* [PATCH v2 2/7] gnu: elogind: Update to version 219.5.
2015-08-18 8:03 [PATCH v2 1/7] guix: git: Support shallow git clones if a tag is available Andy Wingo
@ 2015-08-18 8:05 ` Andy Wingo
2015-08-25 14:46 ` Ludovic Courtès
2015-08-18 8:22 ` [PATCH v2 3/7] gnu: Allow OS configurations to add PAM session modules Andy Wingo
` (4 subsequent siblings)
5 siblings, 1 reply; 21+ messages in thread
From: Andy Wingo @ 2015-08-18 8:05 UTC (permalink / raw)
To: guix-devel
* gnu/packages/freedesktop.scm (elogind): Update to 219.5.
---
gnu/packages/freedesktop.scm | 110 +++++++++++++++++++++----------------------
1 file changed, 54 insertions(+), 56 deletions(-)
diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm
index cbf26dc..7413456 100644
--- a/gnu/packages/freedesktop.scm
+++ b/gnu/packages/freedesktop.scm
@@ -130,65 +130,63 @@ the freedesktop.org XDG Base Directory specification.")
(license license:expat)))
(define-public elogind
- (let ((commit "14405a9"))
- (package
- (name "elogind")
- (version (string-append "219." commit))
- (source (origin
- (method git-fetch)
- (uri (git-reference
- (url "http://git.elephly.net/software/elogind.git")
- (commit commit)))
- (sha256
- (base32
- "1wz5lxj95qg64x2q5hf4zcb35hpxlw3wfswx6sb2srvsg50y3y72"))
- (file-name (string-append name "-checkout-" commit))
- (modules '((guix build utils)))
- (snippet
- '(begin
- (use-modules (guix build utils))
- (substitute* "Makefile.am"
- ;; Avoid validation against DTD because the DTDs for
- ;; both doctype 4.2 and 4.5 are needed.
- (("XSLTPROC_FLAGS = ") "XSLTPROC_FLAGS = --novalid"))))))
- (build-system gnu-build-system)
- (arguments
- `(#:configure-flags
- (list
- ;; pam_elogind fails because of bus-error.c hackery
- "--disable-pam"
- (string-append "--with-rootprefix=" (assoc-ref %outputs "out")))
- #:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'autogen
- (lambda _
- (and (zero? (system* "intltoolize" "--force" "--automake"))
- (zero? (system* "autoreconf" "-vif"))))))))
- (native-inputs
- `(("intltool" ,intltool)
- ("gettext" ,gnu-gettext)
- ("docbook-xsl" ,docbook-xsl)
- ("docbook-xml" ,docbook-xml)
- ("xsltproc" ,libxslt)
- ("libxml2" ,libxml2) ;for XML_CATALOG_FILES
- ("pkg-config", pkg-config)
- ("autoconf" ,autoconf)
- ("automake" ,automake)
- ("libtool" ,libtool)
- ("gperf" ,gperf)))
- (inputs
- `(("linux-pam" ,linux-pam)
- ("linux-libre-headers" ,linux-libre-headers)
- ("libcap" ,libcap)
- ("dbus" ,dbus)
- ("eudev" ,eudev)))
- (home-page "https://github.com/andywingo/elogind")
- (synopsis "User, seat, and session management service")
- (description "Elogind is the systemd project's \"logind\" service,
+ (package
+ (name "elogind")
+ (version "219.5")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/andywingo/elogind")
+ (tag (string-append "v" version))))
+ (sha256
+ (base32
+ "09ipra2q6gsdll3356jcb1yx2za9p4qab5qfk9g2z40msvb93hs5"))
+ (file-name (string-append name "-checkout-" version))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ (use-modules (guix build utils))
+ (substitute* "Makefile.am"
+ ;; Avoid validation against DTD because the DTDs for
+ ;; both doctype 4.2 and 4.5 are needed.
