Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xsecurelock: add extra derivation parameter and NixOS module #47263

Closed
wants to merge 2 commits into from
Closed

xsecurelock: add extra derivation parameter and NixOS module #47263

wants to merge 2 commits into from

Conversation

andrew-d
Copy link
Contributor

Motivation for this change

I'd like to use xsecurelock in NixOS, but adding a new screensaver or auth module requires that you build the changes into the derivation. I've added a NixOS module that allows easier configuration of such modules.

I would appreciate any input; I think this is the first NixOS module I've ever written from scratch.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Fits CONTRIBUTING.md.

cc? @fpletz (maintainer of xsecurelock)

@matthewbauer
Copy link
Member

@GrahamcOfBorg build xsecurelock

@GrahamcOfBorg
Copy link

No attempt on x86_64-darwin (full log)

The following builds were skipped because they don't evaluate on x86_64-darwin: xsecurelock

Partial log (click to expand)


a) For `nixos-rebuild` you can set
  { nixpkgs.config.allowUnsupportedSystem = true; }
in configuration.nix to override this.

b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
  { allowUnsupportedSystem = true; }
to ~/.config/nixpkgs/config.nix.

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: xsecurelock

Partial log (click to expand)

shrinking /nix/store/61p4d8j0xkpxdsig2z83px2l5h8njb5c-xsecurelock-1.1/bin/xsecurelock
strip is /nix/store/y4ymnvgxygpq05h03kyzbj572zmh6zla-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/61p4d8j0xkpxdsig2z83px2l5h8njb5c-xsecurelock-1.1/libexec  /nix/store/61p4d8j0xkpxdsig2z83px2l5h8njb5c-xsecurelock-1.1/bin
patching script interpreter paths in /nix/store/61p4d8j0xkpxdsig2z83px2l5h8njb5c-xsecurelock-1.1
/nix/store/61p4d8j0xkpxdsig2z83px2l5h8njb5c-xsecurelock-1.1/libexec/xsecurelock/saver_xscreensaver: interpreter directive changed from "/bin/sh" to "/nix/store/fqm2x6kiay1q4vg7pqp4wp17bdijlyc3-bash-4.4-p23/bin/sh"
/nix/store/61p4d8j0xkpxdsig2z83px2l5h8njb5c-xsecurelock-1.1/libexec/xsecurelock/auth_pamtester: interpreter directive changed from "/bin/sh" to "/nix/store/fqm2x6kiay1q4vg7pqp4wp17bdijlyc3-bash-4.4-p23/bin/sh"
/nix/store/61p4d8j0xkpxdsig2z83px2l5h8njb5c-xsecurelock-1.1/libexec/xsecurelock/auth_htpasswd: interpreter directive changed from "/bin/sh" to "/nix/store/fqm2x6kiay1q4vg7pqp4wp17bdijlyc3-bash-4.4-p23/bin/sh"
/nix/store/61p4d8j0xkpxdsig2z83px2l5h8njb5c-xsecurelock-1.1/libexec/xsecurelock/saver_blank: interpreter directive changed from "/bin/sh" to "/nix/store/fqm2x6kiay1q4vg7pqp4wp17bdijlyc3-bash-4.4-p23/bin/sh"
checking for references to /build in /nix/store/61p4d8j0xkpxdsig2z83px2l5h8njb5c-xsecurelock-1.1...
/nix/store/61p4d8j0xkpxdsig2z83px2l5h8njb5c-xsecurelock-1.1

