[arch-commits] Commit in gdm/trunk (3 files)

Jan Steffens heftig at archlinux.org
Wed Aug 12 21:16:26 UTC 2020


    Date: Wednesday, August 12, 2020 @ 21:16:25
  Author: heftig
Revision: 393574

3.36.3-5: Match new pambase

Added:
  gdm/trunk/0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch
Modified:
  gdm/trunk/PKGBUILD
Deleted:
  gdm/trunk/0004-pam-arch-Replace-pam_tally-with-pam_faillock.patch

----------------------------------------------------------+
 0004-pam-arch-Replace-pam_tally-with-pam_faillock.patch  |   33 --
 0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch |  200 +++++++++++++
 PKGBUILD                                                 |    8 
 3 files changed, 204 insertions(+), 37 deletions(-)

Deleted: 0004-pam-arch-Replace-pam_tally-with-pam_faillock.patch
===================================================================
--- 0004-pam-arch-Replace-pam_tally-with-pam_faillock.patch	2020-08-12 19:45:01 UTC (rev 393573)
+++ 0004-pam-arch-Replace-pam_tally-with-pam_faillock.patch	2020-08-12 21:16:25 UTC (rev 393574)
@@ -1,33 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: "Jan Alexander Steffens (heftig)" <heftig at archlinux.org>
-Date: Sun, 9 Aug 2020 00:34:37 +0000
-Subject: [PATCH] pam-arch: Replace pam_tally with pam_faillock
-
-pam 1.4.0 removed the former and replaces it with the latter.
-
-https://bugs.archlinux.org/task/67485
----
- data/pam-arch/gdm-fingerprint.pam | 2 +-
- data/pam-arch/gdm-smartcard.pam   | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/data/pam-arch/gdm-fingerprint.pam b/data/pam-arch/gdm-fingerprint.pam
-index a4808617..57d57925 100644
---- a/data/pam-arch/gdm-fingerprint.pam
-+++ b/data/pam-arch/gdm-fingerprint.pam
-@@ -1,4 +1,4 @@
--auth     required  pam_tally.so onerr=succeed file=/var/log/faillog
-+auth     required  pam_faillock.so onerr=succeed file=/var/log/tallylog
- auth     required  pam_shells.so
- auth     requisite pam_nologin.so
- auth     required  pam_env.so
-diff --git a/data/pam-arch/gdm-smartcard.pam b/data/pam-arch/gdm-smartcard.pam
-index ec6f75d5..0852476a 100644
---- a/data/pam-arch/gdm-smartcard.pam
-+++ b/data/pam-arch/gdm-smartcard.pam
-@@ -1,4 +1,4 @@
--auth     required  pam_tally.so onerr=succeed file=/var/log/faillog
-+auth     required  pam_faillock.so onerr=succeed file=/var/log/tallylog
- auth     required  pam_shells.so
- auth     requisite pam_nologin.so
- auth     required  pam_env.so