+ (("XSLTPROC_FLAGS = ") "XSLTPROC_FLAGS = --novalid"))))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:configure-flags
+ (list (string-append "--with-udevrulesdir="
+ (assoc-ref %outputs "out")
+ "/lib/udev/rules.d"))
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'autogen
+ (lambda _
+ (and (zero? (system* "intltoolize" "--force" "--automake"))
+ (zero? (system* "autoreconf" "-vif"))))))))
+ (native-inputs
+ `(("intltool" ,intltool)
+ ("gettext" ,gnu-gettext)
+ ("docbook-xsl" ,docbook-xsl)
+ ("docbook-xml" ,docbook-xml)
+ ("xsltproc" ,libxslt)
+ ("libxml2" ,libxml2) ;for XML_CATALOG_FILES
+ ("pkg-config", pkg-config)
+ ("autoconf" ,autoconf)
+ ("automake" ,automake)
+ ("libtool" ,libtool)
+ ("gperf" ,gperf)))
+ (inputs
+ `(("linux-pam" ,linux-pam)
+ ("linux-libre-headers" ,linux-libre-headers)
+ ("libcap" ,libcap)
+ ("dbus" ,dbus)
+ ("eudev" ,eudev)))
+ (home-page "https://github.com/andywingo/elogind")
+ (synopsis "User, seat, and session management service")
+ (description "Elogind is the systemd project's \"logind\" service,
extracted out as a separate project. Elogind integrates with PAM to provide
the org.freedesktop.login1 interface over the system bus, allowing other parts
of a the system to know what users are logged in, and where.")
- (license license:lgpl2.1+))))
+ (license license:lgpl2.1+)))
(define-public python-pyxdg
(package
--
2.4.3
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH v2 3/7] gnu: Allow OS configurations to add PAM session modules
2015-08-18 8:03 [PATCH v2 1/7] guix: git: Support shallow git clones if a tag is available Andy Wingo
2015-08-18 8:05 ` [PATCH v2 2/7] gnu: elogind: Update to version 219.5 Andy Wingo
@ 2015-08-18 8:22 ` Andy Wingo
2015-08-25 14:55 ` Ludovic Courtès
2015-08-18 9:39 ` [PATCH v2 4/7] gnu: polkit: Use elogind for seat management Andy Wingo
` (3 subsequent siblings)
5 siblings, 1 reply; 21+ messages in thread
From: Andy Wingo @ 2015-08-18 8:22 UTC (permalink / raw)
To: guix-devel
* gnu/services/base.scm (mingetty-service):
* gnu/services/xorg.scm (slim-service):
* gnu/services/ssh.scm (lsh-service):
* gnu/system/linux.scm (unix-pam-service, base-pam-services): Add
#:additional-session-modules keyword argument.
---
gnu/services/base.scm | 6 ++++--
gnu/services/ssh.scm | 6 ++++--
gnu/services/xorg.scm | 6 ++++--
gnu/system/linux.scm | 27 ++++++++++++++++-----------
4 files changed, 28 insertions(+), 17 deletions(-)
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 888e446..60dc93b 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -364,7 +364,8 @@ stopped before 'kill' is called."
;; Allow empty passwords by default so that
;; first-time users can log in when the 'root'
;; account has just been created.
- (allow-empty-passwords? #t))
+ (allow-empty-passwords? #t)
+ (additional-session-modules '()))
"Return a service to run mingetty on @var{tty}.
When @var{allow-empty-passwords?} is true, allow empty log-in password. When
@@ -416,7 +417,8 @@ the ``message of the day''."
;; duplicates are removed.
(list (unix-pam-service "login"
#:allow-empty-passwords? allow-empty-passwords?
- #:motd motd)))))))
+ #:motd motd
+ #:additional-session-modules additional-session-modules)))))))
(define-record-type* <nscd-configuration> nscd-configuration
make-nscd-configuration
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index e2f8542..15e4052 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -86,7 +86,8 @@
(tcp/ip-forwarding? #t)
(password-authentication? #t)
(public-key-authentication? #t)
- (initialize? #t))
+ (initialize? #t)
+ (additional-session-modules '()))
"Run the @command{lshd} program from @var{lsh} to listen on port @var{port-number}.
@var{host-key} must designate a file containing the host key, and readable
only by root.
@@ -162,7 +163,8 @@ The other options should be self-descriptive."
(pam-services
(list (unix-pam-service
"lshd"
- #:allow-empty-passwords? allow-empty-passwords?)))
+ #:allow-empty-passwords? allow-empty-passwords?
+ #:additional-session-modules additional-session-modules)))
(activate #~(begin
(use-modules (guix build utils))
(mkdir-p "/var/spool/lsh")
diff --git a/gnu/services/xorg.scm b/gnu/services/xorg.scm
index 9ee8817..71bbb32 100644
--- a/gnu/services/xorg.scm
+++ b/gnu/services/xorg.scm
@@ -224,7 +224,8 @@ which should be passed to this script as the first argument. If not, the
(xauth xauth) (dmd dmd) (bash bash)
(auto-login-session #~(string-append #$windowmaker
"/bin/wmaker"))
- startx)
+ startx
+ (additional-session-modules '()))
"Return a service that spawns the SLiM graphical login manager, which in
turn starts the X display server with @var{startx}, a command as returned by
@code{xorg-start-command}.
