GNU bug report logs -
#78188
[PATCH] Add KWallet service
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 78188 in the body.
You can then email your comments to 78188 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
liliana.prikler <at> gmail.com, ludo <at> gnu.org, maxim.cournoyer <at> gmail.com, noelopez <at> free.fr, vivien <at> planete-kraus.eu, guix-patches <at> gnu.org:
bug#78188; Package
guix-patches.
(Thu, 01 May 2025 13:52:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Sergio Pastor Pérez <sergio.pastorperez <at> gmail.com>:
New bug report received and forwarded. Copy sent to
liliana.prikler <at> gmail.com, ludo <at> gnu.org, maxim.cournoyer <at> gmail.com, noelopez <at> free.fr, vivien <at> planete-kraus.eu, guix-patches <at> gnu.org.
(Thu, 01 May 2025 13:52:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
This patch series adds `kwallet-service-type'. This service serves the same
function as `gnome-keyring-service-type' but for `kwallet'. By default the
service configures PAM for SDDM, since this is the expected greeter to use
with `kwallet-pam'.
The 'libexec/pam_kwallet_init' binary form the `kwallet-pam' package was not
properly wrapped and could not access the `socat' input binary. This patch
series includes the fix which is required for the correct autostart of the
wallet.
Sergio Pastor Pérez (2):
gnu: kwallet-pam: Fix socat not in 'libexec/pam_kwallet_init' wrapper
path.
services: kwallet: New service.
doc/guix.texi | 37 ++++++++++++++++++++++
gnu/packages/kde-plasma.scm | 14 +++++++--
gnu/services/desktop.scm | 61 +++++++++++++++++++++++++++++++++++++
3 files changed, 109 insertions(+), 3 deletions(-)
base-commit: 881d46eb386c2de8bc6f1405972ee1e115eeb3a1
--
2.49.0
Information forwarded
to
sughosha <at> disroot.org, z572 <at> z572.online, guix-patches <at> gnu.org:
bug#78188; Package
guix-patches.
(Thu, 01 May 2025 13:55:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 78188 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/kde-plasma.scm (kwallet-pam)[phase]: Wrapper phase not setting
PATH variable to access 'socat' input.
Change-Id: I6e7a421af3dbbc844e319b7852246c89d979609c
---
gnu/packages/kde-plasma.scm | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/kde-plasma.scm b/gnu/packages/kde-plasma.scm
index 679a68cef6..a15f7ad8a2 100644
--- a/gnu/packages/kde-plasma.scm
+++ b/gnu/packages/kde-plasma.scm
@@ -1303,9 +1303,17 @@ (define-public kwallet-pam
"0dif5y7qbayb2yfgl7940978ayyir948kpjavczvgkr70czb293k"))))
(build-system qt-build-system)
(arguments
- (list
- #:qtbase qtbase
- #:tests? #f)) ;no tests
+ `(#:qtbase ,qtbase
+ #:tests? #f ;no tests
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'install 'wrap-program
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (let ((socat (search-input-file inputs "bin/socat")))
+ (wrap-program (search-input-file outputs
+ "libexec/pam_kwallet_init")
+ `("PATH" ":" prefix
+ ,(list (dirname socat))))))))))
(native-inputs (list extra-cmake-modules pkg-config))
(inputs (list linux-pam kwallet libgcrypt socat))
(synopsis "PAM Integration with KWallet")
--
2.49.0
Information forwarded
to
liliana.prikler <at> gmail.com, ludo <at> gnu.org, maxim.cournoyer <at> gmail.com, noelopez <at> free.fr, vivien <at> planete-kraus.eu, guix-patches <at> gnu.org:
bug#78188; Package
guix-patches.
(Thu, 01 May 2025 13:55:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 78188 <at> debbugs.gnu.org (full text, mbox):
Change-Id: I1330ce5e1648a8ddf6ddd507255a73335d6baa51
---
doc/guix.texi | 37 ++++++++++++++++++++++++
gnu/services/desktop.scm | 61 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 98 insertions(+)
diff --git a/doc/guix.texi b/doc/guix.texi
index 7b418a4089..c6861b3182 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -27131,6 +27131,43 @@ Desktop Services
@end table
@end deftp
+@defvar kwallet-service-type
+This is the type of the service that adds the
+@uref{https://invent.kde.org/plasma/kwallet-pam, KWallet keyring}. Its
+value is a @code{kwallet-configuration} object (see below). Note that,
+contrary to @code{gnome-desktop-service-type},
+@code{plasma-desktop-service-type} does not include this service.
+
+This service adds the @code{kwallet-pam} package to the system profile
+and extends PAM with entries using @code{pam_kwallet5.so},
+unlocking a user's login keyring when they log in or setting its
+password with passwd.
