[arch-commits] Commit in gdm/repos (6 files)
Jan Steffens
heftig at gemini.archlinux.org
Wed Nov 3 00:07:44 UTC 2021
Date: Wednesday, November 3, 2021 @ 00:07:44
Author: heftig
Revision: 427044
archrelease: copy trunk to gnome-unstable-x86_64
Added:
gdm/repos/gnome-unstable-x86_64/
gdm/repos/gnome-unstable-x86_64/0001-Xsession-Don-t-start-ssh-agent-by-default.patch
(from rev 427043, gdm/trunk/0001-Xsession-Don-t-start-ssh-agent-by-default.patch)
gdm/repos/gnome-unstable-x86_64/0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch
(from rev 427043, gdm/trunk/0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch)
gdm/repos/gnome-unstable-x86_64/PKGBUILD
(from rev 427043, gdm/trunk/PKGBUILD)
gdm/repos/gnome-unstable-x86_64/default.pa
(from rev 427043, gdm/trunk/default.pa)
gdm/repos/gnome-unstable-x86_64/gdm.install
(from rev 427043, gdm/trunk/gdm.install)
-----------------------------------------------------------------+
0001-Xsession-Don-t-start-ssh-agent-by-default.patch | 28 ++
0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch | 73 +++++++
PKGBUILD | 99 ++++++++++
default.pa | 10 +
gdm.install | 7
5 files changed, 217 insertions(+)
Copied: gdm/repos/gnome-unstable-x86_64/0001-Xsession-Don-t-start-ssh-agent-by-default.patch (from rev 427043, gdm/trunk/0001-Xsession-Don-t-start-ssh-agent-by-default.patch)
===================================================================
--- gnome-unstable-x86_64/0001-Xsession-Don-t-start-ssh-agent-by-default.patch (rev 0)
+++ gnome-unstable-x86_64/0001-Xsession-Don-t-start-ssh-agent-by-default.patch 2021-11-03 00:07:44 UTC (rev 427044)
@@ -0,0 +1,28 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens at gmail.com>
+Date: Sat, 20 Jun 2015 17:22:38 +0200
+Subject: [PATCH] Xsession: Don't start ssh-agent by default
+
+---
+ data/Xsession.in | 8 --------
+ 1 file changed, 8 deletions(-)
+
+diff --git a/data/Xsession.in b/data/Xsession.in
+index 2e4de4fe384f..29ebc30ea0c5 100755
+--- a/data/Xsession.in
++++ b/data/Xsession.in
+@@ -207,14 +207,6 @@ if [ "x$command" = "xdefault" ] ; then
+ fi
+ fi
+
+-# add ssh-agent if found
+-sshagent="`gdmwhich ssh-agent`"
+-if [ -n "$sshagent" ] && [ -x "$sshagent" ] && [ -z "$SSH_AUTH_SOCK" ]; then
+- command="$sshagent -- $command"
+-elif [ -z "$sshagent" ] ; then
+- echo "$0: ssh-agent not found!"
+-fi
+-
+ echo "$0: Setup done, will execute: $command"
+
+ eval exec $command
Copied: gdm/repos/gnome-unstable-x86_64/0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch (from rev 427043, gdm/trunk/0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch)
===================================================================
--- gnome-unstable-x86_64/0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch (rev 0)
+++ gnome-unstable-x86_64/0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch 2021-11-03 00:07:44 UTC (rev 427044)
@@ -0,0 +1,73 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <heftig at archlinux.org>
+Date: Tue, 31 Aug 2021 21:51:46 +0000
+Subject: [PATCH] pam-arch: Drop pam_faillock counting from fingerprint and
+ smartcard
+
+As mentioned in an [fprintd issue comment][1], we need to make sure that
+the stack's error status is taken from the main auth module, i.e.
+pam_fprintd, otherwise GDM will not behave correctly.
+
+Still use pam_faillock preauth so that we test whether the account is
+locked, but don't use authfail/authsucc to log a failure/success so this
+stack doesn't participate in triggering the lock.
+
+Ideally we would check which return values we actually want to treat as
+a reason to lock the account (e.g. fingerprint mismatch) and which are
+neutral (e.g. no fingerprints enrolled), but that's much more effort.
+
+Should fix [FS#71750][2].