@@ -305,6 +306,7 @@ reboot_cmd " dmd "/sbin/reboot
;; Tell PAM about 'slim'.
(list (unix-pam-service
"slim"
- #:allow-empty-passwords? allow-empty-passwords?)))))))
+ #:allow-empty-passwords? allow-empty-passwords?
+ #:additional-session-modules additional-session-modules)))))))
;;; xorg.scm ends here
diff --git a/gnu/system/linux.scm b/gnu/system/linux.scm
index aaaa8c6..d6a9959 100644
--- a/gnu/system/linux.scm
+++ b/gnu/system/linux.scm
@@ -133,7 +133,8 @@ dumped in /etc/pam.d/NAME, where NAME is the name of SERVICE."
(let ((unix (pam-entry
(control "required")
(module "pam_unix.so"))))
- (lambda* (name #:key allow-empty-passwords? motd)
+ (lambda* (name #:key allow-empty-passwords? motd
+ (additional-session-modules '()))
"Return a standard Unix-style PAM service for NAME. When
ALLOW-EMPTY-PASSWORDS? is true, allow empty passwords. When MOTD is true, it
should be the name of a file used as the message-of-the-day."
@@ -149,14 +150,16 @@ should be the name of a file used as the message-of-the-day."
(arguments '("nullok")))
unix)))
(password (list unix))
- (session (if motd
- (list unix
- (pam-entry
- (control "optional")
- (module "pam_motd.so")
- (arguments
- (list #~(string-append "motd=" #$motd)))))
- (list unix))))))))
+ (session (append
+ (if motd
+ (list unix
+ (pam-entry
+ (control "optional")
+ (module "pam_motd.so")
+ (arguments
+ (list #~(string-append "motd=" #$motd)))))
+ (list unix))
+ additional-session-modules)))))))
(define (rootok-pam-service command)
"Return a PAM service for COMMAND such that 'root' does not need to
@@ -173,14 +176,16 @@ authenticate to run COMMAND."
(password (list unix))
(session (list unix)))))
-(define* (base-pam-services #:key allow-empty-passwords?)
+(define* (base-pam-services #:key allow-empty-passwords?
+ (additional-session-modules '()))
"Return the list of basic PAM services everyone would want."
;; TODO: Add other Shadow programs?
(append (list %pam-other-services)
;; These programs are setuid-root.
(map (cut unix-pam-service <>
- #:allow-empty-passwords? allow-empty-passwords?)
+ #:allow-empty-passwords? allow-empty-passwords?
+ #:additional-session-modules additional-session-modules)
'("su" "passwd" "sudo"
"xlock" "xscreensaver"))
--
2.4.3
^ permalink raw reply related [flat|nested] 21+ messages in thread
* Re: [PATCH v2 3/7] gnu: Allow OS configurations to add PAM session modules
2015-08-18 8:22 ` [PATCH v2 3/7] gnu: Allow OS configurations to add PAM session modules Andy Wingo
@ 2015-08-25 14:55 ` Ludovic Courtès
2015-08-25 16:00 ` Andy Wingo
0 siblings, 1 reply; 21+ messages in thread
From: Ludovic Courtès @ 2015-08-25 14:55 UTC (permalink / raw)
To: Andy Wingo; +Cc: guix-devel
Andy Wingo <wingo@pobox.com> skribis:
> * gnu/services/base.scm (mingetty-service):
> * gnu/services/xorg.scm (slim-service):
> * gnu/services/ssh.scm (lsh-service):
> * gnu/system/linux.scm (unix-pam-service, base-pam-services): Add
> #:additional-session-modules keyword argument.
I wonder if we really need #:additional-session-modules passed around.
My first suggestion would be to do ‘unix-pam-service’ or
‘base-pam-services’ in the OS declaration along these lines:
(operating-system
;; ...
(pam-services (map (lambda (service)
(pam-service
(inherit service)
(session (cons ...))))
(base-pam-services))))
But maybe that turned out to be inconvenient? If so, perhaps we could
solve it by introducing helper procedures, like
‘add-pam-service-session’ or something?
Or am I missing something? :-)
BTW, I realize we should rename (gnu system linux) to (gnu system pam)
and then document it in the manual.
