Date: Friday, July 23, 2021 @ 17:55:19 Author: heftig Revision: 420336
40.1-1 Added: gdm/trunk/0001-Xsession-Don-t-start-ssh-agent-by-default.patch (from rev 411262, gdm/trunk/0002-Xsession-Don-t-start-ssh-agent-by-default.patch) Modified: gdm/trunk/PKGBUILD Deleted: gdm/trunk/0001-pam-arch-Update-to-match-pambase-20200721.1-2.patch gdm/trunk/0002-Xsession-Don-t-start-ssh-agent-by-default.patch ----------------------------------------------------------+ 0001-Xsession-Don-t-start-ssh-agent-by-default.patch | 28 + 0001-pam-arch-Update-to-match-pambase-20200721.1-2.patch | 216 ------------- 0002-Xsession-Don-t-start-ssh-agent-by-default.patch | 28 - PKGBUILD | 14 4 files changed, 34 insertions(+), 252 deletions(-) Copied: gdm/trunk/0001-Xsession-Don-t-start-ssh-agent-by-default.patch (from rev 411262, gdm/trunk/0002-Xsession-Don-t-start-ssh-agent-by-default.patch) =================================================================== --- 0001-Xsession-Don-t-start-ssh-agent-by-default.patch (rev 0) +++ 0001-Xsession-Don-t-start-ssh-agent-by-default.patch 2021-07-23 17:55:19 UTC (rev 420336) @@ -0,0 +1,28 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" <jan.steff...@gmail.com> +Date: Sat, 20 Jun 2015 17:22:38 +0200 +Subject: [PATCH] Xsession: Don't start ssh-agent by default + +--- + data/Xsession.in | 8 -------- + 1 file changed, 8 deletions(-) + +diff --git a/data/Xsession.in b/data/Xsession.in +index 2e4de4fe..29ebc30e 100755 +--- a/data/Xsession.in ++++ b/data/Xsession.in +@@ -207,14 +207,6 @@ if [ "x$command" = "xdefault" ] ; then + fi + fi + +-# add ssh-agent if found +-sshagent="`gdmwhich ssh-agent`" +-if [ -n "$sshagent" ] && [ -x "$sshagent" ] && [ -z "$SSH_AUTH_SOCK" ]; then +- command="$sshagent -- $command" +-elif [ -z "$sshagent" ] ; then +- echo "$0: ssh-agent not found!" +-fi +- + echo "$0: Setup done, will execute: $command" + + eval exec $command Deleted: 0001-pam-arch-Update-to-match-pambase-20200721.1-2.patch =================================================================== --- 0001-pam-arch-Update-to-match-pambase-20200721.1-2.patch 2021-07-23 17:55:08 UTC (rev 420335) +++ 0001-pam-arch-Update-to-match-pambase-20200721.1-2.patch 2021-07-23 17:55:19 UTC (rev 420336) @@ -1,216 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: "Jan Alexander Steffens (heftig)" <hef...@archlinux.org> -Date: Tue, 27 Oct 2020 18:59:14 +0000 -Subject: [PATCH] pam-arch: Update to match pambase 20200721.1-2 - -Update the PAM files for Arch Linux. This has been applied downstream -since Aug 2020. - -https://bugs.archlinux.org/task/67485 ---- - data/meson.build | 1 - - data/pam-arch/gdm-autologin.pam | 22 +++++++++-------- - data/pam-arch/gdm-fingerprint.pam | 31 +++++++++++++++--------- - data/pam-arch/gdm-launch-environment.pam | 24 ++++++++++-------- - data/pam-arch/gdm-password.pam | 17 +++++++------ - data/pam-arch/gdm-pin.pam | 13 ---------- - data/pam-arch/gdm-smartcard.pam | 31 +++++++++++++++--------- - 7 files changed, 75 insertions(+), 64 deletions(-) - delete mode 100644 data/pam-arch/gdm-pin.pam - -diff --git a/data/meson.build b/data/meson.build -index 23e2d7f9..7c5222ea 100644 ---- a/data/meson.build -+++ b/data/meson.build -@@ -134,7 +134,6 @@ pam_data_files_map = { - 'gdm-fingerprint', - 'gdm-smartcard', - 'gdm-password', -- 'gdm-pin', - ], - 'none': [], - # We should no longer have 'autodetect' at this point -diff --git a/data/pam-arch/gdm-autologin.pam b/data/pam-arch/gdm-autologin.pam -index 99b14209..30bdf529 100644 ---- a/data/pam-arch/gdm-autologin.pam -+++ b/data/pam-arch/gdm-autologin.pam -@@ -1,13 +1,15 @@ --auth requisite pam_nologin.so --auth required pam_env.so --auth optional pam_gdm.so --auth optional pam_gnome_keyring.so --auth optional pam_permit.so -+#%PAM-1.0 - --account include system-local-login -+auth required pam_shells.so -+auth requisite pam_nologin.so -+auth optional pam_permit.so -+auth required pam_env.so -+auth [success=ok default=1] pam_gdm.so -+auth optional pam_gnome_keyring.so - --password include system-local-login -+account include system-local-login - --session optional pam_keyinit.so force revoke --session include system-local-login --session optional pam_gnome_keyring.so auto_start -+password required pam_deny.so -+ -+session include system-local-login -+session optional