhfEkSY0aDI+V+A==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tqtWA-0003Aq-IN; Sat, 08 Mar 2025 07:43:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#76864] [PATCH] services: Integrate gnome-keyring service in gnome-desktop service. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: liliana.prikler@gmail.com, ludo@gnu.org, maxim.cournoyer@gmail.com, vivien@planete-kraus.eu, guix-patches@gnu.org Resent-Date: Sat, 08 Mar 2025 12:43:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 76864 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 76864@debbugs.gnu.org Cc: Maxim Cournoyer , Liliana Marie Prikler , Ludovic =?utf-8?q?Court?= =?utf-8?q?=C3=A8s?= , Maxim Cournoyer , Vivien Kraus X-Debbugs-Original-To: guix-patches@gnu.org X-Debbugs-Original-Xcc: Liliana Marie Prikler , Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer , Vivien Kraus Received: via spool by submit@debbugs.gnu.org id=B.174143772912093 (code B ref -1); Sat, 08 Mar 2025 12:43:02 +0000 Received: (at submit) by debbugs.gnu.org; 8 Mar 2025 12:42:09 +0000 Received: from localhost ([127.0.0.1]:53247 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tqtVI-00038y-88 for submit@debbugs.gnu.org; Sat, 08 Mar 2025 07:42:09 -0500 Received: from lists.gnu.org ([2001:470:142::17]:47100) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1tqtVE-00038K-DA for submit@debbugs.gnu.org; Sat, 08 Mar 2025 07:42:05 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tqtV6-0006kP-Tt for guix-patches@gnu.org; Sat, 08 Mar 2025 07:41:57 -0500 Received: from mail-qv1-xf31.google.com ([2607:f8b0:4864:20::f31]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tqtV4-0005hS-Ap for guix-patches@gnu.org; Sat, 08 Mar 2025 07:41:56 -0500 Received: by mail-qv1-xf31.google.com with SMTP id 6a1803df08f44-6e8f6970326so20784896d6.0 for ; Sat, 08 Mar 2025 04:41:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741437710; x=1742042510; darn=gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=RYKRbva+14AjwrTk95B2moMG6Ufwl3WJidXrFV30Eu0=; b=cciCAs6g0ZFIKnRAcM+lWTL23gazD7cFHXoQ2xOXkh7KHw9IiuribrCatzlJ1h1hay jk0BYxlpnXjpIXOocNlu/6LV6udCmEt01/1SdtUSmaqYzlqkmKCaVv/jrF63dKxMYM05 HISs/G5SxenbspBmKlIaZU0J2itX2AR9u/I9g3lE7kCSy3RouxNWHSFKUC2ghId1Smqz r53s5kIubXGKMzAr104Wj/f1geOBuzyhXEyLc+QAwqsH7gnEMge5VjAyjVtVH6AOzPKV aYcNcColt6quTiZrRVA9h5G6U2oX87O1AHyu2Q9X2jW12xZYD0lzSu6/OFIEbywfuGei zlnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741437710; x=1742042510; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=RYKRbva+14AjwrTk95B2moMG6Ufwl3WJidXrFV30Eu0=; b=EHT0WVS+fhU9WWE8Gfjo3pFSDXp0je6Vz4wUWpjsT3+O614xoBs+YZ7QJ+5r/dceO+ tEcVTTqHwYWoUtLDAEPj7+pt0MaPe4QIzfk5KxVftaBEmCvRMEGDIYJLJxOtqMXoIxat i9kx/wA+z6OakHbm4vNcE6asDhn9QeWuhJja5NzmF8Pr770387pf3QeCN1tkbgW1kW2k SzigHNggo32LjHP8y3hxT3Dv+PBg8tmbIGaEiHIvp1R1bNXZepUOU8IIMQbFG0urUgDk 0jMD37wrymOEzhHg2IMQGFC9Ms53exBGr233t59xiPxkwxJAmsjlerqnWn7WzmBKa4Ih +c1g== X-Gm-Message-State: AOJu0YxpYw6UEm33tPUq1ypCGtKpPNrxZ+4DATHDRvrNGACN4F/aDD52 yw8TTcqt7DmnseTreqFJcRn0nChDk3ZXvWh4VC6CtPrHokAWEtEpXbNnb2UPjsc= X-Gm-Gg: ASbGnctcy/Rln9JvlSo5wyS6DlzZD59+zx8HWF5fFKw9r6dZ40abmDU0uRhutHs1cPF 1z2buWrBOz0rklVsUB9KFat2mYub8wVoPeuGAO0p1a+Fyu5jkf0R1g6LxFm0CqjmmKvGbonwPns J7TP0eLg2qQuCb5FG97Vf6PF8+QLczcKT9vAZpdbGskhnhHlYvUQcZoTafMvqpfEoNalZs5i2oF JtczX/rFoJrxRDu/5WsqZ89zpl3riciS68hatdfgccp766fTmtMcpLLGazyuF39Q/AJX/cYcRZz px+j/ce+SDNXyXKeDIoun4zeIE5BOsiXnAie9sQCs0Uz+MMpN4GjOdxfMIiMHfsVW7pwW8I3BKw woJoEnDZSpbU= X-Google-Smtp-Source: AGHT+IFqXOv6sRIimjP5U+uC8KVbrrrSWrPqiha6VYun44kzeIOSYMFsvGeyT/3YHzH4ynhhJI7K+g== X-Received: by 2002:a05:6214:c48:b0:6e4:2c6e:7cdc with SMTP id 6a1803df08f44-6e900640befmr96801566d6.25.1741437710547; Sat, 08 Mar 2025 04:41:50 -0800 (PST) Received: from localhost.localdomain (vps-6234970c.vps.ovh.ca. [51.222.13.224]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6e8f707c54fsm30877896d6.16.2025.03.08.04.41.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 08 Mar 2025 04:41:49 -0800 (PST) From: Maxim Cournoyer Date: Sat, 8 Mar 2025 21:41:30 +0900 Message-ID: X-Mailer: git-send-email 2.48.1 MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::f31; envelope-from=maxim.cournoyer@gmail.com; helo=mail-qv1-xf31.