[arch-commits] Commit in gdm/repos/testing-x86_64 (12 files)
Jan Steffens
heftig at archlinux.org
Wed Aug 12 21:26:46 UTC 2020
Date: Wednesday, August 12, 2020 @ 21:26:45
Author: heftig
Revision: 393577
archrelease: copy trunk to testing-x86_64
Added:
gdm/repos/testing-x86_64/0001-Xsession-Don-t-start-ssh-agent-by-default.patch
(from rev 393576, gdm/trunk/0001-Xsession-Don-t-start-ssh-agent-by-default.patch)
gdm/repos/testing-x86_64/0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch
(from rev 393576, gdm/trunk/0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch)
gdm/repos/testing-x86_64/0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch
(from rev 393576, gdm/trunk/0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch)
gdm/repos/testing-x86_64/0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch
(from rev 393576, gdm/trunk/0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch)
gdm/repos/testing-x86_64/PKGBUILD
(from rev 393576, gdm/trunk/PKGBUILD)
gdm/repos/testing-x86_64/gdm.install
(from rev 393576, gdm/trunk/gdm.install)
Deleted:
gdm/repos/testing-x86_64/0001-Xsession-Don-t-start-ssh-agent-by-default.patch
gdm/repos/testing-x86_64/0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch
gdm/repos/testing-x86_64/0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch
gdm/repos/testing-x86_64/0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch
gdm/repos/testing-x86_64/PKGBUILD
gdm/repos/testing-x86_64/gdm.install
--------------------------------------------------------------+
0001-Xsession-Don-t-start-ssh-agent-by-default.patch | 56 -
0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch | 54 -
0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch | 56 -
0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch | 400 +++++-----
PKGBUILD | 208 ++---
gdm.install | 14
6 files changed, 394 insertions(+), 394 deletions(-)
Deleted: 0001-Xsession-Don-t-start-ssh-agent-by-default.patch
===================================================================
--- 0001-Xsession-Don-t-start-ssh-agent-by-default.patch 2020-08-12 21:26:34 UTC (rev 393576)
+++ 0001-Xsession-Don-t-start-ssh-agent-by-default.patch 2020-08-12 21:26:45 UTC (rev 393577)
@@ -1,28 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: "Jan Alexander Steffens (heftig)" <jan.steffens at gmail.com>
-Date: Sat, 20 Jun 2015 17:22:38 +0200
-Subject: [PATCH] Xsession: Don't start ssh-agent by default
-
----
- data/Xsession.in | 8 --------
- 1 file changed, 8 deletions(-)
-
-diff --git a/data/Xsession.in b/data/Xsession.in
-index 9d79558c..ff6d9de0 100755
---- a/data/Xsession.in
-+++ b/data/Xsession.in
-@@ -175,14 +175,6 @@ if [ "x$command" = "xdefault" ] ; then
- fi
- fi
-
--# add ssh-agent if found
--sshagent="`gdmwhich ssh-agent`"
--if [ -n "$sshagent" ] && [ -x "$sshagent" ] && [ -z "$SSH_AUTH_SOCK" ]; then
-- command="$sshagent -- $command"
--elif [ -z "$sshagent" ] ; then
-- echo "$0: ssh-agent not found!"
--fi
--
- echo "$0: Setup done, will execute: $command"
-
- eval exec $command
Copied: gdm/repos/testing-x86_64/0001-Xsession-Don-t-start-ssh-agent-by-default.patch (from rev 393576, gdm/trunk/0001-Xsession-Don-t-start-ssh-agent-by-default.patch)
===================================================================
--- 0001-Xsession-Don-t-start-ssh-agent-by-default.patch (rev 0)
+++ 0001-Xsession-Don-t-start-ssh-agent-by-default.patch 2020-08-12 21:26:45 UTC (rev 393577)
@@ -0,0 +1,28 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens at gmail.com>
+Date: Sat, 20 Jun 2015 17:22:38 +0200
+Subject: [PATCH] Xsession: Don't start ssh-agent by default
+
+---
+ data/Xsession.in | 8 --------
+ 1 file changed, 8 deletions(-)
+
+diff --git a/data/Xsession.in b/data/Xsession.in
+index 9d79558c..ff6d9de0 100755
+--- a/data/Xsession.in
++++ b/data/Xsession.in
+@@ -175,14 +175,6 @@ if [ "x$command" = "xdefault" ] ; then
+ fi
+ fi
+
+-# add ssh-agent if found
+-sshagent="`gdmwhich ssh-agent`"
+-if [ -n "$sshagent" ] && [ -x "$sshagent" ] && [ -z "$SSH_AUTH_SOCK" ]; then
+- command="$sshagent -- $command"
+-elif [ -z "$sshagent" ] ; then
+- echo "$0: ssh-agent not found!"
