all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* [PATCHES] Add elogind service
@ 2015-09-01 11:42 Andy Wingo
  2015-09-01 11:53 ` [PATCHES] Whip polkit into shape Andy Wingo
                   ` (2 more replies)
  0 siblings, 3 replies; 6+ messages in thread
From: Andy Wingo @ 2015-09-01 11:42 UTC (permalink / raw)
  To: guix-devel

[-- Attachment #1: Type: text/plain, Size: 328 bytes --]

Attached are two patches.  The first updates elogind to a current
release tarball.  The second adds a service.  These are the bottom two
patches in wip-pam-elogind.  If you run the service, you'll at least
have lid suspend support.  Some patches more patches to follow but these
are the only elogind ones.  OK to commit?

Andy


[-- Attachment #2: 0001-gnu-elogind-Update-to-version-219.12.patch --]
[-- Type: text/plain, Size: 5625 bytes --]

From fdd8893f287696fb016e9e78fbcba04d03840ee6 Mon Sep 17 00:00:00 2001
From: Andy Wingo <wingo@pobox.com>
Date: Tue, 18 Aug 2015 10:05:24 +0200
Subject: [PATCH 1/7] gnu: elogind: Update to version 219.12.

* gnu/packages/freedesktop.scm (elogind): Update to 219.12.  Use a tarball
  instead of a git checkout.
---
 gnu/packages/freedesktop.scm | 104 ++++++++++++++++++++-----------------------
 1 file changed, 48 insertions(+), 56 deletions(-)

diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm
index d477668..c085fe5 100644
--- a/gnu/packages/freedesktop.scm
+++ b/gnu/packages/freedesktop.scm
@@ -41,6 +41,7 @@
   #:use-module (gnu packages xdisorg)
   #:use-module (gnu packages xorg)
   #:use-module (gnu packages boost)
+  #:use-module (gnu packages m4)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages doxygen)
   #:use-module (gnu packages libffi)
@@ -130,65 +131,56 @@ the freedesktop.org XDG Base Directory specification.")
     (license license:expat)))
 
 (define-public elogind
-  (let ((commit "14405a9"))
-    (package
-      (name "elogind")
-      (version (string-append "219." commit))
-      (source (origin
-                (method git-fetch)
-                (uri (git-reference
-                      (url "http://git.elephly.net/software/elogind.git")
-                      (commit commit)))
-                (sha256
-                 (base32
-                  "1wz5lxj95qg64x2q5hf4zcb35hpxlw3wfswx6sb2srvsg50y3y72"))
-                (file-name (string-append name "-checkout-" commit))
-                (modules '((guix build utils)))
-                (snippet
-                 '(begin
-                    (use-modules (guix build utils))
-                    (substitute* "Makefile.am"
-                      ;; Avoid validation against DTD because the DTDs for
-                      ;; both doctype 4.2 and 4.5 are needed.
-                      (("XSLTPROC_FLAGS = ") "XSLTPROC_FLAGS = --novalid"))))))
-      (build-system gnu-build-system)
-      (arguments
-       `(#:configure-flags
-         (list
-          ;; pam_elogind fails because of bus-error.c hackery
-          "--disable-pam"
-          (string-append "--with-rootprefix=" (assoc-ref %outputs "out")))
-         #:phases
-         (modify-phases %standard-phases
-           (add-after 'unpack 'autogen
-                      (lambda _
-                        (and (zero? (system* "intltoolize" "--force" "--automake"))
-                             (zero? (system* "autoreconf" "-vif"))))))))
-      (native-inputs
-       `(("intltool" ,intltool)
-         ("gettext" ,gnu-gettext)
-         ("docbook-xsl" ,docbook-xsl)
-         ("docbook-xml" ,docbook-xml)
-         ("xsltproc" ,libxslt)
-         ("libxml2" ,libxml2)                     ;for XML_CATALOG_FILES
-         ("pkg-config", pkg-config)
-         ("autoconf" ,autoconf)
-         ("automake" ,automake)
-         ("libtool" ,libtool)
-         ("gperf" ,gperf)))
-      (inputs
-       `(("linux-pam" ,linux-pam)
-         ("linux-libre-headers" ,linux-libre-headers)
-         ("libcap" ,libcap)
-         ("dbus" ,dbus)
-         ("eudev" ,eudev)))
-      (home-page "https://github.com/andywingo/elogind")
-      (synopsis "User, seat, and session management service")
-      (description "Elogind is the systemd project's \"logind\" service,
+  (package
+    (name "elogind")
+    (version "219.12")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://wingolog.org/pub/" name "/"
+                                  name "-" version ".tar.xz"))
+              (sha256
+               (base32
+                "13qc4f0dl7ynnfp1y565z2k0jjizly5w3dqhiqkdk7v6jr4pksb7"))
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  (use-modules (guix build utils))
+                  (substitute* "Makefile.am"
+                    ;; Avoid validation against DTD because the DTDs for
+                    ;; both doctype 4.2 and 4.5 are needed.
+                    (("XSLTPROC_FLAGS = ") "XSLTPROC_FLAGS = --novalid"))))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags
+       (list (string-append "--with-libcap="
+                            (assoc-ref %build-inputs "libcap"))
+             (string-append "--with-udevrulesdir="
+                            (assoc-ref %outputs "out")
+                            "/lib/udev/rules.d"))
+       #:make-flags '("PKTTYAGENT=/run/current-system/profile/bin/pkttyagent")))
+    (native-inputs
+     `(("intltool" ,intltool)
+       ("gettext" ,gnu-gettext)
+       ("docbook-xsl" ,docbook-xsl)
+       ("docbook-xml" ,docbook-xml)
+       ("xsltproc" ,libxslt)
+       ("m4" ,m4)
+       ("libxml2" ,libxml2)                     ;for XML_CATALOG_FILES
+       ("pkg-config", pkg-config)
+       ("gperf" ,gperf)))
+    (inputs
+     `(("linux-pam" ,linux-pam)
+       ("linux-libre-headers" ,linux-libre-headers)
+       ("libcap" ,libcap)
+       ("dbus" ,dbus)
+       ("eudev" ,eudev)))
+    (home-page "https://github.com/andywingo/elogind")
+    (synopsis "User, seat, and session management service")
+    (description "Elogind is the systemd project's \"logind\" service,
 extracted out as a separate project.  Elogind integrates with PAM to provide
 the org.freedesktop.login1 interface over the system bus, allowing other parts
 of a the system to know what users are logged in, and where.")
-      (license license:lgpl2.1+))))
+    (license license:lgpl2.1+)))
 