+
+[1]: https://gitlab.freedesktop.org/libfprint/fprintd/-/issues/112#note_1016191
+[2]: https://bugs.archlinux.org/task/71750
+---
+ data/pam-arch/gdm-fingerprint.pam | 10 ++--------
+ data/pam-arch/gdm-smartcard.pam | 10 ++--------
+ 2 files changed, 4 insertions(+), 16 deletions(-)
+
+diff --git a/data/pam-arch/gdm-fingerprint.pam b/data/pam-arch/gdm-fingerprint.pam
+index cc660d9a90ba..2aaf9f6c88a0 100644
+--- a/data/pam-arch/gdm-fingerprint.pam
++++ b/data/pam-arch/gdm-fingerprint.pam
+@@ -2,16 +2,10 @@
+
+ auth required pam_shells.so
+ auth requisite pam_nologin.so
+-auth required pam_faillock.so preauth
+-# Optionally use requisite above if you do not want to prompt for the fingerprint
+-# on locked accounts.
+-auth [success=1 default=ignore] pam_fprintd.so
+-auth [default=die] pam_faillock.so authfail
++auth requisite pam_faillock.so preauth
++auth required pam_fprintd.so
+ auth optional pam_permit.so
+ auth required pam_env.so
+-auth required pam_faillock.so authsucc
+-# If you drop the above call to pam_faillock.so the lock will be done also
+-# on non-consecutive authentication failures.
+ auth [success=ok default=1] pam_gdm.so
+ auth optional pam_gnome_keyring.so
+
+diff --git a/data/pam-arch/gdm-smartcard.pam b/data/pam-arch/gdm-smartcard.pam
+index e6ec129948a7..6d7333bf4204 100644
+--- a/data/pam-arch/gdm-smartcard.pam
++++ b/data/pam-arch/gdm-smartcard.pam
+@@ -2,16 +2,10 @@
+
+ auth required pam_shells.so
+ auth requisite pam_nologin.so
+-auth required pam_faillock.so preauth
+-# Optionally use requisite above if you do not want to prompt for the smartcard
+-# on locked accounts.
+-auth [success=1 default=ignore] pam_pkcs11.so wait_for_card card_only
+-auth [default=die] pam_faillock.so authfail
++auth requisite pam_faillock.so preauth
++auth required pam_pkcs11.so wait_for_card card_only
+ auth optional pam_permit.so
+ auth required pam_env.so
+-auth required pam_faillock.so authsucc
+-# If you drop the above call to pam_faillock.so the lock will be done also
+-# on non-consecutive authentication failures.
+ auth [success=ok default=1] pam_gdm.so
+ auth optional pam_gnome_keyring.so
+
Copied: gdm/repos/gnome-unstable-x86_64/PKGBUILD (from rev 427043, gdm/trunk/PKGBUILD)
===================================================================
--- gnome-unstable-x86_64/PKGBUILD (rev 0)
+++ gnome-unstable-x86_64/PKGBUILD 2021-11-03 00:07:44 UTC (rev 427044)
@@ -0,0 +1,99 @@
+# Maintainer: Jan Alexander Steffens (heftig) <heftig at archlinux.org>
+# Contributor: Jan de Groot <jgc at archlinux.org>
+
+pkgbase=gdm
+pkgname=(gdm libgdm)
+pkgver=41.0
+pkgrel=1
+pkgdesc="Display manager and login screen"
+url="https://wiki.gnome.org/Projects/GDM"
+arch=(x86_64)
+license=(GPL)
+depends=(gnome-shell gnome-session upower xorg-xrdb xorg-server xorg-xhost
+ libxdmcp systemd)
+makedepends=(yelp-tools gobject-introspection git docbook-xsl meson)
+checkdepends=(check)
+_commit=536491641156ba88beab2c881278b09e52df6813 # tags/41.0^0
+source=("git+https://gitlab.gnome.org/GNOME/gdm.git#commit=$_commit"
+ 0001-Xsession-Don-t-start-ssh-agent-by-default.patch
+ 0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch
+ default.pa)
+sha256sums=('SKIP'
+ '39a7e1189d423dd428ace9baac77ba0442c6706a861d3c3db9eb3a6643e223f8'
+ 'e3dcaaa5ffa2dd4d3338c8b5827965ea2ca1efd9a95d7272a107e6121cb7898f'
+ 'e88410bcec9e2c7a22a319be0b771d1f8d536863a7fc618b6352a09d61327dcb')
+