+-fi
+-
+ echo "$0: Setup done, will execute: $command"
+
+ eval exec $command
Deleted: 0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch
===================================================================
--- 0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch 2020-08-12 21:26:34 UTC (rev 393576)
+++ 0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch 2020-08-12 21:26:45 UTC (rev 393577)
@@ -1,27 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: "Jan Alexander Steffens (heftig)" <jan.steffens at gmail.com>
-Date: Tue, 10 Sep 2019 20:37:08 +0000
-Subject: [PATCH] pam-arch: Don't check greeter account for expiry
-
-systemd-sysusers now creates expired accounts, which broke the greeter
-on new installations.
-
-Doesn't actually fully fix the problem as the user at .service still fails
-to launch.
----
- data/pam-arch/gdm-launch-environment.pam | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/data/pam-arch/gdm-launch-environment.pam b/data/pam-arch/gdm-launch-environment.pam
-index 618a7d3a..89521472 100644
---- a/data/pam-arch/gdm-launch-environment.pam
-+++ b/data/pam-arch/gdm-launch-environment.pam
-@@ -1,7 +1,7 @@
- auth required pam_env.so
- auth optional pam_permit.so
-
--account include system-local-login
-+account optional pam_permit.so
-
- password required pam_deny.so
-
Copied: gdm/repos/testing-x86_64/0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch (from rev 393576, gdm/trunk/0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch)
===================================================================
--- 0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch (rev 0)
+++ 0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch 2020-08-12 21:26:45 UTC (rev 393577)
@@ -0,0 +1,27 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens at gmail.com>
+Date: Tue, 10 Sep 2019 20:37:08 +0000
+Subject: [PATCH] pam-arch: Don't check greeter account for expiry
+
+systemd-sysusers now creates expired accounts, which broke the greeter
+on new installations.
+
+Doesn't actually fully fix the problem as the user at .service still fails
+to launch.
+---
+ data/pam-arch/gdm-launch-environment.pam | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/data/pam-arch/gdm-launch-environment.pam b/data/pam-arch/gdm-launch-environment.pam
+index 618a7d3a..89521472 100644
+--- a/data/pam-arch/gdm-launch-environment.pam
++++ b/data/pam-arch/gdm-launch-environment.pam
+@@ -1,7 +1,7 @@
+ auth required pam_env.so
+ auth optional pam_permit.so
+
+-account include system-local-login
++account optional pam_permit.so
+
+ password required pam_deny.so
+
Deleted: 0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch
===================================================================
--- 0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch 2020-08-12 21:26:34 UTC (rev 393576)
+++ 0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch 2020-08-12 21:26:45 UTC (rev 393577)
@@ -1,28 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: "Jan Alexander Steffens (heftig)" <jan.steffens at gmail.com>
-Date: Tue, 10 Sep 2019 20:41:10 +0000
-Subject: [PATCH] pam-arch: Restrict greeter service to the gdm user
-
-Copied from pam-exherbo.
----
- data/pam-arch/gdm-launch-environment.pam | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/data/pam-arch/gdm-launch-environment.pam b/data/pam-arch/gdm-launch-environment.pam
-index 89521472..d59c9cb9 100644
---- a/data/pam-arch/gdm-launch-environment.pam
-+++ b/data/pam-arch/gdm-launch-environment.pam
-@@ -1,10 +1,13 @@
- auth required pam_env.so
-+auth required pam_succeed_if.so audit quiet_success user = gdm
- auth optional pam_permit.so
-
-+account required pam_succeed_if.so audit quiet_success user = gdm
- account optional pam_permit.so
-
- password required pam_deny.so
-
- session optional pam_keyinit.so force revoke
-+session required pam_succeed_if.so audit quiet_success user = gdm
- session required pam_systemd.so
- session optional pam_permit.so
Copied: gdm/repos/testing-x86_64/0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch (from rev 393576, gdm/trunk/0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch)
===================================================================
--- 0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch (rev 0)
+++ 0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch 2020-08-12 21:26:45 UTC (rev 393577)
@@ -0,0 +1,28 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens at gmail.com>
+Date: Tue, 10 Sep 2019 20:41:10 +0000
+Subject: [PATCH] pam-arch: Restrict greeter service to the gdm user
+
+Copied from pam-exherbo.
