[jackhill/guix/guix.git] / gnu / services / dbus.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
;;; Copyright © 2021 Maxime Devos <maximedevos@telenet.be>
;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu services dbus)
  #:use-module (gnu services)
  #:use-module (gnu services shepherd)
  #:use-module (gnu system setuid)
  #:use-module (gnu system shadow)
  #:use-module (gnu system pam)
  #:use-module ((gnu packages glib) #:select (dbus))
  #:use-module (gnu packages polkit)
  #:use-module (gnu packages admin)
  #:use-module (guix gexp)
  #:use-module ((guix packages) #:select (package-name))
  #:use-module (guix records)
  #:use-module (guix modules)
  #:use-module (srfi srfi-1)
  #:use-module (ice-9 match)
  #:export (dbus-configuration
            dbus-configuration?
            dbus-root-service-type
            dbus-service
            wrapped-dbus-service

            polkit-service-type
            polkit-service))

;;;
;;; D-Bus.
;;;

(define-record-type* <dbus-configuration>
  dbus-configuration make-dbus-configuration
  dbus-configuration?
  (dbus      dbus-configuration-dbus              ;file-like
             (default dbus))
  (services  dbus-configuration-services          ;list of <package>
             (default '())))

(define (system-service-directory services)
  "Return the system service directory, containing @code{.service} files for
all the services that may be activated by the daemon."
  (computed-file "dbus-system-services"
                 (with-imported-modules '((guix build utils))
                   #~(begin
                       (use-modules (guix build utils)
                                    (srfi srfi-1))

                       (define files
                         (append-map (lambda (service)
                                       (find-files
                                        (string-append
                                         service
                                         "/share/dbus-1/")
                                        "\\.service$"))
                                     (list #$@services)))

                       (mkdir #$output)
                       (for-each (lambda (file)
                                   (symlink file
                                            (string-append #$output "/"
                                                           (basename file))))
                                 files)
                       #t))))

(define (dbus-configuration-directory services)
  "Return a directory contains the @code{system-local.conf} file for DBUS that
includes the @code{etc/dbus-1/system.d} directories of each package listed in
@var{services}."
  (define build
    #~(begin
        (use-modules (sxml simple)
                     (srfi srfi-1))

        (define-syntax directives
          (syntax-rules ()
            ;; Expand the given directives (SXML expressions) only if their
            ;; key names a file that exists.
            ((_ (name directory) rest ...)
             (let ((dir directory))
               (if (file-exists? dir)
                   `((name ,dir)
                     ,@(directives rest ...))
                   (directives rest ...))))
            ((_)
             '())))

        (define (services->sxml services)
          ;; Return the SXML 'includedir' clauses for DIRS.
          `(busconfig
             ;; Increase this timeout to 300 seconds to work around race-y
             ;; failures such as <https://issues.guix.gnu.org/52051> on slow
             ;; computers with slow I/O.
            (limit (@ (name "auth_timeout")) "300000")
            (servicehelper "/run/setuid-programs/dbus-daemon-launch-helper")

            ;; First, the '.service' files of services subject to activation.
            ;; We use a fixed location under /etc because the setuid helper
            ;; looks for them in that location and nowhere else.  See
            ;; <https://bugs.freedesktop.org/show_bug.cgi?id=92458>.
            (servicedir "/etc/dbus-1/system-services")

            ,@(append-map (lambda (dir)
                            (directives
                             (includedir
                              (string-append dir "/etc/dbus-1/system.d"))
                             (includedir
                              (string-append dir "/share/dbus-1/system.d"))
                             (servicedir          ;for '.service' files
                              (string-append dir "/share/dbus-1/services"))))
                          services)))

        (mkdir #$output)

        ;; Provide /etc/dbus-1/system-services, which is where the setuid
        ;; helper looks for system service files.
        (symlink #$(system-service-directory services)
                 (string-append #$output "/system-services"))

        ;; 'system-local.conf' is automatically included by the default
        ;; 'system.conf', so this is where we stuff our own things.
        (call-with-output-file (string-append #$output "/system-local.conf")
          (lambda (port)
            (sxml->xml (services->sxml (list #$@services))
                       port)))))

  (computed-file "dbus-configuration" build))

(define (dbus-etc-files config)
  "Return a list of FILES for @var{etc-service-type} to build the
@code{/etc/dbus-1} directory."
  (list `("dbus-1" ,(dbus-configuration-directory
                     (dbus-configuration-services config)))))

