From: Maya via Guix-patches via <guix-patches@gnu.org>
To: Maxime Devos <maximedevos@telenet.be>
Cc: "56797@debbugs.gnu.org" <56797@debbugs.gnu.org>
Subject: [bug#56797] [PATCH] gnu: services: fprintd: Add PAM configuration.
Date: Wed, 27 Jul 2022 20:26:32 +0000 [thread overview]
Message-ID: <LcTuwD5B16pAYt1fDmGz1h8p7LuuJXmaMo9xaUF24goWjOD_OG4KHOhDM59KlDwoDRXpCnsHaUW8j49fWudFgjA7_XN-Dm1w2OO5gsblHN0=@protonmail.com> (raw)
In-Reply-To: <067bff4c-3ada-0597-2632-9482066df2f2@telenet.be>
>This can be simplified to
>
> (let ((fprintd-module (file-append (fprintd-configuration-fprintd
>config) "/lib/security/pam_fprintd.so")))
Yes, thank you, I am not yet that great with my guix-fu.
> > + #:login-uid? #t))
> What's this line for? I'm not finding 'login-uid?' anywhere in the
> manual, a comment would be in order.
I've got this from the unix-pam-service and from gdm-service-type. The code this refers to in gnu/system/pam.scm:
,@(if login-uid?
(list (pam-entry ;to fill in /proc/self/loginuid
(control "required")
(module "pam_loginuid.so")))
'())
gdm-service-type uses it in all 3 of it's pam modules. So I figured it ought to be there. I can investigate further, but it seems like I should not touch it.
> Documentation is missing (in the manual), so as-is, this new feature is
> hard to find.
Oh? I didn't know that. Doesn't define-configuration generate documentation automatically? If it does not, I will hapilly add it, but I have never written any, so it will be a learning process.
> Also, the manual required giving every top-level procedure a docstring
> IIRC,
There is that requirement, yes. But there weren't any around this method so I thought the configuration sufficed, but if it is a requirement, I will do that.
> > gnu/services/authentication.scm | 49 +++++++++++++++++++++++++++++++--
> > 1 file changed, 46 insertions(+), 3 deletions(-)
> >
> > diff --git a/gnu/services/authentication.scm b/gnu/services/authentication.scm
> > index f7becdfafb..5737c15f4c 100644
> > --- a/gnu/services/authentication.scm
> > +++ b/gnu/services/authentication.scm
> > @@ -44,9 +44,50 @@ (define-module (gnu services authentication)
> > nslcd-configuration?
> > nslcd-service-type))
> >
> > -(define-configuration fprintd-configuration
> > +(define-configuration/no-serialization fprintd-configuration
> > (fprintd (file-like fprintd)
> > - "The fprintd package"))
> > + "The fprintd package")
> > + (unlock-gdm?
> > + (boolean #t)
> > + "Generate PAM configuration that unlocks gdm with fprintd.")
> > + (unlock-other
> > + (list '("polkit-1" "sddm")) ;; polkit-1 is the name of a PAM module for GNOME polkit
> > + "List of other PAM modules that can be unlocked with fprintd.
> > +
> > +This depends on your desktop configuration. If you for example want GNOME prompts to be unlocked by fingerprint, you add @code{polkit-1} to this list. (This is enabled by default.)
> +"))
> This documentation is unclear -- does this field need to be set to the
> _name_ of the module, or to the _file name_ of the _shared library_ (as
> a file-like, not a direct file name, because of staging), or ...? Also,
> the 'list' check can be more precise, IIRC there was some method for not
> just using list? but doing things like list-of-strings?.
The name of the pam module, not a shared library. So the file in /etc/pam.d. It is a direct name, since it is not inside the store, pam modules have static path.
As for the configuration options, it's my first time using them and I didn't really understand the define-syntax definition, so I really just skimmed through the guix repository for some uses.
> Anyway, I don't really know PAM, but I've written some comments on the
> patch, hopefully they are useful.
They are a lot! Thank you very much. I hope those comments will be less needed in the future, as I become better as a contributor.
With all the best for tomorrow and all the days to come,
Maya.
next prev parent reply other threads:[~2022-07-27 20:27 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-27 15:57 [bug#56797] [PATCH] gnu: services: fprintd: Add PAM configuration Maya via Guix-patches via
2022-07-27 16:04 ` Maxime Devos
2022-07-27 16:06 ` Maxime Devos
2022-07-27 16:12 ` Maxime Devos
2022-07-27 20:26 ` Maya via Guix-patches via [this message]
2022-07-27 21:56 ` Maxime Devos
2022-08-09 15:00 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='LcTuwD5B16pAYt1fDmGz1h8p7LuuJXmaMo9xaUF24goWjOD_OG4KHOhDM59KlDwoDRXpCnsHaUW8j49fWudFgjA7_XN-Dm1w2OO5gsblHN0=@protonmail.com' \
--to=guix-patches@gnu.org \
--cc=56797@debbugs.gnu.org \
--cc=maximedevos@telenet.be \
--cc=maya.omase@protonmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).