diff mbox series

[bug#63357] gnu: swaylock: Add linux-pam to inputs

Message ID aa1de1b705215a1cf6340c967619419cfa115ca6.1683473235.git.benjamin@uvy.fr
State New
Headers show
Series [bug#63357] gnu: swaylock: Add linux-pam to inputs | expand

Commit Message

Benjamin May 7, 2023, 3:27 p.m. UTC 
Adding linux-pam to inputs allows swaylock to run without setuid if
configured with a proper pam file.
---
 gnu/packages/wm.scm | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)


base-commit: 7f8575c97a8c112e9f82981b8803d075a82738dd

Comments

Ludovic Courtès May 18, 2023, 5:54 p.m. UTC | #1 
Hi,

Benjamin <benjamin@uvy.fr> skribis:

> Adding linux-pam to inputs allows swaylock to run without setuid if
> configured with a proper pam file.
> ---
>  gnu/packages/wm.scm | 4 +---

I tweaked the commit log and applied it.  Thanks!

Ludo’.
Andrew Tropin May 22, 2023, 3:14 p.m. UTC | #2 
On 2023-05-18 19:54, Ludovic Courtès wrote:

> Hi,
>
> Benjamin <benjamin@uvy.fr> skribis:
>
>> Adding linux-pam to inputs allows swaylock to run without setuid if
>> configured with a proper pam file.
>> ---
>>  gnu/packages/wm.scm | 4 +---
>
> I tweaked the commit log and applied it.  Thanks!

Hey guys!

One of our colleagues mentioned that it's a breaking change and swaylock
with pam backend will complain if suid is set, so the old setups with
(screen-locker-service swaylock) will break after this commit.

Do we want to document how to configure pam for swaylock in manual and
add a news entry for this change?
Benjamin May 22, 2023, 3:53 p.m. UTC | #3 
Hello,

> One of our colleagues mentioned that it's a breaking change and swaylock
> with pam backend will complain if suid is set, so the old setups with
> (screen-locker-service swaylock) will break after this commit.
>
> Do we want to document how to configure pam for swaylock in manual and
> add a news entry for this change?

First of all sorry for the breaking change.

I am pretty new to guix and did not know about screen-locker-service.
How I managed to make this to work is by setting a custom pam system
service :

(define-public swaylock-pam-service-type
  (service-type (name 'swaylock)
                (extensions (list (service-extension pam-root-service-type
                                                     (const (list (pam-service
                                                                   (name "swaylock")
                                                                   (auth (list
                                                                          (pam-entry
                                                                           (control "include")
                                                                           (module "greetd"))))))))))
                (description "Swaylock pam configuration")
                (default-value '())))

I do not know the policy in case of breaking changes, but if it is
easier we can roll back this change maybe ?

Best

Benjamin
muradm May 22, 2023, 7:33 p.m. UTC | #4 
Hi,

I would suggest to go forward with fixing 
screen-locker-service-type.
Root cause of issue is explained within the commit message of:
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=63652

muradm

"Benjamin" <benjamin@uvy.fr> writes:

> Hello,
>
>> One of our colleagues mentioned that it's a breaking change and 
>> swaylock
>> with pam backend will complain if suid is set, so the old 
>> setups with
>> (screen-locker-service swaylock) will break after this commit.
>>
>> Do we want to document how to configure pam for swaylock in 
>> manual and
>> add a news entry for this change?
>
> First of all sorry for the breaking change.
>
> I am pretty new to guix and did not know about 
> screen-locker-service.
> How I managed to make this to work is by setting a custom pam 
> system
> service :
>
> (define-public swaylock-pam-service-type
>   (service-type (name 'swaylock)
>                 (extensions (list (service-extension 
>                 pam-root-service-type
>                                                      (const 
>                                                      (list 
>                                                      (pam-service
>                                                                    (name 
>                                                                    "swaylock")
>                                                                    (auth 
>                                                                    (list
>                                                                           (pam-entry
>                                                                            (control 
>                                                                            "include")
>                                                                            (module 
>                                                                            "greetd"))))))))))
>                 (description "Swaylock pam configuration")
>                 (default-value '())))
>
> I do not know the policy in case of breaking changes, but if it 
> is
> easier we can roll back this change maybe ?
>
> Best
>
> Benjamin
diff mbox series

Patch

diff --git a/gnu/packages/wm.scm b/gnu/packages/wm.scm
index fe732e572e..b128b77e6a 100644
--- a/gnu/packages/wm.scm
+++ b/gnu/packages/wm.scm
@@ -1705,9 +1705,7 @@  (define-public swaylock
        (sha256
         (base32 "03jrjwlwxkcyd6m9a1bbwapasnz7b7aws7h0y6jigjm4m478phv6"))))
     (build-system meson-build-system)
-    (inputs (list cairo gdk-pixbuf libxkbcommon
-                  ;("linux-pam" ,linux-pam) ; FIXME: Doesn't work.
-                  wayland))
+    (inputs (list cairo gdk-pixbuf libxkbcommon linux-pam wayland))
     (native-inputs (list pango pkg-config scdoc wayland-protocols))
     (home-page "https://github.com/swaywm/sway")
     (synopsis "Screen locking utility for Wayland compositors")