(define %dbus-accounts
  ;; Accounts used by the system bus.
  (list (user-group (name "messagebus") (system? #t))
        (user-account
         (name "messagebus")
         (group "messagebus")
         (system? #t)
         (comment "D-Bus system bus user")
         (home-directory "/var/run/dbus")
         (shell (file-append shadow "/sbin/nologin")))))

(define dbus-setuid-programs
  ;; Return a list of <setuid-program> for the program that we need.
  (match-lambda
    (($ <dbus-configuration> dbus services)
     (list (setuid-program
            (program (file-append
                      dbus "/libexec/dbus-daemon-launch-helper")))))))

(define (dbus-activation config)
  "Return an activation gexp for D-Bus using @var{config}."
  (with-imported-modules (source-module-closure
                          '((gnu build activation)
                            (guix build utils)))
    #~(begin
        (use-modules (gnu build activation)
                     (guix build utils))

        (let ((user (getpwnam "messagebus")))
          ;; This directory contains the daemon's socket so it must be
          ;; world-readable.
          (mkdir-p/perms "/var/run/dbus" user #o755))

        (unless (file-exists? "/etc/machine-id")
          (format #t "creating /etc/machine-id...~%")
          (invoke (string-append #$(dbus-configuration-dbus config)
                                 "/bin/dbus-uuidgen")
                  "--ensure=/etc/machine-id")))))

(define dbus-shepherd-service
  (match-lambda
    (($ <dbus-configuration> dbus)
     (list (shepherd-service
            (documentation "Run the D-Bus system daemon.")
            (provision '(dbus-system))
            (requirement '(user-processes syslogd))
            (start #~(make-forkexec-constructor
                      (list (string-append #$dbus "/bin/dbus-daemon")
                            "--nofork" "--system" "--syslog-only")
                      #:pid-file "/var/run/dbus/pid"))
            (stop #~(make-kill-destructor)))))))

(define dbus-root-service-type
  (service-type (name 'dbus)
                (extensions
                 (list (service-extension shepherd-root-service-type
                                          dbus-shepherd-service)
                       (service-extension activation-service-type
                                          dbus-activation)
                       (service-extension etc-service-type
                                          dbus-etc-files)
                       (service-extension account-service-type
                                          (const %dbus-accounts))
                       (service-extension setuid-program-service-type
                                          dbus-setuid-programs)))

                ;; Extensions consist of lists of packages (representing D-Bus
                ;; services) that we just concatenate.
                (compose concatenate)

                ;; The service's parameters field is extended by augmenting
                ;; its <dbus-configuration> 'services' field.
                (extend (lambda (config services)
                          (dbus-configuration
                           (inherit config)
                           (services
                            (append (dbus-configuration-services config)
                                    services)))))

                (default-value (dbus-configuration))
                (description "Run the system-wide D-Bus inter-process message
bus.  It allows programs and daemons to communicate and is also responsible
for spawning (@dfn{activating}) D-Bus services on demand.")))

(define* (dbus-service #:key (dbus dbus) (services '()))
  "Return a service that runs the \"system bus\", using @var{dbus}, with
support for @var{services}.

@uref{http://dbus.freedesktop.org/, D-Bus} is an inter-process communication
facility.  Its system bus is used to allow system services to communicate and
be notified of system-wide events.

@var{services} must be a list of packages that provide an
@file{etc/dbus-1/system.d} directory containing additional D-Bus configuration
and policy files.  For example, to allow avahi-daemon to use the system bus,
@var{services} must be equal to @code{(list avahi)}."
  (service dbus-root-service-type
           (dbus-configuration (dbus dbus)
                               (services services))))

(define (wrapped-dbus-service service program variables)
  "Return a wrapper for @var{service}, a package containing a D-Bus service,
where @var{program} is wrapped such that @var{variables}, a list of name/value
tuples, are all set as environment variables when the bus daemon launches it."
  (define wrapper
    (program-file (string-append (package-name service) "-program-wrapper")
                  #~(begin
                      (use-modules (ice-9 match))

                      (for-each (match-lambda
                                  ((variable value)
                                   (setenv variable value)))
                                '#$variables)

                      (apply execl (string-append #$service "/" #$program)
                             (string-append #$service "/" #$program)
                             (cdr (command-line))))))

  (define build
    (with-imported-modules '((guix build utils))
      #~(begin
          (use-modules (guix build utils))