 (define-public python-pyxdg
   (package
-- 
2.4.3


[-- Attachment #3: 0002-gnu-Add-elogind-service.patch --]
[-- Type: text/plain, Size: 9440 bytes --]

From 4f32d646cf14133a98899c448d588088c80d680d Mon Sep 17 00:00:00 2001
From: Andy Wingo <wingo@pobox.com>
Date: Tue, 18 Aug 2015 11:56:17 +0200
Subject: [PATCH 2/7] gnu: Add elogind service.

* gnu/services/desktop.scm (elogind-configuration-file, elogind-service): New
  functions.
  (%desktop-services): Add elogind-service.
---
 gnu/services/desktop.scm | 172 ++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 171 insertions(+), 1 deletion(-)

diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 4e4b49d..764954c 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -26,6 +26,7 @@
   #:use-module (gnu system shadow)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages admin)
+  #:use-module (gnu packages freedesktop)
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages avahi)
   #:use-module (gnu packages wicd)
@@ -39,6 +40,7 @@
             geoclue-application
             %standard-geoclue-applications
             geoclue-service
+            elogind-service
             %desktop-services))
 
 ;;; Commentary:
@@ -374,6 +376,173 @@ site} for more information."
 
 \f
 ;;;
+;;; Elogind login and seat management service.
+;;;
+
+(define (missing-keyword-argument name)
+  (error "missing keyword argument:" name))
+
+(define-syntax-rule (define-with-required-kwargs name (arg ...)
+                      body ...)
+  (define name (lambda* (#:key (arg (missing-keyword-argument 'arg)) ...)
+                 body ...)))
+
+(define-with-required-kwargs elogind-configuration-file
+  (kill-user-processes? kill-only-users kill-exclude-users
+   inhibit-delay-max-seconds
+   handle-power-key handle-suspend-key handle-hibernate-key
+   handle-lid-switch handle-lid-switch-docked
+   power-key-ignore-inhibited? suspend-key-ignore-inhibited?
+   hibernate-key-ignore-inhibited? lid-switch-ignore-inhibited?
+   holdoff-timeout-seconds
+   idle-action idle-action-seconds
+   runtime-directory-size-percent runtime-directory-size
+   remove-ipc?
+   suspend-state suspend-mode
+   hibernate-state hibernate-mode
+   hybrid-sleep-state hybrid-sleep-mode)
+  (define (yesno x)
+    (match x
+      (#t "yes")
+      (#f "no")
+      (_ (error "expected #t or #f, instead got:" x))))
+  (define char-set:user-name
+    (string->char-set "abcdefghijklmnopqrstuvwxyz0123456789_-"))
+  (define (valid-list? l pred)
+    (and-map (lambda (x) (string-every pred x)) l))
+  (define (user-name-list users)
+    (unless (valid-list? users char-set:user-name)
+      (error "invalid user list" users))
+    (string-join users " "))
+  (define (enum val allowed)
+    (unless (memq val allowed)
+      (error "invalid value" val allowed))
+    (symbol->string val))
+  (define (non-negative-integer x)
+    (unless (exact-integer? x) (error "not an integer" x))
+    (when (negative? x) (error "negative number not allowed" x))
+    (number->string x))
+  (define handle-actions
+    '(ignore poweroff reboot halt kexec suspend hibernate hybrid-sleep lock))
+  (define (handle-action x)
+    (enum x handle-actions))
+  (define (sleep-list tokens)
+    (unless (valid-list? tokens char-set:user-name)
+      (error "invalid sleep list" tokens))
+    (string-join tokens " "))
+  (text-file
+   "logind.conf"
+   (string-append
+    "[Login]\n"
+    "KillUserProcesses=" (yesno kill-user-processes?) "\n"
+    "KillOnlyUsers=" (user-name-list kill-only-users) "\n"
+    "KillExcludeUsers=" (user-name-list kill-exclude-users) "\n"
+    "InhibitDelayMaxSecs=" (non-negative-integer inhibit-delay-max-seconds) "\n"
+    "HandlePowerKey=" (handle-action handle-power-key) "\n"
+    "HandleSuspendKey=" (handle-action handle-suspend-key) "\n"
+    "HandleHibernateKey=" (handle-action handle-hibernate-key) "\n"
+    "HandleLidSwitch=" (handle-action handle-lid-switch) "\n"
+    "HandleLidSwitchDocked=" (handle-action handle-lid-switch-docked) "\n"
+    "PowerKeyIgnoreInhibited=" (yesno power-key-ignore-inhibited?) "\n"
+    "SuspendKeyIgnoreInhibited=" (yesno suspend-key-ignore-inhibited?) "\n"
+    "HibernateKeyIgnoreInhibited=" (yesno hibernate-key-ignore-inhibited?) "\n"
+    "LidSwitchIgnoreInhibited=" (yesno lid-switch-ignore-inhibited?) "\n"
+    "HoldoffTimeoutSecs=" (non-negative-integer holdoff-timeout-seconds) "\n"
+    "IdleAction=" (handle-action idle-action) "\n"
+    "IdleActionSeconds=" (non-negative-integer idle-action-seconds) "\n"
+    "RuntimeDirectorySize="
+    (if runtime-directory-size-percent
+        (string-append
+         (non-negative-integer runtime-directory-size-percent)
+         "%")
+        (non-negative-integer runtime-directory-size)) "\n"
+    "RemoveIpc=" (yesno remove-ipc?) "\n"
+
+    "[Sleep]\n"
+    "SuspendState=" (sleep-list suspend-state) "\n"
+    "SuspendMode=" (sleep-list suspend-mode) "\n"
+    "HibernateState=" (sleep-list hibernate-state) "\n"
+    "HibernateMode=" (sleep-list hibernate-mode) "\n"
+    "HybridSleepState=" (sleep-list hybrid-sleep-state) "\n"
+    "HybridSleepMode=" (sleep-list hybrid-sleep-mode) "\n")))
+
+(define* (elogind-service #:key (elogind elogind)
+                          (kill-user-processes? #f)
+                          (kill-only-users '()) (kill-exclude-users '("root"))