+---
+ data/pam-arch/gdm-launch-environment.pam | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/data/pam-arch/gdm-launch-environment.pam b/data/pam-arch/gdm-launch-environment.pam
+index 89521472..d59c9cb9 100644
+--- a/data/pam-arch/gdm-launch-environment.pam
++++ b/data/pam-arch/gdm-launch-environment.pam
+@@ -1,10 +1,13 @@
+ auth required pam_env.so
++auth required pam_succeed_if.so audit quiet_success user = gdm
+ auth optional pam_permit.so
+
++account required pam_succeed_if.so audit quiet_success user = gdm
+ account optional pam_permit.so
+
+ password required pam_deny.so
+
+ session optional pam_keyinit.so force revoke
++session required pam_succeed_if.so audit quiet_success user = gdm
+ session required pam_systemd.so
+ session optional pam_permit.so
Deleted: 0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch
===================================================================
--- 0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch 2020-08-12 21:26:34 UTC (rev 393576)
+++ 0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch 2020-08-12 21:26:45 UTC (rev 393577)
@@ -1,200 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: "Jan Alexander Steffens (heftig)" <heftig at archlinux.org>
-Date: Sun, 9 Aug 2020 00:34:37 +0000
-Subject: [PATCH] pam-arch: Update to match pambase 20200721.1-2
-
-https://bugs.archlinux.org/task/67485
----
- data/pam-arch/gdm-autologin.pam | 22 +++++++++--------
- data/pam-arch/gdm-fingerprint.pam | 31 +++++++++++++++---------
- data/pam-arch/gdm-launch-environment.pam | 24 ++++++++++--------
- data/pam-arch/gdm-password.pam | 17 +++++++------
- data/pam-arch/gdm-pin.pam | 13 ----------
- data/pam-arch/gdm-smartcard.pam | 31 +++++++++++++++---------
- 6 files changed, 75 insertions(+), 63 deletions(-)
- delete mode 100644 data/pam-arch/gdm-pin.pam
-
-diff --git a/data/pam-arch/gdm-autologin.pam b/data/pam-arch/gdm-autologin.pam
-index 99b14209..30bdf529 100644
---- a/data/pam-arch/gdm-autologin.pam
-+++ b/data/pam-arch/gdm-autologin.pam
-@@ -1,13 +1,15 @@
--auth requisite pam_nologin.so
--auth required pam_env.so
--auth optional pam_gdm.so
--auth optional pam_gnome_keyring.so
--auth optional pam_permit.so
-+#%PAM-1.0
-
--account include system-local-login
-+auth required pam_shells.so
-+auth requisite pam_nologin.so
-+auth optional pam_permit.so
-+auth required pam_env.so
-+auth [success=ok default=1] pam_gdm.so
-+auth optional pam_gnome_keyring.so
-
--password include system-local-login
-+account include system-local-login
-
--session optional pam_keyinit.so force revoke
--session include system-local-login
--session optional pam_gnome_keyring.so auto_start
-+password required pam_deny.so
-+
-+session include system-local-login
-+session optional pam_gnome_keyring.so auto_start
-diff --git a/data/pam-arch/gdm-fingerprint.pam b/data/pam-arch/gdm-fingerprint.pam
-index a4808617..cc660d9a 100644
---- a/data/pam-arch/gdm-fingerprint.pam
-+++ b/data/pam-arch/gdm-fingerprint.pam
-@@ -1,14 +1,23 @@
--auth required pam_tally.so onerr=succeed file=/var/log/faillog
--auth required pam_shells.so
--auth requisite pam_nologin.so
--auth required pam_env.so
--auth required pam_fprintd.so
--auth optional pam_permit.so
-+#%PAM-1.0
-
--account include system-local-login
-+auth required pam_shells.so
-+auth requisite pam_nologin.so
-+auth required pam_faillock.so preauth
-+# Optionally use requisite above if you do not want to prompt for the fingerprint
-+# on locked accounts.
-+auth [success=1 default=ignore] pam_fprintd.so
-+auth [default=die] pam_faillock.so authfail
-+auth optional pam_permit.so
-+auth required pam_env.so
-+auth required pam_faillock.so authsucc
-+# If you drop the above call to pam_faillock.so the lock will be done also
-+# on non-consecutive authentication failures.