          (define service-directory
            "/share/dbus-1/system-services")

          (mkdir-p (dirname (string-append #$output
                                           service-directory)))
          (copy-recursively (string-append #$service
                                           service-directory)
                            (string-append #$output
                                           service-directory))
          (symlink (string-append #$service "/etc") ;for etc/dbus-1
                   (string-append #$output "/etc"))

          (for-each (lambda (file)
                      (substitute* file
                        (("Exec[[:blank:]]*=[[:blank:]]*([[:graph:]]+)(.*)$"
                          _ original-program arguments)
                         (string-append "Exec=" #$wrapper arguments
                                        "\n"))))
                    (find-files #$output "\\.service$")))))

  (computed-file (string-append (package-name service) "-wrapper")
                 build))

\f
;;;
;;; Polkit privilege management service.
;;;

(define-record-type* <polkit-configuration>
  polkit-configuration make-polkit-configuration
  polkit-configuration?
  (polkit   polkit-configuration-polkit           ;file-like
            (default %default-polkit))
  (actions  polkit-configuration-actions          ;list of file-like
            (default '())))

(define %default-polkit
  ;; The default polkit package.
  (let-system (system target)
    ;; Since mozjs depends on Rust, which is currently x86_64-only, use
    ;; polkit-duktape on other systems.
    (if (string-prefix? "x86_64-" (or target system))
        polkit-mozjs
        polkit-duktape)))

(define %polkit-accounts
  (list (user-group (name "polkitd") (system? #t))
        (user-account
         (name "polkitd")
         (group "polkitd")
         (system? #t)
         (comment "Polkit daemon user")
         (home-directory "/var/empty")
         (shell "/run/current-system/profile/sbin/nologin"))))

(define %polkit-pam-services
  (list (unix-pam-service "polkit-1")))

(define (polkit-directory packages)
  "Return a directory containing an @file{actions} and possibly a
@file{rules.d} sub-directory, for use as @file{/etc/polkit-1}."
  (with-imported-modules '((guix build union))
    (computed-file "etc-polkit-1"
                   #~(begin
                       (use-modules (guix build union) (srfi srfi-26))

                       (union-build #$output
                                    (map (cut string-append <>
                                              "/share/polkit-1")
                                         (list #$@packages)))))))

(define polkit-etc-files
  (match-lambda
    (($ <polkit-configuration> polkit packages)
     `(("polkit-1" ,(polkit-directory (cons polkit packages)))))))

(define polkit-setuid-programs
  (match-lambda
    (($ <polkit-configuration> polkit)
     (map file-like->setuid-program
          (list (file-append polkit "/lib/polkit-1/polkit-agent-helper-1")
                (file-append polkit "/bin/pkexec"))))))

(define polkit-service-type
  (service-type (name 'polkit)
                (extensions
                 (list (service-extension account-service-type
                                          (const %polkit-accounts))
                       (service-extension pam-root-service-type
                                          (const %polkit-pam-services))
                       (service-extension dbus-root-service-type
                                          (compose
                                           list
                                           polkit-configuration-polkit))
                       (service-extension etc-service-type
                                          polkit-etc-files)
                       (service-extension setuid-program-service-type
                                          polkit-setuid-programs)))

                ;; Extensions are lists of packages that provide polkit rules
                ;; or actions under share/polkit-1/{actions,rules.d}.
                (compose concatenate)
                (extend (lambda (config actions)
                          (polkit-configuration
                           (inherit config)
                           (actions
                            (append (polkit-configuration-actions config)
                                    actions)))))

                (default-value (polkit-configuration))
                (description
                 "Run the
@uref{http://www.freedesktop.org/wiki/Software/polkit/, Polkit privilege
management service}, which allows system administrators to grant access to
privileged operations in a structured way.  Polkit is a requirement for most
desktop environments, such as GNOME.")))

