[PATCH] gnu: swaylock: Add linux-pam to inputs

  • Done
  • quality assurance status badge
Details
4 participants
  • Andrew Tropin
  • Benjamin
  • Ludovic Courtès
  • muradm
Owner
unassigned
Submitted by
Benjamin
Severity
normal
B
B
Benjamin wrote on 7 May 2023 17:27
(address . guix-patches@gnu.org)(name . Benjamin)(address . benjamin@uvy.fr)
aa1de1b705215a1cf6340c967619419cfa115ca6.1683473235.git.benjamin@uvy.fr
Adding linux-pam to inputs allows swaylock to run without setuid if
configured with a proper pam file.
---
gnu/packages/wm.scm | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)

Toggle diff (19 lines)
diff --git a/gnu/packages/wm.scm b/gnu/packages/wm.scm
index fe732e572e..b128b77e6a 100644
--- a/gnu/packages/wm.scm
+++ b/gnu/packages/wm.scm
@@ -1705,9 +1705,7 @@ (define-public swaylock
(sha256
(base32 "03jrjwlwxkcyd6m9a1bbwapasnz7b7aws7h0y6jigjm4m478phv6"))))
(build-system meson-build-system)
- (inputs (list cairo gdk-pixbuf libxkbcommon
- ;("linux-pam" ,linux-pam) ; FIXME: Doesn't work.
- wayland))
+ (inputs (list cairo gdk-pixbuf libxkbcommon linux-pam wayland))
(native-inputs (list pango pkg-config scdoc wayland-protocols))
(home-page "https://github.com/swaywm/sway")
(synopsis "Screen locking utility for Wayland compositors")

base-commit: 7f8575c97a8c112e9f82981b8803d075a82738dd
--
2.39.2
L
L
Ludovic Courtès wrote on 18 May 2023 19:54
(name . Benjamin)(address . benjamin@uvy.fr)(address . 63357-done@debbugs.gnu.org)
87bkih34po.fsf@gnu.org
Hi,

Benjamin <benjamin@uvy.fr> skribis:

Toggle quote (5 lines)
> Adding linux-pam to inputs allows swaylock to run without setuid if
> configured with a proper pam file.
> ---
> gnu/packages/wm.scm | 4 +---

I tweaked the commit log and applied it. Thanks!

Ludo’.
Closed
A
A
Andrew Tropin wrote on 22 May 2023 17:14
87h6s4qtyp.fsf@trop.in
On 2023-05-18 19:54, Ludovic Courtès wrote:

Toggle quote (11 lines)
> Hi,
>
> Benjamin <benjamin@uvy.fr> skribis:
>
>> Adding linux-pam to inputs allows swaylock to run without setuid if
>> configured with a proper pam file.
>> ---
>> gnu/packages/wm.scm | 4 +---
>
> I tweaked the commit log and applied it. Thanks!

Hey guys!

One of our colleagues mentioned that it's a breaking change and swaylock
with pam backend will complain if suid is set, so the old setups with
(screen-locker-service swaylock) will break after this commit.

Do we want to document how to configure pam for swaylock in manual and
add a news entry for this change?

--
Best regards,
Andrew Tropin
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEKEGaxlA4dEDH6S/6IgjSCVjB3rAFAmRrhs8ACgkQIgjSCVjB
3rD0/w//W3SSU/wk3u7Ud3/arYWAHKQLOW+T/WQ7mBFuXyD9oMbRiziQiavhwZJo
2XTfvxukhR3IRJ2XEDgvjgbBjEpC6gMble7wPFyxKeQa3sVHagQgZibXeGE/h3uZ
p2VtzU5L+reEmtgommNqPBuOmXp/uMUpxYYvIZafBHc+iZLdopxitjQv9wsVoGYx
WeQVJLHs8bj+ZeA4I9IG4MaGvGbvFZeZYmEOQV3l8vGvw++6qglDpdZq46SZcj8+
Cjem4u+un+zcBYLFUJMujuxO2c5+BTEbulEyE8v+rfI8vvWs+J63l/7ER0wuRLRP
i44p8owzbNXP+e4dOuGb6hRJzCDkYULn1sFmaN3p0luwm3Zr4OLmC7rfkbF42VoD
okrmjmANw+Mj9OvEvkkIC3/ML19H7coqS1mERPR8MYXQTk80XQ//jELaZLu1INgz
nIgBfmexDKgGZ2fA8V6qObNhmjy8ydT6E2NQGS6ON9384vyeocd1GagzyXSQL8xL
o6Z0TyQY9ebrzYtIEEZxZaZnIs3URn4EAQxnBuxeozqKfO8aaMYfYLGV7eaq8Zr+
gbxGoZ0q7feqkNPm1Af+9JxB93q1D9oZsbWTTvRl81G9VHfZzHvtgL884kmLkVG3
qQO2YMupwe4LYoY68Nw0C3gzBsTzGj911JwBIuZEixCeAY2QL9c=
=+DFa
-----END PGP SIGNATURE-----

