On Sun, 11 Oct 2015 at 15:48:10 -0700, Josh Triplett wrote:
> I just encountered this problem again, and in addition to the repeated
> authentication failure messages, I also saw a message on the lock screen
> matching this one I later found in logs:
>
> gnome-session[551]: (gnome-shell:956): Gjs-WARNING **: JS ERROR: Failed to
> start verification for user: Gio.DBusError:
> GDBus.Error:org.freedesktop.DBus.Error.InvalidArgs:
> GDBus.Error:org.freedesktop.DBus.Error.InvalidArgs: Type of message,
> '(sssssssb)', does not match expected type '(sssssssbb)'
This is really a gdm3 issue, which is why I've reassigned it there.
gnome-shell uses libgdm to communicate with a process called
gdm-session-worker, so that the actual authentication (PAM) can happen in
a privileged process. Unfortunately, the old gnome-shell will be using
jessie's libgdm, which expects a D-Bus API from jessie; and the
gdm-session-worker is started on-demand, so you got one that is using
stretch's libgdm, which expects a D-Bus API from stretch (with an extra
parameter).
It's possible to hack around this in stretch's gdm (patch attached),
but the best workaround I can see is still horrible, and so far I
haven't actually got unlocking to work again. With that
incompatibility out of the way, there's another one:
Jan 25 12:28:31 host gdm-session-worker.really[11355]:
pam_unix(gdm-password:auth): conversation failed
Jan 25 12:28:31 host gdm-session-worker.really[11355]:
pam_unix(gdm-password:auth): auth could not identify password for [user]
(gdm-session-worker.really is the real gdm-session-worker - I've used
dpkg-divert to inject more logging on my test system).
Possibly related, or perhaps just a side-effect of failing authentication:
Jan 25 12:28:14 host gnome-session[5143]: (gnome-shell:5342): Gjs-WARNING
**: JS
ERROR: Exception in callback for signal: next: Error: can't convert
this._frame
to an integer
Jan 25 12:28:14 host gnome-session[5143]:
Animation<._showFrame@resource:///org/
gnome/shell/ui/animation.js:59
Jan 25 12:28:14 host gnome-session[5143]:
wrapper@resource:///org/gnome/gjs/modules/lang.js:169
Jan 25 12:28:14 host gnome-session[5143]:
Animation<.play@resource:///org/gnome/shell/ui/animation.js:34
Jan 25 12:28:14 host gnome-session[5143]:
wrapper@resource:///org/gnome/gjs/modules/lang.js:169
Jan 25 12:28:14 host gnome-session[5143]:
AuthPrompt<.setActorInDefaultButtonWell@resource:///org/gnome/shell/gdm/authPrompt.js:313
Jan 25 12:28:14 host gnome-session[5143]:
wrapper@resource:///org/gnome/gjs/modules/lang.js:169
Jan 25 12:28:14 host gnome-session[5143]:
AuthPrompt<.startSpinning@resource:///org/gnome/shell/gdm/authPrompt.js:329
Jan 25 12:28:14 host gnome-session[5143]:
wrapper@resource:///org/gnome/gjs/modules/lang.js:169
Jan 25 12:28:14 host gnome-session[5143]:
AuthPrompt<._init/<@resource:///org/gnome/shell/gdm/authPrompt.js:67
Jan 25 12:28:14 host gnome-session[5143]:
_emit@resource:///org/gnome/gjs/modules/signals.js:124
Jan 25 12:28:14 host gnome-session[5143]:
AuthPrompt<._initButtons/<@resource:///org/gnome/shell/gdm/authPrompt.js:191
I broadly agree with upstream on this issue: the more distribution
development I do, the less faith I have in our ability to support
in-place major upgrades, which change relatively fundamental things while
the OS is still fully active. We already don't actually restart gdm,
because that would terminate all user X/Wayland sessions, or dbus, because
that would terminate all D-Bus connections.
We can get away with in-place upgrades for stable updates, because they
already don't change very much, but for stable -> next-stable or for
testing/unstable, it's very easy to create a situation that can't work.
unattended-upgrades has an InstallOnShutdown mode, which is what SteamOS
uses (with some patches that I wrote a couple of years ago to improve it,
<https://bugs.debian.org/741356>). systemd has systemd.offline-updates(7),
which PackageKit and GNOME Software can use.
S
Index: debian/changelog
===================================================================
--- debian/changelog (revision 51941)
+++ debian/changelog (working copy)
@@ -1,7 +1,16 @@
gdm3 (3.22.1-2) UNRELEASED; urgency=medium
+ [ Michael Biebl ]
* Stop setting authdir, has beend dropped upstream in favour of xauthdir.