+                          (inhibit-delay-max-seconds 5)
+                          (handle-power-key 'poweroff)
+                          (handle-suspend-key 'suspend)
+                          (handle-hibernate-key 'hibernate)
+                          (handle-lid-switch 'suspend)
+                          (handle-lid-switch-docked 'ignore)
+                          (power-key-ignore-inhibited? #f)
+                          (suspend-key-ignore-inhibited? #f)
+                          (hibernate-key-ignore-inhibited? #f)
+                          (lid-switch-ignore-inhibited? #t)
+                          (holdoff-timeout-seconds 30)
+                          (idle-action 'ignore)
+                          (idle-action-seconds (* 30 60))
+                          (runtime-directory-size-percent 10)
+                          (runtime-directory-size #f)
+                          (remove-ipc? #t)
+
+                          (suspend-state '("mem" "standby" "freeze"))
+                          (suspend-mode '())
+                          (hibernate-state '("disk"))
+                          (hibernate-mode '("platform" "shutdown"))
+                          (hybrid-sleep-state '("disk"))
+                          (hybrid-sleep-mode '("suspend" "platform" "shutdown")))
+  "Return a service that runs the @command{elogind} login and seat management
+service.  The @command{elogind} service integrates with PAM to allow other
+system components to know the set of logged-in users as well as their session
+types (graphical, console, remote, etc.).  It can also clean up after users
+when they log out."
+  (mlet %store-monad
+      ((config
+        (elogind-configuration-file
+         #:kill-user-processes? kill-user-processes?
+         #:kill-only-users kill-only-users
+         #:kill-exclude-users kill-exclude-users
+         #:inhibit-delay-max-seconds inhibit-delay-max-seconds
+         #:handle-power-key handle-power-key
+         #:handle-suspend-key handle-suspend-key
+         #:handle-hibernate-key handle-hibernate-key
+         #:handle-lid-switch handle-lid-switch
+         #:handle-lid-switch-docked handle-lid-switch-docked
+         #:power-key-ignore-inhibited? power-key-ignore-inhibited?
+         #:suspend-key-ignore-inhibited? suspend-key-ignore-inhibited?
+         #:hibernate-key-ignore-inhibited? hibernate-key-ignore-inhibited?
+         #:power-key-ignore-inhibited? power-key-ignore-inhibited?
+         #:suspend-key-ignore-inhibited? suspend-key-ignore-inhibited?
+         #:hibernate-key-ignore-inhibited? hibernate-key-ignore-inhibited?
+         #:lid-switch-ignore-inhibited? lid-switch-ignore-inhibited?
+         #:holdoff-timeout-seconds holdoff-timeout-seconds
+         #:idle-action idle-action
+         #:idle-action-seconds idle-action-seconds
+         #:runtime-directory-size-percent runtime-directory-size-percent
+         #:runtime-directory-size runtime-directory-size
+         #:remove-ipc? remove-ipc?
+
+         #:suspend-state suspend-state
+         #:suspend-mode suspend-mode
+         #:hibernate-state hibernate-state
+         #:hibernate-mode hibernate-mode
+         #:hybrid-sleep-state hybrid-sleep-state
+         #:hybrid-sleep-mode hybrid-sleep-mode)))
+    (return
+     (service
+      (documentation "Run the elogind login and seat management service.")
+      (provision '(elogind))
+      (requirement '(dbus-system))
+
+      (start #~(make-forkexec-constructor
+                (list (string-append #$elogind "/libexec/elogind/elogind"))
+                #:environment-variables
+                (list (string-append "ELOGIND_CONF_FILE=" #$config))))
+      (stop #~(make-kill-destructor))))))
+
+\f
+;;;
 ;;; The default set of desktop services.
 ;;;
 (define %desktop-services
@@ -389,7 +558,8 @@ site} for more information."
          ;; time, so we currently add them to the set of default services.
          (colord-service)
          (geoclue-service)
-         (dbus-service (list avahi wicd upower colord geoclue))
+         (elogind-service)
+         (dbus-service (list avahi wicd upower colord geoclue elogind))
 
          (ntp-service)
 
-- 
2.4.3


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [PATCHES] Whip polkit into shape
  2015-09-01 11:42 [PATCHES] Add elogind service Andy Wingo
@ 2015-09-01 11:53 ` Andy Wingo
  2015-09-01 11:57   ` Andy Wingo
  2015-09-02 15:53 ` [PATCHES] Add elogind service Thompson, David
  2015-09-02 19:10 ` Ludovic Courtès
  2 siblings, 1 reply; 6+ messages in thread
From: Andy Wingo @ 2015-09-01 11:53 UTC (permalink / raw)
  To: guix-devel

Attached are three patches to polkit.  The first makes polkit use
elogind for seat management.  The second is based on a WIP patch from
Mark, and arranges for polkit to look in the system profile for rules
and actions.  The third adds a polkit service.  I've tested these by
running "pkaction" and "pkcheck", both with an embedded authentication
agent and with an external agent.  Kinda cool to see these work.
Unfortunately I haven't gotten user-mode "loginctl reboot" to work --
for some reason it doesn't end up spawning the authentication agent
correctly.  Oh well, future work.  Usually people will be running with a
authentication agent linked to their graphical session anyway.

