unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* [PATCH] Add GNOME and XFCE desktop services.
@ 2016-02-24 22:14 Andy Wingo
  2016-02-25  2:40 ` 宋文武
  0 siblings, 1 reply; 4+ messages in thread
From: Andy Wingo @ 2016-02-24 22:14 UTC (permalink / raw)
  To: guix-devel

[-- Attachment #1: Type: text/plain, Size: 1038 bytes --]

This gets me a little farther but not far enough :)  With my polkit
patch, which is under upstream discussion but probably will go in in
some different form, I can "pkexec ls", allowing me to "ls" as root if I
supply the root password.  With this patch, I should be able to run this
program as the "active" user:

   <defaults>
      <allow_any>no</allow_any>
      <allow_inactive>no</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
   <annotate key="org.freedesktop.policykit.exec.path">/gnu/store/5l02a25w3gagrxf9nyfayayyiphfmk50-gnome-settings-daemon-3.18.2/libexec/gsd-backlight-helper</annotate>

But:

  $ pkexec /gnu/store/5l02a25w3gagrxf9nyfayayyiphfmk50-gnome-settings-daemon-3.18.2/libexec/gsd-backlight-helper --set-brightness 300
  Error executing command as another user: Not authorized

  This incident has been reported.

So not even an opportunity to enter a password.  Evidently polkit
doesn't see me as "active".  Probably an elogind thing.  Anyway, still,
going in the right way I think.

Andy


[-- Attachment #2: 0001-gnu-services-Add-GNOME-and-XFCE-desktop-services.patch --]
[-- Type: text/plain, Size: 3455 bytes --]

From 0d3b2b47b9742a5b381cd3e89b12f00951b557e9 Mon Sep 17 00:00:00 2001
From: Andy Wingo <wingo@igalia.com>
Date: Wed, 24 Feb 2016 23:08:58 +0100
Subject: [PATCH] gnu: services: Add GNOME and XFCE desktop services.

* gnu/services/desktop.scm (<gnome-desktop-configuration>)
(gnome-desktop-service-type, <xfce-desktop-configuration>)
(xfce-desktop-service-type): New variables.
(gnome-desktop-service, xfce-desktop-service): New public variables.
* gnu/services/desktop.scm (%desktop-services): Add
gnome-desktop-service and xfce-desktop-service.
---
 gnu/services/desktop.scm | 53 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)

diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 02bcf1b..2f81a68 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -32,6 +32,7 @@
   #:use-module (gnu packages admin)
   #:use-module (gnu packages freedesktop)
   #:use-module (gnu packages gnome)
+  #:use-module (gnu packages xfce)
   #:use-module (gnu packages avahi)
   #:use-module (gnu packages polkit)
   #:use-module (gnu packages xdisorg)
@@ -51,6 +52,8 @@
             polkit-service
             elogind-configuration
             elogind-service
+            gnome-desktop-service
+            xfce-desktop-service
             %desktop-services))
 
 ;;; Commentary:
@@ -710,6 +713,52 @@ when they log out."
 
 \f
 ;;;
+;;; GNOME desktop service.
+;;;
+
+(define-record-type* <gnome-desktop-configuration> gnome-desktop-configuration
+  make-gnome-desktop-configuration
+  gnome-desktop-configuration
+  (gnome-settings-daemon           gnome-settings-daemon-package
+                                   (default gnome-settings-daemon)))
+
+(define gnome-desktop-service-type
+  (service-type
+   (name 'gnome-desktop)
+   (extensions
+    (list (service-extension polkit-service-type
+                             (compose list gnome-settings-daemon-package))))))
+
+(define* (gnome-desktop-service #:key (config (gnome-desktop-configuration)))
+  "Return a service that enables the GNOME desktop to run privileged commands,
+like changing the backlight of an LCD, on behalf of a user logged in to a
+graphical session."
+  (service gnome-desktop-service-type config))
+
+\f
+;;;
+;;; XFCE desktop service.
+;;;
+
+(define-record-type* <xfce-desktop-configuration> xfce-desktop-configuration
+  make-xfce-desktop-configuration
+  xfce-desktop-configuration
+  (thunar thunar-package (default thunar)))
+
+(define xfce-desktop-service-type
+  (service-type
+   (name 'xfce-desktop)
+   (extensions
+    (list (service-extension polkit-service-type
+                             (compose list thunar-package))))))
+
+(define* (xfce-desktop-service #:key (config (xfce-desktop-configuration)))
+  "Return a service that enables the XFCE desktop to run a file manager as
+root, if the user authenticates using the root password."
+  (service xfce-desktop-service-type config))
+
+\f
+;;;
 ;;; The default set of desktop services.
 ;;;
 