+@end defvar
+
+@deftp {Data Type} kwallet-configuration
+Configuration record for the KWallet Keyring service.
+
+@table @asis
+@item @code{keyring} (default: @code{kwallet-pam})
+The KWallet keyring package to use.
+
+@item @code{pam-services}
+A list of @code{(@var{service} . @var{kind})} pairs denoting PAM
+services to extend, where @var{service} is the name of an existing
+service to extend and @var{kind} is one of @code{login} or
+@code{passwd}.
+
+If @code{login} is given, it adds an optional
+@code{pam_kwallet5.so} to the auth block without arguments and to
+the session block with @code{auto_start}. If @code{passwd} is given, it
+adds an optional @code{pam_kwallet5.so} to the password block
+without arguments.
+
+By default, this field contains ``sddm'' with the value @code{login}
+and ``passwd'' is with the value @code{passwd}.
+@end table
+@end deftp
+
@defvar seatd-service-type
@uref{https://sr.ht/~kennylevinsen/seatd/, seatd} is a minimal seat
management daemon.
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index a586746cc5..a3cbf3f397 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -197,6 +197,10 @@ (define-module (gnu services desktop)
gnome-keyring-configuration?
gnome-keyring-service-type
+ kwallet-configuration
+ kwallet-configuration?
+ kwallet-service-type
+
seatd-configuration
seatd-service-type
@@ -2148,6 +2152,63 @@ (define enlightenment-desktop-service-type
thumbnails and privileges the programs which enlightenment needs to function
as expected.")))
+�
+;;;
+;;; kwallet-service-type
+;;;
+
+(define-record-type* <kwallet-configuration> kwallet-configuration
+ make-kwallet-configuration
+ kwallet-configuration?
+ (wallet kwallet-package (default kwallet-pam))
+ (pam-services kwallet-pam-services (default '(("sddm" . login)
+ ("passwd" . passwd)))))
+
+(define (pam-kwallet config)
+ (match config
+ (#f '()) ;explicitly disabled by user
+ (_
+ (define (%pam-keyring-entry . arguments)
+ (pam-entry
+ (control "optional")
+ (module (file-append (kwallet-package config)
+ "/lib/security/pam_kwallet5.so"))
+ (arguments arguments)))
+
+ (list
+ (pam-extension
+ (transformer
+ (lambda (service)
+ (case (assoc-ref (kwallet-pam-services config)
+ (pam-service-name service))
+ ((login)
+ (pam-service
+ (inherit service)
+ (auth (append (pam-service-auth service)
+ (list (%pam-keyring-entry))))
+ (session (append (pam-service-session service)
+ (list (%pam-keyring-entry "auto_start"))))))
+ ((passwd)
+ (pam-service
+ (inherit service)
+ (password (append (pam-service-password service)
+ (list (%pam-keyring-entry))))))
+ (else service)))))))))
+
+;; TODO: consider integrating service in `<plasma-desktop-configuration>' as
+;; done in `<gnome-desktop-configuration>'. This requires rewritting the
+;; `<plasma-desktop-service-type>' as done for `<gnome-desktop-service-type>'.
+(define kwallet-service-type
+ (service-type
+ (name 'kwallet)
+ (extensions (list
+ (service-extension pam-root-service-type pam-kwallet)))
+ (default-value (kwallet-configuration))
+ (description "Return a service, that extends PAM with entries using
+@code{pam_kwallet5.so}, unlocking a user's login keyring when they log in or
+setting its password with passwd.")))
+
+�
;;;
;;; KDE Plasma desktop service.
;;;
--
2.49.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#78188; Package
guix-patches.
(Thu, 01 May 2025 16:36:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 78188 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Sergio Pastor Pérez <sergio.pastorperez <at> gmail.com> writes:
> * gnu/packages/kde-plasma.scm (kwallet-pam)[phase]: Wrapper phase not setting
> PATH variable to access 'socat' input.
>
> Change-Id: I6e7a421af3dbbc844e319b7852246c89d979609c
> ---
> gnu/packages/kde-plasma.scm | 14 +++++++++++---
> 1 file changed, 11 insertions(+), 3 deletions(-)
>
> diff --git a/gnu/packages/kde-plasma.scm b/gnu/packages/kde-plasma.scm
> index 679a68cef6..a15f7ad8a2 100644
> --- a/gnu/packages/kde-plasma.scm
> +++ b/gnu/packages/kde-plasma.scm
> @@ -1303,9 +1303,17 @@ (define-public kwallet-pam
> "0dif5y7qbayb2yfgl7940978ayyir948kpjavczvgkr70czb293k"))))
> (build-system qt-build-system)
> (arguments
> - (list
> - #:qtbase qtbase
> - #:tests? #f)) ;no tests
> + `(#:qtbase ,qtbase
> + #:tests? #f ;no tests
> + #:phases
> + (modify-phases %standard-phases
please use gexp.