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Previous to this change, GNOME users would have to manually add the gnome-keyring-service-type to their services to have a default login keyring created and unlocked at login time. Some applications depend on a default keyring being available, prompt repeatedly for it, which is confusing and doesn't match user expectations, given most distributions use the GNOME keyring pam module to unlock the login keyring by default. * doc/guix.texi (Desktop Services): Update doc. * gnu/services/desktop.scm (): Move above gnome-desktop-service-type, and streamline description. (pam-gnome-keyring): Return the empty list when CONFIG is #f. (gnome-desktop-configuration) [gnome-keyring-configuration]: New field. Change-Id: Ica26c1e1b85a038c1187edfb3ec3691fcd429641 --- doc/guix.texi | 12 +++- gnu/services/desktop.scm | 125 +++++++++++++++++++++++---------------- 2 files changed, 83 insertions(+), 54 deletions(-) base-commit: 1f26b0eec83b5dc949900a743ed01088cb093c65 diff --git a/doc/guix.texi b/doc/guix.texi index 6844470ce2..d5d08ece78 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -49,7 +49,7 @@ Copyright @copyright{} 2017, 2021 Christine Lemmer-Webber@* Copyright @copyright{} 2017, 2018, 2019, 2020, 2021, 2022 Marius Bakke@* Copyright @copyright{} 2017, 2019, 2020, 2022 Hartmut Goebel@* -Copyright @copyright{} 2017, 2019, 2020, 2021, 2022, 2023, 2024 Maxim Cournoyer@* +Copyright @copyright{} 2017, 2019--2025 Maxim Cournoyer@* Copyright @copyright{} 2017–2022 Tobias Geerinckx-Rice@* Copyright @copyright{} 2017 George Clemmer@* Copyright @copyright{} 2017 Andy Wingo@* @@ -25649,6 +25649,12 @@ Desktop Services package that should not be installed. By default, every polkit rule added by any package referenced in the other fields are installed. +@item @code{gnome-keyring-configuration} (type: gnome-keyring-configuration-or-#f) +A record used to better integrate the +GNOME keyring with the system. Refer to the documentation of the +@code{gnome-keyring-service-type} for more information. If you'd rather +avoid integrating the GNOME keyring, you can set this to @code{#f}. + @end table @end deftp @@ -26666,7 +26672,9 @@ Desktop Services @defvar gnome-keyring-service-type This is the type of the service that adds the @uref{https://wiki.gnome.org/Projects/GnomeKeyring, GNOME Keyring}. Its -value is a @code{gnome-keyring-configuration} object (see below). +value is a @code{gnome-keyring-configuration} object (see below). Note +that there is no need to use this service when using +@code{gnome-desktop-service-type}, which includes it. This service adds the @code{gnome-keyring} package to the system profile and extends PAM with entries using @code{pam_gnome_keyring.so}, unlocking diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm index ee05bd98db..39a9da6384 100644 --- a/gnu/services/desktop.scm +++ b/gnu/services/desktop.scm @@ -154,6 +154,7 @@ (define-module (gnu services desktop) gnome-desktop-configuration-extra-packages gnome-desktop-configuration-polkit-ignorelist gnome-desktop-configuration-udev-ignorelist + gnome-desktop-configuration-gnome-keyring-configuration gnome-desktop-service gnome-desktop-service-type @@ -1471,6 +1472,65 @@ (define sane-service-type (service-extension account-service-type (const %sane-accounts)))))) + +;;; +;;; gnome-keyring-service-type +;;; + +(define-record-type* gnome-keyring-configuration + make-gnome-keyring-configuration + gnome-keyring-configuration? + (keyring gnome-keyring-package (default gnome-keyring)) + (pam-services gnome-keyring-pam-services (default '(("gdm-password" . login) + ("passwd" . passwd))))) + +(define (pam-gnome-keyring config) + ;; CONFIG may be either a or a + ;; > record, when using the + ;; gnome-keyring-service-type on its own. + (let ((config (if (gnome-desktop-configuration? config) + (gnome-desktop-configuration-gnome-keyring-configuration + config) + config))) + (match config + (#f '()) ;explicitly disabled by user + (_ + (define (%pam-keyring-entry . arguments) + (pam-entry + (control "optional") + (module (file-append (gnome-keyring-package config) + "/lib/security/pam_gnome_keyring.so")) + (arguments