services/gnome: Reinstate auto-configuration for GNOME Boxes.

Previously to 4722496292 ("Remove gnome-boxes from default GNOME apps."), USB
redirection for GNOME Boxes had been working out-of-the-box.  Reinstate the
extensions that made that possible, so that simply adding the gnome-boxes
package back to one of the gnome-desktop-configuration fields does the right
thing.

* gnu/services/desktop.scm (gnome-setuid-programs): New procedure.
(gnome-desktop-service-type) [privileged-program-service-type]: Use it as an
extension.
* gnu/packages/gnome.scm (gnome-boxes):
[inputs]: Move spice-gtk to...
[propagated-inputs]: ... here.
[description]: Document extra steps necessary to enable the USB redirection
feature.

Change-Id: If84e8a2e0c480ddd1d7cd294890fad1ae2a76987
Reviewed-by: Liliana Marie Prikler <[email protected]>

2 files changed, 48 insertions, 8 deletions

diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index c831d5ee0d..1225570c3c 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -39,7 +39,7 @@
 ;;; Copyright © 2019, 2024, 2025 Giacomo Leidi <[email protected]>
 ;;; Copyright © 2019 Jelle Licht <[email protected]>
 ;;; Copyright © 2019 Jonathan Frederickson <[email protected]>
-;;; Copyright © 2019-2024 Maxim Cournoyer <[email protected]>
+;;; Copyright © 2019-2025 Maxim Cournoyer <[email protected]>
 ;;; Copyright © 2019, 2020 Martin Becze <[email protected]>
 ;;; Copyright © 2019 David Wilson <[email protected]>
 ;;; Copyright © 2019, 2020 Raghav Gururajan <[email protected]>
@@ -12813,22 +12813,38 @@ integrate seamlessly with the GNOME desktop.")
            libxml2
            qemu-minimal                 ;for qemu-img
            sparql-query
-           spice-gtk
            tracker
            vte
            webkitgtk-for-gtk3))
+    (propagated-inputs
+     ;; Propagating spice-gtk is necessary so that the gnome-desktop-service
+     ;; type configures the polkit actions necessary for the USB redirection
+     ;; feature to work when gnome-boxes added as a extra GNOME package.
+     (list spice-gtk))
     (home-page "https://wiki.gnome.org/Apps/Boxes")
     (synopsis "View, access, and manage remote and virtual systems")
     (description "GNOME Boxes is a simple application to view, access, and
 manage remote and virtual systems.  Note that this application requires the
 @code{libvirt} and @code{virtlog} daemons to run.  Use the command
 @command{info '(guix) Virtualization Services'} to learn how to configure
-these services on the Guix System.  If you do not use the
-@code{gnome-desktop-service-type}, you will also want to extend the
-@code{polkit-service-type} with the @code{spice-gtk} package, as well as
-configure the @file{libexec/spice-client-glib-usb-acl-helper} executable of
-@code{spice-gtk} as setuid, to make it possible to redirect USB devices as a
-non-privileged user.")
+these services on the Guix System.
+
+To make it possible to redirect USB devices as a non-privileged user, some
+extra configuration is necessary: if you use the
+@code{gnome-desktop-service-type}, you should add the @code{gnome-boxes}
+package to the @code{extra-packages} field of the
+@code{gnome-desktop-configuration}, for example:
+@lisp
+(service gnome-desktop-service-type
+         (gnome-desktop-configuration
+          (extra-packages (list gnome-boxes gnome-essential-extras))))
+@end lisp
+If you do @emph{not} use the @code{gnome-desktop-service-type}, you will need
+manually extend the @code{polkit-service-type} with the @code{spice-gtk}
+package, as well as configure the
+@file{libexec/spice-client-glib-usb-acl-helper} executable of @code{spice-gtk}
+as setuid, to make it possible to redirect USB devices as a non-privileged
+user.")
     (license (list
               ;; For data/icons/empty-boxes.png.
               license:cc-by2.0
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 8b17d8be43..e544656182 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -1610,6 +1610,28 @@ inputs using non-default outputs, they are returned as gexp-input objects."
                           gnome-packages))
       gnome-packages))
 
+(define (gnome-setuid-programs config)
+  "Return the list of setuid programs found within the packages specified in
+CONFIG, a <gnome-desktop-configuration> object."
+  ;; spice-gtk provides polkit actions for USB redirection in GNOME Boxes; set
+  ;; its usb-acl-helper script setuid automatically when the gnome-boxes or
+  ;; spice-gtk packages are added to one of the gnome-desktop-configuration
+  ;; fields.
+  (let* ((gnome-packages (gnome-profile config #:transitive? #t))
+         (spice-gtk (find (compose (cut string=? "spice-gtk" <>)
+                                   package-name
+                                   (match-lambda ;disregard potential output
+                                     ((? package? p) p)
+                                     ((? gexp-input? p)
+                                      (gexp-input-thing p))))
+                          gnome-packages))
+         (files `(,@(if spice-gtk
+                        (list (file-append
+                               spice-gtk
+                               "/libexec/spice-client-glib-usb-acl-helper"))
+                        '()))))
+    (map file-like->setuid-program files)))
+
 (define gnome-desktop-service-type
   (service-type
    (name 'gnome-desktop)
@@ -1618,6 +1640,8 @@ inputs using non-default outputs, they are returned as gexp-input objects."
                              gnome-udev-configuration-files)
           (service-extension polkit-service-type
                              gnome-polkit-settings)
+          (service-extension privileged-program-service-type
+                             gnome-setuid-programs)
           (service-extension profile-service-type
                              gnome-profile)))
    (default-value (gnome-desktop-configuration))