JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use pam_systemd.so to set up device ownership

Browse Source 
This removes the need for ConsoleKit, so it's gone.
This commit is contained in:
Eelco Dolstra 2012-06-15 14:51:48 -04:00
parent ab86759eb3
commit 66f4d10843
4 changed files with 3 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
modules/module-list.nix
View File

@ -46,7 +46,6 @@
./programs/wvdial.nix ./programs/wvdial.nix
./rename.nix ./rename.nix
./security/ca.nix ./security/ca.nix
./security/consolekit.nix
./security/pam.nix ./security/pam.nix
./security/pam_usb.nix ./security/pam_usb.nix
./security/policykit.nix ./security/policykit.nix

60
modules/security/consolekit.nix
View File

@ -1,60 +0,0 @@
{ config, pkgs, ... }:
with pkgs.lib;
let
# `pam_console' maintains the set of locally logged in users in
# /var/run/console. This is obsolete, but D-Bus still uses it for
# its `at_console' feature. So maintain it using a ConsoleKit
# session script. Borrowed from
# http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-auth/consolekit/files/pam-foreground-compat.ck
updateVarRunConsole = pkgs.writeTextFile {
name = "var-run-console.ck";
destination = "/etc/ConsoleKit/run-session.d/var-run-console.ck";
executable = true;
text =
''
#! ${pkgs.stdenv.shell} -e
PATH=${pkgs.coreutils}/bin:${pkgs.gnused}/bin:${pkgs.glibc}/bin
TAGDIR=/var/run/console
[ -n "$CK_SESSION_USER_UID" ] || exit 1
TAGFILE="$TAGDIR/`getent passwd $CK_SESSION_USER_UID | cut -f 1 -d:`"
if [ "$1" = "session_added" ]; then
mkdir -p "$TAGDIR"
echo "$CK_SESSION_ID" >> "$TAGFILE"
fi
if [ "$1" = "session_removed" ] && [ -e "$TAGFILE" ]; then
sed -i "\%^$CK_SESSION_ID\$%d" "$TAGFILE"
[ -s "$TAGFILE" ] || rm -f "$TAGFILE"
fi
'';
};
in
{
config = {
environment.systemPackages = [ pkgs.consolekit ];
services.dbus.packages = [ pkgs.consolekit ];
environment.etc = singleton
{ source = (pkgs.buildEnv {
name = "consolekit-config";
pathsToLink = [ "/etc/ConsoleKit" ];
paths = [ pkgs.consolekit pkgs.udev updateVarRunConsole ];
}) + "/etc/ConsoleKit";
target = "ConsoleKit";
};
};
}

4
modules/security/pam.nix
View File

@ -41,7 +41,7 @@ let
# against the keys in the calling user's ~/.ssh/authorized_keys. # against the keys in the calling user's ~/.ssh/authorized_keys.
# This is useful for "sudo" on password-less remote systems. # This is useful for "sudo" on password-less remote systems.
sshAgentAuth ? false sshAgentAuth ? false
, # If set, use ConsoleKit's PAM connector module to claim , # If set, use systemd's PAM connector module to claim
# ownership of audio devices etc. # ownership of audio devices etc.
ownDevices ? false ownDevices ? false
, # Whether to forward XAuth keys between users. Mostly useful , # Whether to forward XAuth keys between users. Mostly useful
@ -104,7 +104,7 @@ let
${optionalString config.krb5.enable ${optionalString config.krb5.enable
"session optional ${pam_krb5}/lib/security/pam_krb5.so"} "session optional ${pam_krb5}/lib/security/pam_krb5.so"}
${optionalString ownDevices ${optionalString ownDevices
"session optional ${pkgs.consolekit}/lib/security/pam_ck_connector.so"} "session optional ${pkgs.systemd}/lib/security/pam_systemd.so"}
${optionalString forwardXAuth ${optionalString forwardXAuth
"session optional pam_xauth.so xauthpath=${pkgs.xorg.xauth}/bin/xauth systemuser=99"} "session optional pam_xauth.so xauthpath=${pkgs.xorg.xauth}/bin/xauth systemuser=99"}
${optionalString (limits != []) ${optionalString (limits != [])

1
modules/system/boot/systemd.nix
View File

@ -37,6 +37,7 @@ let
"systemd-vconsole-setup.service" "systemd-vconsole-setup.service"
"systemd-user-sessions.service" "systemd-user-sessions.service"
"dbus-org.freedesktop.login1.service" "dbus-org.freedesktop.login1.service"
"user@.service"
# Journal. # Journal.
"systemd-journald.socket" "systemd-journald.socket"