Closed
B
B
Benjamin wrote on 22 May 2023 17:53
CSSXD21OYWQK.3QRX14N8FTIK4@robot.uvy.fr
Hello,

Toggle quote (7 lines)
> One of our colleagues mentioned that it's a breaking change and swaylock
> with pam backend will complain if suid is set, so the old setups with
> (screen-locker-service swaylock) will break after this commit.
>
> Do we want to document how to configure pam for swaylock in manual and
> add a news entry for this change?

First of all sorry for the breaking change.

I am pretty new to guix and did not know about screen-locker-service.
How I managed to make this to work is by setting a custom pam system
service :

(define-public swaylock-pam-service-type
(service-type (name 'swaylock)
(extensions (list (service-extension pam-root-service-type
(const (list (pam-service
(name "swaylock")
(auth (list
(pam-entry
(control "include")
(module "greetd"))))))))))
(description "Swaylock pam configuration")
(default-value '())))

I do not know the policy in case of breaking changes, but if it is
easier we can roll back this change maybe ?

Best

Benjamin
Closed
M
M
muradm wrote on 22 May 2023 21:33
(name . Benjamin)(address . benjamin@uvy.fr)
87v8gk88jj.fsf@muradm.net
Hi,

I would suggest to go forward with fixing
screen-locker-service-type.
Root cause of issue is explained within the commit message of:

muradm

"Benjamin" <benjamin@uvy.fr> writes:

Toggle quote (46 lines)
> Hello,
>
>> One of our colleagues mentioned that it's a breaking change and
>> swaylock
>> with pam backend will complain if suid is set, so the old
>> setups with
>> (screen-locker-service swaylock) will break after this commit.
>>
>> Do we want to document how to configure pam for swaylock in
>> manual and
>> add a news entry for this change?
>
> First of all sorry for the breaking change.
>
> I am pretty new to guix and did not know about
> screen-locker-service.
> How I managed to make this to work is by setting a custom pam
> system
> service :
>
> (define-public swaylock-pam-service-type
> (service-type (name 'swaylock)
> (extensions (list (service-extension
> pam-root-service-type
> (const
> (list
> (pam-service
> (name
> "swaylock")
> (auth
> (list
> (pam-entry
> (control
> "include")
> (module
> "greetd"))))))))))
> (description "Swaylock pam configuration")
> (default-value '())))
>
> I do not know the policy in case of breaking changes, but if it
> is
> easier we can roll back this change maybe ?
>
> Best
>
> Benjamin
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEESPY5lma9A9l5HGLP6M7O0mLOBeIFAmRrw8AACgkQ6M7O0mLO
BeKmpw//VYB7D+B31EJSyl1hcLDhwjxpd+tsXyq7Wp0eAd1XISiCPvKn9lI2Eb1S
9lEynXrg4Hk/4J7zznN7s608ETS8037Rh/DZt0kXubzgqiOlbzDnFzKB1IoVfFfJ
SE3/er2fVvQwMtjmO3xnvpe8Icj0rNzI6pmvfWOm/2tfYq0rWsLomrXZAwLYXZ4l
d2OAYf1lDCv4szAMK+M3OHWfRQYv4z5qHRSktQkO/s/TVPKayM7YI+w/tn1OeDRJ
ze0GcEVJUEbjLeGsnEHNJbE82gPsykNcUaNQhtrIH04hcrMoVFNc8QKIACC4b5Ap
L7s2+ubIgGOjTp3TtryqGoXrWiFvt6pKFO6zcWDC+hli1ML9rxFxUzAfefWq3bCz
bTD8GdfGEuVqFUPixcfsdxN3/gRHBGbbiJ0dnulklQL6LZ8qRbnLjdiO5DtMcwGu
k/fkxRpei9fMMY+lkqhytbHt5jLqPP4pfqw9ev5fU6RrILtexnqskzT0aQbbtJVE
jWAbuN3+ye7bZpdjf1TKbSAavr2DfdNgP9QmL4iGZC1fdcq9Fzl+8FoQLBFEFtZ0
izU8Swk8EVLSrRyx9cbBlNvNJ2K09IdRCtwkXJKhEa6TQJN+jRFQTRFZPPHm7Kpr
QFAezJboXLF9VDGGQa/+yzwVKxAJVndsc9Icidgl4Of0IS7kUms=
=Oad+
-----END PGP SIGNATURE-----

Closed
?