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH v2 3/7] gnu: Allow OS configurations to add PAM session modules
2015-08-25 14:55 ` Ludovic Courtès
@ 2015-08-25 16:00 ` Andy Wingo
2015-08-25 21:39 ` Ludovic Courtès
0 siblings, 1 reply; 21+ messages in thread
From: Andy Wingo @ 2015-08-25 16:00 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: guix-devel
On Tue 25 Aug 2015 16:55, ludo@gnu.org (Ludovic Courtès) writes:
> Andy Wingo <wingo@pobox.com> skribis:
>
>> * gnu/services/base.scm (mingetty-service):
>> * gnu/services/xorg.scm (slim-service):
>> * gnu/services/ssh.scm (lsh-service):
>> * gnu/system/linux.scm (unix-pam-service, base-pam-services): Add
>> #:additional-session-modules keyword argument.
>
> I wonder if we really need #:additional-session-modules passed around.
>
> My first suggestion would be to do ‘unix-pam-service’ or
> ‘base-pam-services’ in the OS declaration along these lines:
>
> (operating-system
> ;; ...
> (pam-services (map (lambda (service)
> (pam-service
> (inherit service)
> (session (cons ...))))
> (base-pam-services))))
>
> But maybe that turned out to be inconvenient? If so, perhaps we could
> solve it by introducing helper procedures, like
> ‘add-pam-service-session’ or something?
>
> Or am I missing something? :-)
>
> BTW, I realize we should rename (gnu system linux) to (gnu system pam)
> and then document it in the manual.
How would that work for other services like slim, mingetty, etc?
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH v2 3/7] gnu: Allow OS configurations to add PAM session modules
2015-08-25 16:00 ` Andy Wingo
@ 2015-08-25 21:39 ` Ludovic Courtès
2015-08-26 7:21 ` Andy Wingo
0 siblings, 1 reply; 21+ messages in thread
From: Ludovic Courtès @ 2015-08-25 21:39 UTC (permalink / raw)
To: Andy Wingo; +Cc: guix-devel
Andy Wingo <wingo@igalia.com> skribis:
> On Tue 25 Aug 2015 16:55, ludo@gnu.org (Ludovic Courtès) writes:
>
>> Andy Wingo <wingo@pobox.com> skribis:
>>
>>> * gnu/services/base.scm (mingetty-service):
>>> * gnu/services/xorg.scm (slim-service):
>>> * gnu/services/ssh.scm (lsh-service):
>>> * gnu/system/linux.scm (unix-pam-service, base-pam-services): Add
>>> #:additional-session-modules keyword argument.
>>
>> I wonder if we really need #:additional-session-modules passed around.
>>
>> My first suggestion would be to do ‘unix-pam-service’ or
>> ‘base-pam-services’ in the OS declaration along these lines:
>>
>> (operating-system
>> ;; ...
>> (pam-services (map (lambda (service)
>> (pam-service
>> (inherit service)
>> (session (cons ...))))
>> (base-pam-services))))
>>
>> But maybe that turned out to be inconvenient? If so, perhaps we could
>> solve it by introducing helper procedures, like
>> ‘add-pam-service-session’ or something?
>>
>> Or am I missing something? :-)
>>
>> BTW, I realize we should rename (gnu system linux) to (gnu system pam)
>> and then document it in the manual.
>
> How would that work for other services like slim, mingetty, etc?
Oh, it wouldn’t.
Just to help me understand, could you explain the typical use case you
have in mind?
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH v2 3/7] gnu: Allow OS configurations to add PAM session modules
2015-08-25 21:39 ` Ludovic Courtès
@ 2015-08-26 7:21 ` Andy Wingo
2015-08-26 7:36 ` 宋文武
2015-08-28 9:04 ` Ludovic Courtès
0 siblings, 2 replies; 21+ messages in thread
From: Andy Wingo @ 2015-08-26 7:21 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: guix-devel
On Tue 25 Aug 2015 23:39, ludo@gnu.org (Ludovic Courtès) writes:
> Andy Wingo <wingo@igalia.com> skribis:
>
>> On Tue 25 Aug 2015 16:55, ludo@gnu.org (Ludovic Courtès) writes:
>>
>>> (operating-system
>>> ;; ...
>>> (pam-services (map (lambda (service)
>>> (pam-service
>>> (inherit service)
>>> (session (cons ...))))
>>> (base-pam-services))))
>>>
>> How would that work for other services like slim, mingetty, etc?
>
> Oh, it wouldn’t.
>
> Just to help me understand, could you explain the typical use case you
> have in mind?
Sure. So right now on a Guix system you have /etc/pam.d, and it
contains configurations for all services that interact with PAM.
Notably there is "login", for console login, but also slim and lsh.
Elogind wants to know about all user sessions so it should add a
"session required /path/to/pam_elogind.so" line to all files in
/etc/pam.d. This causes login and logout to signal elogind.
