How to use Gnome Online Accounts

jordangarrison · May 5, 2022, 5:22pm

Hello, NixOS community,

Category checklist info

What is the expected outcome

Ability to log into Google accounts through the gnome online accounts menu.

What output did you get

An empty screen (see summary).

Meta Information

OS

OS: NixOS 21.11 (Porcupine) x86_64 
Host: MS-7C90 1.0 
Kernel: 5.10.113 
Uptime: 1 hour, 26 mins 
Packages: 1345 (nix-system), 11 (flatpak) 
Shell: bash 5.1.8 
Resolution: 1920x1080, 2560x1440, 1440x2560 
DE: GNOME 41.1 
WM: Mutter 
WM Theme: Adwaita 
Theme: Adwaita-dark [GTK2/3] 
Icons: Adwaita [GTK2/3] 
Terminal: .gnome-terminal 
CPU: AMD Ryzen 9 3900X (24) @ 3.800GHz 
GPU: AMD ATI Radeon PRO WX 3200 
Memory: 13104MiB / 64308MiB

Config (see summary)

Summary

I’m new to NixOS after a drive failure and needed to have a quickly repeatable system moving forward.

I’ve hit a problem with the default gnome for 21.11 which will not allow me to log in to google accounts. I have attached some debug output below. and a screenshot.

gnome-control-center -v online-accounts 
12:05:39.0860                      GLib:    DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
12:05:39.0864                    (null):    DEBUG: No extra argument
12:05:39.0866      diagnostics-cc-panel:    DEBUG: ABRT vanished
(process:53177): GLib-GIO-DEBUG: 12:05:41.461: Failed to initialize portal (GNetworkMonitorPortal) for gio-network-monitor: Not using portals
(process:53177): GLib-GIO-DEBUG: 12:05:41.463: _g_io_module_get_default: Found default implementation networkmanager (GNetworkMonitorNM) for ?gio-network-monitor?
bwrap: Can't mkdir parents for /run/current-system/sw/share/fonts: No such file or directory
(process:53177): GLib-GIO-DEBUG: 12:05:41.466: _g_io_module_get_default: Found default implementation gvfs (GDaemonVfs) for ?gio-vfs?
(process:53177): GLib-GIO-DEBUG: 12:05:41.466: Failed to initialize portal (GPowerProfileMonitorPortal) for gio-power-profile-monitor: Not using portals
(process:53177): GLib-GIO-DEBUG: 12:05:41.466: _g_io_module_get_default: Found default implementation dbus (GPowerProfileMonitorDBus) for ?gio-power-profile-monitor?
(gnome-control-center:53127): dconf-DEBUG: 12:05:46.194: unwatch_fast: "/org/gnome/control-center/" (active: 1, establishing: 0)
(gnome-control-center:53127): dconf-DEBUG: 12:05:46.194: sync

I haven’t done anything special to gnome just the following config in my configuration.nix

{ config, pkgs, ... }:
let
  unstableTarball = fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz";
in
{
  imports =
    [
      # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];
  # ... other cfg ...
  # Enable the X11 windowing system.
  services.xserver.enable = true;
  # Enable the GNOME Desktop Environment.
  services.xserver.displayManager.gdm.enable = true;
  services.xserver.desktopManager.gnome.enable = true;
  # ...
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs;
    [
     # ... other pkgs ...
      gnome.gnome-tweaks
      gnome3.gnome-settings-daemon
      gnomeExtensions.appindicator
      gnomeExtensions.sound-output-device-chooser
      gnomeExtensions.clipboard-indicator
    ];
  # ... other cfg ...
  services.flatpak.enable = true;
}

Other links for reference:

r/gnome subreddit Gnome online accounts goa breaks on 42 Didn’t see any resolution on this thread, however.

bbigras · May 5, 2022, 8:21pm

I’m not using it, but maybe check services.accounts-daemon.enable and services.gnome.gnome-online-accounts.enable .

jordangarrison · May 5, 2022, 9:51pm

@bbigras Looks like this helped it get a little further but still getting the same screen as above.

