Date: Tuesday, August 31, 2021 @ 22:21:54 Author: heftig Revision: 422798
archrelease: copy trunk to extra-x86_64 Added: gdm/repos/extra-x86_64/0001-Xsession-Don-t-start-ssh-agent-by-default.patch (from rev 422797, gdm/trunk/0001-Xsession-Don-t-start-ssh-agent-by-default.patch) gdm/repos/extra-x86_64/0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch (from rev 422797, gdm/trunk/0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch) gdm/repos/extra-x86_64/PKGBUILD (from rev 422797, gdm/trunk/PKGBUILD) gdm/repos/extra-x86_64/default.pa (from rev 422797, gdm/trunk/default.pa) gdm/repos/extra-x86_64/gdm.install (from rev 422797, gdm/trunk/gdm.install) Deleted: gdm/repos/extra-x86_64/0001-Xsession-Don-t-start-ssh-agent-by-default.patch gdm/repos/extra-x86_64/PKGBUILD gdm/repos/extra-x86_64/default.pa gdm/repos/extra-x86_64/gdm.install -----------------------------------------------------------------+ 0001-Xsession-Don-t-start-ssh-agent-by-default.patch | 56 +- 0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch | 73 +++ PKGBUILD | 193 +++++----- default.pa | 20 - gdm.install | 14 5 files changed, 217 insertions(+), 139 deletions(-) Deleted: 0001-Xsession-Don-t-start-ssh-agent-by-default.patch =================================================================== --- 0001-Xsession-Don-t-start-ssh-agent-by-default.patch 2021-08-31 22:15:15 UTC (rev 422797) +++ 0001-Xsession-Don-t-start-ssh-agent-by-default.patch 2021-08-31 22:21:54 UTC (rev 422798) @@ -1,28 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: "Jan Alexander Steffens (heftig)" <jan.steff...@gmail.com> -Date: Sat, 20 Jun 2015 17:22:38 +0200 -Subject: [PATCH] Xsession: Don't start ssh-agent by default - ---- - data/Xsession.in | 8 -------- - 1 file changed, 8 deletions(-) - -diff --git a/data/Xsession.in b/data/Xsession.in -index 2e4de4fe..29ebc30e 100755 ---- a/data/Xsession.in -+++ b/data/Xsession.in -@@ -207,14 +207,6 @@ if [ "x$command" = "xdefault" ] ; then - fi - fi - --# add ssh-agent if found --sshagent="`gdmwhich ssh-agent`" --if [ -n "$sshagent" ] && [ -x "$sshagent" ] && [ -z "$SSH_AUTH_SOCK" ]; then -- command="$sshagent -- $command" --elif [ -z "$sshagent" ] ; then -- echo "$0: ssh-agent not found!" --fi -- - echo "$0: Setup done, will execute: $command" - - eval exec $command Copied: gdm/repos/extra-x86_64/0001-Xsession-Don-t-start-ssh-agent-by-default.patch (from rev 422797, gdm/trunk/0001-Xsession-Don-t-start-ssh-agent-by-default.patch) =================================================================== --- 0001-Xsession-Don-t-start-ssh-agent-by-default.patch (rev 0) +++ 0001-Xsession-Don-t-start-ssh-agent-by-default.patch 2021-08-31 22:21:54 UTC (rev 422798) @@ -0,0 +1,28 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" <jan.steff...@gmail.com> +Date: Sat, 20 Jun 2015 17:22:38 +0200 +Subject: [PATCH] Xsession: Don't start ssh-agent by default + +--- + data/Xsession.in | 8 -------- + 1 file changed, 8 deletions(-) + +diff --git a/data/Xsession.in b/data/Xsession.in +index 2e4de4fe..29ebc30e 100755 +--- a/data/Xsession.in ++++ b/data/Xsession.in +@@ -207,14 +207,6 @@ if [ "x$command" = "xdefault" ] ; then + fi + fi + +-# add ssh-agent if found +-sshagent="`gdmwhich ssh-agent`" +-if [ -n "$sshagent" ] && [ -x "$sshagent" ] && [ -z "$SSH_AUTH_SOCK" ]; then +- command="$sshagent -- $command" +-elif [ -z "$sshagent" ] ; then +- echo "$0: ssh-agent not found!" +-fi +- + echo "$0: Setup done, will execute: $command" + + eval exec $command Copied: gdm/repos/extra-x86_64/0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch (from rev 422797, gdm/trunk/0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch) =================================================================== --- 0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch (rev 0) +++ 0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch 2021-08-31 22:21:54 UTC (rev 422798) @@ -0,0 +1,73 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" <hef...