Merge remote-tracking branch 'origin/master' into staging

With resolved conflicts in: gnu/packages/bittorrent.scm gnu/packages/databases.scm gnu/packages/geo.scm gnu/packages/gnupg.scm gnu/packages/gstreamer.scm gnu/packages/gtk.scm gnu/packages/linux.scm gnu/packages/python-xyz.scm gnu/packages/xorg.scm guix/build/qt-utils.scm
author: Maxim Cournoyer <maxim.cournoyer@gmail.com> 2021-10-01 17:10:49 -0400
committer: Maxim Cournoyer <maxim.cournoyer@gmail.com> 2021-10-01 17:10:49 -0400
commit: 2e65e4834a226c570866f2e8976ed7f252b45cd1 (patch)
tree: 21d625bce8d03627680214df4a6622bf8eb79dc9 /gnu/system/pam.scm
parent: 9c68ecb24dd1660ce736cdcdea0422a73ec318a2 (diff)
parent: f1a3c11407b52004e523ec5de20d326c5661681f (diff)
1 files changed, 17 insertions, 4 deletions
diff --git a/gnu/system/pam.scm b/gnu/system/pam.scm
index ad02586be8..a31daada59 100644
--- a/gnu/system/pam.scm
+++ b/gnu/system/pam.scm
@@ -27,6 +27,7 @@
   #:use-module (srfi srfi-11)
   #:use-module (srfi srfi-26)
   #:use-module ((guix utils) #:select (%current-system))
+  #:use-module (gnu packages linux)
   #:export (pam-service
             pam-service-name
             pam-service-account
@@ -207,14 +208,16 @@ dumped in /etc/pam.d/NAME, where NAME is the name of SERVICE."
         (env  (pam-entry ; to honor /etc/environment.
                (control "required")
                (module "pam_env.so"))))
-    (lambda* (name #:key allow-empty-passwords? (allow-root? #f) motd
-                   login-uid?)
+    (lambda* (name #:key allow-empty-passwords? allow-root? motd
+              login-uid? gnupg?)
       "Return a standard Unix-style PAM service for NAME.  When
 ALLOW-EMPTY-PASSWORDS? is true, allow empty passwords.  When ALLOW-ROOT? is
 true, allow root to run the command without authentication.  When MOTD is
 true, it should be a file-like object used as the message-of-the-day.
 When LOGIN-UID? is true, require the 'pam_loginuid' module; that module sets
-/proc/self/loginuid, which the libc 'getlogin' function relies on."
+/proc/self/loginuid, which the libc 'getlogin' function relies on.  When
+GNUPG? is true, require the 'pam_gnupg.so' module; that module hands over
+the login password to 'gpg-agent'."
       ;; See <http://www.linux-pam.org/Linux-PAM-html/sag-configuration-example.html>.
       (pam-service
        (name name)
@@ -229,7 +232,12 @@ When LOGIN-UID? is true, require the 'pam_loginuid' module; that module sets
                                 (control "required")
                                 (module "pam_unix.so")
                                 (arguments '("nullok")))
-                               unix))))
+                               unix))
+                     (if gnupg?
+                         (list (pam-entry
+                                (control "required")
+                                (module (file-append pam-gnupg "/lib/security/pam_gnupg.so"))))
+                         '())))
        (password (list (pam-entry
                         (control "required")
                         (module "pam_unix.so")
@@ -247,6 +255,11 @@ When LOGIN-UID? is true, require the 'pam_loginuid' module; that module sets
                                (control "required")
                                (module "pam_loginuid.so")))
                         '())
+                  ,@(if gnupg?
+                        (list (pam-entry
+                               (control "required")
+                               (module (file-append pam-gnupg "/lib/security/pam_gnupg.so"))))
+                        '())
                   ,env ,unix))))))
 
 (define (rootok-pam-service command)
author	Maxim Cournoyer <maxim.cournoyer@gmail.com>	2021-10-01 17:10:49 -0400
committer	Maxim Cournoyer <maxim.cournoyer@gmail.com>	2021-10-01 17:10:49 -0400
commit	2e65e4834a226c570866f2e8976ed7f252b45cd1 (patch)
tree	21d625bce8d03627680214df4a6622bf8eb79dc9 /gnu/system/pam.scm
parent	9c68ecb24dd1660ce736cdcdea0422a73ec318a2 (diff)
parent	f1a3c11407b52004e523ec5de20d326c5661681f (diff)