BTW, for XFCE there appears to be this thing: 

  https://github.com/ncopa/xfce-polkit

See also:

  https://wiki.archlinux.org/index.php/Polkit#Authentication_agents

Cheers,

Andy

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCHES] Whip polkit into shape
  2015-09-01 11:53 ` [PATCHES] Whip polkit into shape Andy Wingo
@ 2015-09-01 11:57   ` Andy Wingo
  2015-09-02 19:18     ` Ludovic Courtès
  0 siblings, 1 reply; 6+ messages in thread
From: Andy Wingo @ 2015-09-01 11:57 UTC (permalink / raw)
  To: guix-devel

[-- Attachment #1: Type: text/plain, Size: 988 bytes --]

On Tue 01 Sep 2015 13:53, Andy Wingo <wingo@igalia.com> writes:

> Attached are three patches to polkit.  The first makes polkit use
> elogind for seat management.  The second is based on a WIP patch from
> Mark, and arranges for polkit to look in the system profile for rules
> and actions.  The third adds a polkit service.  I've tested these by
> running "pkaction" and "pkcheck", both with an embedded authentication
> agent and with an external agent.  Kinda cool to see these work.
> Unfortunately I haven't gotten user-mode "loginctl reboot" to work --
> for some reason it doesn't end up spawning the authentication agent
> correctly.  Oh well, future work.  Usually people will be running with a
> authentication agent linked to their graphical session anyway.
>
> BTW, for XFCE there appears to be this thing: 
>
>   https://github.com/ncopa/xfce-polkit
>
> See also:
>
>   https://wiki.archlinux.org/index.php/Polkit#Authentication_agents
>
> Cheers,

aaaaaaand here they are


[-- Attachment #2: 0003-gnu-polkit-Use-elogind-for-seat-management.patch --]
[-- Type: text/plain, Size: 2216 bytes --]

From e409449f493da3a42b9f989c819d3290fe9a523a Mon Sep 17 00:00:00 2001
From: Andy Wingo <wingo@pobox.com>
Date: Tue, 18 Aug 2015 11:39:22 +0200
Subject: [PATCH 3/7] gnu: polkit: Use elogind for seat management.

* gnu/packages/polkit.scm (polkit): Depend on elogind.
---
 gnu/packages/polkit.scm | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/polkit.scm b/gnu/packages/polkit.scm
index 172b0e1..acbc03d 100644
--- a/gnu/packages/polkit.scm
+++ b/gnu/packages/polkit.scm
@@ -23,6 +23,7 @@
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages)
+  #:use-module (gnu packages freedesktop)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnuzilla)
   #:use-module (gnu packages linux)
@@ -44,11 +45,28 @@
              (sha256
               (base32
                "109w86kfqrgz83g9ivggplmgc77rz8kx8646izvm2jb57h4rbh71"))
-             (patches (list (search-patch "polkit-drop-test.patch")))))
+             (patches (list (search-patch "polkit-drop-test.patch")))
+             (modules '((guix build utils)))
+             (snippet
+              '(begin
+                 (use-modules (guix build utils))
+                 (substitute* "configure"
+                   ;; Replace libsystemd-login with libelogind.
+                   (("libsystemd-login") "libelogind")
+                   ;; Skip the sanity check that the current system runs
+                   ;; systemd.
+                   (("test ! -d /sys/fs/cgroup/systemd/") "false"))
+                 (substitute* "src/polkit/polkitunixsession-systemd.c"
+                   (("systemd") "elogind"))
+                 (substitute* "src/polkitbackend/polkitbackendsessionmonitor-systemd.c"
+                   (("systemd") "elogind"))
+                 (substitute* "src/polkitbackend/polkitbackendjsauthority.c"
+                   (("systemd") "elogind"))))))
     (build-system gnu-build-system)
     (inputs
       `(("expat" ,expat)
         ("glib:bin" ,glib "bin") ; for glib-mkenums
+        ("elogind" ,elogind)
         ("intltool" ,intltool)
         ("linux-pam" ,linux-pam)
         ("mozjs" ,mozjs)
-- 
2.4.3


[-- Attachment #3: 0004-gnu-polkit-Look-for-rules-in-run-current-system-prof.patch --]
[-- Type: text/plain, Size: 4649 bytes --]

From 11e1301553117f093642142bf50bb4462c87ba47 Mon Sep 17 00:00:00 2001
From: Andy Wingo <wingo@pobox.com>
Date: Tue, 1 Sep 2015 13:30:31 +0200
Subject: [PATCH 4/7] gnu: polkit: Look for rules in
 /run/current-system/profile.

* gnu/packages/polkit.scm (polkit): Configure to look for actions and
  rules in the system profile.  Arrange to look for the setuid helper in
  /run/setuid-programs.  Fix introspection installation.

