New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/gnome-keyring: add option to enable the daemon as systemd service #36296
Conversation
Whether to enable GNOME Keyring daemon, a service designed to | ||
take care of the user's security credentials, | ||
such as user names and passwords. | ||
Whether to run a systemd service which runs the keyring daemon. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How does gnome handle this usually? dbus activation?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
DBus activation is limited according to https://wiki.gnome.org/Projects/GnomeKeyring/RunningDaemon. PAM module is the preferred method. Maybe check #30686
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Arch wiki is also useful https://wiki.archlinux.org/index.php/GNOME/Keyring#Using_the_keyring_outside_GNOME
nixos/tests/gnome-keyring.nix
Outdated
services.xserver.displayManager.auto.user = "bob"; | ||
|
||
services.gnome3.gnome-keyring.enable = true; | ||
services.gnome3.gnome-keyring.enableService = true; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks a bit weird that a user has to enable both. Maybe gnome should explicitly disable the service, so the user do not has to care about it.
agreed, however I’m not sure if we really want to change the config for gnome users (and possibly introduce regressions or compatibility breaks). How about setting ‘enableService’ with mkDefault to true unless the gnome DE is enabled?
… On 4. Mar 2018, at 3:33 PM, Jörg Thalheim ***@***.***> wrote:
@Mic92 commented on this pull request.
In nixos/tests/gnome-keyring.nix:
> @@ -0,0 +1,22 @@
+import ./make-test.nix ({ pkgs, lib, ... }:
+
+with lib;
+
+{
+ name = "gnome-keyring";
+ meta.maintainers = with pkgs.stdenv.lib.maintainers; [ ma27 ];
+
+ nodes.machine = {
+ imports = [ ./common/x11.nix ./common/user-account.nix ];
+ services.xserver.displayManager.auto.user = "bob";
+
+ services.gnome3.gnome-keyring.enable = true;
+ services.gnome3.gnome-keyring.enableService = true;
It looks a bit weird that a user has to enable both. Maybe gnome should explicitly disable the service, so the user do not has to care about it.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
... and we shouldn’t forget to actually register the test :-) |
877d0ec
to
21048e5
Compare
On my minimalistic i3 setup without any DE I don't have this daemon running, so it's impossible for other services to talk to it even when enabling this module. I added an option which allows to start a user service running the keyring daemon in the foreground to capture its output properly.
21048e5
to
9994c09
Compare
@Mic92 now |
@GrahamcOfBorg test gnome-keyring |
Failure on x86_64-linux (full log) Partial log (click to expand)
|
Failure on aarch64-linux (full log) Partial log (click to expand)
|
@GrahamcOfBorg eval |
The test could stay though. |
closing as invalid. Thanks a lot to @jtojnar for your hint with the options to configure PAM accordingly, this makes it unnecessary to introduce another service as discussed in the IRC. @Mic92 the test was intended to confirm the behavior of the new service I originally wanted to introduce. I'm unfortunately not sure how to check the integrity with gnome (I guess this requires a gnome-based test setup), so I'll close this for now and add a test in case I have sufficient time to. |
Motivation for this change
On my minimalistic i3 setup without any DE I don't have this daemon
running, so it's impossible for other services to talk to it even when
enabling this module.
I added an option which allows to start a user service running the
keyring daemon in the foreground to capture its output properly.
Things done
build-use-sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)