> + (add-after 'install 'wrap-program
> + (lambda* (#:key inputs outputs #:allow-other-keys)
> + (let ((socat (search-input-file inputs "bin/socat")))
> + (wrap-program (search-input-file outputs
> + "libexec/pam_kwallet_init")
> + `("PATH" ":" prefix
> + ,(list (dirname socat))))))))))
This is just a sh script, I prefer to replace socat in the
pam_kwallet_init file after unpack
> (native-inputs (list extra-cmake-modules pkg-config))
> (inputs (list linux-pam kwallet libgcrypt socat))
> (synopsis "PAM Integration with KWallet")
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
sughosha <at> disroot.org, z572 <at> z572.online, guix-patches <at> gnu.org:
bug#78188; Package
guix-patches.
(Thu, 01 May 2025 17:56:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 78188 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/kde-plasma.scm (kwallet-pam)[phase]: Wrapper phase not setting
PATH variable to access 'socat' input.
Change-Id: I6e7a421af3dbbc844e319b7852246c89d979609c
---
gnu/packages/kde-plasma.scm | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/kde-plasma.scm b/gnu/packages/kde-plasma.scm
index 679a68cef6..400296f5da 100644
--- a/gnu/packages/kde-plasma.scm
+++ b/gnu/packages/kde-plasma.scm
@@ -1305,7 +1305,15 @@ (define-public kwallet-pam
(arguments
(list
#:qtbase qtbase
- #:tests? #f)) ;no tests
+ #:tests? #f ;no tests
+ #:phases
+ #~(modify-phases %standard-phases
+ (add-after 'install 'fix-socat-path
+ (lambda* _
+ (substitute* (string-append #$output
+ "/libexec/pam_kwallet_init")
+ (("socat")
+ (string-append #$socat "/bin/socat"))))))))
(native-inputs (list extra-cmake-modules pkg-config))
(inputs (list linux-pam kwallet libgcrypt socat))
(synopsis "PAM Integration with KWallet")
base-commit: 881d46eb386c2de8bc6f1405972ee1e115eeb3a1
--
2.49.0
Information forwarded
to
liliana.prikler <at> gmail.com, ludo <at> gnu.org, maxim.cournoyer <at> gmail.com, noelopez <at> free.fr, vivien <at> planete-kraus.eu, guix-patches <at> gnu.org:
bug#78188; Package
guix-patches.
(Thu, 01 May 2025 17:56:02 GMT)
Full text and
rfc822 format available.
Message #20 received at 78188 <at> debbugs.gnu.org (full text, mbox):
Change-Id: I1330ce5e1648a8ddf6ddd507255a73335d6baa51
---
doc/guix.texi | 37 ++++++++++++++++++++++++
gnu/services/desktop.scm | 61 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 98 insertions(+)
diff --git a/doc/guix.texi b/doc/guix.texi
index 7b418a4089..c6861b3182 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -27131,6 +27131,43 @@ Desktop Services
@end table
@end deftp
+@defvar kwallet-service-type
+This is the type of the service that adds the
+@uref{https://invent.kde.org/plasma/kwallet-pam, KWallet keyring}. Its
+value is a @code{kwallet-configuration} object (see below). Note that,
+contrary to @code{gnome-desktop-service-type},
+@code{plasma-desktop-service-type} does not include this service.
+
+This service adds the @code{kwallet-pam} package to the system profile
+and extends PAM with entries using @code{pam_kwallet5.so},
+unlocking a user's login keyring when they log in or setting its
+password with passwd.
+@end defvar
+
+@deftp {Data Type} kwallet-configuration
+Configuration record for the KWallet Keyring service.
+
+@table @asis
+@item @code{keyring} (default: @code{kwallet-pam})
+The KWallet keyring package to use.
+
+@item @code{pam-services}
+A list of @code{(@var{service} . @var{kind})} pairs denoting PAM
+services to extend, where @var{service} is the name of an existing
+service to extend and @var{kind} is one of @code{login} or
+@code{passwd}.
+
+If @code{login} is given, it adds an optional
+@code{pam_kwallet5.so} to the auth block without arguments and to
+the session block with @code{auto_start}. If @code{passwd} is given, it
+adds an optional @code{pam_kwallet5.so} to the password block
+without arguments.
+
+By default, this field contains ``sddm'' with the value @code{login}
+and ``passwd'' is with the value @code{passwd}.
+@end table
+@end deftp
+
@defvar seatd-service-type
@uref{https://sr.ht/~kennylevinsen/seatd/, seatd} is a minimal seat
management daemon.