(define* (polkit-service #:key (polkit polkit))
  "Return a service that runs the
@uref{http://www.freedesktop.org/wiki/Software/polkit/, Polkit privilege
management service}, which allows system administrators to grant access to
privileged operations in a structured way.  By querying the Polkit service, a
privileged system component can know when it should grant additional
capabilities to ordinary users.  For example, an ordinary user can be granted
the capability to suspend the system if the user is logged in locally."
  (service polkit-service-type
           (polkit-configuration (polkit polkit))))

;;; dbus.scm ends here
Commit	Line	Data
0adfe95a	1	;;; GNU Guix --- Functional package management for GNU
72b0c5a3	2	;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
64643b90	3	;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
520bac7e	4	;;; Copyright © 2021 Maxime Devos <maximedevos@telenet.be>
a85ec0bf	5	;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
0adfe95a LC	6	;;;
	7	;;; This file is part of GNU Guix.
	8	;;;
	9	;;; GNU Guix is free software; you can redistribute it and/or modify it
	10	;;; under the terms of the GNU General Public License as published by
	11	;;; the Free Software Foundation; either version 3 of the License, or (at
	12	;;; your option) any later version.
	13	;;;
	14	;;; GNU Guix is distributed in the hope that it will be useful, but
	15	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	16	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	17	;;; GNU General Public License for more details.
	18	;;;
	19	;;; You should have received a copy of the GNU General Public License
	20	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	21
	22	(define-module (gnu services dbus)
	23	#:use-module (gnu services)
0190c1c0	24	#:use-module (gnu services shepherd)
a85ec0bf	25	#:use-module (gnu system setuid)
0adfe95a	26	#:use-module (gnu system shadow)
2e328698	27	#:use-module (gnu system pam)
f5a91039	28	#:use-module ((gnu packages glib) #:select (dbus))
2e328698	29	#:use-module (gnu packages polkit)
0adfe95a LC	30	#:use-module (gnu packages admin)
0adfe95a LC	31	#:use-module (guix gexp)
b68f6500	32	#:use-module ((guix packages) #:select (package-name))
0adfe95a	33	#:use-module (guix records)
520bac7e	34	#:use-module (guix modules)
0adfe95a LC	35	#:use-module (srfi srfi-1)
0adfe95a LC	36	#:use-module (ice-9 match)
24e96431 TČ	37	#:export (dbus-configuration
	38	dbus-configuration?
	39	dbus-root-service-type
2e328698	40	dbus-service
b68f6500	41	wrapped-dbus-service
2e328698 LC	42
	43	polkit-service-type
	44	polkit-service))
0adfe95a LC	45
	46	;;;
	47	;;; D-Bus.
	48	;;;
	49
	50	(define-record-type* <dbus-configuration>
	51	dbus-configuration make-dbus-configuration
	52	dbus-configuration?
892f1b72	53	(dbus dbus-configuration-dbus ;file-like
f5a91039	54	(default dbus))
0adfe95a LC	55	(services dbus-configuration-services ;list of <package>
	56	(default '())))
	57
cde04021 LC	58	(define (system-service-directory services)
	59	"Return the system service directory, containing @code{.service} files for
	60	all the services that may be activated by the daemon."
	61	(computed-file "dbus-system-services"
4ee96a79 LC	62	(with-imported-modules '((guix build utils))
	63	#~(begin
	64	(use-modules (guix build utils)
	65	(srfi srfi-1))
cde04021	66
4ee96a79 LC	67	(define files
	68	(append-map (lambda (service)
	69	(find-files
	70	(string-append
	71	service
6a2b9065	72	"/share/dbus-1/")
4ee96a79 LC	73	"\\.service$"))
4ee96a79 LC	74	(list #$@services)))
cde04021	75
4ee96a79 LC	76	(mkdir #$output)
	77	(for-each (lambda (file)
	78	(symlink file
	79	(string-append #$output "/"
	80	(basename file))))
	81	files)
	82	#t))))
cde04021	83
64643b90 SB	84	(define (dbus-configuration-directory services)
	85	"Return a directory contains the @code{system-local.conf} file for DBUS that
	86	includes the @code{etc/dbus-1/system.d} directories of each package listed in
0adfe95a LC	87	@var{services}."
	88	(define build
	89	#~(begin
	90	(use-modules (sxml simple)
	91	(srfi srfi-1))
