nixos/gnome-keyring: add option to enable the daemon as systemd service #36296
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Mic92
reviewed
Mar 4, 2018
| Whether to enable GNOME Keyring daemon, a service designed to | ||
| take care of the user's security credentials, | ||
| such as user names and passwords. | ||
| Whether to run a systemd service which runs the keyring daemon. |
There was a problem hiding this comment.
How does gnome handle this usually? dbus activation?
There was a problem hiding this comment.
DBus activation is limited according to https://wiki.gnome.org/Projects/GnomeKeyring/RunningDaemon. PAM module is the preferred method. Maybe check #30686
There was a problem hiding this comment.
Arch wiki is also useful https://wiki.archlinux.org/index.php/GNOME/Keyring#Using_the_keyring_outside_GNOME
Mic92
reviewed
Mar 4, 2018
nixos/tests/gnome-keyring.nix
Outdated
| services.xserver.displayManager.auto.user = "bob"; | ||
|
|
||
| services.gnome3.gnome-keyring.enable = true; | ||
| services.gnome3.gnome-keyring.enableService = true; |
There was a problem hiding this comment.
It looks a bit weird that a user has to enable both. Maybe gnome should explicitly disable the service, so the user do not has to care about it.
|
agreed, however I’m not sure if we really want to change the config for gnome users (and possibly introduce regressions or compatibility breaks). How about setting ‘enableService’ with mkDefault to true unless the gnome DE is enabled?
… On 4. Mar 2018, at 3:33 PM, Jörg Thalheim ***@***.***> wrote:
@Mic92 commented on this pull request.
In nixos/tests/gnome-keyring.nix:
> @@ -0,0 +1,22 @@
+import ./make-test.nix ({ pkgs, lib, ... }:
+
+with lib;
+
+{
+ name = "gnome-keyring";
+ meta.maintainers = with pkgs.stdenv.lib.maintainers; [ ma27 ];
+
+ nodes.machine = {
+ imports = [ ./common/x11.nix ./common/user-account.nix ];
+ services.xserver.displayManager.auto.user = "bob";
+
+ services.gnome3.gnome-keyring.enable = true;
+ services.gnome3.gnome-keyring.enableService = true;
It looks a bit weird that a user has to enable both. Maybe gnome should explicitly disable the service, so the user do not has to care about it.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
... and we shouldn’t forget to actually register the test :-) |
Ma27
force-pushed
the
run-gnome-keyring-independently
branch
from
877d0ec
to
21048e5
Compare
On my minimalistic i3 setup without any DE I don't have this daemon running, so it's impossible for other services to talk to it even when enabling this module. I added an option which allows to start a user service running the keyring daemon in the foreground to capture its output properly.
Ma27
force-pushed
the
run-gnome-keyring-independently
branch
from
21048e5
to
9994c09
Compare
|
@Mic92 now |
|
@GrahamcOfBorg test gnome-keyring |
|
Failure on x86_64-linux (full log) Partial log (click to expand)
|
|
Failure on aarch64-linux (full log) Partial log (click to expand)
|
|
@GrahamcOfBorg eval |
|
The test could stay though. |
|
closing as invalid. Thanks a lot to @jtojnar for your hint with the options to configure PAM accordingly, this makes it unnecessary to introduce another service as discussed in the IRC. @Mic92 the test was intended to confirm the behavior of the new service I originally wanted to introduce. I'm unfortunately not sure how to check the integrity with gnome (I guess this requires a gnome-based test setup), so I'll close this for now and add a test in case I have sufficient time to. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation for this change
On my minimalistic i3 setup without any DE I don't have this daemon
running, so it's impossible for other services to talk to it even when
enabling this module.
I added an option which allows to start a user service running the
keyring daemon in the foreground to capture its output properly.
Things done
build-use-sandboxinnix.confon non-NixOS)nix-shell -p nox --run "nox-review wip"./result/bin/)