From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:403:4789::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id AH07C4OzHmXwEQEAauVa8A:P1 (envelope-from ) for ; Thu, 05 Oct 2023 15:00:51 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:4789::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id AH07C4OzHmXwEQEAauVa8A (envelope-from ) for ; Thu, 05 Oct 2023 15:00:51 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id EA58D474AA for ; Thu, 5 Oct 2023 15:00:50 +0200 (CEST) Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b="QzM99N/4"; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1696510851; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=wm7nXN4YgnatNt33CjYtomNzGZa0nfLWmgRKvLvZKPM=; b=IzE+8uAQMGGCqlfXbS+y4vVrEOwbLElVm2oymHAStlXKjQlugb/4R22r20OuJBXEHbop7d e8TjC/zkFV0bR4DDdR525tpwEaL2rDfKzvWTJSsNHmGdEXUBXtFC94DCyucBxDV4XpDvK0 xOYrGrhtmrTcLihAdw5neUU2V+sewjw4rBrnMQWlRWWJdPzEO2a7ujtf56QbLCqVijuXim mpUD/yk3ttBjsfEvVvxEdi+dpo/OMvnQtvC2r4iuo3UAEXVTJcsXhXsME430My9zrYViB4 kVErx00CJhCtjSxRpHz7vvrITx/f04FD/y4vHLfeZ0EEubMvOG88nGuFodLT7w== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1696510851; a=rsa-sha256; cv=none; b=dV+f/h9RXHq75Nfy2Vjs24C7boXyE6G9PZHbChzZHGv4M6oEkZNIPnhgawmbzJKjMxkYgu brvnlmZ1URUnO1SY+x33g1r+ouNIDzhXphSmjvmcZ7ECun/wYxy+j9P2CZB+auMMSh+nP/ ew6orNVo+s3RDlETxZ6wZ6fcOEms/IX8hxS2OceVN2x5kNlDCmTKdyyv6pqNYUtBl4dZ4T aa62TnEHl81OihpkXUO4f3S+o17iIkDXiFSgPjhpoZA/7uR85rUYkSdSk2Fpv1dQ1930bk DW8YfA/y9GCVVMV37AeVhJuaN0LZr0nIIspapw3KVbe9exwpQCk/NvTbvJAhsg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b="QzM99N/4"; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qoNwM-0008Kk-FT; Thu, 05 Oct 2023 08:58:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qoNwI-0008Et-0x for guix-patches@gnu.org; Thu, 05 Oct 2023 08:58:51 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qoNwB-0007mP-J0 for guix-patches@gnu.org; Thu, 05 Oct 2023 08:58:45 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qoNwT-0000M0-Pk for guix-patches@gnu.org; Thu, 05 Oct 2023 08:59:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#65538] [PATCH v2] services: greetd: Add pam-gnupg support. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 05 Oct 2023 12:59:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 65538 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Carlos =?UTF-8?Q?Dur=C3=A1n_?= =?UTF-8?Q?Dom=C3=ADnguez?= Cc: Tobias Geerinckx-Rice , Simon Tournier , paren@disroot.org, Christopher Baines , Ricardo Wurmus , Raghav Gururajan , jgart , Mathieu Othacehe , 65538@debbugs.gnu.org Received: via spool by 65538-submit@debbugs.gnu.org id=B65538.16965106821242 (code B ref 65538); Thu, 05 Oct 2023 12:59:01 +0000 Received: (at 65538) by debbugs.gnu.org; 5 Oct 2023 12:58:02 +0000 Received: from localhost ([127.0.0.1]:46229 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qoNvV-0000Js-Lz for submit@debbugs.gnu.org; Thu, 05 Oct 2023 08:58:02 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40674) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qoNvT-0000Ja-Po for 65538@debbugs.gnu.org; Thu, 05 Oct 2023 08:58:00 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qoNuy-0007Ov-G9; Thu, 05 Oct 2023 08:57:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=wm7nXN4YgnatNt33CjYtomNzGZa0nfLWmgRKvLvZKPM=; b=QzM99N/4dgSEjLMFjj3B b5L4RJ0ShaDKHyw3FWAUmrLL6Tz2QdbdwKfmOfAvuaslIAxjdzlyGs2UwdOS2c6Ka/RXUAln7/VCN OP6ChM9CXUESMtHtPnmz6tCAp2BnP6WCFsO+GtSQSrnv2v6ugiq299cXJ97ZlDXokcUdMnOSxUIi1 QNB3Bh+gWpeokt1xfp+NHCVQL5mAt3uqZgtDYY5jvtHw/mlu12Epk//8n3CIMwL5rVNFruL+97cfv a+jLcoo9bejYK00mv7ev/apnB7DsrPyeheyOxFxh3AByZnaDiOgEuWG74JZR+SPFAuWHefSJducJq TnVaegn56n6zSQ==; From: Ludovic =?UTF-8?Q?Court=C3=A8s?