Based on a patch by Mark H Weaver <mhw@netris.org>.
---
 gnu/packages/polkit.scm | 62 +++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 52 insertions(+), 10 deletions(-)

diff --git a/gnu/packages/polkit.scm b/gnu/packages/polkit.scm
index acbc03d..010d47a 100644
--- a/gnu/packages/polkit.scm
+++ b/gnu/packages/polkit.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 Andreas Enge <andreas@enge.fr>
+;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -61,20 +62,61 @@
                  (substitute* "src/polkitbackend/polkitbackendsessionmonitor-systemd.c"
                    (("systemd") "elogind"))
                  (substitute* "src/polkitbackend/polkitbackendjsauthority.c"
-                   (("systemd") "elogind"))))))
+                   (("systemd") "elogind"))
+
+                 (substitute* "src/polkitagent/polkitagentsession.c"
+                   (("PACKAGE_PREFIX \"/lib/polkit-1/polkit-agent-helper-1\"")
+                    "\"/run/setuid-programs/polkit-agent-helper-1\""))
+                 (substitute* "src/polkitbackend/polkitbackendinteractiveauthority.c"
+                   (("PACKAGE_DATA_DIR \"/polkit-1/actions\"")
+                    "\"/run/current-system/profile/share/polkit-1/actions\""))
+                 (substitute* "src/polkitbackend/polkitbackendjsauthority.c"
+                   (("PACKAGE_SYSCONF_DIR \"/polkit-1/rules.d\"")
+                    "\"/run/current-system/profile/etc/polkit-1/rules.d\""))
+                 (substitute* "src/polkitbackend/polkitbackendjsauthority.c"
+                   (("PACKAGE_DATA_DIR \"/polkit-1/rules.d\"")
+                    "\"/run/current-system/profile/share/polkit-1/rules.d\""))))))
     (build-system gnu-build-system)
     (inputs
-      `(("expat" ,expat)
-        ("glib:bin" ,glib "bin") ; for glib-mkenums
-        ("elogind" ,elogind)
-        ("intltool" ,intltool)
-        ("linux-pam" ,linux-pam)
-        ("mozjs" ,mozjs)
-        ("nspr" ,nspr)))
+     `(("expat" ,expat)
+       ("linux-pam" ,linux-pam)
+       ("elogind" ,elogind)
+       ("mozjs" ,mozjs)
+       ("nspr" ,nspr)))
     (propagated-inputs
-      `(("glib" ,glib))) ; required by polkit-gobject-1.pc
+     `(("glib" ,glib))) ; required by polkit-gobject-1.pc
     (native-inputs
-      `(("pkg-config", pkg-config)))
+     `(("pkg-config" ,pkg-config)
+       ("glib:bin" ,glib "bin") ; for glib-mkenums
+       ("intltool" ,intltool)
+       ("gobject-introspection" ,gobject-introspection)))
+    (arguments
+     `(#:configure-flags '("--sysconfdir=/etc"
+                           "--enable-man-pages")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after
+          'unpack 'fix-introspection-install-dir
+          (lambda* (#:key outputs #:allow-other-keys)
+            (let ((out (assoc-ref outputs "out")))
+              (substitute* (find-files "." "Makefile.in")
+                (("@INTROSPECTION_GIRDIR@")
+                 (string-append out "/share/gir-1.0/"))
+                (("@INTROSPECTION_TYPELIBDIR@")
+                 (string-append out "/lib/girepository-1.0/"))))))
+         (replace
+          'install
+          (lambda* (#:key outputs (make-flags '()) #:allow-other-keys)
+            ;; Override sysconfdir during "make install", to avoid attempting
+            ;; to install in /etc, and to instead install the skeletons in the
+            ;; output directory.
+            (let ((out (assoc-ref outputs "out")))
+             (zero? (apply system*
+                           "make" "install"
+                           (string-append "sysconfdir=" out "/etc")
+                           (string-append "polkit_actiondir="
+                                          out "/share/polkit-1/actions")
+                           make-flags))))))))
     (home-page "http://www.freedesktop.org/wiki/Software/polkit/")
     (synopsis "Authorization API for privilege management")
     (description "Polkit is an application-level toolkit for defining and
-- 
2.4.3


[-- Attachment #4: 0005-gnu-Add-polkit-service.patch --]
[-- Type: text/plain, Size: 3940 bytes --]

From ec20ffc9bdad2d467ec0f7e76f1b7f7a92580eff Mon Sep 17 00:00:00 2001
From: Andy Wingo <wingo@pobox.com>
Date: Tue, 18 Aug 2015 11:57:15 +0200
Subject: [PATCH 5/7] gnu: Add polkit service.

* gnu/services/desktop.scm (polkit-service): New function.
  (%desktop-services): Add polkit service.
---
 gnu/services/desktop.scm | 51 +++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 46 insertions(+), 5 deletions(-)

diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 764954c..500933c 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -24,12 +24,14 @@
   #:use-module (gnu services xorg)
   #:use-module (gnu services networking)
   #:use-module (gnu system shadow)
+  #:use-module (gnu system linux) ; unix-pam-service
   #:use-module (gnu packages glib)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages freedesktop)
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages avahi)
   #:use-module (gnu packages wicd)
+  #:use-module (gnu packages polkit)
   #:use-module (guix monads)
   #:use-module (guix store)
   #:use-module (guix gexp)
@@ -40,6 +42,7 @@
             geoclue-application
             %standard-geoclue-applications
             geoclue-service
+            polkit-service
             elogind-service
             %desktop-services))
 
@@ -376,6 +379,42 @@ site} for more information."
 
