From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp12.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms5.migadu.com with LMTPS
	id +NNMAKif4WJP3wAAbAwnHQ
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 27 Jul 2022 22:27:20 +0200
Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp12.migadu.com with LMTPS
	id ABYmAKif4WIAjwAAauVa8A
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 27 Jul 2022 22:27:20 +0200
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 79625B177
	for <larch@yhetil.org>; Wed, 27 Jul 2022 22:27:19 +0200 (CEST)
Received: from localhost ([::1]:49156 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	id 1oGnch-0002jL-7e
	for larch@yhetil.org; Wed, 27 Jul 2022 16:27:15 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:37352)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1oGncU-0002iw-SQ
 for guix-patches@gnu.org; Wed, 27 Jul 2022 16:27:03 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:39121)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1oGncU-00007k-Hq
 for guix-patches@gnu.org; Wed, 27 Jul 2022 16:27:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1oGncU-0008US-CG
 for guix-patches@gnu.org; Wed, 27 Jul 2022 16:27:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#56797] [PATCH] gnu: services: fprintd: Add PAM configuration.
Resent-From: Maya <maya.omase@protonmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Wed, 27 Jul 2022 20:27:02 +0000
Resent-Message-ID: <handler.56797.B56797.165895360632612@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 56797
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Maxime Devos <maximedevos@telenet.be>
Cc: "56797@debbugs.gnu.org" <56797@debbugs.gnu.org>
Received: via spool by 56797-submit@debbugs.gnu.org id=B56797.165895360632612
 (code B ref 56797); Wed, 27 Jul 2022 20:27:02 +0000
Received: (at 56797) by debbugs.gnu.org; 27 Jul 2022 20:26:46 +0000
Received: from localhost ([127.0.0.1]:57103 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1oGncE-0008Tw-1i
 for submit@debbugs.gnu.org; Wed, 27 Jul 2022 16:26:46 -0400
Received: from mail-40135.protonmail.ch ([185.70.40.135]:37827)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maya.omase@protonmail.com>) id 1oGncB-0008Te-SD
 for 56797@debbugs.gnu.org; Wed, 27 Jul 2022 16:26:45 -0400
Date: Wed, 27 Jul 2022 20:26:32 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail3; t=1658953597; x=1659212797;
 bh=+EfmRDv8h5elk3ED52ac2Gwtsn41wr472D7wKZNRsK8=;
 h=Date:To:From:Cc:Reply-To:Subject:Message-ID:In-Reply-To:
 References:Feedback-ID:From:To:Cc:Date:Subject:Reply-To:
 Feedback-ID:Message-ID;
 b=BDMXgdXb6Dvmz+ZmboGf6P7I4lnaCDOjMi9t7pAH78FasPmPiBPgVJxqyNZA52E1U
 NnZZHtt8M8rGKo+q0JpFumN3JdUahfeubqLSNUtizjwHPAYbAGd2VBzHApw1Qdswz8
 06IpRc4nlcbjIxrO4G5frnQSX4epJ/okpATx/03AIWAOQ+PGailRfdOQ/MvBXDbhrm
 z5/4gBXHpRHpoUVN26wJnTOUFKQls4U7fN8ipyAK8j31FJyAIdC7zFY0oJhXt/3byy
 V9EE+zO1Hsp7Q9WJI6CDS2Q6MpRFMygJ/Kq0+kEw00fZN0fmcg119KaF37DBN2Qz7E
 HGiXaoI0eUuVg==
Message-ID: <LcTuwD5B16pAYt1fDmGz1h8p7LuuJXmaMo9xaUF24goWjOD_OG4KHOhDM59KlDwoDRXpCnsHaUW8j49fWudFgjA7_XN-Dm1w2OO5gsblHN0=@protonmail.com>
In-Reply-To: <067bff4c-3ada-0597-2632-9482066df2f2@telenet.be>
References: <4AtymQ5ic7YPCQjgRG3Dj73aZuO_Rx7GX8YSKBPeoVoOG_Z8LjXXbqvvfaq-ap0fgLADcsE8zibqDwkO7kazYXa0eMA3EeEaiU_6wGQ0yI8=@protonmail.com>
 <067bff4c-3ada-0597-2632-9482066df2f2@telenet.be>
Feedback-ID: 44744921:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+larch=yhetil.org@gnu.org>
Reply-to:  Maya <maya.omase@protonmail.com>
X-ACL-Warn: ,  Maya via Guix-patches <guix-patches@gnu.org>
From:  Maya via Guix-patches via <guix-patches@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-To: larch@yhetil.org
X-Migadu-Country: US
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1658953639;
	h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:resent-cc:
	 resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to:
	 references:references:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=+EfmRDv8h5elk3ED52ac2Gwtsn41wr472D7wKZNRsK8=;
	b=QuynzReTSCZw8I8nJyDt2tLdVgdbJuaZ98Af2g7txxAfPdChYKzuchHEMwdtVA/YnWhPy5
	YBpfSAUnjw71SNu+xLgWAa/8QTgVajyFrnKBan3XgxSm5p5UGbEOZ0mhE+mdU6geMnXIBp
	tAW9Pdb767b2saybjOb562VA3oNVdmAunmWtF+iA48WDY2i7zk7q/uBH8A82zUNsnuzDGW
	WhOzBOvZvQa7X8TqFACi1aRNasiCDzE9r06vGhVzXBrcNiflWC4kLS8UrvUvacRj6RMTlM
	7w2dBUzty96NHIHun6S18b1QB1EHITLtxMxDsV8ll005/VAN0s2Pwtl8K5DU7w==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1658953639; a=rsa-sha256; cv=none;
	b=eMpGowWvXYR3mfQZak2CffP+VOksNQTqKIVUxRMO31XP9fII4HQ47OtcroeI4dbFUNqdgo
	QZzfr5EGCGIzhL1viuNwsJkEsS8t0o+FqVfNuynneZF3FtlmCYET2Tttg8ZfyHe+iT7frc
	PFXmBszDEdjYeLbIuj6BBjiV8sx/mY1//ReuPc6dpuwUydcJY+CXx36D8v7s5hK2yCk4VN
	kn1sAjKLw8XSi1CbiDw2F/IZJNqw0eYi5sSzbLS4M36DUapvKW68jOR9ShAjBF7HcVta3h
	f5RpszLn+X3ad0kJtcenKr6HlIkY7DRaI1iaY6YmXB8XN4Ms6hxwXsYIj3racA==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=protonmail.com header.s=protonmail3 header.b=BDMXgdXb;
	dmarc=pass (policy=none) header.from=gnu.org;
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Spam-Score: -3.43
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=protonmail.com header.s=protonmail3 header.b=BDMXgdXb;
	dmarc=pass (policy=none) header.from=gnu.org;
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: 79625B177
X-Spam-Score: -3.43
X-Migadu-Scanner: scn1.migadu.com
X-TUID: OVKFfqOdyoI7