That's how I ended up adding #:additional-session-modules to all the
other services: mingetty, slim, lsh.
I don't know what the right design is. I think ideally anything that
would log in would include some central file rather than having to
repeat the rules everywhere.
Andy
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH v2 3/7] gnu: Allow OS configurations to add PAM session modules
2015-08-26 7:21 ` Andy Wingo
@ 2015-08-26 7:36 ` 宋文武
2015-08-28 9:04 ` Ludovic Courtès
1 sibling, 0 replies; 21+ messages in thread
From: 宋文武 @ 2015-08-26 7:36 UTC (permalink / raw)
To: Andy Wingo; +Cc: Guix-devel
2015-08-26 15:21 GMT+08:00 Andy Wingo <wingo@igalia.com>:
> On Tue 25 Aug 2015 23:39, ludo@gnu.org (Ludovic Courtès) writes:
>
>> Andy Wingo <wingo@igalia.com> skribis:
>>
>>> On Tue 25 Aug 2015 16:55, ludo@gnu.org (Ludovic Courtès) writes:
>>>
>>>> (operating-system
>>>> ;; ...
>>>> (pam-services (map (lambda (service)
>>>> (pam-service
>>>> (inherit service)
>>>> (session (cons ...))))
>>>> (base-pam-services))))
>>>>
>>> How would that work for other services like slim, mingetty, etc?
>>
>> Oh, it wouldn’t.
>>
>> Just to help me understand, could you explain the typical use case you
>> have in mind?
>
> Sure. So right now on a Guix system you have /etc/pam.d, and it
> contains configurations for all services that interact with PAM.
> Notably there is "login", for console login, but also slim and lsh.
> Elogind wants to know about all user sessions so it should add a
> "session required /path/to/pam_elogind.so" line to all files in
> /etc/pam.d. This causes login and logout to signal elogind.
>
> That's how I ended up adding #:additional-session-modules to all the
> other services: mingetty, slim, lsh.
>
> I don't know what the right design is. I think ideally anything that
> would log in would include some central file rather than having to
> repeat the rules everywhere.
Yes, we can ues 'include' in pam config, this is how the ArchLinux do it:
https://projects.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/pambase
https://projects.archlinux.org/svntogit/packages.git/tree/trunk/slim.pam?h=packages/slim
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH v2 3/7] gnu: Allow OS configurations to add PAM session modules
2015-08-26 7:21 ` Andy Wingo
2015-08-26 7:36 ` 宋文武
@ 2015-08-28 9:04 ` Ludovic Courtès
1 sibling, 0 replies; 21+ messages in thread
From: Ludovic Courtès @ 2015-08-28 9:04 UTC (permalink / raw)
To: Andy Wingo; +Cc: guix-devel
Andy Wingo <wingo@igalia.com> skribis:
> On Tue 25 Aug 2015 23:39, ludo@gnu.org (Ludovic Courtès) writes:
>
>> Andy Wingo <wingo@igalia.com> skribis:
>>
>>> On Tue 25 Aug 2015 16:55, ludo@gnu.org (Ludovic Courtès) writes:
>>>
>>>> (operating-system
>>>> ;; ...
>>>> (pam-services (map (lambda (service)
>>>> (pam-service
>>>> (inherit service)
>>>> (session (cons ...))))
>>>> (base-pam-services))))
>>>>
>>> How would that work for other services like slim, mingetty, etc?
>>
>> Oh, it wouldn’t.
>>
>> Just to help me understand, could you explain the typical use case you
>> have in mind?
>
> Sure. So right now on a Guix system you have /etc/pam.d, and it
> contains configurations for all services that interact with PAM.
> Notably there is "login", for console login, but also slim and lsh.
> Elogind wants to know about all user sessions so it should add a
> "session required /path/to/pam_elogind.so" line to all files in
> /etc/pam.d. This causes login and logout to signal elogind.
>
> That's how I ended up adding #:additional-session-modules to all the
> other services: mingetty, slim, lsh.
Right, got it.
So as I suggested elsewhere (perhaps not clearly), I would do something
like:
(define %desktop-services
(append ...
(map (lambda (mservice)
(with-monad %store-monad
(>>= mservice add-pam-session-thing)))
%base-service)))
Ludo’.
^ permalink raw reply [flat|nested] 21+ messages in thread
* [PATCH v2 4/7] gnu: polkit: Use elogind for seat management.