@@ -717,6 +766,10 @@ when they log out."
   ;; List of services typically useful for a "desktop" use case.
   (cons* (slim-service)
 
+         ;; Polkit permissions for desktops to control brightness, etc.
+         (gnome-desktop-service)
+         (xfce-desktop-service)
+
          ;; Screen lockers are a pretty useful thing and these are small.
          (screen-locker-service slock)
          (screen-locker-service xlockmore "xlock")
-- 
2.6.3


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] Add GNOME and XFCE desktop services.
  2016-02-24 22:14 [PATCH] Add GNOME and XFCE desktop services Andy Wingo
@ 2016-02-25  2:40 ` 宋文武
  2016-02-25  7:52   ` Andy Wingo
  0 siblings, 1 reply; 4+ messages in thread
From: 宋文武 @ 2016-02-25  2:40 UTC (permalink / raw)
  To: Andy Wingo; +Cc: guix-devel

Andy Wingo <wingo@igalia.com> writes:

> […]
>
> From 0d3b2b47b9742a5b381cd3e89b12f00951b557e9 Mon Sep 17 00:00:00 2001
> From: Andy Wingo <wingo@igalia.com>
> Date: Wed, 24 Feb 2016 23:08:58 +0100
> Subject: [PATCH] gnu: services: Add GNOME and XFCE desktop services.
>
> * gnu/services/desktop.scm (<gnome-desktop-configuration>)
> (gnome-desktop-service-type, <xfce-desktop-configuration>)
> (xfce-desktop-service-type): New variables.
> (gnome-desktop-service, xfce-desktop-service): New public variables.
> * gnu/services/desktop.scm (%desktop-services): Add
> gnome-desktop-service and xfce-desktop-service.
> ---
>  gnu/services/desktop.scm | 53 ++++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 53 insertions(+)
>
> […]
>
> @@ -717,6 +766,10 @@ when they log out."
>    ;; List of services typically useful for a "desktop" use case.
>    (cons* (slim-service)
>  
> +         ;; Polkit permissions for desktops to control brightness, etc.
> +         (gnome-desktop-service)
> +         (xfce-desktop-service)
> +
>           ;; Screen lockers are a pretty useful thing and these are small.
>           (screen-locker-service slock)
>           (screen-locker-service xlockmore "xlock")
It’s confusing, these really are ‘gnome-settings-daemon-service’ and
‘thunar-service’ to enable the polkit rules.  We would expect a
‘gnome-desktop-service’ to bring a full GNOME environment, which can
be done by extend ‘profile-service-type’ with the ‘gnome’ meta-package.
But then the configuable ‘gnome-settings-daemon’ package is duplicate,
roughly speaking we could extracted it from the ‘propagated-inputs’ of
the ‘gnome’ package, which isn’t a straight way…

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] Add GNOME and XFCE desktop services.
  2016-02-25  2:40 ` 宋文武
@ 2016-02-25  7:52   ` Andy Wingo
  2016-02-25 18:46     ` Ludovic Courtès
  0 siblings, 1 reply; 4+ messages in thread
From: Andy Wingo @ 2016-02-25  7:52 UTC (permalink / raw)
  To: 宋文武; +Cc: guix-devel

Greets :)

On Thu 25 Feb 2016 03:40, iyzsong@member.fsf.org (宋文武) writes:

