services: Add GNOME Keyring service.

* gnu/services/desktop.scm: (<gnome-keyring-configuration>): New record type. (pam-gnome-keyring): New procedure. (gnome-keyring-service-type): New variable. * doc/guix.texi (Desktop Services): Document it. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2019-11-09 16:14:45 +01:00 · 2019-11-09 16:14:45 +01:00 · fe7b59c6b1
commit fe7b59c6b1
parent a6492178bd
2 changed files with 88 additions and 0 deletions
--- a/doc/guix.texi
+++ b/doc/guix.texi
@ -15753,6 +15753,41 @@ bluetooth keyboard or mouse.
 Users need to be in the @code{lp} group to access the D-Bus service.
@end deffn

+@defvr {Scheme Variable} gnome-keyring-service-type
+This is the type of the service that adds the
+@uref{https://wiki.gnome.org/Projects/GnomeKeyring, GNOME Keyring}.  Its
+value is a @code{gnome-keyring-configuration} object (see below.)
+
+This service adds the @code{gnome-keyring} package to the system profile
+and extends PAM with entries using @code{pam_gnome_keyring.so}, unlocking
+a user's login keyring when they log in or setting its password with passwd.
+@end defvr
+
+@deftp {Data Type} gnome-keyring-configuration
+Configuration record for the GNOME Keyring service.
+
+@table @asis
+@item @code{keyring} (default: @code{gnome-keyring})
+The GNOME keyring package to use.
+
+@item @code{pam-services}
+A list of @code{(@var{service} . @var{kind})} pairs denoting PAM
+services to extend, where @var{service} is the name of an existing
+service to extend and @var{kind} is one of @code{login} or
+@code{passwd}.
+
+If @code{login} is given, it adds an optional
+@code{pam_gnome_keyring.so} to the auth block without arguments and to
+the session block with @code{auto_start}.  If @code{passwd} is given, it
+adds an optional @code{pam_gnome_keyring.so} to the password block
+without arguments.
+
+By default, this field contains ``gdm-password'' with the value @code{login}
+and ``passwd'' is with the value @code{passwd}.
+@end table
+@end deftp
+
+
@node Sound Services
@subsection Sound Services

--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@ -137,6 +137,10 @@

            polkit-wheel-service

+            gnome-keyring-configuration
+            gnome-keyring-configuration?
+            gnome-keyring-service-type
+
            %desktop-services))

 ;;; Commentary:
@ -1066,6 +1070,55 @@ as expected.")))
   (description "Return a service that runs inputattach on a device and
 dispatches events from it.")))

+
+;;;
+;;; gnome-keyring-service-type
+;;;
+
+(define-record-type* <gnome-keyring-configuration> gnome-keyring-configuration
+  make-gnome-keyring-configuration
+  gnome-keyring-configuration?
+  (keyring gnome-keyring-package (default gnome-keyring))
+  (pam-services gnome-keyring-pam-services (default '(("gdm-password" . login)
+                                                      ("passwd" . passwd)))))
+
+(define (pam-gnome-keyring config)
+  (define (%pam-keyring-entry . arguments)
+    (pam-entry
+     (control "optional")
+     (module (file-append (gnome-keyring-package config)
+                          "/lib/security/pam_gnome_keyring.so"))
+     (arguments arguments)))
+
+  (list
+   (lambda (service)
+     (case (assoc-ref (gnome-keyring-pam-services config)
+                      (pam-service-name service))
+       ((login)
+        (pam-service
+         (inherit service)
+         (auth (append (pam-service-auth service)
+                       (list (%pam-keyring-entry))))
+         (session (append (pam-service-session service)
+                          (list (%pam-keyring-entry "auto_start"))))))
+       ((passwd)
+        (pam-service
+         (inherit service)
+         (password (append (pam-service-password service)
+                           (list (%pam-keyring-entry))))))
+       (else service)))))
+
+(define gnome-keyring-service-type
+  (service-type
+   (name 'gnome-keyring)
+   (extensions (list
+                (service-extension pam-root-service-type pam-gnome-keyring)))
+   (default-value (gnome-keyring-configuration))
+   (description "Return a service, that adds the @code{gnome-keyring} package
+to the system profile and extends PAM with entries using
+@code{pam_gnome_keyring.so}, unlocking a user's login keyring when they log in
+or setting its password with passwd.")))
+

 ;;;
 ;;; polkit-wheel-service -- Allow wheel group to perform admin actions