-+auth [success=ok default=1] pam_gdm.so
-+auth optional pam_gnome_keyring.so
-
--password required pam_fprintd.so
--password optional pam_permit.so
-+account include system-local-login
-
--session optional pam_keyinit.so force revoke
--session include system-local-login
-+password required pam_deny.so
-+
-+session include system-local-login
-+session optional pam_gnome_keyring.so auto_start
-diff --git a/data/pam-arch/gdm-launch-environment.pam b/data/pam-arch/gdm-launch-environment.pam
-index d59c9cb9..3db24bb1 100644
---- a/data/pam-arch/gdm-launch-environment.pam
-+++ b/data/pam-arch/gdm-launch-environment.pam
-@@ -1,13 +1,17 @@
--auth required pam_env.so
--auth required pam_succeed_if.so audit quiet_success user = gdm
--auth optional pam_permit.so
-+#%PAM-1.0
-
--account required pam_succeed_if.so audit quiet_success user = gdm
--account optional pam_permit.so
-+auth required pam_succeed_if.so audit quiet_success user=gdm
-+auth optional pam_permit.so
-+auth required pam_env.so
-
--password required pam_deny.so
-+account required pam_succeed_if.so audit quiet_success user=gdm
-+account optional pam_permit.so
-
--session optional pam_keyinit.so force revoke
--session required pam_succeed_if.so audit quiet_success user = gdm
--session required pam_systemd.so
--session optional pam_permit.so
-+password required pam_deny.so
-+
-+session optional pam_loginuid.so
-+session optional pam_keyinit.so force revoke
-+session required pam_succeed_if.so audit quiet_success user=gdm
-+session optional pam_permit.so
-+-session optional pam_systemd.so
-+session required pam_env.so user_readenv=1
-diff --git a/data/pam-arch/gdm-password.pam b/data/pam-arch/gdm-password.pam
-index 8d34794e..137242a6 100644
---- a/data/pam-arch/gdm-password.pam
-+++ b/data/pam-arch/gdm-password.pam
-@@ -1,11 +1,12 @@
--auth include system-local-login
--auth optional pam_gnome_keyring.so
-+#%PAM-1.0
-
--account include system-local-login
-+auth include system-local-login
-+auth optional pam_gnome_keyring.so
-
--password include system-local-login
--password optional pam_gnome_keyring.so use_authtok
-+account include system-local-login
-
--session optional pam_keyinit.so force revoke
--session include system-local-login
--session optional pam_gnome_keyring.so auto_start
-+password include system-local-login
-+password optional pam_gnome_keyring.so use_authtok
-+
-+session include system-local-login
-+session optional pam_gnome_keyring.so auto_start
-diff --git a/data/pam-arch/gdm-pin.pam b/data/pam-arch/gdm-pin.pam
-deleted file mode 100644
-index 135e205e..00000000
---- a/data/pam-arch/gdm-pin.pam
-+++ /dev/null
-@@ -1,13 +0,0 @@
--auth requisite pam_pin.so
--auth include system-local-login
--auth optional pam_gnome_keyring.so
--
--account include system-local-login
--
--password include system-local-login
--password optional pam_pin.so
--password optional pam_gnome_keyring.so use_authtok
--
--session optional pam_keyinit.so force revoke
--session include system-local-login
--session optional pam_gnome_keyring.so auto_start
-diff --git a/data/pam-arch/gdm-smartcard.pam b/data/pam-arch/gdm-smartcard.pam
-index ec6f75d5..e6ec1299 100644
---- a/data/pam-arch/gdm-smartcard.pam
-+++ b/data/pam-arch/gdm-smartcard.pam
-@@ -1,14 +1,23 @@
--auth required pam_tally.so onerr=succeed file=/var/log/faillog
--auth required pam_shells.so
--auth requisite pam_nologin.so
--auth required pam_env.so
--auth required pam_pkcs11.so wait_for_card card_only
--auth optional pam_permit.so
-+#%PAM-1.0
-
--account include system-local-login
-+auth required pam_shells.so
-+auth requisite pam_nologin.so
-+auth required pam_faillock.so preauth
-+# Optionally use requisite above if you do not want to prompt for the smartcard
-+# on locked accounts.
-+auth [success=1 default=ignore] pam_pkcs11.so wait_for_card card_only
-+auth [default=die] pam_faillock.so authfail
-+auth optional pam_permit.so
-+auth required pam_env.so
-+auth required pam_faillock.so authsucc
-+# If you drop the above call to pam_faillock.so the lock will be done also
-+# on non-consecutive authentication failures.
