From patchwork Thu May 1 13:54:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Sergio_Pastor_P=C3=A9rez?= X-Patchwork-Id: 42214 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id D4D5727BC49; Thu, 1 May 2025 14:55:13 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL, RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 37C7727BC4A for ; Thu, 1 May 2025 14:55:12 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uAUNU-0002G3-Rx; Thu, 01 May 2025 09:55:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uAUNT-0002FE-Hb for guix-patches@gnu.org; Thu, 01 May 2025 09:55:03 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uAUNT-0005ZK-82; Thu, 01 May 2025 09:55:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=ZbInTb/YceLWRdPkUfE85Wqfm04fZ+OiP4w02rPxUhk=; b=rQIhyqu0ndYBpTAkE/WFmq0M4iJgQrlVe9LzyGY96fAVBHoAfmVIAkkH4d+5XW+ZP3fvk3iH6hWldbnEdzaf0zAap4fjKeY+ztxnSMuR6DRdz2KArzw08JHBn0nY3U028Glxge8wkNVgntM4DVZDKuUJXl4R1PphAx1b1bLYzfcqcyytwijsyPR8BuIfH6Aa7OglCdvv2DmZarqQ+lK6sixDeXcbNEKG8ZkSzxtdyl+ib2jQSP5oedYeWAYwkyPsppEu7ZTQlBIXorx5GRCQUjqflN/YZv9KI1CDKSuSpvMnqwpFbCKBOfxggFTe3OYdF874eclkfX4Jx0YmMfDpSw==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1uAUNS-0001z8-4n; Thu, 01 May 2025 09:55:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#78188] [PATCH] services: kwallet: New service. Resent-From: Sergio Pastor =?utf-8?b?UMOpcmV6?= Original-Sender: "Debbugs-submit" Resent-CC: liliana.prikler@gmail.com, ludo@gnu.org, maxim.cournoyer@gmail.com, noelopez@free.fr, vivien@planete-kraus.eu, guix-patches@gnu.org Resent-Date: Thu, 01 May 2025 13:55:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 78188 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 78188@debbugs.gnu.org Cc: Sergio Pastor =?utf-8?b?UMOpcmV6?= , Liliana Marie Prikler , Ludovic =?utf-8?q?Court?= =?utf-8?q?=C3=A8s?= , Maxim Cournoyer , =?utf-8?q?No=C3=A9?= Lopez , Vivien Kraus X-Debbugs-Original-Xcc: Liliana Marie Prikler , Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer , =?utf-8?q?No=C3=A9?= Lopez , Vivien Kraus Received: via spool by 78188-submit@debbugs.gnu.org id=B78188.17461076737559 (code B ref 78188); Thu, 01 May 2025 13:55:02 +0000 Received: (at 78188) by debbugs.gnu.org; 1 May 2025 13:54:33 +0000 Received: from localhost ([127.0.0.1]:49957 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uAUMy-0001xq-Ug for submit@debbugs.gnu.org; Thu, 01 May 2025 09:54:33 -0400 Received: from mail-wm1-x32d.google.com ([2a00:1450:4864:20::32d]:45387) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1uAUMv-0001xG-7l for 78188@debbugs.gnu.org; Thu, 01 May 2025 09:54:29 -0400 Received: by mail-wm1-x32d.google.com with SMTP id 5b1f17b1804b1-43ed8d32a95so7658255e9.3 for <78188@debbugs.gnu.org>; Thu, 01 May 2025 06:54:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1746107662; x=1746712462; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ZbInTb/YceLWRdPkUfE85Wqfm04fZ+OiP4w02rPxUhk=; b=Il27GN/nOul3pMSitR47kna1w2/2Rwe81M7xJeQ7CG32QkN0wGfr8gwUJ/u+8VGsnO 20jv528A9b6LuRgjCABT9H8Sm94yOOZayiFKnCJJCWmCFQsQCeoMDiFrNdqDZkEeQxCk E1havmWaha334VvRb9phKlrzJEdP6fZgY6SsBMteOeeriUrAe9J54kkYtKtgfVBUWbM4 omiDz9jBVyz2/yL+bJT6WrvVNU5TxDyIyZGP8CN6cP/C5l3PFVof5gsZYCubRFf3tJD5 wB+Mf7z6SRY9g2YDWmB/qQatM71V4pMc2XqGPXzgkQ7CnQR7PB43HZbcGBqHvxujjFUC Lgdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1746107662; x=1746712462; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZbInTb/YceLWRdPkUfE85Wqfm04fZ+OiP4w02rPxUhk=; b=iDw9ggR0xFmDSNv2ErENRT08mzaVnOblX8MG94i/+xn5v71fPiY4ovJoRUTRdT6WUZ 4ghGxg8PQ5nAVgtT06w5FPgapjcvQcRCyoksljurtac2x6PRH5nCyRD8gTt3nfVMmvNT Jc7iyYPT1WkR1tnlqCVwRtSZcJ6wkrk7P9fbxf8qnzDy2aN8S8EOTXjCpOeWsfjbmMuH UmB9M4GBCeHuYUh0BogCE02Ph5XfMFocLGfoOv7ZY/rB9g5/8pjbeErojFC4nMqn1zpK 6eOP0JWObPlyRYRZNs6kQ0Dxs3/9i8Qj+QWxycQllPUnv4xeyi8J6dJTw+bR+HaXNjk2 iSKA== X-Gm-Message-State: AOJu0Yz57XVpVdVHRPIruESBDxr2rZiLq8IBBEptw+mL2E04fJza9AN4 ZEHKAbvxdl8pMLFtbWmd/74YmrxAVOPgxCtHB5QC5P1LvIipnUoU0oe580AX X-Gm-Gg: ASbGnct+2GeRW3Q4tkgMdiHFqKkO6T67lxAQJvE8Cs1wcL2bbkIup+jUPiE1X0CFZil L/ubmxf562zt1QKTMOJxk7F/zCX1nKNdHWWvKK3ZD53+7h1bESnk+IHFnkEoY8/ev9RKhlqPTin WP7o3r7Gov4DOQN3NbTdKc0OHnmNc6+7ETdyAJ31XEQOmNfSrJAelSJYEw4UjPyoxzg7cGfXudL U/dryALjyDKeO43xorLh1b/9Ds7IO3VYieO5svnI4oObs7hLMXnC3RC/piUAF6mKFH5nUGIYqY3 /rlEegAHIEwvzSJERbkTnVDn4ZU16+Laz8hxv2Oa+7qx1VpuDxECM9hC7n9L/C6f X-Google-Smtp-Source: AGHT+IFUusoA9ZWqhi7ruaVi5uMgT7o7spOClBXONjWTmZkPZX6Hghkd7dVhMXtQULxorzZnE6bG+Q== X-Received: by 2002:a05:600c:8711:b0:43b:cc3c:60bc with SMTP id 5b1f17b1804b1-441b7034c5cmr24272855e9.15.1746107662373; Thu, 01 May 2025 06:54:22 -0700 (PDT) Received: from localhost ([2a0c:5a85:d206:4200:cd7d:99ee:cee8:cc4a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-441b8992b4csm13620215e9.0.2025.05.01.06.54.