Meeting summary is generated by Gemini and edited by me:
Meeting Jun 24, 2025 at 08:57 CDT
Summary
Adrian Vovk and Neal Gompa (Conan Kudo) discussed challenges with
systemd's dynamic UID ranges and SSSD's need for fixed UIDs, the
development status and potential issues with systemd-homed and
systemd-userdb, and the possibility of upstreaming GDM plumbing into
systemd. Adrian Vovk also detailed ongoing work for passwordless login
in GDM, including various authentication methods and the rendering of
web pages, while Matthias Clasen and Adrian discussed the planned
removal of legacy X11 code from GDM. Lastly, Neal Gompa (Conan Kudo)
announced improvements to the Open H.264 update process. Participants
included Adrian Vovk, Neal Gompa (Conan Kudo), Allan Day, and Matthias
Clasen.
Details
SSSD and systemd UID Ranges
Adrian Vovk raised a challenge regarding the dynamic UID ranges used by
systemd for GDM and SSSD's apparent resistance to them. Adrian
explained that systemd reserves UID ranges for purposes like greeters
and container managers. Neal Gompa (Conan Kudo) highlighted that SSSD
needs to support fixed UIDs and GIDs for compatibility with federated
UNIX identity systems and shared user data. Adrian suggested UID
mapping as a potential solution, but Neal clarified that stable UIDs
are necessary on each local machine for consistent access. They
discussed the size of the UID ranges and the potential for exhaustion.
Neal believes the core problem is a misunderstanding between the SSSD
and systemd teams regarding the actual problem to be solved. Matthias
noted the long-standing disagreements between the teams and suggested
Adrian's connection to systemd could be helpful.
homed and userdb
Neal Gompa (Conan Kudo) mentioned that systemd-homed and systemd-userdb
are not actively developed upstream in systemd, with userdb having
performance issues that could cause login hangs with multiple data
sources. Adrian Vovk disputed the performance issue claims, stating
that user creation ensures no allocation conflicts and highlighted the
parallel running of multiple backends in a standard systemd
installation. Neal countered that bug reports regarding these
performance issues have been filed. Adrian stated that userdb is
well-maintained by many maintainers, while homed primarily receives
attention from Lennart and themself due to the lack of desktop
environment support. They discussed the parallel processing of user
database queries, with Adrian arguing against sequential pulling for
performance reasons. Neal expressed concern about potential future
problems with the current approach.
Upstreaming GDM Plumbing
Neal Gompa (Conan Kudo) inquired about technical documentation for
Adrian Vovk's work, as other desktops are interested in similar
implementations. Adrian mentioned discussions with Matthias Klumpp
about potentially upstreaming the core plumbing of GDM (excluding the
gnome-shell GUI) into systemd. Neal Gompa (Conan Kudo) believes this
would greatly simplify seat login management. Adrian explained that
systemd would then launch the login screen, regardless of the desktop
environment.
Passwordless Login
Adrian Vovk detailed the ongoing work for passwordless login in GDM,
including support for smart cards, passkeys, web login forms, and QR
code scanning. This aims to address requirements in enterprise
deployments. Adrian explained the use of a JSON protocol to communicate
rich authentication prompts and responses through PAM to the GUI. This
will also benefit homed's passwordless login features like PIN codes,
fingerprint sensors, and smart cards. Allan Day expressed interest in
streamlined setup for authentication methods like Yubikeys. Adrian also
mentioned kernel work in progress (Linux virtualization based security
- LVBS) to potentially secure less secure authentication methods like
face unlock by running the sensitive code in a secure enclave VM.
Web Page Rendering in GDM
Neal Gompa (Conan Kudo) asked how a web page would be rendered in GDM
for passwordless login. Adrian Vovk clarified that WebKitGTK is not
directly usable as GDM's login screen is not rendered with GTK. The
proposed solution involves running a Wayland surface and reparenting it
into the login screen UI, potentially using the Wayland compositor part
of Mutter. Neal Gompa (Conan Kudo) found this approach unconventional,
but Adrian affirmed its feasibility at an implementation level.
Removal of Legacy X11 Code in GDM
Matthias inquired about the timeline for removing legacy X11 code from
GDM. Adrian Vovk stated this should happen as soon as possible, noting
that GDM's modularity allows for easy file deletion. Neal Gompa (Conan
Kudo) added that forking SDDM and removing X11 code resulted in a
two-thirds reduction in codebase size. Adrian mentioned that this
legacy code is already disabled in Fedora with numerous conditional
compilation directives, meaning removal would involve deleting C files
and cleaning up build configurations.
Open H.264 Update Process Improvement
Neal Gompa (Conan Kudo) announced that Open H.264 for reals is now
done, published, and updated. Neal also reported a process change that
will utilize a drop locker for future updates, aiming to reduce
turnaround times from weeks or months to days.
--
_______________________________________________
desktop mailing list -- desktop@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to desktop-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/desktop@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
