From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id +NNMAKif4WJP3wAAbAwnHQ (envelope-from ) for ; Wed, 27 Jul 2022 22:27:20 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id ABYmAKif4WIAjwAAauVa8A (envelope-from ) for ; Wed, 27 Jul 2022 22:27:20 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 79625B177 for ; Wed, 27 Jul 2022 22:27:19 +0200 (CEST) Received: from localhost ([::1]:49156 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oGnch-0002jL-7e for larch@yhetil.org; Wed, 27 Jul 2022 16:27:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37352) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oGncU-0002iw-SQ for guix-patches@gnu.org; Wed, 27 Jul 2022 16:27:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:39121) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oGncU-00007k-Hq for guix-patches@gnu.org; Wed, 27 Jul 2022 16:27:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oGncU-0008US-CG for guix-patches@gnu.org; Wed, 27 Jul 2022 16:27:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#56797] [PATCH] gnu: services: fprintd: Add PAM configuration. Resent-From: Maya Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 27 Jul 2022 20:27:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 56797 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Maxime Devos Cc: "56797@debbugs.gnu.org" <56797@debbugs.gnu.org> Received: via spool by 56797-submit@debbugs.gnu.org id=B56797.165895360632612 (code B ref 56797); Wed, 27 Jul 2022 20:27:02 +0000 Received: (at 56797) by debbugs.gnu.org; 27 Jul 2022 20:26:46 +0000 Received: from localhost ([127.0.0.1]:57103 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oGncE-0008Tw-1i for submit@debbugs.gnu.org; Wed, 27 Jul 2022 16:26:46 -0400 Received: from mail-40135.protonmail.ch ([185.70.40.135]:37827) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oGncB-0008Te-SD for 56797@debbugs.gnu.org; Wed, 27 Jul 2022 16:26:45 -0400 Date: Wed, 27 Jul 2022 20:26:32 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1658953597; x=1659212797; bh=+EfmRDv8h5elk3ED52ac2Gwtsn41wr472D7wKZNRsK8=; h=Date:To:From:Cc:Reply-To:Subject:Message-ID:In-Reply-To: References:Feedback-ID:From:To:Cc:Date:Subject:Reply-To: Feedback-ID:Message-ID; b=BDMXgdXb6Dvmz+ZmboGf6P7I4lnaCDOjMi9t7pAH78FasPmPiBPgVJxqyNZA52E1U NnZZHtt8M8rGKo+q0JpFumN3JdUahfeubqLSNUtizjwHPAYbAGd2VBzHApw1Qdswz8 06IpRc4nlcbjIxrO4G5frnQSX4epJ/okpATx/03AIWAOQ+PGailRfdOQ/MvBXDbhrm z5/4gBXHpRHpoUVN26wJnTOUFKQls4U7fN8ipyAK8j31FJyAIdC7zFY0oJhXt/3byy V9EE+zO1Hsp7Q9WJI6CDS2Q6MpRFMygJ/Kq0+kEw00fZN0fmcg119KaF37DBN2Qz7E HGiXaoI0eUuVg== Message-ID: In-Reply-To: <067bff4c-3ada-0597-2632-9482066df2f2@telenet.be> References: <4AtymQ5ic7YPCQjgRG3Dj73aZuO_Rx7GX8YSKBPeoVoOG_Z8LjXXbqvvfaq-ap0fgLADcsE8zibqDwkO7kazYXa0eMA3EeEaiU_6wGQ0yI8=@protonmail.com> <067bff4c-3ada-0597-2632-9482066df2f2@telenet.be> Feedback-ID: 44744921:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" Reply-to: Maya X-ACL-Warn: , Maya via Guix-patches From: Maya via Guix-patches via X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1658953639; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=+EfmRDv8h5elk3ED52ac2Gwtsn41wr472D7wKZNRsK8=; b=QuynzReTSCZw8I8nJyDt2tLdVgdbJuaZ98Af2g7txxAfPdChYKzuchHEMwdtVA/YnWhPy5 YBpfSAUnjw71SNu+xLgWAa/8QTgVajyFrnKBan3XgxSm5p5UGbEOZ0mhE+mdU6geMnXIBp tAW9Pdb767b2saybjOb562VA3oNVdmAunmWtF+iA48WDY2i7zk7q/uBH8A82zUNsnuzDGW WhOzBOvZvQa7X8TqFACi1aRNasiCDzE9r06vGhVzXBrcNiflWC4kLS8UrvUvacRj6RMTlM 7w2dBUzty96NHIHun6S18b1QB1EHITLtxMxDsV8ll005/VAN0s2Pwtl8K5DU7w== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1658953639; a=rsa-sha256; cv=none; b=eMpGowWvXYR3mfQZak2CffP+VOksNQTqKIVUxRMO31XP9fII4HQ47OtcroeI4dbFUNqdgo QZzfr5EGCGIzhL1viuNwsJkEsS8t0o+FqVfNuynneZF3FtlmCYET2Tttg8ZfyHe+iT7frc PFXmBszDEdjYeLbIuj6BBjiV8sx/mY1//ReuPc6dpuwUydcJY+CXx36D8v7s5hK2yCk4VN kn1sAjKLw8XSi1CbiDw2F/IZJNqw0eYi5sSzbLS4M36DUapvKW68jOR9ShAjBF7HcVta3h