services/gnome: Reinstate auto-configuration for GNOME Boxes.

Previously to 4722496292 ("Remove gnome-boxes from default GNOME apps."), USB redirection for GNOME Boxes had been working out-of-the-box. Reinstate the extensions that made that possible, so that simply adding the gnome-boxes package back to one of the gnome-desktop-configuration fields does the right thing. * gnu/services/desktop.scm (gnome-setuid-programs): New procedure. (gnome-desktop-service-type) [privileged-program-service-type]: Use it as an extension. * gnu/packages/gnome.scm (gnome-boxes): [inputs]: Move spice-gtk to... [propagated-inputs]: ... here. [description]: Document extra steps necessary to enable the USB redirection feature. Change-Id: If84e8a2e0c480ddd1d7cd294890fad1ae2a76987 Reviewed-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
2026-04-06 21:20:33 +02:00 · 2025-01-25 23:31:21 +09:00
parent f9e1332349
commit dc7f2cd9d8
2 changed files with 48 additions and 8 deletions
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -39,7 +39,7 @@
 ;;; Copyright © 2019, 2024, 2025 Giacomo Leidi <goodoldpaul@autistici.org>
 ;;; Copyright © 2019 Jelle Licht <jlicht@fsfe.org>
 ;;; Copyright © 2019 Jonathan Frederickson <jonathan@terracrypt.net>
-;;; Copyright © 2019-2024 Maxim Cournoyer <maxim.cournoyer@gmail.com>
+;;; Copyright © 2019-2025 Maxim Cournoyer <maxim.cournoyer@gmail.com>
 ;;; Copyright © 2019, 2020 Martin Becze <mjbecze@riseup.net>
 ;;; Copyright © 2019 David Wilson <david@daviwil.com>
 ;;; Copyright © 2019, 2020 Raghav Gururajan <raghavgururajan@disroot.org>
@@ -12813,22 +12813,38 @@ integrate seamlessly with the GNOME desktop.")
           libxml2
           qemu-minimal                 ;for qemu-img
           sparql-query
-           spice-gtk
           tracker
           vte
           webkitgtk-for-gtk3))
+    (propagated-inputs
+     ;; Propagating spice-gtk is necessary so that the gnome-desktop-service
+     ;; type configures the polkit actions necessary for the USB redirection
+     ;; feature to work when gnome-boxes added as a extra GNOME package.
+     (list spice-gtk))
    (home-page "https://wiki.gnome.org/Apps/Boxes")
    (synopsis "View, access, and manage remote and virtual systems")
    (description "GNOME Boxes is a simple application to view, access, and
 manage remote and virtual systems.  Note that this application requires the
@code{libvirt} and @code{virtlog} daemons to run.  Use the command
@command{info '(guix) Virtualization Services'} to learn how to configure
-these services on the Guix System.  If you do not use the
-@code{gnome-desktop-service-type}, you will also want to extend the
-@code{polkit-service-type} with the @code{spice-gtk} package, as well as
-configure the @file{libexec/spice-client-glib-usb-acl-helper} executable of
-@code{spice-gtk} as setuid, to make it possible to redirect USB devices as a
-non-privileged user.")
+these services on the Guix System.
+
+To make it possible to redirect USB devices as a non-privileged user, some
+extra configuration is necessary: if you use the
+@code{gnome-desktop-service-type}, you should add the @code{gnome-boxes}
+package to the @code{extra-packages} field of the
+@code{gnome-desktop-configuration}, for example:
+@lisp
+(service gnome-desktop-service-type
+         (gnome-desktop-configuration
+          (extra-packages (list gnome-boxes gnome-essential-extras))))
+@end lisp
+If you do @emph{not} use the @code{gnome-desktop-service-type}, you will need
+manually extend the @code{polkit-service-type} with the @code{spice-gtk}
+package, as well as configure the
+@file{libexec/spice-client-glib-usb-acl-helper} executable of @code{spice-gtk}
+as setuid, to make it possible to redirect USB devices as a non-privileged
+user.")
    (license (list
              ;; For data/icons/empty-boxes.png.
              license:cc-by2.0
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -1610,6 +1610,28 @@ inputs using non-default outputs, they are returned as gexp-input objects."
                          gnome-packages))
      gnome-packages))

+(define (gnome-setuid-programs config)
+  "Return the list of setuid programs found within the packages specified in
+CONFIG, a <gnome-desktop-configuration> object."
+  ;; spice-gtk provides polkit actions for USB redirection in GNOME Boxes; set
+  ;; its usb-acl-helper script setuid automatically when the gnome-boxes or
+  ;; spice-gtk packages are added to one of the gnome-desktop-configuration
+  ;; fields.
+  (let* ((gnome-packages (gnome-profile config #:transitive? #t))
+         (spice-gtk (find (compose (cut string=? "spice-gtk" <>)
+                                   package-name
+                                   (match-lambda ;disregard potential output
+                                     ((? package? p) p)
+                                     ((? gexp-input? p)
+                                      (gexp-input-thing p))))
+                          gnome-packages))
+         (files `(,@(if spice-gtk
+                        (list (file-append
+                               spice-gtk
+                               "/libexec/spice-client-glib-usb-acl-helper"))
+                        '()))))
+    (map file-like->setuid-program files)))
+
 (define gnome-desktop-service-type
  (service-type
   (name 'gnome-desktop)
@@ -1618,6 +1640,8 @@ inputs using non-default outputs, they are returned as gexp-input objects."
                             gnome-udev-configuration-files)
          (service-extension polkit-service-type
                             gnome-polkit-settings)
+          (service-extension privileged-program-service-type
+                             gnome-setuid-programs)
          (service-extension profile-service-type
                             gnome-profile)))
   (default-value (gnome-desktop-configuration))