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index a586746cc5..a3cbf3f397 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -197,6 +197,10 @@ (define-module (gnu services desktop)
gnome-keyring-configuration?
gnome-keyring-service-type
+ kwallet-configuration
+ kwallet-configuration?
+ kwallet-service-type
+
seatd-configuration
seatd-service-type
@@ -2148,6 +2152,63 @@ (define enlightenment-desktop-service-type
thumbnails and privileges the programs which enlightenment needs to function
as expected.")))
+�
+;;;
+;;; kwallet-service-type
+;;;
+
+(define-record-type* <kwallet-configuration> kwallet-configuration
+ make-kwallet-configuration
+ kwallet-configuration?
+ (wallet kwallet-package (default kwallet-pam))
+ (pam-services kwallet-pam-services (default '(("sddm" . login)
+ ("passwd" . passwd)))))
+
+(define (pam-kwallet config)
+ (match config
+ (#f '()) ;explicitly disabled by user
+ (_
+ (define (%pam-keyring-entry . arguments)
+ (pam-entry
+ (control "optional")
+ (module (file-append (kwallet-package config)
+ "/lib/security/pam_kwallet5.so"))
+ (arguments arguments)))
+
+ (list
+ (pam-extension
+ (transformer
+ (lambda (service)
+ (case (assoc-ref (kwallet-pam-services config)
+ (pam-service-name service))
+ ((login)
+ (pam-service
+ (inherit service)
+ (auth (append (pam-service-auth service)
+ (list (%pam-keyring-entry))))
+ (session (append (pam-service-session service)
+ (list (%pam-keyring-entry "auto_start"))))))
+ ((passwd)
+ (pam-service
+ (inherit service)
+ (password (append (pam-service-password service)
+ (list (%pam-keyring-entry))))))
+ (else service)))))))))
+
+;; TODO: consider integrating service in `<plasma-desktop-configuration>' as
+;; done in `<gnome-desktop-configuration>'. This requires rewritting the
+;; `<plasma-desktop-service-type>' as done for `<gnome-desktop-service-type>'.
+(define kwallet-service-type
+ (service-type
+ (name 'kwallet)
+ (extensions (list
+ (service-extension pam-root-service-type pam-kwallet)))
+ (default-value (kwallet-configuration))
+ (description "Return a service, that extends PAM with entries using
+@code{pam_kwallet5.so}, unlocking a user's login keyring when they log in or
+setting its password with passwd.")))
+
+�
;;;
;;; KDE Plasma desktop service.
;;;
--
2.49.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#78188; Package
guix-patches.
(Thu, 01 May 2025 17:57:01 GMT)
Full text and
rfc822 format available.
Message #23 received at 78188 <at> debbugs.gnu.org (full text, mbox):
Z572 <z572 <at> z572.online> writes:
> Sergio Pastor Pérez <sergio.pastorperez <at> gmail.com> writes:
>
>> * gnu/packages/kde-plasma.scm (kwallet-pam)[phase]: Wrapper phase not setting
>> PATH variable to access 'socat' input.
>>
>> Change-Id: I6e7a421af3dbbc844e319b7852246c89d979609c
>> ---
>> gnu/packages/kde-plasma.scm | 14 +++++++++++---
>> 1 file changed, 11 insertions(+), 3 deletions(-)
>>
>> diff --git a/gnu/packages/kde-plasma.scm b/gnu/packages/kde-plasma.scm
>> index 679a68cef6..a15f7ad8a2 100644
>> --- a/gnu/packages/kde-plasma.scm
>> +++ b/gnu/packages/kde-plasma.scm
>> @@ -1303,9 +1303,17 @@ (define-public kwallet-pam
>> "0dif5y7qbayb2yfgl7940978ayyir948kpjavczvgkr70czb293k"))))
>> (build-system qt-build-system)
>> (arguments
>> - (list
>> - #:qtbase qtbase
>> - #:tests? #f)) ;no tests
>> + `(#:qtbase ,qtbase
>> + #:tests? #f ;no tests
>> + #:phases
>> + (modify-phases %standard-phases
>
> please use gexp.
>
>> + (add-after 'install 'wrap-program
>> + (lambda* (#:key inputs outputs #:allow-other-keys)
>> + (let ((socat (search-input-file inputs "bin/socat")))
>> + (wrap-program (search-input-file outputs
>> + "libexec/pam_kwallet_init")
>> + `("PATH" ":" prefix
>> + ,(list (dirname socat))))))))))
>
> This is just a sh script, I prefer to replace socat in the
> pam_kwallet_init file after unpack
Done!
Information forwarded
to
guix-patches <at> gnu.org:
bug#78188; Package
guix-patches.
(Thu, 01 May 2025 18:18:01 GMT)
Full text and
rfc822 format available.