>This can be simplified to
>
>    (let ((fprintd-module (file-append (fprintd-configuration-fprintd
>config) "/lib/security/pam_fprintd.so")))

Yes, thank you, I am not yet that great with my guix-fu.

> > +                               #:login-uid? #t))

> What's this line for?  I'm not finding 'login-uid?' anywhere in the
> manual, a comment would be in order.

I've got this from the unix-pam-service and from gdm-service-type. The code=
 this refers to in gnu/system/pam.scm:

,@(if login-uid?
     (list (pam-entry       ;to fill in /proc/self/loginuid
                (control "required")
                (module "pam_loginuid.so")))
     '())

gdm-service-type uses it in all 3 of it's pam modules. So I figured it ough=
t to be there. I can investigate further, but it seems like I should not to=
uch it.

> Documentation is missing (in the manual), so as-is, this new feature is
> hard to find.

Oh? I didn't know that. Doesn't define-configuration generate documentation=
 automatically? If it does not, I will hapilly add it, but I have never wri=
tten any, so it will be a learning process.

> Also, the manual required giving every top-level procedure a docstring
> IIRC,

There is that requirement, yes. But there weren't any around this method so=
 I thought the configuration sufficed, but if it is a requirement, I will d=
o that.

> >   gnu/services/authentication.scm | 49 +++++++++++++++++++++++++++++++-=
-
> >   1 file changed, 46 insertions(+), 3 deletions(-)
> >
> > diff --git a/gnu/services/authentication.scm b/gnu/services/authenticat=
ion.scm
> > index f7becdfafb..5737c15f4c 100644
> > --- a/gnu/services/authentication.scm
> > +++ b/gnu/services/authentication.scm
> > @@ -44,9 +44,50 @@ (define-module (gnu services authentication)
> >               nslcd-configuration?
> >               nslcd-service-type))
> >
> > -(define-configuration fprintd-configuration
> > +(define-configuration/no-serialization fprintd-configuration
> >     (fprintd      (file-like fprintd)
> > -                "The fprintd package"))
> > +                "The fprintd package")
> > +  (unlock-gdm?
> > +   (boolean #t)
> > +   "Generate PAM configuration that unlocks gdm with fprintd.")
> > +  (unlock-other
> > +   (list '("polkit-1" "sddm")) ;; polkit-1 is the name of a PAM module=
 for GNOME polkit
> > +   "List of other PAM modules that can be unlocked with fprintd.
> > +
> > +This depends on your desktop configuration. If you for example want GN=
OME prompts to be unlocked by fingerprint, you add @code{polkit-1} to this =
list. (This is enabled by default.)
> +"))

> This documentation is unclear -- does this field need to be set to the
> _name_ of the module, or to the _file name_ of the _shared library_ (as
> a file-like, not a direct file name, because of staging), or ...?  Also,
> the 'list' check can be more precise, IIRC there was some method for not
> just using list? but doing things like list-of-strings?.

The name of the pam module, not a shared library. So the file in /etc/pam.d=
. It is a direct name, since it is not inside the store, pam modules have s=
tatic path.

As for the configuration options, it's my first time using them and I didn'=
t really understand the define-syntax definition, so I really just skimmed =
through the guix repository for some uses.

> Anyway, I don't really know PAM, but I've written some comments on the
> patch, hopefully they are useful.

They are a lot! Thank you very much. I hope those comments will be less nee=
ded in the future, as I become better as a contributor.

With all the best for tomorrow and all the days to come,
Maya.