2015-08-18 8:03 [PATCH v2 1/7] guix: git: Support shallow git clones if a tag is available Andy Wingo
2015-08-18 8:05 ` [PATCH v2 2/7] gnu: elogind: Update to version 219.5 Andy Wingo
2015-08-18 8:22 ` [PATCH v2 3/7] gnu: Allow OS configurations to add PAM session modules Andy Wingo
@ 2015-08-18 9:39 ` Andy Wingo
2015-08-25 14:56 ` Ludovic Courtès
2015-08-18 9:54 ` [PATCH v2 5/7] gnu: colord: Add libcap input Andy Wingo
` (2 subsequent siblings)
5 siblings, 1 reply; 21+ messages in thread
From: Andy Wingo @ 2015-08-18 9:39 UTC (permalink / raw)
To: guix-devel
* gnu/packages/polkit.scm (polkit): Depend on elogind.
---
gnu/packages/polkit.scm | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/polkit.scm b/gnu/packages/polkit.scm
index 172b0e1..6a89d6b 100644
--- a/gnu/packages/polkit.scm
+++ b/gnu/packages/polkit.scm
@@ -23,6 +23,7 @@
#:use-module (guix build-system cmake)
#:use-module (guix build-system gnu)
#:use-module (gnu packages)
+ #:use-module (gnu packages freedesktop)
#:use-module (gnu packages glib)
#:use-module (gnu packages gnuzilla)
#:use-module (gnu packages linux)
@@ -44,13 +45,33 @@
(sha256
(base32
"109w86kfqrgz83g9ivggplmgc77rz8kx8646izvm2jb57h4rbh71"))
- (patches (list (search-patch "polkit-drop-test.patch")))))
+ (patches (list (search-patch "polkit-drop-test.patch")))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ (use-modules (guix build utils))
+ (substitute* "configure"
+ ;; Replace libsystemd-login with libelogind.
+ (("libsystemd-login") "libelogind")
+ ;; Skip the sanity check that the current system runs
+ ;; systemd.
+ (("test ! -d /sys/fs/cgroup/systemd/") "false"))
+ (substitute* "src/polkit/polkitunixsession-systemd.c"
+ (("systemd") "elogind"))
+ (substitute* "src/polkitbackend/polkitbackendsessionmonitor-systemd.c"
+ (("systemd") "elogind"))
+ (substitute* "src/polkitbackend/polkitbackendjsauthority.c"
+ (("systemd") "elogind"))))))
(build-system gnu-build-system)
(inputs
`(("expat" ,expat)
("glib:bin" ,glib "bin") ; for glib-mkenums
+ ("elogind" ,elogind)
("intltool" ,intltool)
("linux-pam" ,linux-pam)
+ ;; FIXME: Shouldn't need libcap, it should be correctly propagated
+ ;; from elogind.
+ ("libcap" ,libcap)
("mozjs" ,mozjs)
("nspr" ,nspr)))
(propagated-inputs
--
2.4.3
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH v2 5/7] gnu: colord: Add libcap input.
2015-08-18 8:03 [PATCH v2 1/7] guix: git: Support shallow git clones if a tag is available Andy Wingo
` (2 preceding siblings ...)
2015-08-18 9:39 ` [PATCH v2 4/7] gnu: polkit: Use elogind for seat management Andy Wingo
@ 2015-08-18 9:54 ` Andy Wingo
2015-08-25 15:03 ` Ludovic Courtès
2015-08-18 9:56 ` [PATCH v2 6/7] gnu: Add elogind service Andy Wingo
2015-08-18 9:57 ` [PATCH v2 7/7] gnu: Add polkit service Andy Wingo
5 siblings, 1 reply; 21+ messages in thread
From: Andy Wingo @ 2015-08-18 9:54 UTC (permalink / raw)
To: guix-devel
* gnu/packages/gnome.scm (colord): Add libcap as an input. I don't know why;
I suspect something libtool-related with libelogind.la.
---
gnu/packages/gnome.scm | 2 ++
1 file changed, 2 insertions(+)
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 1c31be2..8763380 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -2202,6 +2202,8 @@ keyboard shortcuts.")
(inputs
`(("dbus-glib" ,dbus-glib)
("libusb" ,libusb)
+ ;; FIXME: propagated in from elogind via polkit. Why?
+ ("libcap" ,libcap)
("sqlite" ,sqlite)
("polkit" ,polkit)
("sane-backends" ,sane-backends)))
--
2.4.3
^ permalink raw reply related [flat|nested] 21+ messages in thread
* Re: [PATCH v2 5/7] gnu: colord: Add libcap input.
