titaniumtown/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

oo7-daemon: cherry-pick PR #443 to use credential on first run

Browse Source 
oo7-server 0.6.0 only feeds the systemd / PAM secret to existing
keyrings discovered on disk. On first run no keyring exists yet, the
daemon creates an empty 'Login' collection via LockedKeyring::open,
the credential is silently ignored, and any client Unlock() routes to
a prompt that nothing on a niri desktop can satisfy.

Patches/oo7-server/0001-... is upstream commit cf7b9a9 (PR #443)
regenerated relative to the package's sourceRoot ('server/'). It
switches the auto-created default-keyring path to UnlockedKeyring::open
when a secret is available.

The override threads the patch through pkgs.oo7-server.overrideAttrs
in modules/desktop-oo7-daemon.nix and uses the patched derivation for
both services.dbus.packages and systemd.packages so the user unit and
D-Bus activation file land from the same store path. Cargo.lock is
untouched, so the existing cargoDeps hash stays valid.

Drop the override once nixpkgs ships an oo7-server release that
includes the fix (anything past 0.6.0).
This commit is contained in:
Simon Gardling
2026-04-30 01:20:54 -04:00
parent 95968f6b47
commit 59c417c470
2 changed files with 132 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
modules/desktop-oo7-daemon.nix
View File

@@ -22,11 +22,25 @@
# fresh `systemd-run --user` scope).
{ pkgs, ... }:
let
# 0.6.0 stops at LockedKeyring::open(login) when no keyring file exists,
# so on first run the auto-created default collection is locked and a
# client's Unlock() call routes to a prompt that never resolves (no
# gnome-shell / kwallet / gcr-prompter on a niri desktop). Cherry-pick
# upstream cf7b9a9 (PR #443) which uses the systemd credential / PAM
# secret to unlock the new keyring directly. Drop the override when
# nixpkgs ships an oo7-server release that includes the fix.
oo7-server = pkgs.oo7-server.overrideAttrs (old: {
patches = (old.patches or [ ]) ++ [
../patches/oo7-server/0001-server-Use-provided-secret-to-unlock-auto-created-de.patch
];
});
in
{
environment.systemPackages = [ pkgs.oo7-server ];
environment.systemPackages = [ oo7-server ];
services.dbus.packages = [ pkgs.oo7-server ];
systemd.packages = [ pkgs.oo7-server ];
services.dbus.packages = [ oo7-server ];
systemd.packages = [ oo7-server ];
systemd.user.services.oo7-daemon = {
wantedBy = [ "default.target" ];