[bug#35305] LightDM service

[L p R n d n]

Hello,


Ricardo Wurmus <address@hidden> writes:

> I have applied all patches locally, pushed some of them to the master
> branch already, and also made these local changes:

Thanks for the review!

[...]
>  
>  @item @code{autologin-user} (default: "")
> -If @code{autologin-user} is set, LightDM logs in directly
> -as @code{autologin-user} to the session defined in
> -@code{default-user-session}. This user should be part of the
> +If @code{autologin-user} is set, LightDM logs in directly as
> +@code{autologin-user} to the session defined in
> +@code{default-user-session}.  This user should be part of the
>  @code{autologin} group.

My bad but here, the `autologin group thing is not applicable in
Guix at least for now. + adding a user to this group outputs an error
So I tried to make a quick fix of the documentation with this patch:

diff --git a/doc/guix.texi b/doc/guix.texi
index 54eba225d3..3dd5fe216a 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -14792,10 +14792,9 @@ The name of the default @code{.desktop} file 
describing a session.
 Will be used for @code{user-session} and @code{autologin-session} if necessary.
 
 @item @code{autologin-user} (default: "")
-If @code{autologin-user} is set, LightDM logs in directly
-as @code{autologin-user} to the session defined in
-@code{default-user-session}. This user should be part of the
-@code{autologin} group.
+If @code{autologin-user} is set, LightDM logs in directly as
+@code{autologin-user} to the session defined in
+@code{default-user-session}.
 
 @item @code{extra-config} (default: @code{'()})
 A list of strings each describing a custom setting to append to the seat

However it might be interesting to set this up in Guix as it seems to be
used in other linux distribution and looks like a relatively good security
feature. I'm not versed in security but we would at least need to create
this group and modify the pam services. Should I open an issue for that?

[...]

>
> What do you think about these changes?  I felt that a list of
> directories should be expressed as a list and not a colon-separated
> string.  I realize that this clashes with the lightdm configuration
> file, which speaks of “directory” even though it accepts a
> colon-separated list of directories.

Everything is looking fine! And the directories as lists is indeed way better.

> If that’s fine I’ll fold them into your patch that adds the service.
>
> I built a VM and noticed that all icons are missing.  Should the service
> arrange for a certain fallback icon theme to be installed?

If you only added (service-type lightdm-service-type) without any
greeter, it's expected.
LightDM without autologin needs a greeter. So in this case you just get
a "fallback" session to avoid unnecesseraly breaking the user's
system. I choose not to bring lightdm-gtk-greeter's assets to give the
user a little push toward adding a greeter service. It's very arguable
so if you think we should bring in assets too, let's do it. I can
prepare a patch if you want. The documentation might also be lacking
here. So adding a little comment in the lightdm-service description
might also be enough. What do you think?

> I also haven’t actually been able to log in as root with an empty
> password, which is what the VM generates by default.  Can this be
> supported with lightdm?

Didn't succeed either but it should be possible... :/
Looking on the web, on passwordless login, the lightdm-autologin pam is
often cited so this line:

(pam-entry (control "required") (module "pam_succeed_if.so")
           (arguments (list "uid >= 1000")))

might be related. But I'm really not knowledgeable enough on this matter
to give a proper answer.

> --
> Ricardo

Have a nice day,

L  p R n  d n