2015-08-18 9:54 ` [PATCH v2 5/7] gnu: colord: Add libcap input Andy Wingo
@ 2015-08-25 15:03 ` Ludovic Courtès
2015-08-25 16:01 ` Andy Wingo
0 siblings, 1 reply; 21+ messages in thread
From: Ludovic Courtès @ 2015-08-25 15:03 UTC (permalink / raw)
To: Andy Wingo; +Cc: guix-devel
Andy Wingo <wingo@pobox.com> skribis:
> * gnu/packages/gnome.scm (colord): Add libcap as an input. I don't know why;
> I suspect something libtool-related with libelogind.la.
If libelogind.la has a -lcap without -L/...-libcap, then could you add a
phase there to do that instead? (For example the recipe for hwloc does
that.)
If it’s libelogind.pc that “Requires” libcap’s .pc, then the solution is
to propagate libcap from elogind.
Hope this makes sense!
Ludo’.
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH v2 5/7] gnu: colord: Add libcap input.
2015-08-25 15:03 ` Ludovic Courtès
@ 2015-08-25 16:01 ` Andy Wingo
2015-08-25 21:40 ` Ludovic Courtès
0 siblings, 1 reply; 21+ messages in thread
From: Andy Wingo @ 2015-08-25 16:01 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: guix-devel
On Tue 25 Aug 2015 17:03, ludo@gnu.org (Ludovic Courtès) writes:
> Andy Wingo <wingo@pobox.com> skribis:
>
>> * gnu/packages/gnome.scm (colord): Add libcap as an input. I don't know why;
>> I suspect something libtool-related with libelogind.la.
>
> If libelogind.la has a -lcap without -L/...-libcap, then could you add a
> phase there to do that instead? (For example the recipe for hwloc does
> that.)
Ah sure. Actually re: elogind we can make whatever modifications are
necessary to "upstream", like --with-libcap or whatever. I'll give it a
poke.
A
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH v2 5/7] gnu: colord: Add libcap input.
2015-08-25 16:01 ` Andy Wingo
@ 2015-08-25 21:40 ` Ludovic Courtès
0 siblings, 0 replies; 21+ messages in thread
From: Ludovic Courtès @ 2015-08-25 21:40 UTC (permalink / raw)
To: Andy Wingo; +Cc: guix-devel
Andy Wingo <wingo@igalia.com> skribis:
> On Tue 25 Aug 2015 17:03, ludo@gnu.org (Ludovic Courtès) writes:
>
>> Andy Wingo <wingo@pobox.com> skribis:
>>
>>> * gnu/packages/gnome.scm (colord): Add libcap as an input. I don't know why;
>>> I suspect something libtool-related with libelogind.la.
>>
>> If libelogind.la has a -lcap without -L/...-libcap, then could you add a
>> phase there to do that instead? (For example the recipe for hwloc does
>> that.)
>
> Ah sure. Actually re: elogind we can make whatever modifications are
> necessary to "upstream", like --with-libcap or whatever. I'll give it a
> poke.
Cool, thanks!
Ludo'.
^ permalink raw reply [flat|nested] 21+ messages in thread
* [PATCH v2 6/7] gnu: Add elogind service.
2015-08-18 8:03 [PATCH v2 1/7] guix: git: Support shallow git clones if a tag is available Andy Wingo
` (3 preceding siblings ...)
2015-08-18 9:54 ` [PATCH v2 5/7] gnu: colord: Add libcap input Andy Wingo
@ 2015-08-18 9:56 ` Andy Wingo
2015-08-25 15:04 ` Ludovic Courtès
2015-08-18 9:57 ` [PATCH v2 7/7] gnu: Add polkit service Andy Wingo
5 siblings, 1 reply; 21+ messages in thread
From: Andy Wingo @ 2015-08-18 9:56 UTC (permalink / raw)
To: guix-devel
* gnu/services/desktop.scm (elogind-service): New function.
(%desktop-services): Add elogind-service.
---
gnu/services/desktop.scm | 27 ++++++++++++++++++++++++++-
1 file changed, 26 insertions(+), 1 deletion(-)
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 4e4b49d..4973e82 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -26,6 +26,7 @@
#:use-module (gnu system shadow)
#:use-module (gnu packages glib)
#:use-module (gnu packages admin)
+ #:use-module (gnu packages freedesktop)
#:use-module (gnu packages gnome)
#:use-module (gnu packages avahi)
#:use-module (gnu packages wicd)
@@ -39,6 +40,7 @@
geoclue-application
%standard-geoclue-applications
geoclue-service
+ elogind-service
%desktop-services))
;;; Commentary:
@@ -374,6 +376,28 @@ site} for more information."
\f
;;;
+;;; Elogind login and seat management service.
