[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
07/16: services: gdm: Add a configuration field to enable XDMCP.
From: |
guix-commits |
Subject: |
07/16: services: gdm: Add a configuration field to enable XDMCP. |
Date: |
Fri, 7 Oct 2022 10:13:40 -0400 (EDT) |
apteryx pushed a commit to branch master
in repository guix.
commit 1936668f5b7837104de4a091c8f6adf907ff9273
Author: Maxim Cournoyer <maxim.cournoyer@gmail.com>
AuthorDate: Tue Aug 2 17:50:20 2022 -0400
services: gdm: Add a configuration field to enable XDMCP.
* gnu/services/xorg.scm (<gdm-configuration>)[xdmcp?]: New field.
* gnu/services/xorg.scm (gdm-configuration-file): Use it. Use (ice-9
format)
to serialize boolean.
(gdm-polkit-rules): New variable.
(gdm-service-type): Use it to extend polkit.
* doc/guix.texi (X Window): Document it.
---
doc/guix.texi | 6 ++++++
gnu/services/xorg.scm | 56 ++++++++++++++++++++++++++++++++++++++++++++-------
2 files changed, 55 insertions(+), 7 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index f8badfb5a9..4e75a5c00e 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -21119,6 +21119,12 @@ Configuration of the Xorg graphical server.
@item @code{x-session} (default: @code{(xinitrc)})
Script to run before starting a X session.
+@item @code{xdmcp?} (default: @code{#f})
+When true, enable the X Display Manager Control Protocol (XDMCP). This
+should only be enabled in trusted environments, as the protocol is not
+secure. When enabled, GDM listens for XDMCP queries on the UDP port
+177.
+
@item @code{dbus-daemon} (default: @code{dbus-daemon-wrapper})
File name of the @code{dbus-daemon} executable.
diff --git a/gnu/services/xorg.scm b/gnu/services/xorg.scm
index 3ff290c197..eb77822741 100644
--- a/gnu/services/xorg.scm
+++ b/gnu/services/xorg.scm
@@ -63,6 +63,7 @@
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-9)
#:use-module (srfi srfi-26)
+ #:use-module (ice-9 format)
#:use-module (ice-9 match)
#:export (xorg-configuration
xorg-configuration?
@@ -885,6 +886,8 @@ the GNOME desktop environment.")
(default (xorg-configuration)))
(x-session gdm-configuration-x-session
(default (xinitrc)))
+ (xdmcp? gdm-configuration-xdmcp?
+ (default #f))
(wayland? gdm-configuration-wayland? (default #f))
(wayland-session gdm-configuration-wayland-session
(default gdm-wayland-session-wrapper)))
@@ -913,18 +916,20 @@ the GNOME desktop environment.")
;; See also
;; <https://debbugs.gnu.org/cgi/bugreport.cgi?bug=39281>.
"InitialSetupEnable=false\n"
- "WaylandEnable=" (if (gdm-configuration-wayland? config)
- "true"
- "false") "\n"
+ (format #f "WaylandEnable=~:[false~;true~]~%"
+ (gdm-configuration-wayland? config))
"\n"
"[debug]\n"
- "Enable=" (if (gdm-configuration-debug? config)
- "true"
- "false") "\n"
+ (format #f "Enable=~:[false~;true~]~%"
+ (gdm-configuration-debug? config))
"\n"
"[security]\n"
"#DisallowTCP=true\n"
- "#AllowRemoteAutoLogin=false\n"))
+ "#AllowRemoteAutoLogin=false\n"
+ "\n"
+ "[xdmcp]\n"
+ (format #f "Enable=~:[false~;true~]~%"
+ (gdm-configuration-xdmcp? config))))
(define (gdm-pam-service config)
"Return a PAM service for @command{gdm}."
@@ -995,6 +1000,41 @@ the GNOME desktop environment.")
(stop #~(make-kill-destructor))
(respawn? #t))))
+(define gdm-polkit-rules
+ (lambda (config)
+ (if (gdm-configuration-xdmcp? config)
+ ;; Allow remote (XDMCP) users to use colord; otherwise an
+ ;; authentication dialog would appear on the GDM screen (see the
+ ;; upstream bug:
+ ;; https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/273).
+ (list (computed-file
+ "02-allow-colord.rules"
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+
+ (let* ((rules.d
+ (string-append #$output
+ "/share/polkit-1"
+ "/rules.d"))
+ (allow-colord.rules (string-append
+ rules.d
+ "/02-allow-colord.rules")))
+ (mkdir-p rules.d)
+ (call-with-output-file allow-colord.rules
+ (lambda (port)
+ ;; This workaround enables any local or remote in
+ ;; the "users" group to use colord (see:
+ ;; https://c-nergy.be/blog/?p=12073).
+ (format port "\
+polkit.addRule(function(action, subject) {
+ if (action.id.match(\"org.freedesktop.color-manager\")) {
+ polkit.log(\"POLKIT DEBUG returning YES for action: \" + action);
+ return polkit.Result.YES;
+ }
+});~%"))))))))
+ '())))
+
(define gdm-service-type
(handle-xorg-configuration gdm-configuration
(service-type (name 'gdm)
@@ -1005,6 +1045,8 @@ the GNOME desktop environment.")
(const %gdm-accounts))
(service-extension pam-root-service-type
gdm-pam-service)
+ (service-extension polkit-service-type
+ gdm-polkit-rules)
(service-extension profile-service-type
gdm-configuration-gnome-shell-assets)
(service-extension dbus-root-service-type
- 04/16: gnu: tigervnc-server: Disable tests via #:tests?., (continued)
- 04/16: gnu: tigervnc-server: Disable tests via #:tests?., guix-commits, 2022/10/07
- 05/16: gnu: tigervnc-server: Patch and wrap vncserver script., guix-commits, 2022/10/07
- 02/16: gnu: tigervnc-server: Move source production into origin snippet., guix-commits, 2022/10/07
- 08/16: marionette: Make marionette-screen-text private., guix-commits, 2022/10/07
- 06/16: gnu: gdm: Patch an extra reference to the Xsession script., guix-commits, 2022/10/07
- 15/16: services: Add xvnc-service-type., guix-commits, 2022/10/07
- 14/16: services: xorg: Add auto-suspend? field to <gdm-configuration>., guix-commits, 2022/10/07
- 09/16: marionette: Preserve screen dumps on failures., guix-commits, 2022/10/07
- 11/16: marionette: Add a callback arguments to wait-for-screen-text., guix-commits, 2022/10/07
- 01/16: gnu: tigervnc-server: Use new style inputs, gexps., guix-commits, 2022/10/07
- 07/16: services: gdm: Add a configuration field to enable XDMCP.,
guix-commits <=
- 10/16: marionette: Define keystrokes for typing colons and exclamation marks., guix-commits, 2022/10/07
- 12/16: gnu: dconf: Set sysconfdir to /etc., guix-commits, 2022/10/07
- 16/16: Update NEWS., guix-commits, 2022/10/07
- 13/16: services: Add dconf-service-type., guix-commits, 2022/10/07