GNU bug report logs -
#76864
[PATCH] services: Integrate gnome-keyring service in gnome-desktop service.
Previous Next
To reply to this bug, email your comments to 76864 AT debbugs.gnu.org.
There is no need to reopen the bug first.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
liliana.prikler <at> gmail.com, ludo <at> gnu.org, maxim.cournoyer <at> gmail.com, vivien <at> planete-kraus.eu, guix-patches <at> gnu.org:
bug#76864; Package
guix-patches.
(Sat, 08 Mar 2025 12:43:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:
New bug report received and forwarded. Copy sent to
liliana.prikler <at> gmail.com, ludo <at> gnu.org, maxim.cournoyer <at> gmail.com, vivien <at> planete-kraus.eu, guix-patches <at> gnu.org.
(Sat, 08 Mar 2025 12:43:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Previous to this change, GNOME users would have to manually add the
gnome-keyring-service-type to their services to have a default login keyring
created and unlocked at login time. Some applications depend on a default
keyring being available, prompt repeatedly for it, which is confusing and
doesn't match user expectations, given most distributions use the GNOME
keyring pam module to unlock the login keyring by default.
* doc/guix.texi (Desktop Services): Update doc.
* gnu/services/desktop.scm (<gnome-keyring-configuration>): Move above
gnome-desktop-service-type, and streamline description.
(pam-gnome-keyring): Return the empty list when CONFIG is #f.
(gnome-desktop-configuration) [gnome-keyring-configuration]: New field.
Change-Id: Ica26c1e1b85a038c1187edfb3ec3691fcd429641
---
doc/guix.texi | 12 +++-
gnu/services/desktop.scm | 125 +++++++++++++++++++++++----------------
2 files changed, 83 insertions(+), 54 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 6844470ce2..d5d08ece78 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -49,7 +49,7 @@
Copyright @copyright{} 2017, 2021 Christine Lemmer-Webber@*
Copyright @copyright{} 2017, 2018, 2019, 2020, 2021, 2022 Marius Bakke@*
Copyright @copyright{} 2017, 2019, 2020, 2022 Hartmut Goebel@*
-Copyright @copyright{} 2017, 2019, 2020, 2021, 2022, 2023, 2024 Maxim Cournoyer@*
+Copyright @copyright{} 2017, 2019--2025 Maxim Cournoyer@*
Copyright @copyright{} 2017–2022 Tobias Geerinckx-Rice@*
Copyright @copyright{} 2017 George Clemmer@*
Copyright @copyright{} 2017 Andy Wingo@*
@@ -25649,6 +25649,12 @@ Desktop Services
package that should not be installed. By default, every polkit rule
added by any package referenced in the other fields are installed.
+@item @code{gnome-keyring-configuration} (type: gnome-keyring-configuration-or-#f)
+A <gnome-keyring-configuration> record used to better integrate the
+GNOME keyring with the system. Refer to the documentation of the
+@code{gnome-keyring-service-type} for more information. If you'd rather
+avoid integrating the GNOME keyring, you can set this to @code{#f}.
+
@end table
@end deftp
@@ -26666,7 +26672,9 @@ Desktop Services
@defvar gnome-keyring-service-type
This is the type of the service that adds the
@uref{https://wiki.gnome.org/Projects/GnomeKeyring, GNOME Keyring}. Its
-value is a @code{gnome-keyring-configuration} object (see below).
+value is a @code{gnome-keyring-configuration} object (see below). Note
+that there is no need to use this service when using
+@code{gnome-desktop-service-type}, which includes it.
This service adds the @code{gnome-keyring} package to the system profile
and extends PAM with entries using @code{pam_gnome_keyring.so}, unlocking
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index ee05bd98db..39a9da6384 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -154,6 +154,7 @@ (define-module (gnu services desktop)
gnome-desktop-configuration-extra-packages
gnome-desktop-configuration-polkit-ignorelist
gnome-desktop-configuration-udev-ignorelist
+ gnome-desktop-configuration-gnome-keyring-configuration
gnome-desktop-service
gnome-desktop-service-type
@@ -1471,6 +1472,65 @@ (define sane-service-type
(service-extension account-service-type
(const %sane-accounts))))))
+�
+;;;
+;;; gnome-keyring-service-type
+;;;
+
+(define-record-type* <gnome-keyring-configuration> gnome-keyring-configuration
+ make-gnome-keyring-configuration
+ gnome-keyring-configuration?