Message #26 received at 78188 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Sergio Pastor Pérez <sergio.pastorperez <at> gmail.com> writes:
> * gnu/packages/kde-plasma.scm (kwallet-pam)[phase]: Wrapper phase not setting
> PATH variable to access 'socat' input.
>
> Change-Id: I6e7a421af3dbbc844e319b7852246c89d979609c
> ---
> gnu/packages/kde-plasma.scm | 10 +++++++++-
> 1 file changed, 9 insertions(+), 1 deletion(-)
>
> diff --git a/gnu/packages/kde-plasma.scm b/gnu/packages/kde-plasma.scm
> index 679a68cef6..400296f5da 100644
> --- a/gnu/packages/kde-plasma.scm
> +++ b/gnu/packages/kde-plasma.scm
> @@ -1305,7 +1305,15 @@ (define-public kwallet-pam
> (arguments
> (list
> #:qtbase qtbase
> - #:tests? #f)) ;no tests
> + #:tests? #f ;no tests
> + #:phases
> + #~(modify-phases %standard-phases
> + (add-after 'install 'fix-socat-path
> + (lambda* _
> + (substitute* (string-append #$output
> + "/libexec/pam_kwallet_init")
> + (("socat")
> + (string-append #$socat "/bin/socat"))))))))
should
#~(modify-phases
(add-after 'unpack 'fix-socat-path
(lambda* (#:key inputs #:allow-other-keys)
(substitute* "pam_kwallet_init"
(("socat") (search-input-file inputs "bin/socat"))))))
> (native-inputs (list extra-cmake-modules pkg-config))
> (inputs (list linux-pam kwallet libgcrypt socat))
> (synopsis "PAM Integration with KWallet")
>
> base-commit: 881d46eb386c2de8bc6f1405972ee1e115eeb3a1
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#78188; Package
guix-patches.
(Fri, 02 May 2025 00:00:03 GMT)
Full text and
rfc822 format available.
Message #29 received at 78188 <at> debbugs.gnu.org (full text, mbox):
Hi,
Sergio Pastor Pérez <sergio.pastorperez <at> gmail.com> writes:
> Change-Id: I1330ce5e1648a8ddf6ddd507255a73335d6baa51
> ---
> doc/guix.texi | 37 ++++++++++++++++++++++++
> gnu/services/desktop.scm | 61 ++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 98 insertions(+)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index 7b418a4089..c6861b3182 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -27131,6 +27131,43 @@ Desktop Services
> @end table
> @end deftp
>
> +@defvar kwallet-service-type
> +This is the type of the service that adds the
> +@uref{https://invent.kde.org/plasma/kwallet-pam, KWallet keyring}. Its
> +value is a @code{kwallet-configuration} object (see below). Note that,
> +contrary to @code{gnome-desktop-service-type},
> +@code{plasma-desktop-service-type} does not include this service.
Does gnome-desktop-service-type include the kwallet-service-type? I
wouldn't think so. You probably meant to say it "doesn't include a
wallet service in its default configuration." ? Is this the normal
expectation for the KDE desktop? I'd assume it comes with kwallet
pre-configured, if using Fedora for example. If it does, we should
probably do so to avoid breaking users expectations. I've recently made
the adjustment in GNOME to have the GNOME keyring unlocked by default
for the GNOME desktop, as that's what users expect.
> +This service adds the @code{kwallet-pam} package to the system profile
> +and extends PAM with entries using @code{pam_kwallet5.so},
> +unlocking a user's login keyring when they log in or setting its
> +password with passwd.
s/passwd/@command{passwd}/
> +@end defvar
> +
> +@deftp {Data Type} kwallet-configuration
> +Configuration record for the KWallet Keyring service.
> +
> +@table @asis
> +@item @code{keyring} (default: @code{kwallet-pam})
> +The KWallet keyring package to use.
> +
> +@item @code{pam-services}
> +A list of @code{(@var{service} . @var{kind})} pairs denoting PAM
> +services to extend, where @var{service} is the name of an existing
> +service to extend and @var{kind} is one of @code{login} or
> +@code{passwd}.
Perhaps mention "is one of the @code{login} or @{passwd} symbols.". I
gues the quote is on the alist so individual values should not be
quoted, but just to avoid any ambiguity.
> +
> +If @code{login} is given, it adds an optional
> +@code{pam_kwallet5.so} to the auth block without arguments and to
> +the session block with @code{auto_start}. If @code{passwd} is given, it
> +adds an optional @code{pam_kwallet5.so} to the password block
> +without arguments.
> +
> +By default, this field contains ``sddm'' with the value @code{login}
> +and ``passwd'' is with the value @code{passwd}.
Does KDE not have its own graphical desktop manager? Perhaps it's not
yet ready in Guix?
[...]
