From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Prikler Subject: Re: Wheel group as polkit admins Date: Sun, 17 Nov 2019 18:52:07 +0100 Message-ID: <329f03fbb1df8c78deaef37c06c5041b3504c15e.camel@student.tugraz.at> References: <17ea661e09a034c36151b72ca1ab508a3fc52d1c.camel@student.tugraz.at> <87mucuo3hh.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:42540) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iWOij-0002Ia-1b for guix-devel@gnu.org; Sun, 17 Nov 2019 12:52:22 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iWOih-00069E-C3 for guix-devel@gnu.org; Sun, 17 Nov 2019 12:52:20 -0500 In-Reply-To: <87mucuo3hh.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ludovic =?ISO-8859-1?Q?Court=E8s?= Cc: guix-devel@gnu.org Hi Ludo, Am Sonntag, den 17.11.2019, 17:46 +0100 schrieb Ludovic Court=C3=A8s: > Hi Leo, >=20 > Leo Prikler skribis: >=20 > > Since our polkit service expects a list of packages as extension, I > > currently use the following in my /etc/config.scm: > >=20 > > (define polkit-wheel > > (package > > (name "polkit-wheel") > > (version "0") > > (source #f) > > (build-system trivial-build-system) > > (arguments > > `(#:modules ((guix build utils)) > > #:builder > > (begin > > (use-modules ((guix build utils))) > > (let ((rules.d (string-append %output "/share/polkit- > > 1/rules.d"))) > > (mkdir-p rules.d) > > (with-output-to-file (string-append rules.d > > "/wheel.rules") > > (lambda () > > (display "polkit.addAdminRule(function(action, > > subject) { > > return [\"unix-group:wheel\"]; > > }); > > "))))))) > > (home-page #f) > > (synopsis "Make wheel adminstrate") > > (description #f) > > (license #f))) > >=20 > > (define polkit-wheel-service-type > > (service-type (name 'polkit-wheel) > > (extensions > > (list (service-extension polkit-service-type > > (const (list polkit- > > wheel))))) > > (default-value '()))) > >=20 > > The problems with this apporach should be clear. "polkit-wheel" is > > by > > no stretch of the imagination an actual package. It is so trivial, > > that it might as well just be a file. Is there a simpler way of > > extending polkit, perhaps with just a g-expression? >=20 > Yup, I think you could make it a =E2=80=98computed-file=E2=80=99 instea= d of a > package: >=20 > (computed-file "polkit-wheel-rule" > (with-imported-modules '((guix build utils)) > #~(begin =E2=80=A6))) Thanks for the hint. Since it's all just static text, I don't really need the whole Guile power of computed-file, so I've shortened it to: --8<---------------cut here---------------start------------->8--- (define polkit-wheel (file-union "polkit-wheel" `(("share/polkit-1/rules.d/wheel.rules" ,(plain-file "wheel.rules" "polkit.addAdminRule(function(action, subject) { return [\"unix-group:wheel\"]; }); "))))) --8<---------------cut here---------------end--------------->8--- "guix system build" seems to return what I want with that. Strangely enough plain-file does not like to build directories, so I had to use a file-union here. > Should we make that the default, BTW? It would seem to make sense as > that=E2=80=99s the whole point of the =E2=80=9Cwheel=E2=80=9D group. >=20 > What do people think? I'm probably biased as the author of this service, but I think it would probably make sense to include it in %desktop-services. Perhaps we could even add wheel.rules to polkit-service-type itself, although I'm somewhat conflicted on that, as one could not opt out. Regards, Leo