From mboxrd@z Thu Jan 1 00:00:00 1970 From: Chris Marusich Subject: Re: Network Manager Service Date: Wed, 23 Nov 2016 21:52:53 -0800 Message-ID: <87k2bth1ai.fsf@gmail.com> References: <3bc5b721a8b3a69692e3bf52b13bc5f0@openmailbox.org> <87lgwd1at2.fsf@gnu.org> <874m31xijr.fsf@gmail.com> <87y40dvt1d.fsf@gnu.org> <4fafee90348a41b9cebf93bdefc8fd76@openmailbox.org> <87mvgq7ebm.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:55890) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1c9mxy-0006GP-B4 for help-guix@gnu.org; Thu, 24 Nov 2016 00:53:04 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1c9mxw-0001K1-1N for help-guix@gnu.org; Thu, 24 Nov 2016 00:53:02 -0500 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org Sender: "Help-Guix" To: Ludovic =?utf-8?Q?Court=C3=A8s?= Cc: rennes@openmailbox.org, help-guix@gnu.org --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable ludo@gnu.org (Ludovic Court=C3=A8s) writes: > Oops, I had left an extra #:use-module line in there, sorry! > > Could you try this one? On my GuixSD system, The new patch works with one problem: Network Manager still does not show any wireless networks. I solved this by adding wpa-supplicant-service (this service was mentioned in the manual, but it was actually missing from code!) and making 'network-manager-shepherd-service' require it. Here's the updated patch: --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=patch Content-Transfer-Encoding: quoted-printable diff --git a/gnu/services/dbus.scm b/gnu/services/dbus.scm index 876f56d..26390a4 100644 =2D-- a/gnu/services/dbus.scm +++ b/gnu/services/dbus.scm @@ -21,7 +21,9 @@ #:use-module (gnu services) #:use-module (gnu services shepherd) #:use-module (gnu system shadow) + #:use-module (gnu system pam) #:use-module ((gnu packages glib) #:select (dbus)) + #:use-module (gnu packages polkit) #:use-module (gnu packages admin) #:use-module (guix gexp) #:use-module (guix records) @@ -30,7 +32,10 @@ #:export (dbus-configuration dbus-configuration? dbus-root-service-type =2D dbus-service)) + dbus-service + + polkit-service-type + polkit-service)) =20 ;;; ;;; D-Bus. @@ -218,4 +223,91 @@ and policy files. For example, to allow avahi-daemon = to use the system bus, (dbus-configuration (dbus dbus) (services services)))) =20 + +;;; +;;; Polkit privilege management service. +;;; + +(define-record-type* + polkit-configuration make-polkit-configuration + polkit-configuration? + (polkit polkit-configuration-polkit ; + (default polkit)) + (actions polkit-configuration-actions ;list of + (default '()))) + +(define %polkit-accounts + (list (user-group (name "polkitd") (system? #t)) + (user-account + (name "polkitd") + (group "polkitd") + (system? #t) + (comment "Polkit daemon user") + (home-directory "/var/empty") + (shell "/run/current-system/profile/sbin/nologin")))) + +(define %polkit-pam-services + (list (unix-pam-service "polkit-1"))) + +(define (polkit-directory packages) + "Return a directory containing an @file{actions} and possibly a +@file{rules.d} sub-directory, for use as @file{/etc/polkit-1}." + (with-imported-modules '((guix build union)) + (computed-file "etc-polkit-1" + #~(begin + (use-modules (guix build union) (srfi srfi-26)) + + (union-build #$output + (map (cut string-append <> + "/share/polkit-1") + (list #$@packages))))))) + +(define polkit-etc-files + (match-lambda + (($ polkit packages) + `(("polkit-1" ,(polkit-directory (cons polkit packages))))))) + +(define polkit-setuid-programs + (match-lambda + (($ polkit) + (list (file-append polkit "/lib/polkit-1/polkit-agent-helper-1") + (file-append polkit "/bin/pkexec"))))) + +(define polkit-service-type + (service-type (name 'polkit) + (extensions + (list (service-extension account-service-type + (const %polkit-accounts)) + (service-extension pam-root-service-type + (const %polkit-pam-services)) + (service-extension dbus-root-service-type + (compose + list + polkit-configuration-polkit)) + (service-extension etc-service-type + polkit-etc-files) + (service-extension setuid-program-service-type + polkit-setuid-programs))) + + ;; Extensions are lists of packages that provide polkit ru= les + ;; or actions under share/polkit-1/{actions,rules.d}. + (compose concatenate) + (extend (lambda (config actions) + (polkit-configuration + (inherit config) + (actions + (append (polkit-configuration-actions config) + actions))))))) + +(define* (polkit-service #:key (polkit polkit)) + "Return a service that runs the +@uref{http://www.freedesktop.org/wiki/Software/polkit/, Polkit privilege +management service}, which allows system administrators to grant access to +privileged operations in a structured