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: xsecurelock

Partial log (click to expand)

shrinking /nix/store/jhyms4r5yaf90478zrpbd8xgkx01837a-xsecurelock-1.1/bin/xsecurelock
strip is /nix/store/h0lbngpv6ln56hjj59i6l77vxq25flbz-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/jhyms4r5yaf90478zrpbd8xgkx01837a-xsecurelock-1.1/libexec  /nix/store/jhyms4r5yaf90478zrpbd8xgkx01837a-xsecurelock-1.1/bin
patching script interpreter paths in /nix/store/jhyms4r5yaf90478zrpbd8xgkx01837a-xsecurelock-1.1
/nix/store/jhyms4r5yaf90478zrpbd8xgkx01837a-xsecurelock-1.1/libexec/xsecurelock/auth_htpasswd: interpreter directive changed from "/bin/sh" to "/nix/store/czx8vkrb9jdgjyz8qfksh10vrnqa723l-bash-4.4-p23/bin/sh"
/nix/store/jhyms4r5yaf90478zrpbd8xgkx01837a-xsecurelock-1.1/libexec/xsecurelock/saver_xscreensaver: interpreter directive changed from "/bin/sh" to "/nix/store/czx8vkrb9jdgjyz8qfksh10vrnqa723l-bash-4.4-p23/bin/sh"
/nix/store/jhyms4r5yaf90478zrpbd8xgkx01837a-xsecurelock-1.1/libexec/xsecurelock/auth_pamtester: interpreter directive changed from "/bin/sh" to "/nix/store/czx8vkrb9jdgjyz8qfksh10vrnqa723l-bash-4.4-p23/bin/sh"
/nix/store/jhyms4r5yaf90478zrpbd8xgkx01837a-xsecurelock-1.1/libexec/xsecurelock/saver_blank: interpreter directive changed from "/bin/sh" to "/nix/store/czx8vkrb9jdgjyz8qfksh10vrnqa723l-bash-4.4-p23/bin/sh"
checking for references to /build in /nix/store/jhyms4r5yaf90478zrpbd8xgkx01837a-xsecurelock-1.1...
/nix/store/jhyms4r5yaf90478zrpbd8xgkx01837a-xsecurelock-1.1

matthewbauer
matthewbauer reviewed Oct 5, 2018
View reviewed changes
pkgs/tools/X11/xsecurelock/default.nix
# Allow adding extra modules to the helper directory
postInstall =
let
copyHelper = path: "cp -v ${path} $out/libexec/xsecurelock/";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The problem with doing this is we have to rebuild with every new module. Instead, I would recommend patching xsecurelock so that HELPER_PATH is /run/curren-system/sw that way modules can just go into systemPackages.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does that break when you don't have the package installed system-wide, though? Since it's a compile-time option, I think that means that if you're installing this using nix-env -i, xsecurelock won't be able to find any helpers since they'll be in /nix/var/nix/profiles/?

@michaelpj
Copy link
Contributor

Can we get it to look at XDG_DATA_DIRS? That works both ways.

@andrew-d
Copy link
Contributor Author

andrew-d commented Oct 8, 2018

So, after some digging, it turns out that xsecurelock will actually happily run screensavers with an absolute path, contrary to what the documentation says. As such, this PR isn't required and I'm going to close it. If anyone else is interested, I added something like this to my configuration.nix:

xsecurelock_saver_image = pkgs.writeScriptBin "saver_image" ''
  #!${pkgs.stdenv.shell}

  # Blank the screen if we don't have an image file.
  if [ -z "$XSECURELOCK_IMAGE_FILE" ]; then
    exec ${pkgs.xsecurelock}/libexec/xsecurelock/saver_blank
  fi

  # Otherwise, draw onto the given window.
  ${pkgs.xloadimage}/bin/xloadimage \
    -fullscreen \
    -windowid $XSCREENSAVER_WINDOW \
    $XSECURELOCK_IMAGE_FILE                                        

  # This will get killed by xsecurelock, so just wait forever.
  exec sleep 86400
'';

@andrew-d andrew-d closed this Oct 8, 2018
@andrew-d andrew-d deleted the andrew/xsecurelock-nixos branch October 8, 2018 06:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matthewbauer matthewbauer matthewbauer left review comments

Assignees
No one assigned
Labels
6.topic: nixos 8.has: module (update) 10.rebuild-darwin: 1-10 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@andrew-d @matthewbauer @GrahamcOfBorg @michaelpj