+ (keyring gnome-keyring-package (default gnome-keyring))
+ (pam-services gnome-keyring-pam-services (default '(("gdm-password" . login)
+ ("passwd" . passwd)))))
+
+(define (pam-gnome-keyring config)
+ ;; CONFIG may be either a <gnome-desktop-configuration> or a
+ ;; <gnome-keyring-configuration>> record, when using the
+ ;; gnome-keyring-service-type on its own.
+ (let ((config (if (gnome-desktop-configuration? config)
+ (gnome-desktop-configuration-gnome-keyring-configuration
+ config)
+ config)))
+ (match config
+ (#f '()) ;explicitly disabled by user
+ (_
+ (define (%pam-keyring-entry . arguments)
+ (pam-entry
+ (control "optional")
+ (module (file-append (gnome-keyring-package config)
+ "/lib/security/pam_gnome_keyring.so"))
+ (arguments arguments)))
+
+ (list
+ (pam-extension
+ (transformer
+ (lambda (service)
+ (case (assoc-ref (gnome-keyring-pam-services config)
+ (pam-service-name service))
+ ((login)
+ (pam-service
+ (inherit service)
+ (auth (append (pam-service-auth service)
+ (list (%pam-keyring-entry))))
+ (session (append (pam-service-session service)
+ (list (%pam-keyring-entry "auto_start"))))))
+ ((passwd)
+ (pam-service
+ (inherit service)
+ (password (append (pam-service-password service)
+ (list (%pam-keyring-entry))))))
+ (else service))))))))))
+
+(define gnome-keyring-service-type
+ (service-type
+ (name 'gnome-keyring)
+ (extensions (list
+ (service-extension pam-root-service-type pam-gnome-keyring)))
+ (default-value (gnome-keyring-configuration))
+ (description "Return a service, that extends PAM with entries using
+@code{pam_gnome_keyring.so}, unlocking a user's login keyring when they log in
+or setting its password with passwd.")))
�
;;;
@@ -1479,6 +1539,10 @@ (define sane-service-type
(define-maybe/no-serialization package)
+(define (gnome-keyring-configuration-or-#f? value)
+ (or (gnome-keyring-configuration? value)
+ (not value)))
+
(define (extract-propagated-inputs package)
;; Drop input labels. Attempt to support outputs.
(map
@@ -1515,7 +1579,13 @@ (define-configuration/no-serialization gnome-desktop-configuration
(list-of-strings '())
"A list of regular expressions denoting polkit rules provided by any package
that should not be installed. By default, every polkit rule added by any package
-referenced in the other fields are installed."))
+referenced in the other fields are installed.")
+ (gnome-keyring-configuration
+ (gnome-keyring-configuration-or-#f (gnome-keyring-configuration))
+ "A <gnome-keyring-configuration> record used to better integrate the GNOME
+keyring with the system. Refer to the documentation of the
+@code{gnome-keyring-service-type} for more information. If you'd rather avoid
+integrating the GNOME keyring, you can set this to @code{#f}."))
(define (gnome-package gnome name)
"Return the package NAME among the GNOME package inputs. NAME can be a
@@ -1636,6 +1706,8 @@ (define gnome-desktop-service-type
(extensions
(list (service-extension udev-service-type
gnome-udev-configuration-files)
+ (service-extension pam-root-service-type
+ pam-gnome-keyring)
(service-extension polkit-service-type
gnome-polkit-settings)
(service-extension privileged-program-service-type
@@ -1972,57 +2044,6 @@ (define inputattach-service-type
(description "Return a service that runs inputattach on a device and
dispatches events from it.")))
-�
-;;;
-;;; gnome-keyring-service-type
-;;;
-
-(define-record-type* <gnome-keyring-configuration> gnome-keyring-configuration
- make-gnome-keyring-configuration
- gnome-keyring-configuration?