@archlinux.org> +Date: Tue, 31 Aug 2021 21:51:46 +0000 +Subject: [PATCH] pam-arch: Drop pam_faillock counting from fingerprint and + smartcard + +As mentioned in an [fprintd issue comment][1], we need to make sure that +the stack's error status is taken from the main auth module, i.e. +pam_fprintd, otherwise GDM will not behave correctly. + +Still use pam_faillock preauth so that we test whether the account is +locked, but don't use authfail/authsucc to log a failure/success so this +stack doesn't participate in triggering the lock. + +Ideally we would check which return values we actually want to treat as +a reason to lock the account (e.g. fingerprint mismatch) and which are +neutral (e.g. no fingerprints enrolled), but that's much more effort. + +Should fix [FS#71750][2]. + +[1]: https://gitlab.freedesktop.org/libfprint/fprintd/-/issues/112#note_1016191 +[2]: https://bugs.archlinux.org/task/71750 +--- + data/pam-arch/gdm-fingerprint.pam | 10 ++-------- + data/pam-arch/gdm-smartcard.pam | 10 ++-------- + 2 files changed, 4 insertions(+), 16 deletions(-) + +diff --git a/data/pam-arch/gdm-fingerprint.pam b/data/pam-arch/gdm-fingerprint.pam +index cc660d9a..2aaf9f6c 100644 +--- a/data/pam-arch/gdm-fingerprint.pam ++++ b/data/pam-arch/gdm-fingerprint.pam +@@ -2,16 +2,10 @@ + + auth required pam_shells.so + auth requisite pam_nologin.so +-auth required pam_faillock.so preauth +-# Optionally use requisite above if you do not want to prompt for the fingerprint +-# on locked accounts. +-auth [success=1 default=ignore] pam_fprintd.so +-auth [default=die] pam_faillock.so authfail ++auth requisite pam_faillock.so preauth ++auth required pam_fprintd.so + auth optional pam_permit.so + auth required pam_env.so +-auth required pam_faillock.so authsucc +-# If you drop the above call to pam_faillock.so the lock will be done also +-# on non-consecutive authentication failures. + auth [success=ok default=1] pam_gdm.so + auth optional pam_gnome_keyring.so + +diff --git a/data/pam-arch/gdm-smartcard.pam b/data/pam-arch/gdm-smartcard.pam +index e6ec1299..6d7333bf 100644 +--- a/data/pam-arch/gdm-smartcard.pam ++++ b/data/pam-arch/gdm-smartcard.pam +@@ -2,16 +2,10 @@ + + auth required pam_shells.so + auth requisite pam_nologin.so +-auth required pam_faillock.so preauth +-# Optionally use requisite above if you do not want to prompt for the smartcard +-# on locked accounts. +-auth [success=1 default=ignore] pam_pkcs11.so wait_for_card card_only +-auth [default=die] pam_faillock.so authfail ++auth requisite pam_faillock.so preauth ++auth required pam_pkcs11.so wait_for_card card_only + auth optional pam_permit.so + auth required pam_env.so +-auth required pam_faillock.so authsucc +-# If you drop the above call to pam_faillock.so the lock will be done also +-# on non-consecutive authentication failures. + auth [success=ok default=1] pam_gdm.so + auth optional pam_gnome_keyring.so + Deleted: PKGBUILD =================================================================== --- PKGBUILD 2021-08-31 22:15:15 UTC (rev 422797) +++ PKGBUILD 2021-08-31 22:21:54 UTC (rev 422798) @@ -1,94 +0,0 @@ -# Maintainer: Jan Alexander Steffens (heftig) <hef...@archlinux.org> -# Contributor: Jan de Groot <j...