	92
27727b18 LC	93	(define-syntax directives
	94	(syntax-rules ()
	95	;; Expand the given directives (SXML expressions) only if their
	96	;; key names a file that exists.
	97	((_ (name directory) rest ...)
	98	(let ((dir directory))
	99	(if (file-exists? dir)
	100	`((name ,dir)
	101	,@(directives rest ...))
	102	(directives rest ...))))
	103	((_)
	104	'())))
	105
0adfe95a LC	106	(define (services->sxml services)
	107	;; Return the SXML 'includedir' clauses for DIRS.
	108	`(busconfig
6e5d2194	109	;; Increase this timeout to 300 seconds to work around race-y
488f1c58 TS	110	;; failures such as <https://issues.guix.gnu.org/52051> on slow
488f1c58 TS	111	;; computers with slow I/O.
6e5d2194	112	(limit (@ (name "auth_timeout")) "300000")
cde04021 LC	113	(servicehelper "/run/setuid-programs/dbus-daemon-launch-helper")
	114
	115	;; First, the '.service' files of services subject to activation.
	116	;; We use a fixed location under /etc because the setuid helper
	117	;; looks for them in that location and nowhere else. See
	118	;; <https://bugs.freedesktop.org/show_bug.cgi?id=92458>.
	119	(servicedir "/etc/dbus-1/system-services")
	120
0adfe95a	121	,@(append-map (lambda (dir)
27727b18 LC	122	(directives
	123	(includedir
	124	(string-append dir "/etc/dbus-1/system.d"))
	125	(includedir
	126	(string-append dir "/share/dbus-1/system.d"))
	127	(servicedir ;for '.service' files
	128	(string-append dir "/share/dbus-1/services"))))
0adfe95a LC	129	services)))
	130
	131	(mkdir #$output)
cde04021 LC	132
	133	;; Provide /etc/dbus-1/system-services, which is where the setuid
	134	;; helper looks for system service files.
	135	(symlink #$(system-service-directory services)
	136	(string-append #$output "/system-services"))
	137
0adfe95a LC	138	;; 'system-local.conf' is automatically included by the default
	139	;; 'system.conf', so this is where we stuff our own things.
	140	(call-with-output-file (string-append #$output "/system-local.conf")
	141	(lambda (port)
	142	(sxml->xml (services->sxml (list #$@services))
	143	port)))))
	144
	145	(computed-file "dbus-configuration" build))
	146
64643b90 SB	147	(define (dbus-etc-files config)
	148	"Return a list of FILES for @var{etc-service-type} to build the
	149	@code{/etc/dbus-1} directory."
	150	(list `("dbus-1" ,(dbus-configuration-directory
	151	(dbus-configuration-services config)))))
	152
0adfe95a LC	153	(define %dbus-accounts
	154	;; Accounts used by the system bus.
	155	(list (user-group (name "messagebus") (system? #t))
	156	(user-account
	157	(name "messagebus")
	158	(group "messagebus")
	159	(system? #t)
	160	(comment "D-Bus system bus user")
	161	(home-directory "/var/run/dbus")
9e41130b	162	(shell (file-append shadow "/sbin/nologin")))))
0adfe95a	163
cde04021	164	(define dbus-setuid-programs
a85ec0bf	165	;; Return a list of <setuid-program> for the program that we need.
cde04021 LC	166	(match-lambda
cde04021 LC	167	(($ <dbus-configuration> dbus services)
a85ec0bf BW	168	(list (setuid-program
	169	(program (file-append
	170	dbus "/libexec/dbus-daemon-launch-helper")))))))
cde04021	171
0adfe95a LC	172	(define (dbus-activation config)
0adfe95a LC	173	"Return an activation gexp for D-Bus using @var{config}."
520bac7e MD	174	(with-imported-modules (source-module-closure
	175	'((gnu build activation)
	176	(guix build utils)))
	177	#~(begin
	178	(use-modules (gnu build activation)
	179	(guix build utils))
	180
	181	(let ((user (getpwnam "messagebus")))
	182	;; This directory contains the daemon's socket so it must be
	183	;; world-readable.
	184	(mkdir-p/perms "/var/run/dbus" user #o755))
	185
	186	(unless (file-exists? "/etc/machine-id")
	187	(format #t "creating /etc/machine-id...~%")
	188	(invoke (string-append #$(dbus-configuration-dbus config)
	189	"/bin/dbus-uuidgen")
	190	"--ensure=/etc/machine-id")))))
0adfe95a	191
d4053c71	192	(define dbus-shepherd-service
4a663ca4 LC	193	(match-lambda
4a663ca4 LC	194	(($ <dbus-configuration> dbus)
d4053c71	195	(list (shepherd-service
4a663ca4 LC	196	(documentation "Run the D-Bus system daemon.")
