[bug#35305] LightDM service

[L p R n d n <guix@lprndn.info>]

[-- Attachment #1: Type: text/plain, Size: 851 bytes --]

Hello,


Ricardo Wurmus <rekado@elephly.net> writes:

> I have applied all patches locally, pushed some of them to the master
> branch already, and also made these local changes:

Thanks for the review!

[...]
>  
>  @item @code{autologin-user} (default: "")
> -If @code{autologin-user} is set, LightDM logs in directly
> -as @code{autologin-user} to the session defined in
> -@code{default-user-session}. This user should be part of the
> +If @code{autologin-user} is set, LightDM logs in directly as
> +@code{autologin-user} to the session defined in
> +@code{default-user-session}.  This user should be part of the
>  @code{autologin} group.

My bad but here, the `autologin group thing is not applicable in
Guix at least for now. + adding a user to this group outputs an error
So I tried to make a quick fix of the documentation with this patch:


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: no-autologin.diff --]
[-- Type: text/x-patch, Size: 801 bytes --]

diff --git a/doc/guix.texi b/doc/guix.texi
index 54eba225d3..3dd5fe216a 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -14792,10 +14792,9 @@ The name of the default @code{.desktop} file describing a session.
 Will be used for @code{user-session} and @code{autologin-session} if necessary.
 
 @item @code{autologin-user} (default: "")
-If @code{autologin-user} is set, LightDM logs in directly
-as @code{autologin-user} to the session defined in
-@code{default-user-session}. This user should be part of the
-@code{autologin} group.
+If @code{autologin-user} is set, LightDM logs in directly as
+@code{autologin-user} to the session defined in
+@code{default-user-session}.
 
 @item @code{extra-config} (default: @code{'()})
 A list of strings each describing a custom setting to append to the seat

[-- Attachment #3: Type: text/plain, Size: 2149 bytes --]


However it might be interesting to set this up in Guix as it seems to be
used in other linux distribution and looks like a relatively good security
feature. I'm not versed in security but we would at least need to create
this group and modify the pam services. Should I open an issue for that?

[...]

>
> What do you think about these changes?  I felt that a list of
> directories should be expressed as a list and not a colon-separated
> string.  I realize that this clashes with the lightdm configuration
> file, which speaks of “directory” even though it accepts a
> colon-separated list of directories.

Everything is looking fine! And the directories as lists is indeed way better.

> If that’s fine I’ll fold them into your patch that adds the service.
>
> I built a VM and noticed that all icons are missing.  Should the service
> arrange for a certain fallback icon theme to be installed?

If you only added (service-type lightdm-service-type) without any
greeter, it's expected.
LightDM without autologin needs a greeter. So in this case you just get
a "fallback" session to avoid unnecesseraly breaking the user's
system. I choose not to bring lightdm-gtk-greeter's assets to give the
user a little push toward adding a greeter service. It's very arguable
so if you think we should bring in assets too, let's do it. I can
prepare a patch if you want. The documentation might also be lacking
here. So adding a little comment in the lightdm-service description
might also be enough. What do you think?

> I also haven’t actually been able to log in as root with an empty
> password, which is what the VM generates by default.  Can this be
> supported with lightdm?

Didn't succeed either but it should be possible... :/
Looking on the web, on passwordless login, the lightdm-autologin pam is
often cited so this line:

(pam-entry (control "required") (module "pam_succeed_if.so")
           (arguments (list "uid >= 1000")))

might be related. But I'm really not knowledgeable enough on this matter
to give a proper answer.

> --
> Ricardo

Have a nice day,

L  p R n  d n