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 May 2025 06:54:21 -0700 (PDT) From: Sergio Pastor =?utf-8?b?UMOpcmV6?= Date: Thu, 1 May 2025 15:54:00 +0200 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Change-Id: I1330ce5e1648a8ddf6ddd507255a73335d6baa51 --- doc/guix.texi | 37 ++++++++++++++++++++++++ gnu/services/desktop.scm | 61 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 98 insertions(+) diff --git a/doc/guix.texi b/doc/guix.texi index 7b418a4089..c6861b3182 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -27131,6 +27131,43 @@ Desktop Services @end table @end deftp +@defvar kwallet-service-type +This is the type of the service that adds the +@uref{https://invent.kde.org/plasma/kwallet-pam, KWallet keyring}. Its +value is a @code{kwallet-configuration} object (see below). Note that, +contrary to @code{gnome-desktop-service-type}, +@code{plasma-desktop-service-type} does not include this service. + +This service adds the @code{kwallet-pam} package to the system profile +and extends PAM with entries using @code{pam_kwallet5.so}, +unlocking a user's login keyring when they log in or setting its +password with passwd. +@end defvar + +@deftp {Data Type} kwallet-configuration +Configuration record for the KWallet Keyring service. + +@table @asis +@item @code{keyring} (default: @code{kwallet-pam}) +The KWallet keyring package to use. + +@item @code{pam-services} +A list of @code{(@var{service} . @var{kind})} pairs denoting PAM +services to extend, where @var{service} is the name of an existing +service to extend and @var{kind} is one of @code{login} or +@code{passwd}. + +If @code{login} is given, it adds an optional +@code{pam_kwallet5.so} to the auth block without arguments and to +the session block with @code{auto_start}. If @code{passwd} is given, it +adds an optional @code{pam_kwallet5.so} to the password block +without arguments. + +By default, this field contains ``sddm'' with the value @code{login} +and ``passwd'' is with the value @code{passwd}. +@end table +@end deftp + @defvar seatd-service-type @uref{https://sr.ht/~kennylevinsen/seatd/, seatd} is a minimal seat management daemon. diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm index a586746cc5..a3cbf3f397 100644 --- a/gnu/services/desktop.scm +++ b/gnu/services/desktop.scm @@ -197,6 +197,10 @@ (define-module (gnu services desktop) gnome-keyring-configuration? gnome-keyring-service-type + kwallet-configuration + kwallet-configuration? + kwallet-service-type + seatd-configuration seatd-service-type @@ -2148,6 +2152,63 @@ (define enlightenment-desktop-service-type thumbnails and privileges the programs which enlightenment needs to function as expected."))) + +;;; +;;; kwallet-service-type +;;; + +(define-record-type* kwallet-configuration + make-kwallet-configuration + kwallet-configuration? + (wallet kwallet-package (default kwallet-pam)) + (pam-services kwallet-pam-services (default '(("sddm" . login) + ("passwd" . passwd))))) + +(define (pam-kwallet config) + (match config + (#f '()) ;explicitly disabled by user + (_ + (define (%pam-keyring-entry . arguments) + (pam-entry + (control "optional") + (module (file-append (kwallet-package config) + "/lib/security/pam_kwallet5.so")) + (arguments arguments))) + + (list + (pam-extension + (transformer + (lambda (service) + (case (assoc-ref (kwallet-pam-services config) + (pam-service-name service)) + ((login) + (pam-service + (inherit service) + (auth (append (pam-service-auth service) + (list (%pam-keyring-entry)))) + (session (append (pam-service-session service) + (list (%pam-keyring-entry "auto_start")))))) + ((passwd) + (pam-service + (inherit service) + (password (append (pam-service-password service) + (list (%pam-keyring-entry)))))) + (else service))))))))) + +;; TODO: consider integrating service in `' as +;; done in `'. This requires rewritting the +;; `' as done for `'. +(define kwallet-service-type + (service-type + (name 'kwallet) + (extensions (list + (service-extension pam-root-service-type pam-kwallet))) + (default-value (kwallet-configuration)) + (description "Return a service, that extends PAM with entries using +@code{pam_kwallet5.so}, unlocking a user's login keyring when they log in or +setting its password with passwd."))) + + ;;; ;;; KDE Plasma desktop service. ;;;