[arch-commits] Commit in gdm/repos (6 files)

Jan Steffens heftig at gemini.archlinux.org
Wed Nov 3 00:07:44 UTC 2021


    Date: Wednesday, November 3, 2021 @ 00:07:44
  Author: heftig
Revision: 427044

archrelease: copy trunk to gnome-unstable-x86_64

Added:
  gdm/repos/gnome-unstable-x86_64/
  gdm/repos/gnome-unstable-x86_64/0001-Xsession-Don-t-start-ssh-agent-by-default.patch
    (from rev 427043, gdm/trunk/0001-Xsession-Don-t-start-ssh-agent-by-default.patch)
  gdm/repos/gnome-unstable-x86_64/0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch
    (from rev 427043, gdm/trunk/0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch)
  gdm/repos/gnome-unstable-x86_64/PKGBUILD
    (from rev 427043, gdm/trunk/PKGBUILD)
  gdm/repos/gnome-unstable-x86_64/default.pa
    (from rev 427043, gdm/trunk/default.pa)
  gdm/repos/gnome-unstable-x86_64/gdm.install
    (from rev 427043, gdm/trunk/gdm.install)

-----------------------------------------------------------------+
 0001-Xsession-Don-t-start-ssh-agent-by-default.patch            |   28 ++
 0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch |   73 +++++++
 PKGBUILD                                                        |   99 ++++++++++
 default.pa                                                      |   10 +
 gdm.install                                                     |    7 
 5 files changed, 217 insertions(+)

Copied: gdm/repos/gnome-unstable-x86_64/0001-Xsession-Don-t-start-ssh-agent-by-default.patch (from rev 427043, gdm/trunk/0001-Xsession-Don-t-start-ssh-agent-by-default.patch)
===================================================================
--- gnome-unstable-x86_64/0001-Xsession-Don-t-start-ssh-agent-by-default.patch	                        (rev 0)
+++ gnome-unstable-x86_64/0001-Xsession-Don-t-start-ssh-agent-by-default.patch	2021-11-03 00:07:44 UTC (rev 427044)
@@ -0,0 +1,28 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens at gmail.com>
+Date: Sat, 20 Jun 2015 17:22:38 +0200
+Subject: [PATCH] Xsession: Don't start ssh-agent by default
+
+---
+ data/Xsession.in | 8 --------
+ 1 file changed, 8 deletions(-)
+
+diff --git a/data/Xsession.in b/data/Xsession.in
+index 2e4de4fe384f..29ebc30ea0c5 100755
+--- a/data/Xsession.in
++++ b/data/Xsession.in
+@@ -207,14 +207,6 @@ if [ "x$command" = "xdefault" ] ; then
+   fi
+ fi
+ 
+-# add ssh-agent if found
+-sshagent="`gdmwhich ssh-agent`"
+-if [ -n "$sshagent" ] && [ -x "$sshagent" ] && [ -z "$SSH_AUTH_SOCK" ]; then
+-    command="$sshagent -- $command"
+-elif [ -z "$sshagent" ] ; then
+-    echo "$0: ssh-agent not found!"
+-fi
+-
+ echo "$0: Setup done, will execute: $command"
+ 
+ eval exec $command