4a663ca4 LC	197	(provision '(dbus-system))
7462a1de	198	(requirement '(user-processes syslogd))
4a663ca4 LC	199	(start #~(make-forkexec-constructor
4a663ca4 LC	200	(list (string-append #$dbus "/bin/dbus-daemon")
7462a1de	201	"--nofork" "--system" "--syslog-only")
b9bb50c6	202	#:pid-file "/var/run/dbus/pid"))
4a663ca4	203	(stop #~(make-kill-destructor)))))))
0adfe95a LC	204
	205	(define dbus-root-service-type
	206	(service-type (name 'dbus)
	207	(extensions
d4053c71 AK	208	(list (service-extension shepherd-root-service-type
d4053c71 AK	209	dbus-shepherd-service)
0adfe95a LC	210	(service-extension activation-service-type
0adfe95a LC	211	dbus-activation)
64643b90 SB	212	(service-extension etc-service-type
64643b90 SB	213	dbus-etc-files)
0adfe95a	214	(service-extension account-service-type
cde04021 LC	215	(const %dbus-accounts))
	216	(service-extension setuid-program-service-type
	217	dbus-setuid-programs)))
0adfe95a LC	218
	219	;; Extensions consist of lists of packages (representing D-Bus
	220	;; services) that we just concatenate.
0adfe95a LC	221	(compose concatenate)
	222
	223	;; The service's parameters field is extended by augmenting
	224	;; its <dbus-configuration> 'services' field.
	225	(extend (lambda (config services)
	226	(dbus-configuration
	227	(inherit config)
	228	(services
	229	(append (dbus-configuration-services config)
3e8d037b LC	230	services)))))
3e8d037b LC	231
a01d2e30 LC	232	(default-value (dbus-configuration))
	233	(description "Run the system-wide D-Bus inter-process message
	234	bus. It allows programs and daemons to communicate and is also responsible
	235	for spawning (@dfn{activating}) D-Bus services on demand.")))
0adfe95a	236
f5a91039	237	(define* (dbus-service #:key (dbus dbus) (services '()))
0adfe95a LC	238	"Return a service that runs the \"system bus\", using @var{dbus}, with
	239	support for @var{services}.
	240
	241	@uref{http://dbus.freedesktop.org/, D-Bus} is an inter-process communication
	242	facility. Its system bus is used to allow system services to communicate and
	243	be notified of system-wide events.
	244
	245	@var{services} must be a list of packages that provide an
	246	@file{etc/dbus-1/system.d} directory containing additional D-Bus configuration
	247	and policy files. For example, to allow avahi-daemon to use the system bus,
	248	@var{services} must be equal to @code{(list avahi)}."
	249	(service dbus-root-service-type
	250	(dbus-configuration (dbus dbus)
	251	(services services))))
	252
aa071ca0	253	(define (wrapped-dbus-service service program variables)
b68f6500	254	"Return a wrapper for @var{service}, a package containing a D-Bus service,
aa071ca0 LC	255	where @var{program} is wrapped such that @var{variables}, a list of name/value
aa071ca0 LC	256	tuples, are all set as environment variables when the bus daemon launches it."
b68f6500 LC	257	(define wrapper
	258	(program-file (string-append (package-name service) "-program-wrapper")
	259	#~(begin
aa071ca0 LC	260	(use-modules (ice-9 match))
	261
	262	(for-each (match-lambda
	263	((variable value)
	264	(setenv variable value)))
	265	'#$variables)
	266
b68f6500 LC	267	(apply execl (string-append #$service "/" #$program)
	268	(string-append #$service "/" #$program)
	269	(cdr (command-line))))))
	270
	271	(define build
	272	(with-imported-modules '((guix build utils))
	273	#~(begin
	274	(use-modules (guix build utils))
	275
	276	(define service-directory
	277	"/share/dbus-1/system-services")
	278
	279	(mkdir-p (dirname (string-append #$output
	280	service-directory)))
	281	(copy-recursively (string-append #$service
	282	service-directory)
	283	(string-append #$output
	284	service-directory))
	285	(symlink (string-append #$service "/etc") ;for etc/dbus-1
	286	(string-append #$output "/etc"))
	287
	288	(for-each (lambda (file)
	289	(substitute* file
	290	(("Exec[[:blank:]]=[[:blank:]]([[:graph:]]+)(.*)$"
	291	_ original-program arguments)
	292	(string-append "Exec=" #$wrapper arguments
	293	"\n"))))
	294	(find-files #$output "\\.service$")))))
	295