 \f
 ;;;
+;;; Polkit privilege management service.
+;;;
+
+(define* (polkit-service #:key (polkit polkit))
+  "Return a service that runs the @command{polkit} privilege management
+service.  By querying the @command{polkit} service, a privileged system
+component can know when it should grant additional capabilities to ordinary
+users.  For example, an ordinary user can be granted the capability to suspend
+the system if the user is logged in locally."
+  (with-monad %store-monad
+    (return
+     (service
+      (documentation "Run the polkit privilege management service.")
+      (provision '(polkit-daemon))
+      (requirement '(dbus-system))
+
+      (start #~(make-forkexec-constructor
+                (list (string-append #$polkit "/lib/polkit-1/polkitd"))))
+      (stop #~(make-kill-destructor))
+
+      (user-groups (list (user-group
+                          (name "polkitd")
+                          (system? #t))))
+      (user-accounts (list (user-account
+                            (name "polkitd")
+                            (group "polkitd")
+                            (system? #t)
+                            (comment "Polkit daemon user")
+                            (home-directory "/var/empty")
+                            (shell
+                             "/run/current-system/profile/sbin/nologin"))))
+
+      (pam-services (list (unix-pam-service "polkit-1")))))))
+
+\f
+;;;
 ;;; Elogind login and seat management service.
 ;;;
 
@@ -552,14 +591,16 @@ when they log out."
          (avahi-service)
          (wicd-service)
          (upower-service)
-         ;; FIXME: The colord and geoclue services could all be bus-activated
-         ;; by default, so they don't run at program startup.  However, user
-         ;; creation and /var/lib.colord creation happen at service activation
-         ;; time, so we currently add them to the set of default services.
+         ;; FIXME: The colord, geoclue, and polkit services could all be
+         ;; bus-activated by default, so they don't run at program startup.
+         ;; However, user creation and /var/lib/colord creation happen at
+         ;; service activation time, so we currently add them to the set of
+         ;; default services.
          (colord-service)
          (geoclue-service)
+         (polkit-service)
          (elogind-service)
-         (dbus-service (list avahi wicd upower colord geoclue elogind))
+         (dbus-service (list avahi wicd upower colord geoclue polkit elogind))
 
          (ntp-service)
 
-- 
2.4.3


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCHES] Add elogind service
  2015-09-01 11:42 [PATCHES] Add elogind service Andy Wingo
  2015-09-01 11:53 ` [PATCHES] Whip polkit into shape Andy Wingo
@ 2015-09-02 15:53 ` Thompson, David
  2015-09-02 19:10 ` Ludovic Courtès
  2 siblings, 0 replies; 6+ messages in thread
From: Thompson, David @ 2015-09-02 15:53 UTC (permalink / raw)
  To: Andy Wingo; +Cc: guix-devel

On Tue, Sep 1, 2015 at 7:42 AM, Andy Wingo <wingo@igalia.com> wrote:
> Attached are two patches.  The first updates elogind to a current
> release tarball.  The second adds a service.  These are the bottom two
> patches in wip-pam-elogind.  If you run the service, you'll at least
> have lid suspend support.  Some patches more patches to follow but these
> are the only elogind ones.  OK to commit?
>
> From fdd8893f287696fb016e9e78fbcba04d03840ee6 Mon Sep 17 00:00:00 2001
> From: Andy Wingo <wingo@pobox.com>
> Date: Tue, 18 Aug 2015 10:05:24 +0200
> Subject: [PATCH 1/7] gnu: elogind: Update to version 219.12.
>
> * gnu/packages/freedesktop.scm (elogind): Update to 219.12.  Use a tarball
>   instead of a git checkout.

LGTM.