> +;;;
> +;;; kwallet-service-type
> +;;;
nitpick: We conventionally add a '.' after these section names, as in:
;;;
;;; kwallet-service-type.
;;;
> +
> +(define-record-type* <kwallet-configuration> kwallet-configuration
> + make-kwallet-configuration
> + kwallet-configuration?
> + (wallet kwallet-package (default kwallet-pam))
> + (pam-services kwallet-pam-services (default '(("sddm" . login)
> + ("passwd" . passwd)))))
> +
> +(define (pam-kwallet config)
Add add a brief docstring here saying this returns a PAM extension for
KWallet.
> + (match config
> + (#f '()) ;explicitly disabled by user
> + (_
> + (define (%pam-keyring-entry . arguments)
> + (pam-entry
> + (control "optional")
> + (module (file-append (kwallet-package config)
> + "/lib/security/pam_kwallet5.so"))
> + (arguments arguments)))
> +
> + (list
> + (pam-extension
> + (transformer
> + (lambda (service)
> + (case (assoc-ref (kwallet-pam-services config)
> + (pam-service-name service))
> + ((login)
> + (pam-service
> + (inherit service)
> + (auth (append (pam-service-auth service)
> + (list (%pam-keyring-entry))))
> + (session (append (pam-service-session service)
> + (list (%pam-keyring-entry "auto_start"))))))
> + ((passwd)
> + (pam-service
> + (inherit service)
> + (password (append (pam-service-password service)
> + (list (%pam-keyring-entry))))))
> + (else service)))))))))
> +
> +;; TODO: consider integrating service in `<plasma-desktop-configuration>' as
> +;; done in `<gnome-desktop-configuration>'. This requires rewritting the
> +;; `<plasma-desktop-service-type>' as done for `<gnome-desktop-service-type>'.
Ah, I see my comment above is acknowledged here as a TODO. I'd
encourage you to pursue that next!
> +(define kwallet-service-type
> + (service-type
> + (name 'kwallet)
> + (extensions (list
> + (service-extension pam-root-service-type pam-kwallet)))
> + (default-value (kwallet-configuration))
> + (description "Return a service, that extends PAM with entries using
I'd drop the first comma.
> +@code{pam_kwallet5.so}, unlocking a user's login keyring when they
> log in or
s/a user's/the user's/
> +setting its password with passwd.")))
s/passwd/@command{passwd}/
Otherwise it LGTM. Could you please send a v2?
--
Thanks,
Maxim
Information forwarded
to
guix-patches <at> gnu.org:
bug#78188; Package
guix-patches.
(Fri, 02 May 2025 07:25:03 GMT)
Full text and
rfc822 format available.
Message #32 received at 78188 <at> debbugs.gnu.org (full text, mbox):
Maxim Cournoyer <maxim.cournoyer <at> gmail.com> writes:
> Sergio Pastor Pérez <sergio.pastorperez <at> gmail.com> writes:
>> +@defvar kwallet-service-type
>> +This is the type of the service that adds the
>> +@uref{https://invent.kde.org/plasma/kwallet-pam, KWallet keyring}. Its
>> +value is a @code{kwallet-configuration} object (see below). Note that,
>> +contrary to @code{gnome-desktop-service-type},
>> +@code{plasma-desktop-service-type} does not include this service.
>
> Does gnome-desktop-service-type include the kwallet-service-type? I
> wouldn't think so. You probably meant to say it "doesn't include a
> wallet service in its default configuration." ? Is this the normal
> expectation for the KDE desktop? I'd assume it comes with kwallet
> pre-configured, if using Fedora for example. If it does, we should
> probably do so to avoid breaking users expectations. I've recently made
> the adjustment in GNOME to have the GNOME keyring unlocked by default
> for the GNOME desktop, as that's what users expect.
I think I made a mistake with the wording. What I meant is that, while
the `gnome-desktop-service-type' includes a keyring field which provides
the functionality of `gnome-keyring-service-type' making it necessary
for a `gnome-desktop-service-type' user to add a
`gnome-keyring-service-type' entry to their service list; the
`plasma-desktop-service-type' does not provide this functionality by
default. Which contrary to what the user may expect, they will need to
add the `kwallet-service-type' to their list of services even if they
are users of the `plasma-desktop-service-type'.
In the v2 of this patch series I've rewrote that bit to make it more
clear. Let me know what you think.
>> +;; TODO: consider integrating service in `<plasma-desktop-configuration>' as
>> +;; done in `<gnome-desktop-configuration>'. This requires rewritting the
>> +;; `<plasma-desktop-service-type>' as done for `<gnome-desktop-service-type>'.
>
> Ah, I see my comment above is acknowledged here as a TODO. I'd
> encourage you to pursue that next!