	296	(computed-file (string-append (package-name service) "-wrapper")
	297	build))
	298
2e328698 LC	299	\f
	300	;;;
	301	;;; Polkit privilege management service.
	302	;;;
	303
	304	(define-record-type* <polkit-configuration>
	305	polkit-configuration make-polkit-configuration
	306	polkit-configuration?
892f1b72	307	(polkit polkit-configuration-polkit ;file-like
72b0c5a3	308	(default %default-polkit))
892f1b72	309	(actions polkit-configuration-actions ;list of file-like
2e328698 LC	310	(default '())))
2e328698 LC	311
72b0c5a3 LC	312	(define %default-polkit
	313	;; The default polkit package.
	314	(let-system (system target)
	315	;; Since mozjs depends on Rust, which is currently x86_64-only, use
	316	;; polkit-duktape on other systems.
	317	(if (string-prefix? "x86_64-" (or target system))
	318	polkit-mozjs
	319	polkit-duktape)))
	320
2e328698 LC	321	(define %polkit-accounts
	322	(list (user-group (name "polkitd") (system? #t))
	323	(user-account
	324	(name "polkitd")
	325	(group "polkitd")
	326	(system? #t)
	327	(comment "Polkit daemon user")
	328	(home-directory "/var/empty")
	329	(shell "/run/current-system/profile/sbin/nologin"))))
	330
	331	(define %polkit-pam-services
	332	(list (unix-pam-service "polkit-1")))
	333
	334	(define (polkit-directory packages)
	335	"Return a directory containing an @file{actions} and possibly a
	336	@file{rules.d} sub-directory, for use as @file{/etc/polkit-1}."
	337	(with-imported-modules '((guix build union))
	338	(computed-file "etc-polkit-1"
	339	#~(begin
	340	(use-modules (guix build union) (srfi srfi-26))
	341
	342	(union-build #$output
	343	(map (cut string-append <>
	344	"/share/polkit-1")
	345	(list #$@packages)))))))
	346
	347	(define polkit-etc-files
	348	(match-lambda
	349	(($ <polkit-configuration> polkit packages)
	350	`(("polkit-1" ,(polkit-directory (cons polkit packages)))))))
	351
	352	(define polkit-setuid-programs
	353	(match-lambda
	354	(($ <polkit-configuration> polkit)
a85ec0bf BW	355	(map file-like->setuid-program
	356	(list (file-append polkit "/lib/polkit-1/polkit-agent-helper-1")
	357	(file-append polkit "/bin/pkexec"))))))
2e328698 LC	358
	359	(define polkit-service-type
	360	(service-type (name 'polkit)
	361	(extensions
	362	(list (service-extension account-service-type
	363	(const %polkit-accounts))
	364	(service-extension pam-root-service-type
	365	(const %polkit-pam-services))
	366	(service-extension dbus-root-service-type
	367	(compose
	368	list
	369	polkit-configuration-polkit))
	370	(service-extension etc-service-type
	371	polkit-etc-files)
	372	(service-extension setuid-program-service-type
	373	polkit-setuid-programs)))
	374
	375	;; Extensions are lists of packages that provide polkit rules
	376	;; or actions under share/polkit-1/{actions,rules.d}.
	377	(compose concatenate)
	378	(extend (lambda (config actions)
	379	(polkit-configuration
	380	(inherit config)
	381	(actions
	382	(append (polkit-configuration-actions config)
3e8d037b LC	383	actions)))))
3e8d037b LC	384
dd0804c6 LC	385	(default-value (polkit-configuration))
	386	(description
	387	"Run the
	388	@uref{http://www.freedesktop.org/wiki/Software/polkit/, Polkit privilege
	389	management service}, which allows system administrators to grant access to
	390	privileged operations in a structured way. Polkit is a requirement for most
	391	desktop environments, such as GNOME.")))
2e328698 LC	392
	393	(define* (polkit-service #:key (polkit polkit))
	394	"Return a service that runs the
	395	@uref{http://www.freedesktop.org/wiki/Software/polkit/, Polkit privilege
	396	management service}, which allows system administrators to grant access to
	397	privileged operations in a structured way. By querying the Polkit service, a
	398	privileged system component can know when it should grant additional
	399	capabilities to ordinary users. For example, an ordinary user can be granted
	400	the capability to suspend the system if the user is logged in locally."
	401	(service polkit-service-type
	402	(polkit-configuration (polkit polkit))))
	403
0adfe95a	404	;;; dbus.scm ends here