-+auth [success=ok default=1] pam_gdm.so
-+auth optional pam_gnome_keyring.so
-
--password required pam_pkcs11.so
--password optional pam_permit.so
-+account include system-local-login
-
--session optional pam_keyinit.so force revoke
--session include system-local-login
-+password required pam_deny.so
-+
-+session include system-local-login
-+session optional pam_gnome_keyring.so auto_start
Copied: gdm/repos/testing-x86_64/0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch (from rev 393576, gdm/trunk/0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch)
===================================================================
--- 0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch (rev 0)
+++ 0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch 2020-08-12 21:26:45 UTC (rev 393577)
@@ -0,0 +1,200 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <heftig at archlinux.org>
+Date: Sun, 9 Aug 2020 00:34:37 +0000
+Subject: [PATCH] pam-arch: Update to match pambase 20200721.1-2
+
+https://bugs.archlinux.org/task/67485
+---
+ data/pam-arch/gdm-autologin.pam | 22 +++++++++--------
+ data/pam-arch/gdm-fingerprint.pam | 31 +++++++++++++++---------
+ data/pam-arch/gdm-launch-environment.pam | 24 ++++++++++--------
+ data/pam-arch/gdm-password.pam | 17 +++++++------
+ data/pam-arch/gdm-pin.pam | 13 ----------
+ data/pam-arch/gdm-smartcard.pam | 31 +++++++++++++++---------
+ 6 files changed, 75 insertions(+), 63 deletions(-)
+ delete mode 100644 data/pam-arch/gdm-pin.pam
+
+diff --git a/data/pam-arch/gdm-autologin.pam b/data/pam-arch/gdm-autologin.pam
+index 99b14209..30bdf529 100644
+--- a/data/pam-arch/gdm-autologin.pam
++++ b/data/pam-arch/gdm-autologin.pam
+@@ -1,13 +1,15 @@
+-auth requisite pam_nologin.so
+-auth required pam_env.so
+-auth optional pam_gdm.so
+-auth optional pam_gnome_keyring.so
+-auth optional pam_permit.so
++#%PAM-1.0
+
+-account include system-local-login
++auth required pam_shells.so
++auth requisite pam_nologin.so
++auth optional pam_permit.so
++auth required pam_env.so
++auth [success=ok default=1] pam_gdm.so
++auth optional pam_gnome_keyring.so
+
+-password include system-local-login
++account include system-local-login
+
+-session optional pam_keyinit.so force revoke
+-session include system-local-login
+-session optional pam_gnome_keyring.so auto_start
++password required pam_deny.so
++
++session include system-local-login
++session optional pam_gnome_keyring.so auto_start
+diff --git a/data/pam-arch/gdm-fingerprint.pam b/data/pam-arch/gdm-fingerprint.pam
+index a4808617..cc660d9a 100644
+--- a/data/pam-arch/gdm-fingerprint.pam
++++ b/data/pam-arch/gdm-fingerprint.pam
+@@ -1,14 +1,23 @@
+-auth required pam_tally.so onerr=succeed file=/var/log/faillog
+-auth required pam_shells.so
+-auth requisite pam_nologin.so
+-auth required pam_env.so
+-auth required pam_fprintd.so
+-auth optional pam_permit.so
++#%PAM-1.0
+
+-account include system-local-login
++auth required pam_shells.so
++auth requisite pam_nologin.so
++auth required pam_faillock.so preauth
++# Optionally use requisite above if you do not want to prompt for the fingerprint
++# on locked accounts.
++auth [success=1 default=ignore] pam_fprintd.so
++auth [default=die] pam_faillock.so authfail
++auth optional pam_permit.so
++auth required pam_env.so
++auth required pam_faillock.so authsucc
++# If you drop the above call to pam_faillock.so the lock will be done also
++# on non-consecutive authentication failures.