> From 4f32d646cf14133a98899c448d588088c80d680d Mon Sep 17 00:00:00 2001
> From: Andy Wingo <wingo@pobox.com>
> Date: Tue, 18 Aug 2015 11:56:17 +0200
> Subject: [PATCH 2/7] gnu: Add elogind service.
>
> * gnu/services/desktop.scm (elogind-configuration-file, elogind-service): New
>   functions.
>   (%desktop-services): Add elogind-service.
> ---
>  gnu/services/desktop.scm | 172 ++++++++++++++++++++++++++++++++++++++++++++++-
>  1 file changed, 171 insertions(+), 1 deletion(-)
>
> diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
> index 4e4b49d..764954c 100644
> --- a/gnu/services/desktop.scm
> +++ b/gnu/services/desktop.scm
> @@ -26,6 +26,7 @@
>    #:use-module (gnu system shadow)
>    #:use-module (gnu packages glib)
>    #:use-module (gnu packages admin)
> +  #:use-module (gnu packages freedesktop)
>    #:use-module (gnu packages gnome)
>    #:use-module (gnu packages avahi)
>    #:use-module (gnu packages wicd)
> @@ -39,6 +40,7 @@
>              geoclue-application
>              %standard-geoclue-applications
>              geoclue-service
> +            elogind-service
>              %desktop-services))
>
>  ;;; Commentary:
> @@ -374,6 +376,173 @@ site} for more information."
>
>
>  ;;;
> +;;; Elogind login and seat management service.
> +;;;
> +
> +(define (missing-keyword-argument name)
> +  (error "missing keyword argument:" name))
> +
> +(define-syntax-rule (define-with-required-kwargs name (arg ...)
> +                      body ...)
> +  (define name (lambda* (#:key (arg (missing-keyword-argument 'arg)) ...)
> +                 body ...)))
> +
> +(define-with-required-kwargs elogind-configuration-file
> +  (kill-user-processes? kill-only-users kill-exclude-users
> +   inhibit-delay-max-seconds
> +   handle-power-key handle-suspend-key handle-hibernate-key
> +   handle-lid-switch handle-lid-switch-docked
> +   power-key-ignore-inhibited? suspend-key-ignore-inhibited?
> +   hibernate-key-ignore-inhibited? lid-switch-ignore-inhibited?
> +   holdoff-timeout-seconds
> +   idle-action idle-action-seconds
> +   runtime-directory-size-percent runtime-directory-size
> +   remove-ipc?
> +   suspend-state suspend-mode
> +   hibernate-state hibernate-mode
> +   hybrid-sleep-state hybrid-sleep-mode)
> +  (define (yesno x)
> +    (match x
> +      (#t "yes")
> +      (#f "no")
> +      (_ (error "expected #t or #f, instead got:" x))))
> +  (define char-set:user-name
> +    (string->char-set "abcdefghijklmnopqrstuvwxyz0123456789_-"))
> +  (define (valid-list? l pred)
> +    (and-map (lambda (x) (string-every pred x)) l))
> +  (define (user-name-list users)
> +    (unless (valid-list? users char-set:user-name)
> +      (error "invalid user list" users))
> +    (string-join users " "))
> +  (define (enum val allowed)
> +    (unless (memq val allowed)
> +      (error "invalid value" val allowed))
> +    (symbol->string val))
> +  (define (non-negative-integer x)
> +    (unless (exact-integer? x) (error "not an integer" x))
> +    (when (negative? x) (error "negative number not allowed" x))
> +    (number->string x))
> +  (define handle-actions
> +    '(ignore poweroff reboot halt kexec suspend hibernate hybrid-sleep lock))
> +  (define (handle-action x)
> +    (enum x handle-actions))
> +  (define (sleep-list tokens)
> +    (unless (valid-list? tokens char-set:user-name)
> +      (error "invalid sleep list" tokens))
> +    (string-join tokens " "))
> +  (text-file
> +   "logind.conf"
> +   (string-append
> +    "[Login]\n"
> +    "KillUserProcesses=" (yesno kill-user-processes?) "\n"
> +    "KillOnlyUsers=" (user-name-list kill-only-users) "\n"
> +    "KillExcludeUsers=" (user-name-list kill-exclude-users) "\n"
> +    "InhibitDelayMaxSecs=" (non-negative-integer inhibit-delay-max-seconds) "\n"
> +    "HandlePowerKey=" (handle-action handle-power-key) "\n"
> +    "HandleSuspendKey=" (handle-action handle-suspend-key) "\n"
> +    "HandleHibernateKey=" (handle-action handle-hibernate-key) "\n"
> +    "HandleLidSwitch=" (handle-action handle-lid-switch) "\n"
> +    "HandleLidSwitchDocked=" (handle-action handle-lid-switch-docked) "\n"
> +    "PowerKeyIgnoreInhibited=" (yesno power-key-ignore-inhibited?) "\n"
> +    "SuspendKeyIgnoreInhibited=" (yesno suspend-key-ignore-inhibited?) "\n"
> +    "HibernateKeyIgnoreInhibited=" (yesno hibernate-key-ignore-inhibited?) "\n"
> +    "LidSwitchIgnoreInhibited=" (yesno lid-switch-ignore-inhibited?) "\n"
> +    "HoldoffTimeoutSecs=" (non-negative-integer holdoff-timeout-seconds) "\n"
> +    "IdleAction=" (handle-action idle-action) "\n"
> +    "IdleActionSeconds=" (non-negative-integer idle-action-seconds) "\n"
> +    "RuntimeDirectorySize="
> +    (if runtime-directory-size-percent
> +        (string-append
> +         (non-negative-integer runtime-directory-size-percent)
> +         "%")
> +        (non-negative-integer runtime-directory-size)) "\n"
> +    "RemoveIpc=" (yesno remove-ipc?) "\n"
> +
> +    "[Sleep]\n"
> +    "SuspendState=" (sleep-list suspend-state) "\n"
> +    "SuspendMode=" (sleep-list suspend-mode) "\n"
> +    "HibernateState=" (sleep-list hibernate-state) "\n"
> +    "HibernateMode=" (sleep-list hibernate-mode) "\n"
> +    "HybridSleepState=" (sleep-list hybrid-sleep-state) "\n"
> +    "HybridSleepMode=" (sleep-list hybrid-sleep-mode) "\n")))

This procedure and the define-with-required-kwargs syntax seem a bit
awkward to me given that elogind-configuration-file is not part of the
public interface.  What advantage does this syntax bring?  Maybe it
would be better to use a record type for this structure or use a
nested alist?

    '((login (kill-user-processes? . #t) ...) (sleep (suspend-state "standby")))

Not sure what the best thing is.  Ludo?

The rest of the patch looks solid.  Very excited about this.  Thanks!

- Dave

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCHES] Add elogind service
  2015-09-01 11:42 [PATCHES] Add elogind service Andy Wingo
  2015-09-01 11:53 ` [PATCHES] Whip polkit into shape Andy Wingo
  2015-09-02 15:53 ` [PATCHES] Add elogind service Thompson, David
@ 2015-09-02 19:10 ` Ludovic Courtès
  2 siblings, 0 replies; 6+ messages in thread
From: Ludovic Courtès @ 2015-09-02 19:10 UTC (permalink / raw)
  To: Andy Wingo; +Cc: guix-devel

Andy Wingo <wingo@igalia.com> skribis:

> From fdd8893f287696fb016e9e78fbcba04d03840ee6 Mon Sep 17 00:00:00 2001
> From: Andy Wingo <wingo@pobox.com>
> Date: Tue, 18 Aug 2015 10:05:24 +0200
> Subject: [PATCH 1/7] gnu: elogind: Update to version 219.12.
>
> * gnu/packages/freedesktop.scm (elogind): Update to 219.12.  Use a tarball
>   instead of a git checkout.

OK!  Thanks for making the tarball.

