pyrox.dev
lol
nixos/gnome/gcr-ssh-agent: init (#379731)
authored by
GitHub
51ad441b
58e32c07
+96
-16
+2
doc/release-notes/rl-2511.section.md
+2
doc/release-notes/rl-2511.section.md
···
19
19
- `gentium` package now provides `Gentium-*.ttf` files, and not `GentiumPlus-*.ttf` files like before. The font identifiers `Gentium Plus*` are available in the `gentium-plus` package, and if you want to use the more recently updated package `gentium` [by sil](https://software.sil.org/gentium/), you should update your configuration files to use the `Gentium` font identifier.
20
20
- `space-orbit` package has been removed due to lack of upstream maintenance. Debian upstream stopped tracking it in 2011.
21
21
22
+
- `gnome-keyring` no longer ships with an SSH agent anymore because it has been deprecated upstream. You should use `gcr_4` instead, which provides the same features. More information on why this was done can be found on [the relevant GCR upstream PR](https://gitlab.gnome.org/GNOME/gcr/-/merge_requests/67).
23
+
22
24
## Other Notable Changes {#sec-nixpkgs-release-25.11-notable-changes}
23
25
24
26
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
+2
nixos/doc/manual/release-notes/rl-2511.section.md
+2
nixos/doc/manual/release-notes/rl-2511.section.md
···
56
56
57
57
- `amdgpu` kernel driver overdrive mode can now be enabled by setting [hardware.amdgpu.overdrive.enable](#opt-hardware.amdgpu.overdrive.enable) and customized through [hardware.amdgpu.overdrive.ppfeaturemask](#opt-hardware.amdgpu.overdrive.ppfeaturemask).
58
58
This allows for fine-grained control over the GPU's performance and maybe required by overclocking softwares like Corectrl and Lact. These new options replace old options such as {option}`programs.corectrl.gpuOverclock.enable` and {option}`programs.tuxclocker.enableAMD`.
59
+
60
+
- [](#opt-services.gnome.gnome-keyring.enable) does not ship with an SSH agent anymore, as this is now handled by the `gcr_4` package instead of `gnome-keyring`. A new module has been added to support this, under [](#opt-services.gnome.gcr-ssh-agent.enable) (its default value has been set to [](#opt-services.gnome.gnome-keyring.enable) to ensure a smooth transition). See the [relevant upstream PR](https://gitlab.gnome.org/GNOME/gcr/-/merge_requests/67) for more details.
+1
nixos/modules/module-list.nix
+1
nixos/modules/module-list.nix
···
548
548
./services/desktops/geoclue2.nix
549
549
./services/desktops/gnome/at-spi2-core.nix
550
550
./services/desktops/gnome/evolution-data-server.nix
551
+
./services/desktops/gnome/gcr-ssh-agent.nix
551
552
./services/desktops/gnome/glib-networking.nix
552
553
./services/desktops/gnome/gnome-browser-connector.nix
553
554
./services/desktops/gnome/gnome-initial-setup.nix
+1
nixos/modules/services/desktop-managers/gnome.nix
+1
nixos/modules/services/desktop-managers/gnome.nix
···
327
327
services.gnome.at-spi2-core.enable = true;
328
328
services.gnome.evolution-data-server.enable = true;
329
329
services.gnome.gnome-keyring.enable = true;
330
+
services.gnome.gcr-ssh-agent.enable = mkDefault true;
330
331
services.gnome.gnome-online-accounts.enable = mkDefault true;
331
332
services.gnome.localsearch.enable = mkDefault true;
332
333
services.gnome.tinysparql.enable = mkDefault true;
+49
nixos/modules/services/desktops/gnome/gcr-ssh-agent.nix
+49
nixos/modules/services/desktops/gnome/gcr-ssh-agent.nix
···
1
+
{
2
+
config,
3
+
options,
4
+
pkgs,
5
+
lib,
6
+
...
7
+
}:
8
+
let
9
+
cfg = config.services.gnome.gcr-ssh-agent;
10
+
opts = options.services.gnome.gcr-ssh-agent;
11
+
sshCfg = config.programs.ssh;
12
+
sshOpts = options.programs.ssh;
13
+
in
14
+
{
15
+
meta = {
16
+
maintainers = lib.teams.gnome.members;
17
+
};
18
+
19
+
options = {
20
+
services.gnome.gcr-ssh-agent = {
21
+
enable = lib.mkOption {
22
+
default = config.services.gnome.gnome-keyring.enable;
23
+
defaultText = lib.literalExpression "config.services.gnome.gnome-keyring.enable";
24
+
example = true;
25
+
description = "Whether to enable GCR SSH agent.";
26
+
type = lib.types.bool;
27
+
};
28
+
29
+
package = lib.mkPackageOption pkgs "GCR" {
30
+
default = [ "gcr_4" ];
31
+
};
32
+
};
33
+
};
34
+
35
+
config = lib.mkIf cfg.enable {
36
+
assertions = lib.singleton {
37
+
assertion = !sshCfg.startAgent;
38
+
message = ''
39
+
`${sshOpts.startAgent}' (defined in ${lib.showFiles sshOpts.startAgent.files}) and `${opts.enable}' (defined in ${lib.showFiles opts.enable.files}) cannot both be enabled at the same time.