++auth [success=ok default=1] pam_gdm.so
++auth optional pam_gnome_keyring.so
+
+-password required pam_fprintd.so
+-password optional pam_permit.so
++account include system-local-login
+
+-session optional pam_keyinit.so force revoke
+-session include system-local-login
++password required pam_deny.so
++
++session include system-local-login
++session optional pam_gnome_keyring.so auto_start
+diff --git a/data/pam-arch/gdm-launch-environment.pam b/data/pam-arch/gdm-launch-environment.pam
+index d59c9cb9..2ff5ae56 100644
+--- a/data/pam-arch/gdm-launch-environment.pam
++++ b/data/pam-arch/gdm-launch-environment.pam
+@@ -1,13 +1,17 @@
+-auth required pam_env.so
+-auth required pam_succeed_if.so audit quiet_success user = gdm
+-auth optional pam_permit.so
++#%PAM-1.0
+
+-account required pam_succeed_if.so audit quiet_success user = gdm
+-account optional pam_permit.so
++auth required pam_succeed_if.so audit quiet_success user = gdm
++auth optional pam_permit.so
++auth required pam_env.so
+
+-password required pam_deny.so
++account required pam_succeed_if.so audit quiet_success user = gdm
++account optional pam_permit.so
+
+-session optional pam_keyinit.so force revoke
+-session required pam_succeed_if.so audit quiet_success user = gdm
+-session required pam_systemd.so
+-session optional pam_permit.so
++password required pam_deny.so
++
++session optional pam_loginuid.so
++session optional pam_keyinit.so force revoke
++session required pam_succeed_if.so audit quiet_success user = gdm
++session optional pam_permit.so
++-session optional pam_systemd.so
++session required pam_env.so user_readenv=1
+diff --git a/data/pam-arch/gdm-password.pam b/data/pam-arch/gdm-password.pam
+index 8d34794e..137242a6 100644
+--- a/data/pam-arch/gdm-password.pam
++++ b/data/pam-arch/gdm-password.pam
+@@ -1,11 +1,12 @@
+-auth include system-local-login
+-auth optional pam_gnome_keyring.so
++#%PAM-1.0
+
+-account include system-local-login
++auth include system-local-login
++auth optional pam_gnome_keyring.so
+
+-password include system-local-login
+-password optional pam_gnome_keyring.so use_authtok
++account include system-local-login
+
+-session optional pam_keyinit.so force revoke
+-session include system-local-login
+-session optional pam_gnome_keyring.so auto_start
++password include system-local-login
++password optional pam_gnome_keyring.so use_authtok
++
++session include system-local-login
++session optional pam_gnome_keyring.so auto_start
+diff --git a/data/pam-arch/gdm-pin.pam b/data/pam-arch/gdm-pin.pam
+deleted file mode 100644
+index 135e205e..00000000
+--- a/data/pam-arch/gdm-pin.pam
++++ /dev/null
+@@ -1,13 +0,0 @@
+-auth requisite pam_pin.so
+-auth include system-local-login
+-auth optional pam_gnome_keyring.so
+-
+-account include system-local-login
+-
+-password include system-local-login
+-password optional pam_pin.so
+-password optional pam_gnome_keyring.so use_authtok
+-
+-session optional pam_keyinit.so force revoke
+-session include system-local-login
+-session optional pam_gnome_keyring.so auto_start
+diff --git a/data/pam-arch/gdm-smartcard.pam b/data/pam-arch/gdm-smartcard.pam
+index ec6f75d5..e6ec1299 100644
+--- a/data/pam-arch/gdm-smartcard.pam
++++ b/data/pam-arch/gdm-smartcard.pam
+@@ -1,14 +1,23 @@
+-auth required pam_tally.so onerr=succeed file=/var/log/faillog
+-auth required pam_shells.so
+-auth requisite pam_nologin.so
+-auth required pam_env.so
+-auth required pam_pkcs11.so wait_for_card card_only
+-auth optional pam_permit.so
++#%PAM-1.0
+
+-account include system-local-login
++auth required pam_shells.so
++auth requisite pam_nologin.so
++auth required pam_faillock.so preauth
++# Optionally use requisite above if you do not want to prompt for the smartcard
++# on locked accounts.
++auth [success=1 default=ignore] pam_pkcs11.so wait_for_card card_only
++auth [default=die] pam_faillock.so authfail
++auth optional pam_permit.so
++auth required pam_env.so
++auth required pam_faillock.so authsucc
++# If you drop the above call to pam_faillock.so the lock will be done also
++# on non-consecutive authentication failures.
