branch master updated: services: desktop: Mount /var/lib/gdm on a tmpfs file system.

[guix-commits]

This is an automated email from the git hooks/post-receive script.

apteryx pushed a commit to branch master
in repository guix.

The following commit(s) were added to refs/heads/master by this push:
     new d7e56aebec services: desktop: Mount /var/lib/gdm on a tmpfs file 
system.
d7e56aebec is described below

commit d7e56aebec4535f3567c362b6084818873e54b0d
Author: Maxim Cournoyer <maxim.cournoyer@gmail.com>
AuthorDate: Fri Sep 16 14:45:15 2022 -0400

    services: desktop: Mount /var/lib/gdm on a tmpfs file system.
    
    Fixes <https://issues.guix.gnu.org/44944>.
    
    * gnu/services/xorg.scm (%gdm-activation): Delete variable.
    (gdm-service-type): De-register it.
    * gnu/services/desktop.scm (%gdm-file-system): New variable.
    (gdm-file-system-service): Likewise.
    (desktop-services-for-system): Use it.
---
 gnu/services/desktop.scm | 23 +++++++++++++++++++++++
 gnu/services/xorg.scm    | 23 -----------------------
 2 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 9b3eb12613..1b087635d1 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -117,6 +117,9 @@
             elogind-service
             elogind-service-type
 
+            %gdm-file-system
+            gdm-file-system-service
+
             %fontconfig-file-system
             fontconfig-file-system-service
 
@@ -1232,6 +1235,13 @@ when they log out."
     (flags '(read-only))
     (check? #f)))
 
+(define %gdm-file-system
+  (file-system
+    (device "none")
+    (mount-point "/var/lib/gdm")
+    (type "tmpfs")
+    (check? #f)))
+
 ;; The global fontconfig cache directory can sometimes contain stale entries,
 ;; possibly referencing fonts that have been GC'd, so mount it read-only.
 ;; As mentioned https://debbugs.gnu.org/cgi/bugreport.cgi?bug=36924#8 and
@@ -1240,6 +1250,15 @@ when they log out."
   (simple-service 'fontconfig-file-system
                   file-system-service-type
                   (list %fontconfig-file-system)))
+
+;; Avoid stale caches and stale user IDs being reused between system
+;; reconfigurations, which would crash GDM and render the system unusable.
+;; GDM doesn't require persisting anything valuable there anyway.
+(define gdm-file-system-service
+  (simple-service 'gdm-file-system
+                  file-system-service-type
+                  (list %gdm-file-system)))
+
 
 ;;;
 ;;; AccountsService service.
@@ -1750,6 +1769,10 @@ applications needing access to be root.")
                               (list (file-append nfs-utils "/sbin/mount.nfs")
                                (file-append ntfs-3g "/sbin/mount.ntfs-3g"))))
 
+         ;; This is a volatile read-write file system mounted at /var/lib/gdm,
+         ;; to avoid GDM stale cache and permission issues.
+         gdm-file-system-service
+
          ;; The global fontconfig cache directory can sometimes contain
          ;; stale entries, possibly referencing fonts that have been GC'd,
          ;; so mount it read-only.
diff --git a/gnu/services/xorg.scm b/gnu/services/xorg.scm
index 0cbd9aa53b..3ff290c197 100644
--- a/gnu/services/xorg.scm
+++ b/gnu/services/xorg.scm
@@ -818,27 +818,6 @@ the GNOME desktop environment.")
          (home-directory "/var/lib/gdm")
          (shell (file-append shadow "/sbin/nologin")))))
 
-(define %gdm-activation
-  ;; Ensure /var/lib/gdm is owned by the "gdm" user.  This is normally the
-  ;; case but could be wrong if the "gdm" user was created, then removed, and
-  ;; then recreated under a different UID/GID: <https://bugs.gnu.org/37423>.
-  (with-imported-modules '((guix build utils))
-    #~(begin
-        (use-modules (guix build utils))
-
-        (let* ((gdm (getpwnam "gdm"))
-               (uid (passwd:uid gdm))
-               (gid (passwd:gid gdm))
-               (st  (stat "/var/lib/gdm" #f)))
-          ;; Recurse into /var/lib/gdm only if it has wrong ownership.
-          (when (and st
-                     (or (not (= uid (stat:uid st)))
-                         (not (= gid (stat:gid st)))))
-            (for-each (lambda (file)
-                        (chown file uid gid))
-                      (find-files "/var/lib/gdm"
-                                  #:directories? #t)))))))
-
 (define dbus-daemon-wrapper
   (program-file
    "gdm-dbus-wrapper"
@@ -1022,8 +1001,6 @@ the GNOME desktop environment.")
                   (extensions
                    (list (service-extension shepherd-root-service-type
                                             gdm-shepherd-service)
-                         (service-extension activation-service-type
-                                            (const %gdm-activation))
                          (service-extension account-service-type
                                             (const %gdm-accounts))
                          (service-extension pam-root-service-type