Added: 0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch
===================================================================
--- 0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch	                        (rev 0)
+++ 0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch	2020-08-12 21:16:25 UTC (rev 393574)
@@ -0,0 +1,200 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <heftig at archlinux.org>
+Date: Sun, 9 Aug 2020 00:34:37 +0000
+Subject: [PATCH] pam-arch: Update to match pambase 20200721.1-2
+
+https://bugs.archlinux.org/task/67485
+---
+ data/pam-arch/gdm-autologin.pam          | 22 +++++++++--------
+ data/pam-arch/gdm-fingerprint.pam        | 31 +++++++++++++++---------
+ data/pam-arch/gdm-launch-environment.pam | 24 ++++++++++--------
+ data/pam-arch/gdm-password.pam           | 17 +++++++------
+ data/pam-arch/gdm-pin.pam                | 13 ----------
+ data/pam-arch/gdm-smartcard.pam          | 31 +++++++++++++++---------
+ 6 files changed, 75 insertions(+), 63 deletions(-)
+ delete mode 100644 data/pam-arch/gdm-pin.pam
+
+diff --git a/data/pam-arch/gdm-autologin.pam b/data/pam-arch/gdm-autologin.pam
+index 99b14209..30bdf529 100644
+--- a/data/pam-arch/gdm-autologin.pam
++++ b/data/pam-arch/gdm-autologin.pam
+@@ -1,13 +1,15 @@
+-auth     requisite pam_nologin.so
+-auth     required  pam_env.so
+-auth     optional  pam_gdm.so
+-auth     optional  pam_gnome_keyring.so
+-auth     optional  pam_permit.so
++#%PAM-1.0
+ 
+-account  include   system-local-login
++auth       required                    pam_shells.so
++auth       requisite                   pam_nologin.so
++auth       optional                    pam_permit.so
++auth       required                    pam_env.so
++auth       [success=ok default=1]      pam_gdm.so
++auth       optional                    pam_gnome_keyring.so
+ 
+-password include   system-local-login
++account    include                     system-local-login
+ 
+-session  optional  pam_keyinit.so force revoke
+-session  include   system-local-login
+-session  optional  pam_gnome_keyring.so auto_start
++password   required                    pam_deny.so
++
++session    include                     system-local-login
++session    optional                    pam_gnome_keyring.so auto_start
+diff --git a/data/pam-arch/gdm-fingerprint.pam b/data/pam-arch/gdm-fingerprint.pam
+index a4808617..cc660d9a 100644
+--- a/data/pam-arch/gdm-fingerprint.pam
++++ b/data/pam-arch/gdm-fingerprint.pam
+@@ -1,14 +1,23 @@
+-auth     required  pam_tally.so onerr=succeed file=/var/log/faillog
+-auth     required  pam_shells.so
+-auth     requisite pam_nologin.so
+-auth     required  pam_env.so
+-auth     required  pam_fprintd.so
+-auth     optional  pam_permit.so
++#%PAM-1.0
+ 
+-account  include   system-local-login
++auth       required                    pam_shells.so
++auth       requisite                   pam_nologin.so
++auth       required                    pam_faillock.so      preauth
++# Optionally use requisite above if you do not want to prompt for the fingerprint
++# on locked accounts.
++auth       [success=1 default=ignore]  pam_fprintd.so
++auth       [default=die]               pam_faillock.so      authfail
++auth       optional                    pam_permit.so
++auth       required                    pam_env.so
++auth       required                    pam_faillock.so      authsucc
++# If you drop the above call to pam_faillock.so the lock will be done also
++# on non-consecutive authentication failures.
++auth       [success=ok default=1]      pam_gdm.so
++auth       optional                    pam_gnome_keyring.so
+ 
+-password required  pam_fprintd.so
+-password optional  pam_permit.so
++account    include                     system-local-login
+ 
+-session  optional  pam_keyinit.so force revoke
+-session  include   system-local-login
++password   required                    pam_deny.so
++
++session    include                     system-local-login
++session    optional                    pam_gnome_keyring.so auto_start
+diff --git a/data/pam-arch/gdm-launch-environment.pam b/data/pam-arch/gdm-launch-environment.pam
+index d59c9cb9..3db24bb1 100644
+--- a/data/pam-arch/gdm-launch-environment.pam
++++ b/data/pam-arch/gdm-launch-environment.pam
+@@ -1,13 +1,17 @@
+-auth     required  pam_env.so
+-auth     required  pam_succeed_if.so audit quiet_success user = gdm
+-auth     optional  pam_permit.so
++#%PAM-1.0
+ 
+-account  required  pam_succeed_if.so audit quiet_success user = gdm
+-account  optional  pam_permit.so
++auth       required                    pam_succeed_if.so    audit quiet_success user=gdm
++auth       optional                    pam_permit.so
++auth       required                    pam_env.so
+ 
+-password required  pam_deny.so
++account    required                    pam_succeed_if.so    audit quiet_success user=gdm
++account    optional                    pam_permit.so
+ 
+-session  optional  pam_keyinit.so force revoke
+-session  required  pam_succeed_if.so audit quiet_success user = gdm
+-session  required  pam_systemd.so
+-session  optional  pam_permit.so
++password   required                    pam_deny.so
++
++session    optional                    pam_loginuid.so
++session    optional                    pam_keyinit.so       force revoke
++session    required                    pam_succeed_if.so    audit quiet_success user=gdm
++session    optional                    pam_permit.so
++-session   optional                    pam_systemd.so
++session    required                    pam_env.so           user_readenv=1
+diff --git a/data/pam-arch/gdm-password.pam b/data/pam-arch/gdm-password.pam
+index 8d34794e..137242a6 100644
+--- a/data/pam-arch/gdm-password.pam
++++ b/data/pam-arch/gdm-password.pam
+@@ -1,11 +1,12 @@
+-auth     include   system-local-login
+-auth     optional  pam_gnome_keyring.so
++#%PAM-1.0
+ 
+-account  include   system-local-login
++auth       include                     system-local-login
++auth       optional                    pam_gnome_keyring.so
+ 
+-password include   system-local-login
+-password optional  pam_gnome_keyring.so use_authtok
++account    include                     system-local-login
+ 
+-session  optional  pam_keyinit.so force revoke
+-session  include   system-local-login
+-session  optional  pam_gnome_keyring.so auto_start
++password   include                     system-local-login
++password   optional                    pam_gnome_keyring.so use_authtok
++
++session    include                     system-local-login
++session    optional                    pam_gnome_keyring.so auto_start
+diff --git a/data/pam-arch/gdm-pin.pam b/data/pam-arch/gdm-pin.pam
+deleted file mode 100644
+index 135e205e..00000000
+--- a/data/pam-arch/gdm-pin.pam
++++ /dev/null
+@@ -1,13 +0,0 @@
+-auth     requisite pam_pin.so
+-auth     include   system-local-login
+-auth     optional  pam_gnome_keyring.so
+-
+-account  include   system-local-login
+-
+-password include   system-local-login
+-password optional  pam_pin.so
+-password optional  pam_gnome_keyring.so use_authtok
+-
+-session  optional  pam_keyinit.so force revoke
+-session  include   system-local-login
+-session  optional  pam_gnome_keyring.so auto_start
+diff --git a/data/pam-arch/gdm-smartcard.pam b/data/pam-arch/gdm-smartcard.pam
+index ec6f75d5..e6ec1299 100644
+--- a/data/pam-arch/gdm-smartcard.pam
++++ b/data/pam-arch/gdm-smartcard.pam
+@@ -1,14 +1,23 @@
+-auth     required  pam_tally.so onerr=succeed file=/var/log/faillog
+-auth     required  pam_shells.so
+-auth     requisite pam_nologin.so
+-auth     required  pam_env.so
+-auth     required  pam_pkcs11.so wait_for_card card_only
+-auth     optional  pam_permit.so
++#%PAM-1.0
+ 
+-account  include   system-local-login
++auth       required                    pam_shells.so
++auth       requisite                   pam_nologin.so
++auth       required                    pam_faillock.so      preauth
++# Optionally use requisite above if you do not want to prompt for the smartcard
++# on locked accounts.
++auth       [success=1 default=ignore]  pam_pkcs11.so        wait_for_card card_only
++auth       [default=die]               pam_faillock.so      authfail
++auth       optional                    pam_permit.so
++auth       required                    pam_env.so
++auth       required                    pam_faillock.so      authsucc
++# If you drop the above call to pam_faillock.so the lock will be done also
++# on non-consecutive authentication failures.
++auth       [success=ok default=1]      pam_gdm.so
++auth       optional                    pam_gnome_keyring.so
+ 
+-password required  pam_pkcs11.so
+-password optional  pam_permit.so
++account    include                     system-local-login
+ 
+-session  optional  pam_keyinit.so force revoke
+-session  include   system-local-login
++password   required                    pam_deny.so
++
++session    include                     system-local-login
++session    optional                    pam_gnome_keyring.so auto_start