40
+
These options conflict because only one SSH agent can be installed at a time.'';
41
+
};
42
+
43
+
systemd = {
44
+
packages = [ cfg.package ];
45
+
user.services.gcr-ssh-agent.wantedBy = [ "default.target" ];
46
+
user.sockets.gcr-ssh-agent.wantedBy = [ "sockets.target" ];
47
+
};
48
+
};
49
+
}
+1
nixos/modules/services/x11/desktop-managers/budgie.nix
+1
nixos/modules/services/x11/desktop-managers/budgie.nix
···
253
253
services.gnome.evolution-data-server.enable = mkDefault true;
254
254
services.gnome.glib-networking.enable = mkDefault true;
255
255
services.gnome.gnome-keyring.enable = mkDefault true;
256
+
services.gnome.gcr-ssh-agent.enable = mkDefault true;
256
257
services.gnome.gnome-settings-daemon.enable = mkDefault true;
257
258
services.gvfs.enable = mkDefault true;
258
259
+1
nixos/modules/services/x11/desktop-managers/cinnamon.nix
+1
nixos/modules/services/x11/desktop-managers/cinnamon.nix
···
116
116
services.gnome.evolution-data-server.enable = true;
117
117
services.gnome.glib-networking.enable = true;
118
118
services.gnome.gnome-keyring.enable = true;
119
+
services.gnome.gcr-ssh-agent.enable = mkDefault true;
119
120
services.gvfs.enable = true;
120
121
services.power-profiles-daemon.enable = mkDefault true;
121
122
services.switcherooControl.enable = mkDefault true; # xapp-gpu-offload-helper
+1
nixos/modules/services/x11/desktop-managers/deepin.nix
+1
nixos/modules/services/x11/desktop-managers/deepin.nix
···
63
63
services.gvfs.enable = mkDefault true;
64
64
services.gnome.glib-networking.enable = mkDefault true;
65
65
services.gnome.gnome-keyring.enable = mkDefault true;
66
+
services.gnome.gcr-ssh-agent.enable = mkDefault true;
66
67
services.bamf.enable = mkDefault true;
67
68
68
69
services.libinput.enable = mkDefault true;
+1
nixos/modules/services/x11/desktop-managers/mate.nix
+1
nixos/modules/services/x11/desktop-managers/mate.nix
···
92
92
services.gnome.at-spi2-core.enable = true;
93
93
services.gnome.glib-networking.enable = true;
94
94
services.gnome.gnome-keyring.enable = true;
95
+
services.gnome.gcr-ssh-agent.enable = mkDefault true;
95
96
services.udev.packages = [ pkgs.mate.mate-settings-daemon ];
96
97
services.gvfs.enable = true;
97
98
services.upower.enable = config.powerManagement.enable;
+1
nixos/modules/services/x11/desktop-managers/pantheon.nix
+1
nixos/modules/services/x11/desktop-managers/pantheon.nix
···
152
152
services.gnome.evolution-data-server.enable = true;
153
153
services.gnome.glib-networking.enable = true;
154
154
services.gnome.gnome-keyring.enable = true;
155
+
services.gnome.gcr-ssh-agent.enable = mkDefault true;
155
156
services.gvfs.enable = true;
156
157
services.gnome.rygel.enable = mkDefault true;
157
158
services.udisks2.enable = true;
-11
pkgs/by-name/gn/gnome-keyring/package.nix
-11
pkgs/by-name/gn/gnome-keyring/package.nix
···
16
16
libcap_ng,
17
17
libselinux,
18
18
p11-kit,
19
-
openssh,
20
19
wrapGAppsNoGuiHook,
21
20
docbook-xsl-nons,
22
21
docbook_xml_dtd_43,
23
22
gnome,
24
-
writeText,
25
23
useWrappedDaemon ? true,
26
24
}:
27
25
···
55
53
glib
56
54
libgcrypt
57
55
pam
58
-
openssh
59
56
libcap_ng
60
57
libselinux
61
58
gcr
···
71
68
# installation directories
72
69
"-Dpkcs11-config=${placeholder "out"}/etc/pkcs11" # todo: this should probably be /share/p11-kit/modules
73
70
"-Dpkcs11-modules=${placeholder "out"}/lib/pkcs11"
74
-
# gnome-keyring doesn't build with ssh-agent by default anymore, we need to
75
-
# switch to using gcr https://github.com/NixOS/nixpkgs/issues/140824
76
-
"-Dssh-agent=true"
77
71
# TODO: enable socket activation
78
72
"-Dsystemd=disabled"
79
-
"--cross-file=${writeText "crossfile.ini" ''
80
-
[binaries]
81
-
ssh-add = '${lib.getExe' openssh "ssh-add"}'
82
-
ssh-agent = '${lib.getExe' openssh "ssh-agent"}'
83
-
''}"
84
73
];
