Use pam_systemd.so to set up device ownership

This removes the need for ConsoleKit, so it's gone.
12 years ago · 66f4d10843
parent ab86759eb3
commit 66f4d10843
4 changed files with 3 additions and 63 deletions
--- a/modules/module-list.nix
+++ b/modules/module-list.nix
@ -46,7 +46,6 @@
  ./programs/wvdial.nix
  ./rename.nix
  ./security/ca.nix
-  ./security/consolekit.nix
  ./security/pam.nix
  ./security/pam_usb.nix
  ./security/policykit.nix
--- a/modules/security/consolekit.nix
+++ b/modules/security/consolekit.nix
@ -1,60 +0,0 @@
-{ config, pkgs, ... }:
-
-with pkgs.lib;
-
-let
-
-  # `pam_console' maintains the set of locally logged in users in
-  # /var/run/console.  This is obsolete, but D-Bus still uses it for
-  # its `at_console' feature.  So maintain it using a ConsoleKit
-  # session script.  Borrowed from
-  # http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-auth/consolekit/files/pam-foreground-compat.ck
-  updateVarRunConsole = pkgs.writeTextFile {
-    name = "var-run-console.ck";
-    destination = "/etc/ConsoleKit/run-session.d/var-run-console.ck";
-    executable = true;
-
-    text =
-      ''
-        #! ${pkgs.stdenv.shell} -e
-        PATH=${pkgs.coreutils}/bin:${pkgs.gnused}/bin:${pkgs.glibc}/bin
-        TAGDIR=/var/run/console
-
-        [ -n "$CK_SESSION_USER_UID" ] || exit 1
-
-        TAGFILE="$TAGDIR/`getent passwd $CK_SESSION_USER_UID | cut -f 1 -d:`"
-
-        if [ "$1" = "session_added" ]; then
-            mkdir -p "$TAGDIR"
-            echo "$CK_SESSION_ID" >> "$TAGFILE"
-        fi
-
-        if [ "$1" = "session_removed" ] && [ -e "$TAGFILE" ]; then
-            sed -i "\%^$CK_SESSION_ID\$%d" "$TAGFILE"
-            [ -s "$TAGFILE" ] || rm -f "$TAGFILE"
-        fi
-      '';
-  };
-
-in
-
-{
-
-  config = {
-
-    environment.systemPackages = [ pkgs.consolekit ];
-
-    services.dbus.packages = [ pkgs.consolekit ];
-
-    environment.etc = singleton
-      { source = (pkgs.buildEnv {
-          name = "consolekit-config";
-          pathsToLink = [ "/etc/ConsoleKit" ];
-          paths = [ pkgs.consolekit pkgs.udev updateVarRunConsole ];
-        }) + "/etc/ConsoleKit";
-        target = "ConsoleKit";
-      };
-
-  };
-
-}
--- a/modules/security/pam.nix
+++ b/modules/security/pam.nix
@ -41,7 +41,7 @@ let
      # against the keys in the calling user's ~/.ssh/authorized_keys.
      # This is useful for "sudo" on password-less remote systems.
      sshAgentAuth ? false
-    , # If set, use ConsoleKit's PAM connector module to claim
+    , # If set, use systemd's PAM connector module to claim
      # ownership of audio devices etc.
      ownDevices ? false
    , # Whether to forward XAuth keys between users.  Mostly useful
@ -104,7 +104,7 @@ let
          ${optionalString config.krb5.enable
              "session optional ${pam_krb5}/lib/security/pam_krb5.so"}
          ${optionalString ownDevices
-              "session optional ${pkgs.consolekit}/lib/security/pam_ck_connector.so"}
+              "session optional ${pkgs.systemd}/lib/security/pam_systemd.so"}
          ${optionalString forwardXAuth
              "session optional pam_xauth.so xauthpath=${pkgs.xorg.xauth}/bin/xauth systemuser=99"}
          ${optionalString (limits != [])
--- a/modules/system/boot/systemd.nix
+++ b/modules/system/boot/systemd.nix
@ -37,6 +37,7 @@ let
      "systemd-vconsole-setup.service"
      "systemd-user-sessions.service"
      "dbus-org.freedesktop.login1.service"
+      "user@.service"

      # Journal.
      "systemd-journald.socket"