+;;;
+
+(define* (elogind-service #:key (elogind elogind))
+ "Return a service that runs the @command{elogind} login and seat management
+service. The @command{elogind} service integrates with PAM to allow other
+system components to know the set of logged-in users as well as their session
+types (graphical, console, remote, etc.). It can also clean up after users
+when they log out."
+ (with-monad %store-monad
+ (return
+ (service
+ (documentation "Run the elogind login and seat management service.")
+ (provision '(elogind))
+ (requirement '(dbus-system))
+
+ (start #~(make-forkexec-constructor
+ (list (string-append #$elogind "/libexec/elogind/elogind"))))
+ (stop #~(make-kill-destructor))))))
+
+\f
+;;;
;;; The default set of desktop services.
;;;
(define %desktop-services
@@ -389,7 +413,8 @@ site} for more information."
;; time, so we currently add them to the set of default services.
(colord-service)
(geoclue-service)
- (dbus-service (list avahi wicd upower colord geoclue))
+ (elogind-service)
+ (dbus-service (list avahi wicd upower colord geoclue elogind))
(ntp-service)
--
2.4.3
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH v2 7/7] gnu: Add polkit service.
2015-08-18 8:03 [PATCH v2 1/7] guix: git: Support shallow git clones if a tag is available Andy Wingo
` (4 preceding siblings ...)
2015-08-18 9:56 ` [PATCH v2 6/7] gnu: Add elogind service Andy Wingo
@ 2015-08-18 9:57 ` Andy Wingo
2015-08-25 15:05 ` Ludovic Courtès
5 siblings, 1 reply; 21+ messages in thread
From: Andy Wingo @ 2015-08-18 9:57 UTC (permalink / raw)
To: guix-devel
* gnu/services/desktop.scm (polkit-service): New function.
(%desktop-services): Add polkit service.
---
gnu/services/desktop.scm | 48 +++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 43 insertions(+), 5 deletions(-)
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 4973e82..543b452 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -30,6 +30,7 @@
#:use-module (gnu packages gnome)
#:use-module (gnu packages avahi)
#:use-module (gnu packages wicd)
+ #:use-module (gnu packages polkit)
#:use-module (guix monads)
#:use-module (guix store)
#:use-module (guix gexp)
@@ -40,6 +41,7 @@
geoclue-application
%standard-geoclue-applications
geoclue-service
+ polkit-service
elogind-service
%desktop-services))
@@ -376,6 +378,40 @@ site} for more information."
\f
;;;
+;;; Polkit privilege management service.
+;;;
+
+(define* (polkit-service #:key (polkit polkit))
+ "Return a service that runs the @command{polkit} privilege management
+service. By querying the @command{polkit} service, a privileged system
+component can know when it should grant additional capabilities to ordinary
+users. For example, an ordinary user can be granted the capability to suspend
+the system if the user is logged in locally."
+ (with-monad %store-monad
+ (return
+ (service
+ (documentation "Run the polkit privilege management service.")
+ (provision '(polkit-daemon))
+ (requirement '(dbus-system))
+
+ (start #~(make-forkexec-constructor
+ (list (string-append #$polkit "/lib/polkit-1/polkitd"))))
+ (stop #~(make-kill-destructor))
+
+ (user-groups (list (user-group
+ (name "polkitd")
+ (system? #t))))
+ (user-accounts (list (user-account
+ (name "polkitd")
+ (group "polkitd")
+ (system? #t)
+ (comment "Polkit daemon user")
+ (home-directory "/var/empty")
+ (shell
+ "/run/current-system/profile/sbin/nologin"))))))))
+
+\f
+;;;
;;; Elogind login and seat management service.
;;;
@@ -407,14 +443,16 @@ when they log out."
(avahi-service)
(wicd-service)
(upower-service)
- ;; FIXME: The colord and geoclue services could all be bus-activated
- ;; by default, so they don't run at program startup. However, user
- ;; creation and /var/lib.colord creation happen at service activation
- ;; time, so we currently add them to the set of default services.
+ ;; FIXME: The colord, geoclue, and polkit services could all be
+ ;; bus-activated by default, so they don't run at program startup.
+ ;; However, user creation and /var/lib/colord creation happen at
+ ;; service activation time, so we currently add them to the set of
+ ;; default services.
(colord-service)
(geoclue-service)
+ (polkit-service)
(elogind-service)
- (dbus-service (list avahi wicd upower colord geoclue elogind))
+ (dbus-service (list avahi wicd upower colord geoclue polkit elogind))
(ntp-service)
--
2.4.3
^ permalink raw reply related [flat|nested] 21+ messages in thread