= In-Reply-To: <20230825144806.6315-1-wurt@wurtshell.com> ("Carlos =?UTF-8?Q?Dur=C3=A1n_?= =?UTF-8?Q?Dom=C3=ADnguez?="'s message of "Fri, 25 Aug 2023 16:48:03 +0200") References: <20230825144806.6315-1-wurt@wurtshell.com> Date: Thu, 05 Oct 2023 14:57:09 +0200 Message-ID: <87il7l6xcq.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Spam-Score: -5.44 X-Migadu-Spam-Score: -5.44 X-Migadu-Scanner: mx1.migadu.com X-Migadu-Queue-Id: EA58D474AA X-TUID: UgC2L1jBVgIq Hello, Carlos Dur=C3=A1n Dom=C3=ADnguez skribis: > I retry to implement the pam-gnupg module for the greetd system service. = It is A PAM module that hands over your login password to gpg-agent. I adde= d de documentation and the insert-before procedure (maybe it needs a better= name), to ensure that the pam-gnupg module will be loaded at the end. > > * doc/guix.texi: documentation about #:gnupg? option on (greetd-configura= tion). > * gnu/services.scm (insert-before): new procedure. > * gnu/services/base.scm (greetd-configuration): new option #:gnupg?. > * gnu/services/pam-mount.scm: ensure that pam mount module goes before pa= m gnupg module. > * gnu/system/pam.scm (pam-gnupg-module?): new procedure and ensure that p= am gnupg module is at the end of (unix-pam-service). Nice work! A minor point: the commit log should normally lists all changed/added/removed entities. You can use =E2=80=98git log=E2=80=99 to s= ee examples, but the committer will tweak it for you if needed (no big deal). [...] > +@item @code{gnupg?} (default: @code{#f}) > +If enabled, @code{pam-gnupg} will attempt to automatically unlock the > +user's GPG keys with the login password via @code{gpg-agent}. The > +keygrips of all keys to be unlocked should be written to > +@file{~/.pam-gnupg}, and can be queried with @code{gpg -K > +--with-keygrip}. Presetting passphrases must be enabled by adding > +@code{allow-preset-passphrase} in @file{~/.gnupg/gpg-agent.conf}. Perhaps you can add a cross-reference to the relevant part of the GnuPG manual? (With @pxref or similar.) > +(define (insert-before pred lst1 lst2) > + "Return a list appending LST2 just before the first element on LST1 = that > + satisfy the predicate PRED." > + (cond > + ((null? lst1) lst2) > + ((pred (car lst1)) (append lst2 lst1)) > + (else (cons (car lst1) (insert-before pred (cdr lst1) lst2))))) I=E2=80=99d rather have it in (guix utils). Also, please use =E2=80=98matc= h=E2=80=99 and avoid car/cdr as per . > (pam-service > (inherit pam) > - (auth (append (pam-service-auth pam) > - (list optional-pam-mount))) > - (session (append (pam-service-session pam) > - (list optional-pam-mount)))) > + (auth (insert-before pam-gnupg-module? > + (pam-service-auth pam) > + (list optional-pam-mount))) > + (session (insert-before pam-gnupg-module? > + (pam-service-session pam) > + (list optional-pam-mount)))) Could you add a comment explaining why this ordering is important? > +(define (pam-gnupg-module? name) > + "Return `#t' if NAME is the path to the pam-gnupg module, `#f' otherwi= se." > + (equal? (pam-entry-module name) > + (file-append pam-gnupg "/lib/security/pam_gnupg.so"))) records in general cannot be compared with =E2=80=98equal?=E2=80= =99, so the above procedure won=E2=80=99t work in the general case. (It wouldn=E2=80= =99t work with custom variants of the =E2=80=98pam-gnupg=E2=80=99 package, too.) Can you think of another way we could check whether a corresponds to =E2=80=98pam-gnupg=E2=80=99? Thanks, Ludo=E2=80=99.