- (keyring gnome-keyring-package (default gnome-keyring))
- (pam-services gnome-keyring-pam-services (default '(("gdm-password" . login)
- ("passwd" . passwd)))))
-
-(define (pam-gnome-keyring config)
- (define (%pam-keyring-entry . arguments)
- (pam-entry
- (control "optional")
- (module (file-append (gnome-keyring-package config)
- "/lib/security/pam_gnome_keyring.so"))
- (arguments arguments)))
-
- (list
- (pam-extension
- (transformer
- (lambda (service)
- (case (assoc-ref (gnome-keyring-pam-services config)
- (pam-service-name service))
- ((login)
- (pam-service
- (inherit service)
- (auth (append (pam-service-auth service)
- (list (%pam-keyring-entry))))
- (session (append (pam-service-session service)
- (list (%pam-keyring-entry "auto_start"))))))
- ((passwd)
- (pam-service
- (inherit service)
- (password (append (pam-service-password service)
- (list (%pam-keyring-entry))))))
- (else service)))))))
-
-(define gnome-keyring-service-type
- (service-type
- (name 'gnome-keyring)
- (extensions (list
- (service-extension pam-root-service-type pam-gnome-keyring)))
- (default-value (gnome-keyring-configuration))
- (description "Return a service, that adds the @code{gnome-keyring} package
-to the system profile and extends PAM with entries using
-@code{pam_gnome_keyring.so}, unlocking a user's login keyring when they log in
-or setting its password with passwd.")))
-
�
;;;
;;; polkit-wheel-service -- Allow wheel group to perform admin actions
base-commit: 1f26b0eec83b5dc949900a743ed01088cb093c65
--
2.48.1
Information forwarded
to
guix-patches <at> gnu.org:
bug#76864; Package
guix-patches.
(Sat, 08 Mar 2025 12:54:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 76864 <at> debbugs.gnu.org (full text, mbox):
Am Samstag, dem 08.03.2025 um 21:41 +0900 schrieb Maxim Cournoyer:
> Previous to this change, GNOME users would have to manually add the
> gnome-keyring-service-type to their services to have a default login
> keyring created and unlocked at login time. Some applications depend
> on a default keyring being available, prompt repeatedly for it, which
> is confusing and doesn't match user expectations, given most
> distributions use the GNOME keyring pam module to unlock the login
> keyring by default.
>
> * doc/guix.texi (Desktop Services): Update doc.
> * gnu/services/desktop.scm (<gnome-keyring-configuration>): Move
> above
> gnome-desktop-service-type, and streamline description.
> (pam-gnome-keyring): Return the empty list when CONFIG is #f.
> (gnome-desktop-configuration) [gnome-keyring-configuration]: New
> field.
>
> Change-Id: Ica26c1e1b85a038c1187edfb3ec3691fcd429641
> ---
SGTM
> doc/guix.texi | 12 +++-
> gnu/services/desktop.scm | 125 +++++++++++++++++++++++--------------
> --
> 2 files changed, 83 insertions(+), 54 deletions(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index 6844470ce2..d5d08ece78 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -49,7 +49,7 @@
> Copyright @copyright{} 2017, 2021 Christine Lemmer-Webber@*
> Copyright @copyright{} 2017, 2018, 2019, 2020, 2021, 2022 Marius
> Bakke@*
> Copyright @copyright{} 2017, 2019, 2020, 2022 Hartmut Goebel@*
> -Copyright @copyright{} 2017, 2019, 2020, 2021, 2022, 2023, 2024
> Maxim Cournoyer@*
> +Copyright @copyright{} 2017, 2019--2025 Maxim Cournoyer@*
> Copyright @copyright{} 2017–2022 Tobias Geerinckx-Rice@*
> Copyright @copyright{} 2017 George Clemmer@*
> Copyright @copyright{} 2017 Andy Wingo@*
> @@ -25649,6 +25649,12 @@ Desktop Services
> package that should not be installed. By default, every polkit rule
> added by any package referenced in the other fields are installed.
>
> +@item @code{gnome-keyring-configuration} (type: gnome-keyring-
> configuration-or-#f)
> +A <gnome-keyring-configuration> record used to better integrate the
> +GNOME keyring with the system. Refer to the documentation of the
> +@code{gnome-keyring-service-type} for more information. If you'd
> rather
> +avoid integrating the GNOME keyring, you can set this to @code{#f}.
> +
> @end table
> @end deftp
>
> @@ -26666,7 +26672,9 @@ Desktop Services
> @defvar gnome-keyring-service-type
> This is the type of the service that adds the
> @uref{https://wiki.gnome.org/Projects/GnomeKeyring, GNOME Keyring}.
> Its
> -value is a @code{gnome-keyring-configuration} object (see below).
> +value is a @code{gnome-keyring-configuration} object (see below).
