rekahsoft
/
guix
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

services: Add GNOME Keyring service. 

* gnu/services/desktop.scm: (<gnome-keyring-configuration>): New record type.
(pam-gnome-keyring): New procedure.
(gnome-keyring-service-type): New variable.
* doc/guix.texi (Desktop Services): Document it.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit is contained in:
Leo Prikler 2019-11-09 16:14:45 +01:00 committed by Ludovic Courtès
parent a6492178bd
commit fe7b59c6b1
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
2 changed files with 88 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
doc/guix.texi
View File

@ -15753,6 +15753,41 @@ bluetooth keyboard or mouse.
Users need to be in the @code{lp} group to access the D-Bus service.
@end deffn
@defvr {Scheme Variable} gnome-keyring-service-type
This is the type of the service that adds the
@uref{https://wiki.gnome.org/Projects/GnomeKeyring, GNOME Keyring}. Its
value is a @code{gnome-keyring-configuration} object (see below.)
This service adds the @code{gnome-keyring} package to the system profile
and extends PAM with entries using @code{pam_gnome_keyring.so}, unlocking
a user's login keyring when they log in or setting its password with passwd.
@end defvr
@deftp {Data Type} gnome-keyring-configuration
Configuration record for the GNOME Keyring service.
@table @asis
@item @code{keyring} (default: @code{gnome-keyring})
The GNOME keyring package to use.
@item @code{pam-services}
A list of @code{(@var{service} . @var{kind})} pairs denoting PAM
services to extend, where @var{service} is the name of an existing
service to extend and @var{kind} is one of @code{login} or
@code{passwd}.
If @code{login} is given, it adds an optional
@code{pam_gnome_keyring.so} to the auth block without arguments and to
the session block with @code{auto_start}. If @code{passwd} is given, it
adds an optional @code{pam_gnome_keyring.so} to the password block
without arguments.
By default, this field contains ``gdm-password'' with the value @code{login}
and ``passwd'' is with the value @code{passwd}.
@end table
@end deftp
@node Sound Services
@subsection Sound Services

53
gnu/services/desktop.scm
View File

@ -137,6 +137,10 @@
polkit-wheel-service
gnome-keyring-configuration
gnome-keyring-configuration?
gnome-keyring-service-type
%desktop-services))
;;; Commentary:
@ -1066,6 +1070,55 @@ as expected.")))
(description "Return a service that runs inputattach on a device and
dispatches events from it.")))
;;;
;;; gnome-keyring-service-type
;;;
(define-record-type* <gnome-keyring-configuration> gnome-keyring-configuration
make-gnome-keyring-configuration
gnome-keyring-configuration?
(keyring gnome-keyring-package (default gnome-keyring))
(pam-services gnome-keyring-pam-services (default '(("gdm-password" . login)
("passwd" . passwd)))))
(define (pam-gnome-keyring config)
(define (%pam-keyring-entry . arguments)
(pam-entry
(control "optional")
(module (file-append (gnome-keyring-package config)
"/lib/security/pam_gnome_keyring.so"))
(arguments arguments)))
(list
(lambda (service)
(case (assoc-ref (gnome-keyring-pam-services config)
(pam-service-name service))
((login)
(pam-service
(inherit service)
(auth (append (pam-service-auth service)
(list (%pam-keyring-entry))))
(session (append (pam-service-session service)
(list (%pam-keyring-entry "auto_start"))))))
((passwd)
(pam-service
(inherit service)
(password (append (pam-service-password service)
(list (%pam-keyring-entry))))))
(else service)))))
(define gnome-keyring-service-type
(service-type
(name 'gnome-keyring)
(extensions (list
(service-extension pam-root-service-type pam-gnome-keyring)))
(default-value (gnome-keyring-configuration))
(description "Return a service, that adds the @code{gnome-keyring} package
to the system profile and extends PAM with entries using
@code{pam_gnome_keyring.so}, unlocking a user's login keyring when they log in
or setting its password with passwd.")))
;;;
;;; polkit-wheel-service -- Allow wheel group to perform admin actions