Hello, NixOS community,
Category checklist info
What is the expected outcome
Ability to log into Google accounts through the gnome online accounts menu.
What output did you get
An empty screen (see summary).
Meta Information
OS
OS: NixOS 21.11 (Porcupine) x86_64
Host: MS-7C90 1.0
Kernel: 5.10.113
Uptime: 1 hour, 26 mins
Packages: 1345 (nix-system), 11 (flatpak)
Shell: bash 5.1.8
Resolution: 1920x1080, 2560x1440, 1440x2560
DE: GNOME 41.1
WM: Mutter
WM Theme: Adwaita
Theme: Adwaita-dark [GTK2/3]
Icons: Adwaita [GTK2/3]
Terminal: .gnome-terminal
CPU: AMD Ryzen 9 3900X (24) @ 3.800GHz
GPU: AMD ATI Radeon PRO WX 3200
Memory: 13104MiB / 64308MiB
Config (see summary)
Summary
I’m new to NixOS after a drive failure and needed to have a quickly repeatable system moving forward.
I’ve hit a problem with the default gnome for 21.11 which will not allow me to log in to google accounts. I have attached some debug output below. and a screenshot.
gnome-control-center -v online-accounts
12:05:39.0860 GLib: DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
12:05:39.0864 (null): DEBUG: No extra argument
12:05:39.0866 diagnostics-cc-panel: DEBUG: ABRT vanished
(process:53177): GLib-GIO-DEBUG: 12:05:41.461: Failed to initialize portal (GNetworkMonitorPortal) for gio-network-monitor: Not using portals
(process:53177): GLib-GIO-DEBUG: 12:05:41.463: _g_io_module_get_default: Found default implementation networkmanager (GNetworkMonitorNM) for ?gio-network-monitor?
bwrap: Can't mkdir parents for /run/current-system/sw/share/fonts: No such file or directory
(process:53177): GLib-GIO-DEBUG: 12:05:41.466: _g_io_module_get_default: Found default implementation gvfs (GDaemonVfs) for ?gio-vfs?
(process:53177): GLib-GIO-DEBUG: 12:05:41.466: Failed to initialize portal (GPowerProfileMonitorPortal) for gio-power-profile-monitor: Not using portals
(process:53177): GLib-GIO-DEBUG: 12:05:41.466: _g_io_module_get_default: Found default implementation dbus (GPowerProfileMonitorDBus) for ?gio-power-profile-monitor?
(gnome-control-center:53127): dconf-DEBUG: 12:05:46.194: unwatch_fast: "/org/gnome/control-center/" (active: 1, establishing: 0)
(gnome-control-center:53127): dconf-DEBUG: 12:05:46.194: sync
I haven’t done anything special to gnome just the following config in my configuration.nix
{ config, pkgs, ... }:
let
unstableTarball = fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz";
in
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
# ... other cfg ...
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the GNOME Desktop Environment.
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
# ...
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs;
[
# ... other pkgs ...
gnome.gnome-tweaks
gnome3.gnome-settings-daemon
gnomeExtensions.appindicator
gnomeExtensions.sound-output-device-chooser
gnomeExtensions.clipboard-indicator
];
# ... other cfg ...
services.flatpak.enable = true;
}
Other links for reference:
@bbigras Looks like this helped it get a little further but still getting the same screen as above.
gnome-control-center -v online-accounts
16:49:17.0366 GLib: DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
16:49:17.0369 (null): DEBUG: No extra argument
(gnome-control-center:171409): dconf-DEBUG: 16:49:17.369: change_fast
(gnome-control-center:171409): dconf-DEBUG: 16:49:17.369: change_notify: /org/gnome/control-center/last-panel
16:49:17.0371 GLib-GIO: DEBUG: Failed to initialize portal (GNetworkMonitorPortal) for gio-network-monitor: Not using portals
16:49:17.0372 GLib-GIO: DEBUG: _g_io_module_get_default: Found default implementation networkmanager (GNetworkMonitorNM) for ‘gio-network-monitor’
(gnome-control-center:171409): dconf-DEBUG: 16:49:17.373: watch_fast: "/org/gnome/online-accounts/" (establishing: 0, active: 0)
16:49:17.0373 GoaBackend: DEBUG: Loading all providers:
16:49:17.0373 GoaBackend: DEBUG: - google
16:49:17.0373 GoaBackend: DEBUG: - owncloud
16:49:17.0373 GoaBackend: DEBUG: - facebook
16:49:17.0373 GoaBackend: DEBUG: - windows_live
16:49:17.0373 GoaBackend: DEBUG: - flickr
16:49:17.0374 GoaBackend: DEBUG: - foursquare
16:49:17.0374 GoaBackend: DEBUG: - exchange
16:49:17.0374 GoaBackend: DEBUG: - lastfm
16:49:17.0374 GoaBackend: DEBUG: - imap_smtp
16:49:17.0374 GoaBackend: DEBUG: - kerberos
(gnome-control-center:171409): dconf-DEBUG: 16:49:17.374: watch_established: "/org/gnome/online-accounts/" (establishing: 1)
16:49:17.0374 GoaBackend: DEBUG: activated kerberos provider
16:49:17.0374 GoaBackend: DEBUG: - media-server
(gnome-control-center:171409): dconf-DEBUG: 16:49:17.374: unwatch_fast: "/org/gnome/online-accounts/" (active: 1, establishing: 0)
16:49:17.0375 cc-window: DEBUG: Time to open panel 'Online Accounts': 0.005704s
16:49:17.0375 cc-window: DEBUG: Added 'printers' to the previous panels
(gnome-control-center:171409): dconf-DEBUG: 16:49:17.375: unwatch_fast: "/org/gnome/desktop/lockdown/" (active: 1, establishing: 0)
16:49:17.0378 diagnostics-cc-panel: DEBUG: ABRT vanished
(process:171469): GLib-GIO-DEBUG: 16:49:19.278: Failed to initialize portal (GNetworkMonitorPortal) for gio-network-monitor: Not using portals
(process:171469): GLib-GIO-DEBUG: 16:49:19.280: _g_io_module_get_default: Found default implementation networkmanager (GNetworkMonitorNM) for ?gio-network-monitor?
bwrap: Can't mkdir parents for /run/current-system/sw/share/fonts: No such file or directory
(process:171469): GLib-GIO-DEBUG: 16:49:19.283: _g_io_module_get_default: Found default implementation gvfs (GDaemonVfs) for ?gio-vfs?
(process:171469): GLib-GIO-DEBUG: 16:49:19.283: Failed to initialize portal (GPowerProfileMonitorPortal) for gio-power-profile-monitor: Not using portals
(process:171469): GLib-GIO-DEBUG: 16:49:19.283: _g_io_module_get_default: Found default implementation dbus (GPowerProfileMonitorDBus) for ?gio-power-profile-monitor?
(gnome-control-center:171409): dconf-DEBUG: 16:49:25.856: unwatch_fast: "/org/gnome/control-center/" (active: 1, establishing: 0)
(gnome-control-center:171409): dconf-DEBUG: 16:49:25.856: sync
Seems like its getting hung at the dconf sync step.
This appears to work, going to do some testing with this in the configuration.nix
https://github.com/clearlinux/distribution/issues/2284#issuecomment-1073953007
env WEBKIT_FORCE_SANDBOX=0 gnome-control-center online-accounts
At the moment, I’m not sure why, but I think it has to do with assumed paths which don’t exist with NixOS’s FS structure.
I can confirm after the reboot with this system environment variable it works as expected. In summary, changes made to the configuration.nix are as follows.
{
# ...
services.accounts-daemon.enable = true;
services.gnome.gnome-online-accounts.enable = true;
# Env vars
environment.variables = {
# Set sandbox variable for gnome accounts to work
WEBKIT_FORCE_SANDBOX = "0";
};
# ...
}
services.accounts-daemon.enable and services.gnome.gnome-online-accounts.enable are true by default on GNOME.
Also, I would strongly caution against disabling WebKit sandboxing globally – even if you do not use WebKitGTK-based web browser like Epiphany, various programs use the engine for potentially untrusted content (e-mail clients like Geary, Sushi file previewer that you can accidentally trigger by pressing Space in Nautilus). Or you may need to use Epiphany in the future for some reason and forget that you have sandboxing still disabled. Sandboxing is not a panacea but it is still a critical piece in the security puzzle. You typically do not need to configure online accounts very often so just starting Control Center with the environment variable should be fine.
1 Like
Hi @jtojnar,
I was wondering specifically about this with that setting. My worry was it might fail again later silently. Is there a way to allow for account login access without compromising this?
Revised solution:
Run the following command to log in on an “as needed” basis.
WEBKIT_FORCE_SANDBOX=0 gnome-control-center online-accounts