>> @@ -717,6 +766,10 @@ when they log out."
>>    ;; List of services typically useful for a "desktop" use case.
>>    (cons* (slim-service)
>>  
>> +         ;; Polkit permissions for desktops to control brightness, etc.
>> +         (gnome-desktop-service)
>> +         (xfce-desktop-service)
>> +
>>           ;; Screen lockers are a pretty useful thing and these are small.
>>           (screen-locker-service slock)
>>           (screen-locker-service xlockmore "xlock")
> It’s confusing, these really are ‘gnome-settings-daemon-service’ and
> ‘thunar-service’ to enable the polkit rules.  We would expect a
> ‘gnome-desktop-service’ to bring a full GNOME environment, which can
> be done by extend ‘profile-service-type’ with the ‘gnome’ meta-package.
> But then the configuable ‘gnome-settings-daemon’ package is duplicate,
> roughly speaking we could extracted it from the ‘propagated-inputs’ of
> the ‘gnome’ package, which isn’t a straight way…

I can see how that can be confusing, thanks for the feedback.

I think Mark has expressed a preference that packages should not add to
services by default: the reason being that you (as a user, as a Guix
developer, patch reviewer, etc) don't really have to trust a package,
whereas services grant special privileges and thus need more scrutiny.
With this in mind, I don't see how to extract GNOME services from a
(meta-)package.

What do you think is the right solution in the short term?  Rename these
services to reflect their package name?

Andy

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] Add GNOME and XFCE desktop services.
  2016-02-25  7:52   ` Andy Wingo
@ 2016-02-25 18:46     ` Ludovic Courtès
  0 siblings, 0 replies; 4+ messages in thread
From: Ludovic Courtès @ 2016-02-25 18:46 UTC (permalink / raw)
  To: Andy Wingo; +Cc: guix-devel

Andy Wingo <wingo@igalia.com> skribis:

> Greets :)
>
> On Thu 25 Feb 2016 03:40, iyzsong@member.fsf.org (宋文武) writes:
>
>>> @@ -717,6 +766,10 @@ when they log out."
>>>    ;; List of services typically useful for a "desktop" use case.
>>>    (cons* (slim-service)
>>>  
>>> +         ;; Polkit permissions for desktops to control brightness, etc.
>>> +         (gnome-desktop-service)
>>> +         (xfce-desktop-service)
>>> +
>>>           ;; Screen lockers are a pretty useful thing and these are small.
>>>           (screen-locker-service slock)
>>>           (screen-locker-service xlockmore "xlock")
>> It’s confusing, these really are ‘gnome-settings-daemon-service’ and
>> ‘thunar-service’ to enable the polkit rules.  We would expect a
>> ‘gnome-desktop-service’ to bring a full GNOME environment, which can
>> be done by extend ‘profile-service-type’ with the ‘gnome’ meta-package.
>> But then the configuable ‘gnome-settings-daemon’ package is duplicate,
>> roughly speaking we could extracted it from the ‘propagated-inputs’ of
>> the ‘gnome’ package, which isn’t a straight way…
>
> I can see how that can be confusing, thanks for the feedback.

It’s OK if ‘gnome-settings-daemon’ appears twice in the global profile.
Or we can modify the ‘gnome’ meta-package to not depend on it?

But yeah, I agree that full-blown ‘gnome-desktop-service’ and
‘xfce-desktop-service’, which also extend ‘profile-service-type’, would
be nicer.

However, ‘%desktop-services’ should probably include none of them by
default.

> I think Mark has expressed a preference that packages should not add to
> services by default: the reason being that you (as a user, as a Guix
> developer, patch reviewer, etc) don't really have to trust a package,
> whereas services grant special privileges and thus need more scrutiny.
> With this in mind, I don't see how to extract GNOME services from a
> (meta-)package.
>
> What do you think is the right solution in the short term?  Rename these
> services to reflect their package name?

Currently SLiM takes .desktop files that it finds at run time, which it
not so great for the reasons you give above.

The solution will probably be to to have the hypothetical
‘gnome-desktop’ and ‘xfce-desktop’ service extend it via the service
extension mechanism.

Anyway, thanks for the thorough investigation, sounds like we’re on the
right track!  :-)

Ludo’.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2016-02-25 18:46 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-24 22:14 [PATCH] Add GNOME and XFCE desktop services Andy Wingo
2016-02-25  2:40 ` 宋文武
2016-02-25  7:52   ` Andy Wingo
2016-02-25 18:46     ` Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).