+pkgver() {
+ cd gdm
+ git describe --tags | sed 's/\.rc/rc/;s/-/+/g'
+}
+
+prepare() {
+ cd gdm
+
+ # https://bugs.archlinux.org/task/67485
+ git cherry-pick -n 8528a503ad70669a5f0c03d0a92ba19326983b82
+
+ # Don't start ssh-agent by default
+ git apply -3 ../0001-Xsession-Don-t-start-ssh-agent-by-default.patch
+
+ # https://bugs.archlinux.org/task/71750
+ git apply -3 ../0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch
+}
+
+build() {
+ arch-meson gdm build \
+ -D dbus-sys="/usr/share/dbus-1/system.d" \
+ -D default-pam-config=arch \
+ -D default-path="/usr/local/bin:/usr/local/sbin:/usr/bin" \
+ -D gdm-xsession=true \
+ -D ipv6=true \
+ -D plymouth=disabled \
+ -D run-dir=/run/gdm \
+ -D selinux=disabled
+ meson compile -C build
+}
+
+check() {
+ meson test -C build --print-errorlogs
+}
+
+package_gdm() {
+ depends+=(libgdm)
+ optdepends=('fprintd: fingerprint authentication')
+ backup=(etc/pam.d/gdm-autologin etc/pam.d/gdm-fingerprint etc/pam.d/gdm-launch-environment
+ etc/pam.d/gdm-password etc/pam.d/gdm-smartcard etc/gdm/custom.conf
+ etc/gdm/Xsession etc/gdm/PostSession/Default etc/gdm/PreSession/Default)
+ groups=(gnome)
+ install=gdm.install
+
+ meson install -C build --destdir "$pkgdir"
+
+ install -d "$pkgdir/var/lib"
+ install -d "$pkgdir/var/lib/gdm" -o120 -g120 -m1770
+ install -d "$pkgdir/var/lib/gdm/.config" -o120 -g120 -m700
+ install -d "$pkgdir/var/lib/gdm/.config/pulse" -o120 -g120 -m700
+ install -d "$pkgdir/var/lib/gdm/.local" -o120 -g120 -m700
+ install -d "$pkgdir/var/lib/gdm/.local/share" -o120 -g120
+ install -d "$pkgdir/var/lib/gdm/.local/share/applications" -o120 -g120
+
+ # https://src.fedoraproject.org/rpms/gdm/blob/master/f/default.pa-for-gdm
+ install -t "$pkgdir/var/lib/gdm/.config/pulse" -o120 -g120 -m644 default.pa
+
+ install -Dm644 /dev/stdin "$pkgdir/usr/lib/sysusers.d/gdm.conf" <<END
+g gdm 120 -
+u gdm 120 "Gnome Display Manager" /var/lib/gdm
+END
+
+### Split libgdm
+ mkdir -p libgdm/{lib,share}
+ mv -t libgdm "$pkgdir"/usr/include
+ mv -t libgdm/lib "$pkgdir"/usr/lib/{girepository-1.0,libgdm*,pkgconfig}
+ mv -t libgdm/share "$pkgdir"/usr/share/{gir-1.0,glib-2.0}
+}
+
+package_libgdm() {
+ pkgdesc="GDM support library"
+ depends=(systemd glib2 dconf)
+ mv libgdm "$pkgdir/usr"
+}
Copied: gdm/repos/gnome-unstable-x86_64/default.pa (from rev 427043, gdm/trunk/default.pa)
===================================================================
--- gnome-unstable-x86_64/default.pa (rev 0)
+++ gnome-unstable-x86_64/default.pa 2021-11-03 00:07:44 UTC (rev 427044)
@@ -0,0 +1,10 @@
+load-module module-device-restore
+load-module module-card-restore
+load-module module-udev-detect
+load-module module-native-protocol-unix
+load-module module-default-device-restore
+load-module module-always-sink
+load-module module-intended-roles
+load-module module-suspend-on-idle
+load-module module-systemd-login
+load-module module-position-event-sounds
Copied: gdm/repos/gnome-unstable-x86_64/gdm.install (from rev 427043, gdm/trunk/gdm.install)
===================================================================
--- gnome-unstable-x86_64/gdm.install (rev 0)
+++ gnome-unstable-x86_64/gdm.install 2021-11-03 00:07:44 UTC (rev 427044)
@@ -0,0 +1,7 @@
+post_upgrade() {
+ if (( $(vercmp $2 3.34.0-2) < 0 )); then
+ usermod --expiredate= gdm >/dev/null
+ fi
+}
+
+# vim:set ft=sh sw=2 et:
More information about the arch-commits
mailing list