85
74
86
75
# Tends to fail non-deterministically.
+8
-1
pkgs/desktops/pantheon/desktop/elementary-session-settings/default.nix
+8
-1
pkgs/desktops/pantheon/desktop/elementary-session-settings/default.nix
···
19
19
meson,
20
20
ninja,
21
21
}:
22
-
23
22
stdenv.mkDerivation rec {
24
23
pname = "elementary-session-settings";
25
24
version = "8.0.1";
···
30
29
rev = version;
31
30
sha256 = "sha256-4B7lUjHEa4LdKrmsFCB3iFIsdVd/rgwmtQUAgAj3rXs=";
32
31
};
32
+
33
+
/*
34
+
This allows `elementary-session-settings` to not use gnome-keyring's ssh capabilities anymore, as they have been
35
+
moved to gcr upstream, in an effort to modularize gnome-keyring.
36
+
37
+
More info can be found here: https://gitlab.gnome.org/GNOME/gnome-keyring/-/merge_requests/60
38
+
*/
39
+
patches = [ ./no-gnome-keyring-ssh-autostart.patch ];
33
40
34
41
nativeBuildInputs = [
35
42
desktop-file-utils
+12
pkgs/desktops/pantheon/desktop/elementary-session-settings/no-gnome-keyring-ssh-autostart.patch
+12
pkgs/desktops/pantheon/desktop/elementary-session-settings/no-gnome-keyring-ssh-autostart.patch
···
1
+
diff --git a/session/meson.build b/session/meson.build
2
+
index 501e836..3254658 100644
3
+
--- a/session/meson.build
4
+
+++ b/session/meson.build
5
+
@@ -79,7 +79,6 @@ if get_option('detect-program-prefixes') == true
6
+
autostarts = {
7
+
'gnome-keyring-pkcs11': join_paths(gnome_keyring_prefix, 'etc/xdg/autostart', 'gnome-keyring-pkcs11.desktop'),
8
+
'gnome-keyring-secrets': join_paths(gnome_keyring_prefix, 'etc/xdg/autostart', 'gnome-keyring-secrets.desktop'),
9
+
- 'gnome-keyring-ssh': join_paths(gnome_keyring_prefix, 'etc/xdg/autostart', 'gnome-keyring-ssh.desktop'),
10
+
'onboard-autostart': join_paths(onboard_prefix, 'etc/xdg/autostart', 'onboard-autostart.desktop'),
11
+
'orca-autostart': join_paths(orca_prefix, 'etc/xdg/autostart', 'orca-autostart.desktop'),
12
+
}
+16
-4
pkgs/development/libraries/gcr/4.nix
+16
-4
pkgs/development/libraries/gcr/4.nix
···
1
1
{
2
+
pkgs,
2
3
stdenv,
3
4
lib,
4
5
fetchurl,
···
25
26
shared-mime-info,
26
27
systemdSupport ? lib.meta.availableOn stdenv.hostPlatform systemd,
27
28
}:
28
-
29
+
let
30
+
ini = pkgs.formats.ini { };
31
+
in
29
32
stdenv.mkDerivation (finalAttrs: {
30
33
pname = "gcr";
31
34
version = "4.4.0.1";
···
80
83
];
81
84
82
85
mesonFlags = [
83
-
# We are still using ssh-agent from gnome-keyring.
84
-
# https://github.com/NixOS/nixpkgs/issues/140824
85
-
"-Dssh_agent=false"
86
86
"-Dgpg_path=${lib.getBin gnupg}/bin/gpg"
87
87
(lib.mesonEnable "systemd" systemdSupport)
88
+
"--cross-file=${
89
+
ini.generate "cross-file.conf" {
90
+
binaries =
91
+
{
92
+
ssh-add = "'${lib.getExe' openssh "ssh-add"}'";
93
+
ssh-agent = "'${lib.getExe' openssh "ssh-agent"}'";
94
+
}
95
+
// lib.optionalAttrs systemdSupport {
96
+
systemctl = "'${lib.getExe' systemd "systemctl"}'";
97
+
};
98
+
}
99
+
}"
88
100
];
89
101
90
102
doCheck = false; # fails 21 out of 603 tests, needs dbus daemon