way. By querying the Polkit service= , a +privileged system component can know when it should grant additional +capabilities to ordinary users. For example, an ordinary user can be gran= ted +the capability to suspend the system if the user is logged in locally." + (service polkit-service-type + (polkit-configuration (polkit polkit)))) + ;;; dbus.scm ends here diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm index dfd1ea6..7555780 100644 =2D-- a/gnu/services/desktop.scm +++ b/gnu/services/desktop.scm @@ -37,7 +37,6 @@ #:use-module (gnu packages gnome) #:use-module (gnu packages xfce) #:use-module (gnu packages avahi) =2D #:use-module (gnu packages polkit) #:use-module (gnu packages xdisorg) #:use-module (gnu packages suckless) #:use-module (gnu packages linux) @@ -68,11 +67,6 @@ =20 bluetooth-service =20 =2D polkit-configuration =2D polkit-configuration? =2D polkit-service =2D polkit-service-type =2D elogind-configuration elogind-configuration? elogind-service @@ -415,93 +409,6 @@ Users need to be in the @code{lp} group to access the = D-Bus service. =20 ;;; =2D;;; Polkit privilege management service. =2D;;; =2D =2D(define-record-type* =2D polkit-configuration make-polkit-configuration =2D polkit-configuration? =2D (polkit polkit-configuration-polkit ; =2D (default polkit)) =2D (actions polkit-configuration-actions ;list of =2D (default '()))) =2D =2D(define %polkit-accounts =2D (list (user-group (name "polkitd") (system? #t)) =2D (user-account =2D (name "polkitd") =2D (group "polkitd") =2D (system? #t) =2D (comment "Polkit daemon user") =2D (home-directory "/var/empty") =2D (shell "/run/current-system/profile/sbin/nologin")))) =2D =2D(define %polkit-pam-services =2D (list (unix-pam-service "polkit-1"))) =2D =2D(define (polkit-directory packages) =2D "Return a directory containing an @file{actions} and possibly a =2D@file{rules.d} sub-directory, for use as @file{/etc/polkit-1}." =2D (with-imported-modules '((guix build union)) =2D (computed-file "etc-polkit-1" =2D #~(begin =2D (use-modules (guix build union) (srfi srfi-26)) =2D =2D (union-build #$output =2D (map (cut string-append <> =2D "/share/polkit-1") =2D (list #$@packages))))))) =2D =2D(define polkit-etc-files =2D (match-lambda =2D (($ polkit packages) =2D `(("polkit-1" ,(polkit-directory (cons polkit packages))))))) =2D =2D(define polkit-setuid-programs =2D (match-lambda =2D (($ polkit) =2D (list (file-append polkit "/lib/polkit-1/polkit-agent-helper-1") =2D (file-append polkit "/bin/pkexec"))))) =2D =2D(define polkit-service-type =2D (service-type (name 'polkit) =2D (extensions =2D (list (service-extension account-service-type =2D (const %polkit-accounts)) =2D (service-extension pam-root-service-type =2D (const %polkit-pam-services)) =2D (service-extension dbus-root-service-type =2D (compose =2D list =2D polkit-configuration-polkit)) =2D (service-extension etc-service-type =2D polkit-etc-files) =2D (service-extension setuid-program-service-type =2D polkit-setuid-programs))) =2D =2D ;; Extensions are lists of packages that provide polkit = rules =2D ;; or actions under share/polkit-1/{actions,rules.d}. =2D (compose concatenate) =2D (extend (lambda (config actions) =2D (polkit-configuration =2D (inherit config) =2D (actions =2D (append (polkit-configuration-actions config) =2D actions))))))) =2D =2D(define* (polkit-service #:key (polkit polkit)) =2D "Return a service that runs the =2D@uref{http://www.freedesktop.org/wiki/Software/polkit/, Polkit privilege =2Dmanagement service}, which allows system administrators to grant access = to =2Dprivileged operations in a structured way. By querying the Polkit servi= ce, a =2Dprivileged system component can know when it should grant additional =2Dcapabilities to ordinary users. For example, an ordinary user can be gr= anted =2Dthe capability to suspend the system if the user is logged in locally." =2D (service polkit-service-type =2D (polkit-configuration (polkit polkit)))) =2D =2D =2D;;; ;;; Colord D-Bus service. ;;; =20 diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 5a83240..1b4ad56 100644 =2D-- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -66,7 +66,8 @@ wicd-service network-manager-service connman-service =2D wpa-supplicant-service-type)) + wpa-supplicant-service-type + wpa-supplicant-service)) =20 ;;; Commentary: ;;; @@ -682,7 +683,7 @@ and @command{wicd-curses} user interfaces." (list (shepherd-service (documentation "Run the NetworkManager.") (provision '(networking)) =2D (requirement '(user-processes dbus-system loopback)) + (requirement '(user-processes dbus-system loopback wpa-supplicant= )) (start #~(make-forkexec-constructor (list (string-append #$network-manager "/sbin/NetworkManager") @@ -695,6 +696,7 @@ and @command{wicd-curses} user interfaces." (list (service-extension shepherd-root-service-type network-manager-shepherd-service) (service-extension dbus-root-service-type list) + (service-extension polkit-service-type list) (service-extension activation-service-type (const %network-manager-activati= on)) ;; Add network-manager to the system profile. @@ -777,4 +779,10 @@ configure networking." (service-extension dbus-root-service-type list) (service-extension profile-service-type list))))) =20 +(define* (wpa-supplicant-service #:key (wpa-supplicant wpa-supplicant)) + "Return a service that runs WPA supplicant (https://w1.fi/wpa_supplicant= /), +an authentication daemon required to authenticate against encrypted WiFi or +ethernet networks. Service is started to listen for requests on D-Bus." + (service wpa-supplicant-service-type wpa-supplicant)) + ;;; networking.scm ends here --=-=-= Content-Type: text/plain I then updated my operating system configuration file as follows: --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=config-patch Content-Transfer-Encoding: quoted-printable =2D-- /home/marusich/config.scm 2016-11-23 19:01:54.635709804 -0800 +++ /home/marusich/config-with-network-manager.scm 2016-11-23 21:13:33.3513= 83372 -0800 @@ -9,14 +9,20 @@ (use-package-modules certs cryptsetup xdisorg admin gnome) =20 (define %modified-desktop-services =2D (modify-services %desktop-services =2D (guix-service-type config =3D> =2D (guix-configuration =2D (inherit config) =2D (substitute-urls =2D '("https://hydra-mirror.marusich.info" =2D "https://mirror.hydra.gnu.org" =2D "https://hydra.gnu.org")))))) + (cons* + (network-manager-service) + (wpa-supplicant-service) + (remove + (lambda (service) + (eq? wicd-service-type (service-kind service))) + (modify-services %desktop-services + (guix-service-type config =3D> + (guix-configuration + (inherit config) + (substitute-urls + '("https://hydra-mirror.marusich.info" + "https://mirror.hydra.gnu.org" + "https://hydra.gnu.org")))))))) =20 (operating-system =20 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable After I ran 'guix system configuration', Network Manager pretty much just works. Specifically: * Network Manager starts automatically on boot. * Network Manager detects wireless networks. * I can connect manually to wireless networks using Network Manager. However, there is one problem: Even if I select "Connect automatically" (in the "Identity" section of the settings page within Network Manager for my wireless network), Network Manager does not automatically connect to the network. I'm not sure why. I would love to see this patch go into master, but I have a few concerns (which are probably non-blocking): * It looks like it's possible to have an "incomplete deployment" of services in GuixSD. For example, if you add (e.g., network-manager-service) without also adding wpa-supplicant-service, the 'reconfigure' will succeed, but the wireless aspects of Network Manager will not work. This seems undesirable. In the same way that Guix/Nix ensures "complete deployment" of components in the store, is there a way we can ensure complete deployment of services in GuixSD? * Should we update the desktop templates in gnu/system/examples/desktop.tmpl? It looks like it's impossible to add both wicd-service and network-manager-service to the same config file. Therefore, perhaps we should supply a "gnome-desktop.tmpl" example for those who want the GNOME desktop specifically? The changes necessary to get Network Manager working with the "desktop.tmpl" might not be easy for someone who is new to Guile. * I'm not sure (yet) how to investigate why Network Manager is failing to automatically connect. If you have any ideas, please let me know. =2D-=20 Chris --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJYNoA1AAoJEN1AmhXYIkadmfcP/1GJ6qO/1LfqewtIBuJ+vSuf AAma6+GvPSrY7Qj6ucDMnzGjenlanBzsesln4yME9hPtSWjXMtNtIAnaENVWlk5v wIQoHSZDxE+6MNoQiy3mHFzYqgTBjblbv3inJPF6SDHoxBdC7bqMJi7pEtUlqVKc /knZi/LYjCjRX3A2HYkkyIc4fk2j4r6u0byjRUyFzJWMfLsRtiIrf3+UgyYXnFtv XQ1H+q4/ZIb1p7xE58Wqn/TzLvESShbB8npHWYqSZQ79vC/QWo8n1PjnK6bxdxqd k+k5+0330d/TAtpnRpEXNK8byWC0rtIHs+lkwYAE8whC/OydsPY+GgBgLB/ymH9i Cq1PiZshXRl90qNGXAZXUTNUKcB6KO0PRXkNtF9JjkXZpvFiIGUZOTUDG63vOitQ 0AC8bJO1TnIaVW3tEVhLCiRwBgoDdVVXlVSw4Vd2nkXhOrR/AQO0gqz5XEMQwGgh OQG7VBv0cxTOU/PSQto7EpATmovf6SKFlnVoGdLd0i1L3G/CNyHjlPU5PIFwnsTR rNroSET6KZHt/q046oRlhYyvi6YG5CVOPZKAhJu6OIIZ86dFyvYKY6Q7ttLLZQmp Y82aHSckj9X2vbINckDML8SIY7g4dI1YbQjFqcOcArreneV+1usKsI/354qvNdXu dfNnFpIAdrSWlCARRS5H =7/z7 -----END PGP SIGNATURE----- --==-=-=--