This will require a major refactor of the `plasma-desktop-service-type'
as was done for the `gnome-desktop-service-type' to make it
modular. Once we get this merged I will try to join the kde team to help
with the refactor.
> Otherwise it LGTM. Could you please send a v2?
Sure, aside for the things I've mentioned I've also corrected all the
typos you noticed.
Thanks for the review!
Best regards,
Sergio.
Information forwarded
to
sergio.pastorperez <at> gmail.com, z572 <at> z572.online, maxim.cournoyer <at> gmail.com, sughosha <at> disroot.org, z572 <at> z572.online, guix-patches <at> gnu.org:
bug#78188; Package
guix-patches.
(Fri, 02 May 2025 07:51:03 GMT)
Full text and
rfc822 format available.
Message #35 received at 78188 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/kde-plasma.scm (kwallet-pam)[phase]: Wrapper phase not setting
PATH variable to access 'socat' input.
Change-Id: I6e7a421af3dbbc844e319b7852246c89d979609c
---
gnu/packages/kde-plasma.scm | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/kde-plasma.scm b/gnu/packages/kde-plasma.scm
index 679a68cef6..efaae01aa9 100644
--- a/gnu/packages/kde-plasma.scm
+++ b/gnu/packages/kde-plasma.scm
@@ -1305,7 +1305,15 @@ (define-public kwallet-pam
(arguments
(list
#:qtbase qtbase
- #:tests? #f)) ;no tests
+ #:tests? #f ;no tests
+ #:phases
+ #~(modify-phases %standard-phases
+ (add-after 'install 'fix-socat-path
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* (string-append #$output
+ "/libexec/pam_kwallet_init")
+ (("socat")
+ (search-input-file inputs "bin/socat"))))))))
(native-inputs (list extra-cmake-modules pkg-config))
(inputs (list linux-pam kwallet libgcrypt socat))
(synopsis "PAM Integration with KWallet")
base-commit: 881d46eb386c2de8bc6f1405972ee1e115eeb3a1
--
2.49.0
Information forwarded
to
sergio.pastorperez <at> gmail.com, z572 <at> z572.online, maxim.cournoyer <at> gmail.com, liliana.prikler <at> gmail.com, ludo <at> gnu.org, noelopez <at> free.fr, vivien <at> planete-kraus.eu, guix-patches <at> gnu.org:
bug#78188; Package
guix-patches.
(Fri, 02 May 2025 07:51:03 GMT)
Full text and
rfc822 format available.
Message #38 received at 78188 <at> debbugs.gnu.org (full text, mbox):
Change-Id: I1330ce5e1648a8ddf6ddd507255a73335d6baa51
---
doc/guix.texi | 39 +++++++++++++++++++++++++
gnu/services/desktop.scm | 63 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 102 insertions(+)
diff --git a/doc/guix.texi b/doc/guix.texi
index 7b418a4089..0df428bb8d 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -27131,6 +27131,45 @@ Desktop Services
@end table
@end deftp
+@defvar kwallet-service-type
+This is the type of the service that adds the
+@uref{https://invent.kde.org/plasma/kwallet-pam, KWallet keyring}. Its
+value is a @code{kwallet-configuration} object (see below). Note that,
+contrary to @code{gnome-desktop-service-type}, which includes the
+respective keyring for that service, @code{gnome-keyring-service-type},
+@code{plasma-desktop-service-type} does not include
+@code{kwallet-service-type}.
+
+This service adds the @code{kwallet-pam} package to the system profile
+and extends PAM with entries using @code{pam_kwallet5.so}, unlocking a
+user's login keyring when they log in or setting its password with
+@command{passwd}.
+@end defvar
+
+@deftp {Data Type} kwallet-configuration
+Configuration record for the KWallet Keyring service.
+
+@table @asis
+@item @code{keyring} (default: @code{kwallet-pam})
+The KWallet keyring package to use.
+
+@item @code{pam-services}
+A list of @code{(@var{service} . @var{kind})} pairs denoting PAM
+services to extend, where @var{service} is the name of an existing
+service to extend and @var{kind} is one of @code{login} or @code{passwd}
+symbols.
+
+If @code{login} is given, it adds an optional
+@code{pam_kwallet5.so} to the auth block without arguments and to
+the session block with @code{auto_start}. If @code{passwd} is given, it
+adds an optional @code{pam_kwallet5.so} to the password block
+without arguments.
+
+By default, this field contains ``sddm'' with the value @code{login}
+and ``passwd'' is with the value @code{passwd}.
+@end table
+@end deftp
+
@defvar seatd-service-type
@uref{https://sr.ht/~kennylevinsen/seatd/, seatd} is a minimal seat
management daemon.