> Note
> +that there is no need to use this service when using
> +@code{gnome-desktop-service-type}, which includes it.
>
> This service adds the @code{gnome-keyring} package to the system
> profile
> and extends PAM with entries using @code{pam_gnome_keyring.so},
> unlocking
> diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
> index ee05bd98db..39a9da6384 100644
> --- a/gnu/services/desktop.scm
> +++ b/gnu/services/desktop.scm
> @@ -154,6 +154,7 @@ (define-module (gnu services desktop)
> gnome-desktop-configuration-extra-packages
> gnome-desktop-configuration-polkit-ignorelist
> gnome-desktop-configuration-udev-ignorelist
> + gnome-desktop-configuration-gnome-keyring-configuration
I would use a shorter name here. Perhaps gnome-desktop-configuration-
keyring?
Cheers
Information forwarded
to
guix-patches <at> gnu.org:
bug#76864; Package
guix-patches.
(Sat, 08 Mar 2025 14:46:03 GMT)
Full text and
rfc822 format available.
Message #11 received at 76864 <at> debbugs.gnu.org (full text, mbox):
Hi Liliana,
Liliana Marie Prikler <liliana.prikler <at> gmail.com> writes:
[...]
>> @@ -154,6 +154,7 @@ (define-module (gnu services desktop)
>> gnome-desktop-configuration-extra-packages
>> gnome-desktop-configuration-polkit-ignorelist
>> gnome-desktop-configuration-udev-ignorelist
>> + gnome-desktop-configuration-gnome-keyring-configuration
> I would use a shorter name here. Perhaps gnome-desktop-configuration-
> keyring?
While I agree the naming is a mouthful, I find it necessary to have it
descriptive enough that it conveys the odd situation where we are
embedding a configuration object in another configuration :-).
So I'd keep it as is, knowing it probably will be seldom typed in a user
operating system config file anyway.
--
Thanks,
Maxim
Information forwarded
to
guix-patches <at> gnu.org:
bug#76864; Package
guix-patches.
(Sat, 08 Mar 2025 15:02:03 GMT)
Full text and
rfc822 format available.
Message #14 received at 76864 <at> debbugs.gnu.org (full text, mbox):
Am Samstag, dem 08.03.2025 um 23:45 +0900 schrieb Maxim Cournoyer:
> Hi Liliana,
>
> Liliana Marie Prikler <liliana.prikler <at> gmail.com> writes:
>
> [...]
>
> > > @@ -154,6 +154,7 @@ (define-module (gnu services desktop)
> > > gnome-desktop-configuration-extra-packages
> > > gnome-desktop-configuration-polkit-ignorelist
> > > gnome-desktop-configuration-udev-ignorelist
> > > + gnome-desktop-configuration-gnome-keyring-
> > > configuration
> > I would use a shorter name here. Perhaps gnome-desktop-
> > configuration-
> > keyring?
>
> While I agree the naming is a mouthful, I find it necessary to have
> it descriptive enough that it conveys the odd situation where we are
> embedding a configuration object in another configuration :-).
>
> So I'd keep it as is, knowing it probably will be seldom typed in a
> user operating system config file anyway.
For the field name adding -configuration is fine, but the accessor
should really be shorter. Compare slim-configuration-xorg or
gdm-configuration-xorg :)
Cheers
Reply sent
to
Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:
You have taken responsibility.
(Sun, 09 Mar 2025 07:19:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:
bug acknowledged by developer.
(Sun, 09 Mar 2025 07:19:03 GMT)
Full text and
rfc822 format available.
Message #19 received at 76864-done <at> debbugs.gnu.org (full text, mbox):
Hi,
Liliana Marie Prikler <liliana.prikler <at> gmail.com> writes:
[...]
>> While I agree the naming is a mouthful, I find it necessary to have
>> it descriptive enough that it conveys the odd situation where we are
>> embedding a configuration object in another configuration :-).
>>
>> So I'd keep it as is, knowing it probably will be seldom typed in a
>> user operating system config file anyway.
> For the field name adding -configuration is fine, but the accessor
> should really be shorter. Compare slim-configuration-xorg or
> gdm-configuration-xorg :)
OK, these existing precedents are enough to sway my opinion. Renamed to
just '-keyring' and pushed!
Thanks for the review.
--
Thanks,
Maxim
This bug report was last modified 1 day ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.