Copied: gdm/repos/gnome-unstable-x86_64/0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch (from rev 427043, gdm/trunk/0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch)
===================================================================
--- gnome-unstable-x86_64/0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch	                        (rev 0)
+++ gnome-unstable-x86_64/0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch	2021-11-03 00:07:44 UTC (rev 427044)
@@ -0,0 +1,73 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <heftig at archlinux.org>
+Date: Tue, 31 Aug 2021 21:51:46 +0000
+Subject: [PATCH] pam-arch: Drop pam_faillock counting from fingerprint and
+ smartcard
+
+As mentioned in an [fprintd issue comment][1], we need to make sure that
+the stack's error status is taken from the main auth module, i.e.
+pam_fprintd, otherwise GDM will not behave correctly.
+
+Still use pam_faillock preauth so that we test whether the account is
+locked, but don't use authfail/authsucc to log a failure/success so this
+stack doesn't participate in triggering the lock.
+
+Ideally we would check which return values we actually want to treat as
+a reason to lock the account (e.g. fingerprint mismatch) and which are
+neutral (e.g. no fingerprints enrolled), but that's much more effort.
+
+Should fix [FS#71750][2].
+
+[1]: https://gitlab.freedesktop.org/libfprint/fprintd/-/issues/112#note_1016191
+[2]: https://bugs.archlinux.org/task/71750
+---
+ data/pam-arch/gdm-fingerprint.pam | 10 ++--------
+ data/pam-arch/gdm-smartcard.pam   | 10 ++--------
+ 2 files changed, 4 insertions(+), 16 deletions(-)
+
+diff --git a/data/pam-arch/gdm-fingerprint.pam b/data/pam-arch/gdm-fingerprint.pam
+index cc660d9a90ba..2aaf9f6c88a0 100644
+--- a/data/pam-arch/gdm-fingerprint.pam
++++ b/data/pam-arch/gdm-fingerprint.pam
+@@ -2,16 +2,10 @@
+ 
+ auth       required                    pam_shells.so
+ auth       requisite                   pam_nologin.so
+-auth       required                    pam_faillock.so      preauth
+-# Optionally use requisite above if you do not want to prompt for the fingerprint
+-# on locked accounts.
+-auth       [success=1 default=ignore]  pam_fprintd.so
+-auth       [default=die]               pam_faillock.so      authfail
++auth       requisite                   pam_faillock.so      preauth
++auth       required                    pam_fprintd.so
+ auth       optional                    pam_permit.so
+ auth       required                    pam_env.so
+-auth       required                    pam_faillock.so      authsucc
+-# If you drop the above call to pam_faillock.so the lock will be done also
+-# on non-consecutive authentication failures.
+ auth       [success=ok default=1]      pam_gdm.so
+ auth       optional                    pam_gnome_keyring.so
+ 
+diff --git a/data/pam-arch/gdm-smartcard.pam b/data/pam-arch/gdm-smartcard.pam
+index e6ec129948a7..6d7333bf4204 100644
+--- a/data/pam-arch/gdm-smartcard.pam
++++ b/data/pam-arch/gdm-smartcard.pam
+@@ -2,16 +2,10 @@
+ 
+ auth       required                    pam_shells.so
+ auth       requisite                   pam_nologin.so
+-auth       required                    pam_faillock.so      preauth
+-# Optionally use requisite above if you do not want to prompt for the smartcard
+-# on locked accounts.
+-auth       [success=1 default=ignore]  pam_pkcs11.so        wait_for_card card_only
+-auth       [default=die]               pam_faillock.so      authfail
++auth       requisite                   pam_faillock.so      preauth
++auth       required                    pam_pkcs11.so        wait_for_card card_only
+ auth       optional                    pam_permit.so
+ auth       required                    pam_env.so
+-auth       required                    pam_faillock.so      authsucc
+-# If you drop the above call to pam_faillock.so the lock will be done also
+-# on non-consecutive authentication failures.
+ auth       [success=ok default=1]      pam_gdm.so
+ auth       optional                    pam_gnome_keyring.so
+ 