f5RpszLn+X3ad0kJtcenKr6HlIkY7DRaI1iaY6YmXB8XN4Ms6hxwXsYIj3racA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=protonmail.com header.s=protonmail3 header.b=BDMXgdXb; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -3.43 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=protonmail.com header.s=protonmail3 header.b=BDMXgdXb; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 79625B177 X-Spam-Score: -3.43 X-Migadu-Scanner: scn1.migadu.com X-TUID: OVKFfqOdyoI7 >This can be simplified to > > (let ((fprintd-module (file-append (fprintd-configuration-fprintd >config) "/lib/security/pam_fprintd.so"))) Yes, thank you, I am not yet that great with my guix-fu. > > + #:login-uid? #t)) > What's this line for? I'm not finding 'login-uid?' anywhere in the > manual, a comment would be in order. I've got this from the unix-pam-service and from gdm-service-type. The code= this refers to in gnu/system/pam.scm: ,@(if login-uid? (list (pam-entry ;to fill in /proc/self/loginuid (control "required") (module "pam_loginuid.so"))) '()) gdm-service-type uses it in all 3 of it's pam modules. So I figured it ough= t to be there. I can investigate further, but it seems like I should not to= uch it. > Documentation is missing (in the manual), so as-is, this new feature is > hard to find. Oh? I didn't know that. Doesn't define-configuration generate documentation= automatically? If it does not, I will hapilly add it, but I have never wri= tten any, so it will be a learning process. > Also, the manual required giving every top-level procedure a docstring > IIRC, There is that requirement, yes. But there weren't any around this method so= I thought the configuration sufficed, but if it is a requirement, I will d= o that. > > gnu/services/authentication.scm | 49 +++++++++++++++++++++++++++++++-= - > > 1 file changed, 46 insertions(+), 3 deletions(-) > > > > diff --git a/gnu/services/authentication.scm b/gnu/services/authenticat= ion.scm > > index f7becdfafb..5737c15f4c 100644 > > --- a/gnu/services/authentication.scm > > +++ b/gnu/services/authentication.scm > > @@ -44,9 +44,50 @@ (define-module (gnu services authentication) > > nslcd-configuration? > > nslcd-service-type)) > > > > -(define-configuration fprintd-configuration > > +(define-configuration/no-serialization fprintd-configuration > > (fprintd (file-like fprintd) > > - "The fprintd package")) > > + "The fprintd package") > > + (unlock-gdm? > > + (boolean #t) > > + "Generate PAM configuration that unlocks gdm with fprintd.") > > + (unlock-other > > + (list '("polkit-1" "sddm")) ;; polkit-1 is the name of a PAM module= for GNOME polkit > > + "List of other PAM modules that can be unlocked with fprintd. > > + > > +This depends on your desktop configuration. If you for example want GN= OME prompts to be unlocked by fingerprint, you add @code{polkit-1} to this = list. (This is enabled by default.) > +")) > This documentation is unclear -- does this field need to be set to the > _name_ of the module, or to the _file name_ of the _shared library_ (as > a file-like, not a direct file name, because of staging), or ...? Also, > the 'list' check can be more precise, IIRC there was some method for not > just using list? but doing things like list-of-strings?. The name of the pam module, not a shared library. So the file in /etc/pam.d= . It is a direct name, since it is not inside the store, pam modules have s= tatic path. As for the configuration options, it's my first time using them and I didn'= t really understand the define-syntax definition, so I really just skimmed = through the guix repository for some uses. > Anyway, I don't really know PAM, but I've written some comments on the > patch, hopefully they are useful. They are a lot! Thank you very much. I hope those comments will be less nee= ded in the future, as I become better as a contributor. With all the best for tomorrow and all the days to come, Maya.