Package: guix-patches;
Reported by: Sergio Pastor Pérez <sergio.pastorperez <at> gmail.com>
Date: Thu, 1 May 2025 13:52:02 UTC
Severity: normal
Tags: patch
Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Bug is archived. No further changes may be made.
Message #38 received at 78188 <at> debbugs.gnu.org (full text, mbox):
From: Sergio Pastor Pérez <sergio.pastorperez <at> gmail.com> To: 78188 <at> debbugs.gnu.org Cc: Sergio Pastor Pérez <sergio.pastorperez <at> gmail.com> Subject: [PATCH v3 2/2] services: kwallet: New service. Date: Fri, 2 May 2025 09:49:49 +0200
Change-Id: I1330ce5e1648a8ddf6ddd507255a73335d6baa51
---
doc/guix.texi | 39 +++++++++++++++++++++++++
gnu/services/desktop.scm | 63 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 102 insertions(+)
diff --git a/doc/guix.texi b/doc/guix.texi
index 7b418a4089..0df428bb8d 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -27131,6 +27131,45 @@ Desktop Services
@end table
@end deftp
+@defvar kwallet-service-type
+This is the type of the service that adds the
+@uref{https://invent.kde.org/plasma/kwallet-pam, KWallet keyring}. Its
+value is a @code{kwallet-configuration} object (see below). Note that,
+contrary to @code{gnome-desktop-service-type}, which includes the
+respective keyring for that service, @code{gnome-keyring-service-type},
+@code{plasma-desktop-service-type} does not include
+@code{kwallet-service-type}.
+
+This service adds the @code{kwallet-pam} package to the system profile
+and extends PAM with entries using @code{pam_kwallet5.so}, unlocking a
+user's login keyring when they log in or setting its password with
+@command{passwd}.
+@end defvar
+
+@deftp {Data Type} kwallet-configuration
+Configuration record for the KWallet Keyring service.
+
+@table @asis
+@item @code{keyring} (default: @code{kwallet-pam})
+The KWallet keyring package to use.
+
+@item @code{pam-services}
+A list of @code{(@var{service} . @var{kind})} pairs denoting PAM
+services to extend, where @var{service} is the name of an existing
+service to extend and @var{kind} is one of @code{login} or @code{passwd}
+symbols.
+
+If @code{login} is given, it adds an optional
+@code{pam_kwallet5.so} to the auth block without arguments and to
+the session block with @code{auto_start}. If @code{passwd} is given, it
+adds an optional @code{pam_kwallet5.so} to the password block
+without arguments.
+
+By default, this field contains ``sddm'' with the value @code{login}
+and ``passwd'' is with the value @code{passwd}.
+@end table
+@end deftp
+
@defvar seatd-service-type
@uref{https://sr.ht/~kennylevinsen/seatd/, seatd} is a minimal seat
management daemon.
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index a586746cc5..2127c2d389 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -20,6 +20,7 @@
;;; Copyright © 2024 45mg <45mg.writes <at> gmail.com>
;;; Copyright © 2024 Raven Hallsby <karl <at> hallsby.com>
;;; Copyright © 2025 Jonathan Brielmaier <jonathan.brielmaier <at> web.de>
+;;; Copyright © 2025 Sergio Pastor Pérez <sergio.pastorperez <at> gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -197,6 +198,10 @@ (define-module (gnu services desktop)
gnome-keyring-configuration?
gnome-keyring-service-type
+ kwallet-configuration
+ kwallet-configuration?
+ kwallet-service-type
+
seatd-configuration
seatd-service-type
@@ -2148,6 +2153,64 @@ (define enlightenment-desktop-service-type
thumbnails and privileges the programs which enlightenment needs to function
as expected.")))
+
+;;;
+;;; kwallet-service-type.
+;;;
+
+(define-record-type* <kwallet-configuration> kwallet-configuration
+ make-kwallet-configuration
+ kwallet-configuration?
+ (wallet kwallet-package (default kwallet-pam))
+ (pam-services kwallet-pam-services (default '(("sddm" . login)
+ ("passwd" . passwd)))))
+
+(define (pam-kwallet config)
+ "Return a PAM extension for KWallet."
+ (match config
+ (#f '()) ;explicitly disabled by user
+ (_
+ (define (%pam-keyring-entry . arguments)
+ (pam-entry
+ (control "optional")
+ (module (file-append (kwallet-package config)
+ "/lib/security/pam_kwallet5.so"))
+ (arguments arguments)))
+
+ (list
+ (pam-extension
+ (transformer
+ (lambda (service)
+ (case (assoc-ref (kwallet-pam-services config)
+ (pam-service-name service))
+ ((login)
+ (pam-service
+ (inherit service)
+ (auth (append (pam-service-auth service)
+ (list (%pam-keyring-entry))))
+ (session (append (pam-service-session service)
+ (list (%pam-keyring-entry "auto_start"))))))
+ ((passwd)
+ (pam-service
+ (inherit service)
+ (password (append (pam-service-password service)
+ (list (%pam-keyring-entry))))))
+ (else service)))))))))
+
+;; TODO: consider integrating service in `<plasma-desktop-configuration>' as
+;; done in `<gnome-desktop-configuration>'. This requires rewritting the
+;; `<plasma-desktop-service-type>' as done for `<gnome-desktop-service-type>'.
+(define kwallet-service-type
+ (service-type
+ (name 'kwallet)
+ (extensions (list
+ (service-extension pam-root-service-type pam-kwallet)))
+ (default-value (kwallet-configuration))
+ (description "Return a service that extends PAM with entries using
+@code{pam_kwallet5.so}, unlocking the user's login keyring when they log in or
+setting its password with @command{passwd}.")))
+
+
;;;
;;; KDE Plasma desktop service.
;;;
--
2.49.0
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.