Copied: gdm/repos/gnome-unstable-x86_64/PKGBUILD (from rev 427043, gdm/trunk/PKGBUILD)
===================================================================
--- gnome-unstable-x86_64/PKGBUILD	                        (rev 0)
+++ gnome-unstable-x86_64/PKGBUILD	2021-11-03 00:07:44 UTC (rev 427044)
@@ -0,0 +1,99 @@
+# Maintainer: Jan Alexander Steffens (heftig) <heftig at archlinux.org>
+# Contributor: Jan de Groot <jgc at archlinux.org>
+
+pkgbase=gdm
+pkgname=(gdm libgdm)
+pkgver=41.0
+pkgrel=1
+pkgdesc="Display manager and login screen"
+url="https://wiki.gnome.org/Projects/GDM"
+arch=(x86_64)
+license=(GPL)
+depends=(gnome-shell gnome-session upower xorg-xrdb xorg-server xorg-xhost
+         libxdmcp systemd)
+makedepends=(yelp-tools gobject-introspection git docbook-xsl meson)
+checkdepends=(check)
+_commit=536491641156ba88beab2c881278b09e52df6813  # tags/41.0^0
+source=("git+https://gitlab.gnome.org/GNOME/gdm.git#commit=$_commit"
+        0001-Xsession-Don-t-start-ssh-agent-by-default.patch
+        0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch
+        default.pa)
+sha256sums=('SKIP'
+            '39a7e1189d423dd428ace9baac77ba0442c6706a861d3c3db9eb3a6643e223f8'
+            'e3dcaaa5ffa2dd4d3338c8b5827965ea2ca1efd9a95d7272a107e6121cb7898f'
+            'e88410bcec9e2c7a22a319be0b771d1f8d536863a7fc618b6352a09d61327dcb')
+
+pkgver() {
+  cd gdm
+  git describe --tags | sed 's/\.rc/rc/;s/-/+/g'
+}
+
+prepare() {
+  cd gdm
+
+  # https://bugs.archlinux.org/task/67485
+  git cherry-pick -n 8528a503ad70669a5f0c03d0a92ba19326983b82
+
+  # Don't start ssh-agent by default
+  git apply -3 ../0001-Xsession-Don-t-start-ssh-agent-by-default.patch
+
+  # https://bugs.archlinux.org/task/71750
+  git apply -3 ../0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch
+}
+
+build() {
+  arch-meson gdm build \
+    -D dbus-sys="/usr/share/dbus-1/system.d" \
+    -D default-pam-config=arch \
+    -D default-path="/usr/local/bin:/usr/local/sbin:/usr/bin" \
+    -D gdm-xsession=true \
+    -D ipv6=true \
+    -D plymouth=disabled \
+    -D run-dir=/run/gdm \
+    -D selinux=disabled
+  meson compile -C build
+}
+
+check() {
+  meson test -C build --print-errorlogs
+}
+
+package_gdm() {
+  depends+=(libgdm)
+  optdepends=('fprintd: fingerprint authentication')
+  backup=(etc/pam.d/gdm-autologin etc/pam.d/gdm-fingerprint etc/pam.d/gdm-launch-environment
+          etc/pam.d/gdm-password etc/pam.d/gdm-smartcard etc/gdm/custom.conf
+          etc/gdm/Xsession etc/gdm/PostSession/Default etc/gdm/PreSession/Default)
+  groups=(gnome)
+  install=gdm.install
+
+  meson install -C build --destdir "$pkgdir"
+
+  install -d "$pkgdir/var/lib"
+  install -d "$pkgdir/var/lib/gdm"                           -o120 -g120 -m1770
+  install -d "$pkgdir/var/lib/gdm/.config"                   -o120 -g120 -m700
+  install -d "$pkgdir/var/lib/gdm/.config/pulse"             -o120 -g120 -m700
+  install -d "$pkgdir/var/lib/gdm/.local"                    -o120 -g120 -m700
+  install -d "$pkgdir/var/lib/gdm/.local/share"              -o120 -g120
+  install -d "$pkgdir/var/lib/gdm/.local/share/applications" -o120 -g120
+
+  # https://src.fedoraproject.org/rpms/gdm/blob/master/f/default.pa-for-gdm
+  install -t "$pkgdir/var/lib/gdm/.config/pulse" -o120 -g120 -m644 default.pa
+
+  install -Dm644 /dev/stdin "$pkgdir/usr/lib/sysusers.d/gdm.conf" <<END
+g gdm 120 -
+u gdm 120 "Gnome Display Manager" /var/lib/gdm
+END
+
+### Split libgdm
+  mkdir -p libgdm/{lib,share}
+  mv -t libgdm       "$pkgdir"/usr/include
+  mv -t libgdm/lib   "$pkgdir"/usr/lib/{girepository-1.0,libgdm*,pkgconfig}
+  mv -t libgdm/share "$pkgdir"/usr/share/{gir-1.0,glib-2.0}
+}
+
+package_libgdm() {
+  pkgdesc="GDM support library"
+  depends=(systemd glib2 dconf)
+  mv libgdm "$pkgdir/usr"
+}

Copied: gdm/repos/gnome-unstable-x86_64/default.pa (from rev 427043, gdm/trunk/default.pa)
===================================================================
--- gnome-unstable-x86_64/default.pa	                        (rev 0)
+++ gnome-unstable-x86_64/default.pa	2021-11-03 00:07:44 UTC (rev 427044)
@@ -0,0 +1,10 @@
+load-module module-device-restore
+load-module module-card-restore
+load-module module-udev-detect
+load-module module-native-protocol-unix
+load-module module-default-device-restore
+load-module module-always-sink
+load-module module-intended-roles
+load-module module-suspend-on-idle
+load-module module-systemd-login
+load-module module-position-event-sounds

Copied: gdm/repos/gnome-unstable-x86_64/gdm.install (from rev 427043, gdm/trunk/gdm.install)
===================================================================
--- gnome-unstable-x86_64/gdm.install	                        (rev 0)
+++ gnome-unstable-x86_64/gdm.install	2021-11-03 00:07:44 UTC (rev 427044)
@@ -0,0 +1,7 @@
+post_upgrade() {
+  if (( $(vercmp $2 3.34.0-2) < 0 )); then
+    usermod --expiredate= gdm >/dev/null
+  fi
+}
+
+# vim:set ft=sh sw=2 et:



More information about the arch-commits mailing list