gnome-control-center -v online-accounts

16:49:17.0366                      GLib:    DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
16:49:17.0369                    (null):    DEBUG: No extra argument
(gnome-control-center:171409): dconf-DEBUG: 16:49:17.369: change_fast
(gnome-control-center:171409): dconf-DEBUG: 16:49:17.369: change_notify: /org/gnome/control-center/last-panel
16:49:17.0371                  GLib-GIO:    DEBUG: Failed to initialize portal (GNetworkMonitorPortal) for gio-network-monitor: Not using portals
16:49:17.0372                  GLib-GIO:    DEBUG: _g_io_module_get_default: Found default implementation networkmanager (GNetworkMonitorNM) for ‘gio-network-monitor’
(gnome-control-center:171409): dconf-DEBUG: 16:49:17.373: watch_fast: "/org/gnome/online-accounts/" (establishing: 0, active: 0)
16:49:17.0373                GoaBackend:    DEBUG: Loading all providers: 
16:49:17.0373                GoaBackend:    DEBUG:  - google
16:49:17.0373                GoaBackend:    DEBUG:  - owncloud
16:49:17.0373                GoaBackend:    DEBUG:  - facebook
16:49:17.0373                GoaBackend:    DEBUG:  - windows_live
16:49:17.0373                GoaBackend:    DEBUG:  - flickr
16:49:17.0374                GoaBackend:    DEBUG:  - foursquare
16:49:17.0374                GoaBackend:    DEBUG:  - exchange
16:49:17.0374                GoaBackend:    DEBUG:  - lastfm
16:49:17.0374                GoaBackend:    DEBUG:  - imap_smtp
16:49:17.0374                GoaBackend:    DEBUG:  - kerberos
(gnome-control-center:171409): dconf-DEBUG: 16:49:17.374: watch_established: "/org/gnome/online-accounts/" (establishing: 1)
16:49:17.0374                GoaBackend:    DEBUG: activated kerberos provider
16:49:17.0374                GoaBackend:    DEBUG:  - media-server
(gnome-control-center:171409): dconf-DEBUG: 16:49:17.374: unwatch_fast: "/org/gnome/online-accounts/" (active: 1, establishing: 0)
16:49:17.0375                 cc-window:    DEBUG: Time to open panel 'Online Accounts': 0.005704s
16:49:17.0375                 cc-window:    DEBUG: Added 'printers' to the previous panels
(gnome-control-center:171409): dconf-DEBUG: 16:49:17.375: unwatch_fast: "/org/gnome/desktop/lockdown/" (active: 1, establishing: 0)
16:49:17.0378      diagnostics-cc-panel:    DEBUG: ABRT vanished
(process:171469): GLib-GIO-DEBUG: 16:49:19.278: Failed to initialize portal (GNetworkMonitorPortal) for gio-network-monitor: Not using portals
(process:171469): GLib-GIO-DEBUG: 16:49:19.280: _g_io_module_get_default: Found default implementation networkmanager (GNetworkMonitorNM) for ?gio-network-monitor?
bwrap: Can't mkdir parents for /run/current-system/sw/share/fonts: No such file or directory
(process:171469): GLib-GIO-DEBUG: 16:49:19.283: _g_io_module_get_default: Found default implementation gvfs (GDaemonVfs) for ?gio-vfs?
(process:171469): GLib-GIO-DEBUG: 16:49:19.283: Failed to initialize portal (GPowerProfileMonitorPortal) for gio-power-profile-monitor: Not using portals
(process:171469): GLib-GIO-DEBUG: 16:49:19.283: _g_io_module_get_default: Found default implementation dbus (GPowerProfileMonitorDBus) for ?gio-power-profile-monitor?
(gnome-control-center:171409): dconf-DEBUG: 16:49:25.856: unwatch_fast: "/org/gnome/control-center/" (active: 1, establishing: 0)
(gnome-control-center:171409): dconf-DEBUG: 16:49:25.856: sync

Seems like its getting hung at the dconf sync step.

jordangarrison · May 5, 2022, 9:59pm

This appears to work, going to do some testing with this in the configuration.nix

https://github.com/clearlinux/distribution/issues/2284#issuecomment-1073953007

env WEBKIT_FORCE_SANDBOX=0 gnome-control-center online-accounts

At the moment, I’m not sure why, but I think it has to do with assumed paths which don’t exist with NixOS’s FS structure.

jordangarrison · May 5, 2022, 10:31pm

I can confirm after the reboot with this system environment variable it works as expected. In summary, changes made to the configuration.nix are as follows.

{
  # ...
  services.accounts-daemon.enable = true;
  services.gnome.gnome-online-accounts.enable = true;

  # Env vars
  environment.variables = {
    # Set sandbox variable for gnome accounts to work
    WEBKIT_FORCE_SANDBOX = "0";
  };
  # ...
}

jtojnar · May 6, 2022, 1:14am

services.accounts-daemon.enable and services.gnome.gnome-online-accounts.enable are true by default on GNOME.

Also, I would strongly caution against disabling WebKit sandboxing globally – even if you do not use WebKitGTK-based web browser like Epiphany, various programs use the engine for potentially untrusted content (e-mail clients like Geary, Sushi file previewer that you can accidentally trigger by pressing Space in Nautilus). Or you may need to use Epiphany in the future for some reason and forget that you have sandboxing still disabled. Sandboxing is not a panacea but it is still a critical piece in the security puzzle. You typically do not need to configure online accounts very often so just starting Control Center with the environment variable should be fine.

jordangarrison · May 6, 2022, 3:44am

Hi @jtojnar,

I was wondering specifically about this with that setting. My worry was it might fail again later silently. Is there a way to allow for account login access without compromising this?

Revised solution:

Run the following command to log in on an “as needed” basis.

WEBKIT_FORCE_SANDBOX=0 gnome-control-center online-accounts