pam_gnome_keyring.so auto_start -diff --git a/data/pam-arch/gdm-fingerprint.pam b/data/pam-arch/gdm-fingerprint.pam -index a4808617..cc660d9a 100644 ---- a/data/pam-arch/gdm-fingerprint.pam -+++ b/data/pam-arch/gdm-fingerprint.pam -@@ -1,14 +1,23 @@ --auth required pam_tally.so onerr=succeed file=/var/log/faillog --auth required pam_shells.so --auth requisite pam_nologin.so --auth required pam_env.so --auth required pam_fprintd.so --auth optional pam_permit.so -+#%PAM-1.0 - --account include system-local-login -+auth required pam_shells.so -+auth requisite pam_nologin.so -+auth required pam_faillock.so preauth -+# Optionally use requisite above if you do not want to prompt for the fingerprint -+# on locked accounts. -+auth [success=1 default=ignore] pam_fprintd.so -+auth [default=die] pam_faillock.so authfail -+auth optional pam_permit.so -+auth required pam_env.so -+auth required pam_faillock.so authsucc -+# If you drop the above call to pam_faillock.so the lock will be done also -+# on non-consecutive authentication failures. -+auth [success=ok default=1] pam_gdm.so -+auth optional pam_gnome_keyring.so - --password required pam_fprintd.so --password optional pam_permit.so -+account include system-local-login - --session optional pam_keyinit.so force revoke --session include system-local-login -+password required pam_deny.so -+ -+session include system-local-login -+session optional pam_gnome_keyring.so auto_start -diff --git a/data/pam-arch/gdm-launch-environment.pam b/data/pam-arch/gdm-launch-environment.pam -index d59c9cb9..20d1810a 100644 ---- a/data/pam-arch/gdm-launch-environment.pam -+++ b/data/pam-arch/gdm-launch-environment.pam -@@ -1,13 +1,17 @@ --auth required pam_env.so --auth required pam_succeed_if.so audit quiet_success user = gdm --auth optional pam_permit.so -+#%PAM-1.0 - --account required pam_succeed_if.so audit quiet_success user = gdm --account optional pam_permit.so -+auth required pam_succeed_if.so audit quiet_success user in gdm:gnome-initial-setup -+auth optional pam_permit.so -+auth required pam_env.so - --password required pam_deny.so -+account required pam_succeed_if.so audit quiet_success user in gdm:gnome-initial-setup -+account optional pam_permit.so - --session optional pam_keyinit.so force revoke --session required pam_succeed_if.so audit quiet_success user = gdm --session required pam_systemd.so --session optional pam_permit.so -+password required pam_deny.so -+ -+session optional pam_loginuid.so -+session optional pam_keyinit.so force revoke -+session required pam_succeed_if.so audit quiet_success user in gdm:gnome-initial-setup -+session optional pam_permit.so -+-session optional pam_systemd.so -+session required pam_env.so user_readenv=1 -diff --git a/data/pam-arch/gdm-password.pam b/data/pam-arch/gdm-password.pam -index 8d34794e..137242a6 100644 ---- a/data/pam-arch/gdm-password.pam -+++ b/data/pam-arch/gdm-password.pam -@@ -1,11 +1,12 @@ --auth include system-local-login --auth optional pam_gnome_keyring.so -+#%PAM-1.0 - --account include system-local-login -+auth include system-local-login -+auth optional pam_gnome_keyring.so - --password include system-local-login --password optional pam_gnome_keyring.so use_authtok -+account include system-local-login - --session optional pam_keyinit.so force revoke --session include system-local-login --session optional pam_gnome_keyring.so auto_start -+password include system-local-login -+password optional pam_gnome_keyring.so use_authtok -+ -+session include system-local-login -+session optional pam_gnome_keyring.so auto_start -diff --git a/data/pam-arch/gdm-pin.pam b/data/pam-arch/gdm-pin.pam -deleted file mode 100644 -index 135e205e..00000000 ---- a/data/pam-arch/gdm-pin.pam -+++ /dev/null -@@ -1,13 +0,0 @@ --auth requisite pam_pin.so --auth include system-local-login --auth optional pam_gnome_keyring.so -- --account include system-local-login -- --password include system-local-login --password optional pam_pin.so --password optional pam_gnome_keyring.so use_authtok -- --session optional pam_keyinit.so force revoke --session include system-local-login --session optional pam_gnome_keyring.so auto_start -diff --git a/data/pam-arch/gdm-smartcard.pam b/data/pam-arch/gdm-smartcard.pam -index ec6f75d5..e6ec1299 100644 ---- a/data/pam-arch/gdm-smartcard.pam -+++ b/data/pam-arch/gdm-smartcard.pam -@@ -1,14 +1,23 @@ --auth required pam_tally.so onerr=succeed file=/var/log/faillog --auth required pam_shells.so --auth requisite pam_nologin.so --auth required pam_env.so --auth required pam_pkcs11.so wait_for_card card_only --auth optional pam_permit.so -+#%PAM-1.0 - --account include system-local-login -+auth required pam_shells.so -+auth requisite pam_nologin.so -+auth required pam_faillock.so preauth -+# Optionally use requisite above if you do not want to prompt for the smartcard -+# on locked accounts. -+auth [success=1 default=ignore] pam_pkcs11.so wait_for_card card_only -+auth [default=die] pam_faillock.so authfail -+auth optional pam_permit.so -+auth required pam_env.so -+auth required pam_faillock.so authsucc -+# If you drop the above call to pam_faillock.so the lock will be done also -+# on non-consecutive authentication failures. -+auth [success=ok default=1] pam_gdm.so -+auth optional pam_gnome_keyring.so - --password required pam_pkcs11.so --password optional pam_permit.so -+account include system-local-login - --session optional pam_keyinit.so force revoke --session include system-local-login -+password required pam_deny.so -+ -+session include system-local-login -+session optional pam_gnome_keyring.so auto_start Deleted: 0002-Xsession-Don-t-start-ssh-agent-by-default.patch =================================================================== --- 0002-Xsession-Don-t-start-ssh-agent-by-default.patch 2021-07-23 17:55:08 UTC (rev 420335) +++ 0002-Xsession-Don-t-start-ssh-agent-by-default.patch 2021-07-23 17:55:19 UTC (rev 420336) @@ -1,28 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: "Jan Alexander Steffens (heftig)" <jan.steff...@gmail.com> -Date: Sat, 20 Jun 2015 17:22:38 +0200 -Subject: [PATCH] Xsession: Don't start ssh-agent by default - ---- - data/Xsession.in | 8 -------- - 1 file changed, 8 deletions(-) - -diff --git a/data/Xsession.in b/data/Xsession.in -index 2e4de4fe..29ebc30e 100755 ---- a/data/Xsession.in -+++ b/data/Xsession.in -@@ -207,14 +207,6 @@ if [ "x$command" = "xdefault" ] ; then - fi - fi - --# add ssh-agent if found --sshagent="`gdmwhich ssh-agent`" --if [ -n "$sshagent" ] && [ -x "$sshagent" ] && [ -z "$SSH_AUTH_SOCK" ]; then -- command="$sshagent -- $command" --elif [ -z "$sshagent" ] ; then -- echo "$0: ssh-agent not found!" --fi -- - echo "$0: Setup done, will execute: $command" - - eval exec $command Modified: PKGBUILD =================================================================== --- PKGBUILD 2021-07-23 17:55:08 UTC (rev 420335) +++ PKGBUILD 2021-07-23 17:55:19 UTC (rev 420336) @@ -3,7 +3,7 @@ pkgbase=gdm pkgname=(gdm libgdm) -pkgver=40.0 +pkgver=40.1 pkgrel=1 pkgdesc="Display manager and login screen" url="https://wiki.gnome.org/Projects/GDM" @@ -13,13 +13,11 @@ libxdmcp systemd) makedepends=(yelp-tools gobject-introspection git docbook-xsl meson) checkdepends=(check) -_commit=3246bf1af8589899621649df523e6840e4858cda # tags/40.0^0 +_commit=7fafdbcac9b970492e9ea23df42111d90986f3f3 # tags/40.1^0 source=("git+https://gitlab.gnome.org/GNOME/gdm.git#commit=$_commit" - 0001-pam-arch-Update-to-match-pambase-20200721.1-2.patch - 0002-Xsession-Don-t-start-ssh-agent-by-default.patch + 0001-Xsession-Don-t-start-ssh-agent-by-default.patch default.pa) sha256sums=('SKIP' - 'f32555703d4f3b6babbe49ddd2c82295238623050b63826c95a959d5caec37f8' 'aa751223e8664f65fe2cae032dc93bb94338a41cfca4c6b66a0fca0c788c4313' 'e88410bcec9e2c7a22a319be0b771d1f8d536863a7fc618b6352a09d61327dcb') @@ -32,10 +30,10 @@ cd gdm # https://bugs.archlinux.org/task/67485 - git apply -3 ../0001-pam-arch-Update-to-match-pambase-20200721.1-2.patch + git cherry-pick -n 8528a503ad70669a5f0c03d0a92ba19326983b82 # Don't start ssh-agent by default - git apply -3 ../0002-Xsession-Don-t-start-ssh-agent-by-default.patch + git apply -3 ../0001-Xsession-Don-t-start-ssh-agent-by-default.patch } build() { @@ -75,7 +73,7 @@ install -d "$pkgdir/var/lib/gdm/.local/share/applications" -o120 -g120 # https://src.fedoraproject.org/rpms/gdm/blob/master/f/default.pa-for-gdm - install -Dt "$pkgdir/var/lib/gdm/.config/pulse" -o120 -g120 -m644 default.pa + install -t "$pkgdir/var/lib/gdm/.config/pulse" -o120 -g120 -m644 default.pa install -Dm644 /dev/stdin "$pkgdir/usr/lib/sysusers.d/gdm.conf" <<END g gdm 120 -