@archlinux.org> - -pkgbase=gdm -pkgname=(gdm libgdm) -pkgver=40.1 -pkgrel=1 -pkgdesc="Display manager and login screen" -url="https://wiki.gnome.org/Projects/GDM" -arch=(x86_64) -license=(GPL) -depends=(gnome-shell gnome-session upower xorg-xrdb xorg-server xorg-xhost - libxdmcp systemd) -makedepends=(yelp-tools gobject-introspection git docbook-xsl meson) -checkdepends=(check) -_commit=7fafdbcac9b970492e9ea23df42111d90986f3f3 # tags/40.1^0 -source=("git+https://gitlab.gnome.org/GNOME/gdm.git#commit=$_commit" - 0001-Xsession-Don-t-start-ssh-agent-by-default.patch - default.pa) -sha256sums=('SKIP' - 'aa751223e8664f65fe2cae032dc93bb94338a41cfca4c6b66a0fca0c788c4313' - 'e88410bcec9e2c7a22a319be0b771d1f8d536863a7fc618b6352a09d61327dcb') - -pkgver() { - cd gdm - git describe --tags | sed 's/\.rc/rc/;s/-/+/g' -} - -prepare() { - cd gdm - - # https://bugs.archlinux.org/task/67485 - git cherry-pick -n 8528a503ad70669a5f0c03d0a92ba19326983b82 - - # Don't start ssh-agent by default - git apply -3 ../0001-Xsession-Don-t-start-ssh-agent-by-default.patch -} - -build() { - arch-meson gdm build \ - -D dbus-sys="/usr/share/dbus-1/system.d" \ - -D default-pam-config=arch \ - -D default-path="/usr/local/bin:/usr/local/sbin:/usr/bin" \ - -D gdm-xsession=true \ - -D ipv6=true \ - -D plymouth=disabled \ - -D run-dir=/run/gdm \ - -D selinux=disabled - meson compile -C build -} - -check() { - meson test -C build --print-errorlogs -} - -package_gdm() { - depends+=(libgdm) - optdepends=('fprintd: fingerprint authentication') - backup=(etc/pam.d/gdm-autologin etc/pam.d/gdm-fingerprint etc/pam.d/gdm-launch-environment - etc/pam.d/gdm-password etc/pam.d/gdm-smartcard etc/gdm/custom.conf - etc/gdm/Xsession etc/gdm/PostSession/Default etc/gdm/PreSession/Default) - groups=(gnome) - install=gdm.install - - meson install -C build --destdir "$pkgdir" - - install -d "$pkgdir/var/lib" - install -d "$pkgdir/var/lib/gdm" -o120 -g120 -m1770 - install -d "$pkgdir/var/lib/gdm/.config" -o120 -g120 -m700 - install -d "$pkgdir/var/lib/gdm/.config/pulse" -o120 -g120 -m700 - install -d "$pkgdir/var/lib/gdm/.local" -o120 -g120 -m700 - install -d "$pkgdir/var/lib/gdm/.local/share" -o120 -g120 - install -d "$pkgdir/var/lib/gdm/.local/share/applications" -o120 -g120 - - # https://src.fedoraproject.org/rpms/gdm/blob/master/f/default.pa-for-gdm - install -t "$pkgdir/var/lib/gdm/.config/pulse" -o120 -g120 -m644 default.pa - - install -Dm644 /dev/stdin "$pkgdir/usr/lib/sysusers.d/gdm.conf" <<END -g gdm 120 - -u gdm 120 "Gnome Display Manager" /var/lib/gdm -END - -### Split libgdm - mkdir -p libgdm/{lib,share} - mv -t libgdm "$pkgdir"/usr/include - mv -t libgdm/lib "$pkgdir"/usr/lib/{girepository-1.0,libgdm*,pkgconfig} - mv -t libgdm/share "$pkgdir"/usr/share/{gir-1.0,glib-2.0} -} - -package_libgdm() { - pkgdesc="GDM support library" - depends=(systemd glib2 dconf) - mv libgdm "$pkgdir/usr" -} Copied: gdm/repos/extra-x86_64/PKGBUILD (from rev 422797, gdm/trunk/PKGBUILD) =================================================================== --- PKGBUILD (rev 0) +++ PKGBUILD 2021-08-31 22:21:54 UTC (rev 422798) @@ -0,0 +1,99 @@ +# Maintainer: Jan Alexander Steffens (heftig) <hef...@archlinux.org> +# Contributor: Jan de Groot <j...@archlinux.org> + +pkgbase=gdm +pkgname=(gdm libgdm) +pkgver=40.1 +pkgrel=2 +pkgdesc="Display manager and login screen" +url="https://wiki.gnome.org/Projects/GDM" +arch=(x86_64) +license=(GPL) +depends=(gnome-shell gnome-session upower xorg-xrdb xorg-server xorg-xhost + libxdmcp systemd) +makedepends=(yelp-tools gobject-introspection git docbook-xsl meson) +checkdepends=(check) +_commit=7fafdbcac9b970492e9ea23df42111d90986f3f3 # tags/40.1^0 +source=("git+https://gitlab.gnome.org/GNOME/gdm.git#commit=$_commit" + 0001-Xsession-Don-t-start-ssh-agent-by-default.patch + 0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch + default.pa) +sha256sums=('SKIP' + 'aa751223e8664f65fe2cae032dc93bb94338a41cfca4c6b66a0fca0c788c4313' + 'a5dc583f37311164526569e54fe2d2c06fa27de9995848d7f374b4a554c4c8c0' + 'e88410bcec9e2c7a22a319be0b771d1f8d536863a7fc618b6352a09d61327dcb') + +pkgver() { + cd gdm + git describe --tags | sed 's/\.rc/rc/;s/-/+/g' +} + +prepare() { + cd gdm + + # https://bugs.archlinux.org/task/67485 + git cherry-pick -n 8528a503ad70669a5f0c03d0a92ba19326983b82 + + # Don't start ssh-agent by default + git apply -3 ../0001-Xsession-Don-t-start-ssh-agent-by-default.patch + + # https://bugs.archlinux.org/task/71750 + git apply -3 ../0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch +} + +build() { + arch-meson gdm build \ + -D dbus-sys="/usr/share/dbus-1/system.d" \ + -D default-pam-config=arch \ + -D default-path="/usr/local/bin:/usr/local/sbin:/usr/bin" \ + -D gdm-xsession=true \ + -D ipv6=true \ + -D plymouth=disabled \ + -D run-dir=/run/gdm \ + -D selinux=disabled + meson compile -C build +} + +check() { + meson test -C build --print-errorlogs +} + +package_gdm() { + depends+=(libgdm) + optdepends=('fprintd: fingerprint authentication') + backup=(etc/pam.d/gdm-autologin etc/pam.d/gdm-fingerprint etc/pam.d/gdm-launch-environment + etc/pam.d/gdm-password etc/pam.d/gdm-smartcard etc/gdm/custom.conf + etc/gdm/Xsession etc/gdm/PostSession/Default etc/gdm/PreSession/Default) + groups=(gnome) + install=gdm.install + + meson install -C build --destdir "$pkgdir" + + install -d "$pkgdir/var/lib" + install -d "$pkgdir/var/lib/gdm" -o120 -g120 -m1770 + install -d "$pkgdir/var/lib/gdm/.config" -o120 -g120 -m700 + install -d "$pkgdir/var/lib/gdm/.config/pulse" -o120 -g120 -m700 + install -d "$pkgdir/var/lib/gdm/.local" -o120 -g120 -m700 + install -d "$pkgdir/var/lib/gdm/.local/share" -o120 -g120 + install -d "$pkgdir/var/lib/gdm/.local/share/applications" -o120 -g120 + + # https://src.fedoraproject.org/rpms/gdm/blob/master/f/default.pa-for-gdm + install -t "$pkgdir/var/lib/gdm/.config/pulse" -o120 -g120 -m644 default.pa + + install -Dm644 /dev/stdin "$pkgdir/usr/lib/sysusers.d/gdm.conf" <<END +g gdm 120 - +u gdm 120 "Gnome Display Manager" /var/lib/gdm +END + +### Split libgdm + mkdir -p libgdm/{lib,share} + mv -t libgdm "$pkgdir"/usr/include + mv -t libgdm/lib "$pkgdir"/usr/lib/{girepository-1.0,libgdm*,pkgconfig} + mv -t libgdm/share "$pkgdir"/usr/share/{gir-1.0,glib-2.0} +} + +package_libgdm() { + pkgdesc="GDM support library" + depends=(systemd glib2 dconf) + mv libgdm "$pkgdir/usr" +} Deleted: default.pa =================================================================== --- default.pa 2021-08-31 22:15:15 UTC (rev 422797) +++ default.pa 2021-08-31 22:21:54 UTC (rev 422798) @@ -1,10 +0,0 @@ -load-module module-device-restore -load-module module-card-restore -load-module module-udev-detect -load-module module-native-protocol-unix -load-module module-default-device-restore -load-module module-always-sink -load-module module-intended-roles -load-module module-suspend-on-idle -load-module module-systemd-login -load-module module-position-event-sounds Copied: gdm/repos/extra-x86_64/default.pa (from rev 422797, gdm/trunk/default.pa) =================================================================== --- default.pa (rev 0) +++ default.pa 2021-08-31 22:21:54 UTC (rev 422798) @@ -0,0 +1,10 @@ +load-module module-device-restore +load-module module-card-restore +load-module module-udev-detect +load-module module-native-protocol-unix +load-module module-default-device-restore +load-module module-always-sink +load-module module-intended-roles +load-module module-suspend-on-idle +load-module module-systemd-login +load-module module-position-event-sounds Deleted: gdm.install =================================================================== --- gdm.install 2021-08-31 22:15:15 UTC (rev 422797) +++ gdm.install 2021-08-31 22:21:54 UTC (rev 422798) @@ -1,7 +0,0 @@ -post_upgrade() { - if (( $(vercmp $2 3.34.0-2) < 0 )); then - usermod --expiredate= gdm >/dev/null - fi -} - -# vim:set ft=sh sw=2 et: Copied: gdm/repos/extra-x86_64/gdm.install (from rev 422797, gdm/trunk/gdm.install) =================================================================== --- gdm.install (rev 0) +++ gdm.install 2021-08-31 22:21:54 UTC (rev 422798) @@ -0,0 +1,7 @@ +post_upgrade() { + if (( $(vercmp $2 3.34.0-2) < 0 )); then + usermod --expiredate= gdm >/dev/null + fi +} + +# vim:set ft=sh sw=2 et: