services: desktop: Mount /var/lib/gdm on a tmpfs file system.

Fixes <https://issues.guix.gnu.org/44944>.

* gnu/services/xorg.scm (%gdm-activation): Delete variable.
(gdm-service-type): De-register it.
* gnu/services/desktop.scm (%gdm-file-system): New variable.
(gdm-file-system-service): Likewise.
(desktop-services-for-system): Use it.

gnu/services/desktop.scm

@@ -117,6 +117,9 @@
             elogind-service
             elogind-service-type
 
+            %gdm-file-system
+            gdm-file-system-service
+
             %fontconfig-file-system
             fontconfig-file-system-service
 
@@ -1232,6 +1235,13 @@ when they log out."
     (flags '(read-only))
     (check? #f)))
 
+(define %gdm-file-system
+  (file-system
+    (device "none")
+    (mount-point "/var/lib/gdm")
+    (type "tmpfs")
+    (check? #f)))
+
 ;; The global fontconfig cache directory can sometimes contain stale entries,
 ;; possibly referencing fonts that have been GC'd, so mount it read-only.
 ;; As mentioned https://debbugs.gnu.org/cgi/bugreport.cgi?bug=36924#8 and
@@ -1240,6 +1250,15 @@ when they log out."
   (simple-service 'fontconfig-file-system
                   file-system-service-type
                   (list %fontconfig-file-system)))
+
+;; Avoid stale caches and stale user IDs being reused between system
+;; reconfigurations, which would crash GDM and render the system unusable.
+;; GDM doesn't require persisting anything valuable there anyway.
+(define gdm-file-system-service
+  (simple-service 'gdm-file-system
+                  file-system-service-type
+                  (list %gdm-file-system)))
+
 
 ;;;
 ;;; AccountsService service.
@@ -1750,6 +1769,10 @@ applications needing access to be root.")
                               (list (file-append nfs-utils "/sbin/mount.nfs")
                                (file-append ntfs-3g "/sbin/mount.ntfs-3g"))))
 
+         ;; This is a volatile read-write file system mounted at /var/lib/gdm,
+         ;; to avoid GDM stale cache and permission issues.
+         gdm-file-system-service
+
          ;; The global fontconfig cache directory can sometimes contain
          ;; stale entries, possibly referencing fonts that have been GC'd,
          ;; so mount it read-only.

gnu/services/xorg.scm

@@ -818,27 +818,6 @@ the GNOME desktop environment.")
          (home-directory "/var/lib/gdm")
          (shell (file-append shadow "/sbin/nologin")))))
 
-(define %gdm-activation
-  ;; Ensure /var/lib/gdm is owned by the "gdm" user.  This is normally the
-  ;; case but could be wrong if the "gdm" user was created, then removed, and
-  ;; then recreated under a different UID/GID: <https://bugs.gnu.org/37423>.
-  (with-imported-modules '((guix build utils))
-    #~(begin
-        (use-modules (guix build utils))
-
-        (let* ((gdm (getpwnam "gdm"))
-               (uid (passwd:uid gdm))
-               (gid (passwd:gid gdm))
-               (st  (stat "/var/lib/gdm" #f)))
-          ;; Recurse into /var/lib/gdm only if it has wrong ownership.
-          (when (and st
-                     (or (not (= uid (stat:uid st)))
-                         (not (= gid (stat:gid st)))))
-            (for-each (lambda (file)
-                        (chown file uid gid))
-                      (find-files "/var/lib/gdm"
-                                  #:directories? #t)))))))
-
 (define dbus-daemon-wrapper
   (program-file
    "gdm-dbus-wrapper"
@@ -1022,8 +1001,6 @@ the GNOME desktop environment.")
                   (extensions
                    (list (service-extension shepherd-root-service-type
                                             gdm-shepherd-service)
-                         (service-extension activation-service-type
-                                            (const %gdm-activation))
                          (service-extension account-service-type
                                             (const %gdm-accounts))
                          (service-extension pam-root-service-type