arguments))) + + (list + (pam-extension + (transformer + (lambda (service) + (case (assoc-ref (gnome-keyring-pam-services config) + (pam-service-name service)) + ((login) + (pam-service + (inherit service) + (auth (append (pam-service-auth service) + (list (%pam-keyring-entry)))) + (session (append (pam-service-session service) + (list (%pam-keyring-entry "auto_start")))))) + ((passwd) + (pam-service + (inherit service) + (password (append (pam-service-password service) + (list (%pam-keyring-entry)))))) + (else service)))))))))) + +(define gnome-keyring-service-type + (service-type + (name 'gnome-keyring) + (extensions (list + (service-extension pam-root-service-type pam-gnome-keyring))) + (default-value (gnome-keyring-configuration)) + (description "Return a service, that extends PAM with entries using +@code{pam_gnome_keyring.so}, unlocking a user's login keyring when they log in +or setting its password with passwd."))) ;;; @@ -1479,6 +1539,10 @@ (define sane-service-type (define-maybe/no-serialization package) +(define (gnome-keyring-configuration-or-#f? value) + (or (gnome-keyring-configuration? value) + (not value))) + (define (extract-propagated-inputs package) ;; Drop input labels. Attempt to support outputs. (map @@ -1515,7 +1579,13 @@ (define-configuration/no-serialization gnome-desktop-configuration (list-of-strings '()) "A list of regular expressions denoting polkit rules provided by any package that should not be installed. By default, every polkit rule added by any package -referenced in the other fields are installed.")) +referenced in the other fields are installed.") + (gnome-keyring-configuration + (gnome-keyring-configuration-or-#f (gnome-keyring-configuration)) + "A record used to better integrate the GNOME +keyring with the system. Refer to the documentation of the +@code{gnome-keyring-service-type} for more information. If you'd rather avoid +integrating the GNOME keyring, you can set this to @code{#f}.")) (define (gnome-package gnome name) "Return the package NAME among the GNOME package inputs. NAME can be a @@ -1636,6 +1706,8 @@ (define gnome-desktop-service-type (extensions (list (service-extension udev-service-type gnome-udev-configuration-files) + (service-extension pam-root-service-type + pam-gnome-keyring) (service-extension polkit-service-type gnome-polkit-settings) (service-extension privileged-program-service-type @@ -1972,57 +2044,6 @@ (define inputattach-service-type (description "Return a service that runs inputattach on a device and dispatches events from it."))) - -;;; -;;; gnome-keyring-service-type -;;; - -(define-record-type* gnome-keyring-configuration - make-gnome-keyring-configuration - gnome-keyring-configuration? - (keyring gnome-keyring-package (default gnome-keyring)) - (pam-services gnome-keyring-pam-services (default '(("gdm-password" . login) - ("passwd" . passwd))))) - -(define (pam-gnome-keyring config) - (define (%pam-keyring-entry . arguments) - (pam-entry - (control "optional") - (module (file-append (gnome-keyring-package config) - "/lib/security/pam_gnome_keyring.so")) - (arguments arguments))) - - (list - (pam-extension - (transformer - (lambda (service) - (case (assoc-ref (gnome-keyring-pam-services config) - (pam-service-name service)) - ((login) - (pam-service - (inherit service) - (auth (append (pam-service-auth service) - (list (%pam-keyring-entry)))) - (session (append (pam-service-session service) - (list (%pam-keyring-entry "auto_start")))))) - ((passwd) - (pam-service - (inherit service) - (password (append (pam-service-password service) - (list (%pam-keyring-entry)))))) - (else service))))))) - -(define gnome-keyring-service-type - (service-type - (name 'gnome-keyring) - (extensions (list - (service-extension pam-root-service-type pam-gnome-keyring))) - (default-value (gnome-keyring-configuration)) - (description "Return a service, that adds the @code{gnome-keyring} package -to the system profile and extends PAM with entries using -@code{pam_gnome_keyring.so}, unlocking a user's login keyring when they log in -or setting its password with passwd."))) - ;;; ;;; polkit-wheel-service -- Allow wheel group to perform admin actions