++auth [success=ok default=1] pam_gdm.so
++auth optional pam_gnome_keyring.so
+
+-password required pam_pkcs11.so
+-password optional pam_permit.so
++account include system-local-login
+
+-session optional pam_keyinit.so force revoke
+-session include system-local-login
++password required pam_deny.so
++
++session include system-local-login
++session optional pam_gnome_keyring.so auto_start
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2020-08-12 21:26:34 UTC (rev 393576)
+++ PKGBUILD 2020-08-12 21:26:45 UTC (rev 393577)
@@ -1,104 +0,0 @@
-# Maintainer: Jan Alexander Steffens (heftig) <heftig at archlinux.org>
-# Contributor: Jan de Groot <jgc at archlinux.org>
-
-pkgbase=gdm
-pkgname=(gdm libgdm)
-pkgver=3.36.3
-pkgrel=5
-pkgdesc="Display manager and login screen"
-url="https://wiki.gnome.org/Projects/GDM"
-arch=(x86_64)
-license=(GPL)
-depends=(gnome-shell gnome-session upower xorg-xrdb xorg-server xorg-xhost)
-makedepends=(yelp-tools gobject-introspection git docbook-xsl)
-checkdepends=(check)
-_commit=24a4c0afe337a7a381397c87a39e3a666c0ae6cc # tags/3.36.3^0
-source=("git+https://gitlab.gnome.org/GNOME/gdm.git#commit=$_commit"
- 0001-Xsession-Don-t-start-ssh-agent-by-default.patch
- 0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch
- 0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch
- 0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch)
-sha256sums=('SKIP'
- 'b9ead66d2b6207335f0bd982a835647536998e7c7c6b5248838e5d53132ca21a'
- 'd89a3a852c9656a61a3d418817c883f7a607a0e65aa0eaf9904738c0299f006d'
- 'c18dc79bdd3207c66b6f66a41a51dd069442d2e9053055147c2f90e39f0c4a7d'
- '7d1e293de59e08e750a42dc01c35170c9d8f1d9a71ff6ca168efd1c4f9bb6812')
-
-pkgver() {
- cd gdm
- git describe --tags | sed 's/-/+/g'
-}
-
-prepare() {
- mkdir build
- cd gdm
- patch -Np1 -i ../0001-Xsession-Don-t-start-ssh-agent-by-default.patch
-
- # https://bugs.archlinux.org/task/63706
- patch -Np1 -i ../0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch
- patch -Np1 -i ../0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch
-
- # https://bugs.archlinux.org/task/67485
- patch -Np1 -i ../0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch
-
- NOCONFIGURE=1 ./autogen.sh
-}
-
-build() {
- cd build
- ../gdm/configure \
- --prefix=/usr \
- --sysconfdir=/etc \
- --localstatedir=/var \
- --sbindir=/usr/bin \
- --libexecdir=/usr/lib \
- with_dbus_sys=/usr/share/dbus-1/system.d \
- --disable-schemas-compile \
- --disable-static \
- --enable-gdm-xsession \
- --enable-ipv6 \
- --with-default-pam-config=arch \
- --with-default-path=/usr/local/bin:/usr/local/sbin:/usr/bin \
- --without-plymouth \
- --without-tcp-wrappers
- sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
- make
-}
-
-check() {
- make -C build check
-}
-
-package_gdm() {
- depends+=(libgdm)
- optdepends=('fprintd: fingerprint authentication')
- backup=(etc/pam.d/gdm-autologin etc/pam.d/gdm-fingerprint etc/pam.d/gdm-launch-environment
- etc/pam.d/gdm-password etc/pam.d/gdm-smartcard etc/gdm/custom.conf
- etc/gdm/Xsession etc/gdm/PostSession/Default etc/gdm/PreSession/Default)
- groups=(gnome)
- install=gdm.install
-
- DESTDIR="$pkgdir" make -C build install
-
- chown -Rc 120:120 "$pkgdir/var/lib/gdm"
-
- # Unused or created at start
- rm -r "$pkgdir"/var/{cache,log,run}
-
- install -Dm644 /dev/stdin "$pkgdir/usr/lib/sysusers.d/gdm.conf" <<END
-g gdm 120 -
-u gdm 120 "Gnome Display Manager" /var/lib/gdm
-END
-
-### Split libgdm
- mkdir -p libgdm/{lib,share}
- mv -t libgdm "$pkgdir"/usr/include
- mv -t libgdm/lib "$pkgdir"/usr/lib/{girepository-1.0,libgdm*,pkgconfig}
- mv -t libgdm/share "$pkgdir"/usr/share/{gir-1.0,glib-2.0}
-}
-
-package_libgdm() {
- pkgdesc="GDM support library"
- depends=(systemd glib2 dconf)
- mv libgdm "$pkgdir/usr"
-}
Copied: gdm/repos/testing-x86_64/PKGBUILD (from rev 393576, gdm/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2020-08-12 21:26:45 UTC (rev 393577)
@@ -0,0 +1,104 @@