> From 4f32d646cf14133a98899c448d588088c80d680d Mon Sep 17 00:00:00 2001
> From: Andy Wingo <wingo@pobox.com>
> Date: Tue, 18 Aug 2015 11:56:17 +0200
> Subject: [PATCH 2/7] gnu: Add elogind service.
>
> * gnu/services/desktop.scm (elogind-configuration-file, elogind-service): New
>   functions.
>   (%desktop-services): Add elogind-service.

[...]

> +(define-with-required-kwargs elogind-configuration-file
> +  (kill-user-processes? kill-only-users kill-exclude-users
> +   inhibit-delay-max-seconds
> +   handle-power-key handle-suspend-key handle-hibernate-key
> +   handle-lid-switch handle-lid-switch-docked
> +   power-key-ignore-inhibited? suspend-key-ignore-inhibited?
> +   hibernate-key-ignore-inhibited? lid-switch-ignore-inhibited?
> +   holdoff-timeout-seconds
> +   idle-action idle-action-seconds
> +   runtime-directory-size-percent runtime-directory-size
> +   remove-ipc?
> +   suspend-state suspend-mode
> +   hibernate-state hibernate-mode
> +   hybrid-sleep-state hybrid-sleep-mode)

[...]

> +(define* (elogind-service #:key (elogind elogind)
> +                          (kill-user-processes? #f)
> +                          (kill-only-users '()) (kill-exclude-users '("root"))
> +                          (inhibit-delay-max-seconds 5)
> +                          (handle-power-key 'poweroff)
> +                          (handle-suspend-key 'suspend)
> +                          (handle-hibernate-key 'hibernate)
> +                          (handle-lid-switch 'suspend)
> +                          (handle-lid-switch-docked 'ignore)
> +                          (power-key-ignore-inhibited? #f)
> +                          (suspend-key-ignore-inhibited? #f)

Nice.

My inclination would be to either let people provide the raw
configuration file via ‘local-file’ or ‘plain-file’ (and provide a
default one), but obviously that’s not as nice, or to use
‘define-record-type*’ to create an <elogind-configuration> record with
sensible default values (similar to <nscd-configuration>, for instance.)
I have a preference for the latter.

WDYT?

(It’s OK to add a macro to generate the record’s getter identifiers
since there are so many of them.)

Thank you!

Ludo’.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCHES] Whip polkit into shape
  2015-09-01 11:57   ` Andy Wingo
@ 2015-09-02 19:18     ` Ludovic Courtès
  0 siblings, 0 replies; 6+ messages in thread
From: Ludovic Courtès @ 2015-09-02 19:18 UTC (permalink / raw)
  To: Andy Wingo; +Cc: guix-devel

Andy Wingo <wingo@igalia.com> skribis:

> On Tue 01 Sep 2015 13:53, Andy Wingo <wingo@igalia.com> writes:
>
>> Attached are three patches to polkit.  The first makes polkit use
>> elogind for seat management.  The second is based on a WIP patch from
>> Mark, and arranges for polkit to look in the system profile for rules
>> and actions.  The third adds a polkit service.  I've tested these by
>> running "pkaction" and "pkcheck", both with an embedded authentication
>> agent and with an external agent.  Kinda cool to see these work.
>> Unfortunately I haven't gotten user-mode "loginctl reboot" to work --
>> for some reason it doesn't end up spawning the authentication agent
>> correctly.  Oh well, future work.  Usually people will be running with a
>> authentication agent linked to their graphical session anyway.

OK, sounds like it’s getting there!  :-)

> From e409449f493da3a42b9f989c819d3290fe9a523a Mon Sep 17 00:00:00 2001
> From: Andy Wingo <wingo@pobox.com>
> Date: Tue, 18 Aug 2015 11:39:22 +0200
> Subject: [PATCH 3/7] gnu: polkit: Use elogind for seat management.
>
> * gnu/packages/polkit.scm (polkit): Depend on elogind.

OK.  Could you add a copyright line?

> From 11e1301553117f093642142bf50bb4462c87ba47 Mon Sep 17 00:00:00 2001
> From: Andy Wingo <wingo@pobox.com>
> Date: Tue, 1 Sep 2015 13:30:31 +0200
> Subject: [PATCH 4/7] gnu: polkit: Look for rules in
>  /run/current-system/profile.
>
> * gnu/packages/polkit.scm (polkit): Configure to look for actions and
>   rules in the system profile.  Arrange to look for the setuid helper in
>   /run/setuid-programs.  Fix introspection installation.

I have a preference to the ‘dbus-service’ style, where we pass the exact
list of services to the service function, because it makes things
explicit and transparent.

But I’m fine with using this approach now and maybe revisiting it later.

> +;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>

Add yourself too?

> From ec20ffc9bdad2d467ec0f7e76f1b7f7a92580eff Mon Sep 17 00:00:00 2001
> From: Andy Wingo <wingo@pobox.com>
> Date: Tue, 18 Aug 2015 11:57:15 +0200
> Subject: [PATCH 5/7] gnu: Add polkit service.
>
> * gnu/services/desktop.scm (polkit-service): New function.
>   (%desktop-services): Add polkit service.

Could you add it to guix.texi?

Otherwise LGTM.

Thanks!

Ludo’.

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2015-09-02 19:18 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-09-01 11:42 [PATCHES] Add elogind service Andy Wingo
2015-09-01 11:53 ` [PATCHES] Whip polkit into shape Andy Wingo
2015-09-01 11:57   ` Andy Wingo
2015-09-02 19:18     ` Ludovic Courtès
2015-09-02 15:53 ` [PATCHES] Add elogind service Thompson, David
2015-09-02 19:10 ` Ludovic Courtès

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.