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index a586746cc5..2127c2d389 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -20,6 +20,7 @@
;;; Copyright © 2024 45mg <45mg.writes <at> gmail.com>
;;; Copyright © 2024 Raven Hallsby <karl <at> hallsby.com>
;;; Copyright © 2025 Jonathan Brielmaier <jonathan.brielmaier <at> web.de>
+;;; Copyright © 2025 Sergio Pastor Pérez <sergio.pastorperez <at> gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -197,6 +198,10 @@ (define-module (gnu services desktop)
gnome-keyring-configuration?
gnome-keyring-service-type
+ kwallet-configuration
+ kwallet-configuration?
+ kwallet-service-type
+
seatd-configuration
seatd-service-type
@@ -2148,6 +2153,64 @@ (define enlightenment-desktop-service-type
thumbnails and privileges the programs which enlightenment needs to function
as expected.")))
+�
+;;;
+;;; kwallet-service-type.
+;;;
+
+(define-record-type* <kwallet-configuration> kwallet-configuration
+ make-kwallet-configuration
+ kwallet-configuration?
+ (wallet kwallet-package (default kwallet-pam))
+ (pam-services kwallet-pam-services (default '(("sddm" . login)
+ ("passwd" . passwd)))))
+
+(define (pam-kwallet config)
+ "Return a PAM extension for KWallet."
+ (match config
+ (#f '()) ;explicitly disabled by user
+ (_
+ (define (%pam-keyring-entry . arguments)
+ (pam-entry
+ (control "optional")
+ (module (file-append (kwallet-package config)
+ "/lib/security/pam_kwallet5.so"))
+ (arguments arguments)))
+
+ (list
+ (pam-extension
+ (transformer
+ (lambda (service)
+ (case (assoc-ref (kwallet-pam-services config)
+ (pam-service-name service))
+ ((login)
+ (pam-service
+ (inherit service)
+ (auth (append (pam-service-auth service)
+ (list (%pam-keyring-entry))))
+ (session (append (pam-service-session service)
+ (list (%pam-keyring-entry "auto_start"))))))
+ ((passwd)
+ (pam-service
+ (inherit service)
+ (password (append (pam-service-password service)
+ (list (%pam-keyring-entry))))))
+ (else service)))))))))
+
+;; TODO: consider integrating service in `<plasma-desktop-configuration>' as
+;; done in `<gnome-desktop-configuration>'. This requires rewritting the
+;; `<plasma-desktop-service-type>' as done for `<gnome-desktop-service-type>'.
+(define kwallet-service-type
+ (service-type
+ (name 'kwallet)
+ (extensions (list
+ (service-extension pam-root-service-type pam-kwallet)))
+ (default-value (kwallet-configuration))
+ (description "Return a service that extends PAM with entries using
+@code{pam_kwallet5.so}, unlocking the user's login keyring when they log in or
+setting its password with @command{passwd}.")))
+
+�
;;;
;;; KDE Plasma desktop service.
;;;
--
2.49.0
Reply sent
to
Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:
You have taken responsibility.
(Fri, 02 May 2025 13:11:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Sergio Pastor Pérez <sergio.pastorperez <at> gmail.com>:
bug acknowledged by developer.
(Fri, 02 May 2025 13:11:02 GMT)
Full text and
rfc822 format available.
Message #43 received at 78188-done <at> debbugs.gnu.org (full text, mbox):
Hi,
Sergio Pastor Pérez <sergio.pastorperez <at> gmail.com> writes:
> * gnu/packages/kde-plasma.scm (kwallet-pam)[phase]: Wrapper phase not setting
> PATH variable to access 'socat' input.
I've taken the liberty to rephrase this changelog and improve
(hopefully!) the next commit's documentation text, and pushed, with the
first commit being 284c5111db5.
Thank you!
--
Maxim
Information forwarded
to
guix-patches <at> gnu.org:
bug#78188; Package
guix-patches.
(Fri, 02 May 2025 17:00:03 GMT)
Full text and
rfc822 format available.
Message #46 received at 78188-done <at> debbugs.gnu.org (full text, mbox):
Maxim Cournoyer <maxim.cournoyer <at> gmail.com> writes:
> Hi,
>
> Sergio Pastor Pérez <sergio.pastorperez <at> gmail.com> writes:
>
>> * gnu/packages/kde-plasma.scm (kwallet-pam)[phase]: Wrapper phase not setting
>> PATH variable to access 'socat' input.
>
> I've taken the liberty to rephrase this changelog and improve
> (hopefully!) the next commit's documentation text, and pushed, with the
> first commit being 284c5111db5.
>
> Thank you!
Thanks for merging it so quickly, I hope you have a good weekend!
Best regards,
Sergio.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Sat, 31 May 2025 11:24:17 GMT)
Full text and
rfc822 format available.
This bug report was last modified 14 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.