+# Maintainer: Jan Alexander Steffens (heftig) <heftig at archlinux.org>
+# Contributor: Jan de Groot <jgc at archlinux.org>
+
+pkgbase=gdm
+pkgname=(gdm libgdm)
+pkgver=3.36.3
+pkgrel=6
+pkgdesc="Display manager and login screen"
+url="https://wiki.gnome.org/Projects/GDM"
+arch=(x86_64)
+license=(GPL)
+depends=(gnome-shell gnome-session upower xorg-xrdb xorg-server xorg-xhost)
+makedepends=(yelp-tools gobject-introspection git docbook-xsl)
+checkdepends=(check)
+_commit=24a4c0afe337a7a381397c87a39e3a666c0ae6cc # tags/3.36.3^0
+source=("git+https://gitlab.gnome.org/GNOME/gdm.git#commit=$_commit"
+ 0001-Xsession-Don-t-start-ssh-agent-by-default.patch
+ 0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch
+ 0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch
+ 0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch)
+sha256sums=('SKIP'
+ 'b9ead66d2b6207335f0bd982a835647536998e7c7c6b5248838e5d53132ca21a'
+ 'd89a3a852c9656a61a3d418817c883f7a607a0e65aa0eaf9904738c0299f006d'
+ 'c18dc79bdd3207c66b6f66a41a51dd069442d2e9053055147c2f90e39f0c4a7d'
+ 'c4d04a019a7f7db57c6909d76f3c8f3dbaf7be86c81d38c6672f1c730bd5b72d')
+
+pkgver() {
+ cd gdm
+ git describe --tags | sed 's/-/+/g'
+}
+
+prepare() {
+ mkdir build
+ cd gdm
+ patch -Np1 -i ../0001-Xsession-Don-t-start-ssh-agent-by-default.patch
+
+ # https://bugs.archlinux.org/task/63706
+ patch -Np1 -i ../0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch
+ patch -Np1 -i ../0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch
+
+ # https://bugs.archlinux.org/task/67485
+ patch -Np1 -i ../0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch
+
+ NOCONFIGURE=1 ./autogen.sh
+}
+
+build() {
+ cd build
+ ../gdm/configure \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --sbindir=/usr/bin \
+ --libexecdir=/usr/lib \
+ with_dbus_sys=/usr/share/dbus-1/system.d \
+ --disable-schemas-compile \
+ --disable-static \
+ --enable-gdm-xsession \
+ --enable-ipv6 \
+ --with-default-pam-config=arch \
+ --with-default-path=/usr/local/bin:/usr/local/sbin:/usr/bin \
+ --without-plymouth \
+ --without-tcp-wrappers
+ sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
+ make
+}
+
+check() {
+ make -C build check
+}
+
+package_gdm() {
+ depends+=(libgdm)
+ optdepends=('fprintd: fingerprint authentication')
+ backup=(etc/pam.d/gdm-autologin etc/pam.d/gdm-fingerprint etc/pam.d/gdm-launch-environment
+ etc/pam.d/gdm-password etc/pam.d/gdm-smartcard etc/gdm/custom.conf
+ etc/gdm/Xsession etc/gdm/PostSession/Default etc/gdm/PreSession/Default)
+ groups=(gnome)
+ install=gdm.install
+
+ DESTDIR="$pkgdir" make -C build install
+
+ chown -Rc 120:120 "$pkgdir/var/lib/gdm"
+
+ # Unused or created at start
+ rm -r "$pkgdir"/var/{cache,log,run}
+
+ install -Dm644 /dev/stdin "$pkgdir/usr/lib/sysusers.d/gdm.conf" <<END
+g gdm 120 -
+u gdm 120 "Gnome Display Manager" /var/lib/gdm
+END
+
+### Split libgdm
+ mkdir -p libgdm/{lib,share}
+ mv -t libgdm "$pkgdir"/usr/include
+ mv -t libgdm/lib "$pkgdir"/usr/lib/{girepository-1.0,libgdm*,pkgconfig}
+ mv -t libgdm/share "$pkgdir"/usr/share/{gir-1.0,glib-2.0}
+}
+
+package_libgdm() {
+ pkgdesc="GDM support library"
+ depends=(systemd glib2 dconf)
+ mv libgdm "$pkgdir/usr"
+}
Deleted: gdm.install
===================================================================
--- gdm.install 2020-08-12 21:26:34 UTC (rev 393576)
+++ gdm.install 2020-08-12 21:26:45 UTC (rev 393577)
@@ -1,7 +0,0 @@
-post_upgrade() {
- if (( $(vercmp $2 3.34.0-2) < 0 )); then
- usermod --expiredate= gdm >/dev/null
- fi
-}
-
-# vim:set ft=sh sw=2 et:
Copied: gdm/repos/testing-x86_64/gdm.install (from rev 393576, gdm/trunk/gdm.install)
===================================================================
--- gdm.install (rev 0)
+++ gdm.install 2020-08-12 21:26:45 UTC (rev 393577)
@@ -0,0 +1,7 @@
+post_upgrade() {
+ if (( $(vercmp $2 3.34.0-2) < 0 )); then
+ usermod --expiredate= gdm >/dev/null
+ fi
+}
+
+# vim:set ft=sh sw=2 et:
More information about the arch-commits
mailing list