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2020-08-12 19:45:01 UTC (rev 393573)
+++ PKGBUILD	2020-08-12 21:16:25 UTC (rev 393574)
@@ -4,7 +4,7 @@
 pkgbase=gdm
 pkgname=(gdm libgdm)
 pkgver=3.36.3
-pkgrel=4
+pkgrel=5
 pkgdesc="Display manager and login screen"
 url="https://wiki.gnome.org/Projects/GDM"
 arch=(x86_64)
@@ -17,12 +17,12 @@
         0001-Xsession-Don-t-start-ssh-agent-by-default.patch
         0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch
         0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch
-        0004-pam-arch-Replace-pam_tally-with-pam_faillock.patch)
+        0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch)
 sha256sums=('SKIP'
             'b9ead66d2b6207335f0bd982a835647536998e7c7c6b5248838e5d53132ca21a'
             'd89a3a852c9656a61a3d418817c883f7a607a0e65aa0eaf9904738c0299f006d'
             'c18dc79bdd3207c66b6f66a41a51dd069442d2e9053055147c2f90e39f0c4a7d'
-            '091fe36855c39c7e900ba971795c48d155269be470a6ff3e5494b438de7aa3d9')
+            '7d1e293de59e08e750a42dc01c35170c9d8f1d9a71ff6ca168efd1c4f9bb6812')
 
 pkgver() {
   cd gdm
@@ -39,7 +39,7 @@
   patch -Np1 -i ../0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch
 
   # https://bugs.archlinux.org/task/67485
-  patch -Np1 -i ../0004-pam-arch-Replace-pam_tally-with-pam_faillock.patch
+  patch -Np1 -i ../0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch
 
   NOCONFIGURE=1 ./autogen.sh
 }



More information about the arch-commits mailing list