+ [ Simon McVittie ]
+ * Add a non-upstreamable patch to edit D-Bus messages from libgdm
+ to the session worker and adapt them from the pre-3.16 interface
+ to the post-3.16 interface. Only do this if a flag file in /run
+ has been created, so that this workaround will only be active
+ until the next reboot.
+ * gdm3.preinst: Create that flag file on upgrades. (Closes: #789118)
+
-- Michael Biebl <[email protected]> Mon, 17 Oct 2016 01:07:52 +0200
gdm3 (3.22.1-1) unstable; urgency=medium
Index: debian/gdm3.preinst
===================================================================
--- debian/gdm3.preinst (revision 51941)
+++ debian/gdm3.preinst (working copy)
@@ -9,4 +9,11 @@
fi
fi
+if [ -n "$2" ] && dpkg --compare-versions "$2" lt 3.16; then
+ # Activate a horrible hack to let an already running gnome-shell
+ # unlock the screen.
+ echo "Enabling temporary workaround for upgrades from Debian 8..."
+ touch "/run/gdm3-upgraded-from-debian-8"
+fi
+
#DEBHELPER#
Index: debian/patches/Hack-D-Bus-messages-from-Debian-8-libgdm-to-work-wit.patch
===================================================================
--- debian/patches/Hack-D-Bus-messages-from-Debian-8-libgdm-to-work-wit.patch (nonexistent)
+++ debian/patches/Hack-D-Bus-messages-from-Debian-8-libgdm-to-work-wit.patch (working copy)
@@ -0,0 +1,118 @@
+From 27365c4863a3a5127541ed9ac77cb29500466ab8 Mon Sep 17 00:00:00 2001
+From: Simon McVittie <[email protected]>
+Date: Wed, 25 Jan 2017 10:58:28 +0000
+Subject: [PATCH] Hack D-Bus messages from Debian 8 libgdm to work with this
+ version
+
+There is one extra argument. Add that argument, setting it to FALSE,
+which makes this gdm behave like the only code path in Debian 8.
+
+Please remove this patch after Debian 9 is released.
+
+Forwarded: no, Debian-specific
+---
+ daemon/gdm-session-worker.c | 81 +++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 81 insertions(+)
+
+diff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c
+index 421ef028..6b14f003 100644
+--- a/daemon/gdm-session-worker.c
++++ b/daemon/gdm-session-worker.c
+@@ -3077,6 +3077,80 @@ gdm_session_worker_handle_start_reauthentication (GdmDBusWorker *object,
+ return TRUE;
+ }
+
++/* A horrible hack to cope with reauthentication requests coming from
++ * Debian 8's libgdm, which might still be resident in memory if a user
++ * was running gnome-shell and lets it lock during the upgrade. */
++static GDBusMessage *
++rewrite_messages (GDBusConnection *connection,
++ GDBusMessage *message,
++ gboolean incoming,
++ gpointer nil)
++{
++ g_autoptr (GDBusMessage) ret = NULL;
++ GVariant *body;
++ const gchar *service_name, *user_name, *x11_display, *x11_authority;
++ const gchar *display_device, *display_seat, *hostname;
++ gboolean display_is_local;
++
++ if (!incoming ||
++ g_dbus_message_get_message_type (message) !=
++ G_DBUS_MESSAGE_TYPE_METHOD_CALL ||
++ g_dbus_message_get_num_unix_fds (message) != 0 ||
++ g_strcmp0 (g_dbus_message_get_interface (message),
++ "org.gnome.DisplayManager.Worker") != 0 ||
++ g_strcmp0 (g_dbus_message_get_member (message),
++ "SetupForUser") != 0 ||
++ g_strcmp0 (g_dbus_message_get_signature (message),
++ "ssss" "sssb") != 0)
++ return message;
++
++ g_warning ("Patching old SetupForUser message from Debian 8 libgdm");
++
++ ret = g_dbus_message_copy (message, NULL);
++
++ /* If we can't copy it for whatever reason, just give up */
++ if (ret == NULL)
++ {
++ g_warning ("Failed to patch old SetupForUser message");
++ return message;
++ }
++
++ body = g_dbus_message_get_body (message);
++
++ g_variant_get (body,
++ "(" "&s&s&s&s" "&s&s&sb" ")",
++
++ &service_name,
++ &user_name,
++ &x11_display,
++ &x11_authority,
++
++ &display_device,
++ &display_seat,
++ &hostname,
++ &display_is_local);
++
++ /* The new API has one aditional boolean argument, display_is_initial.
++ * Set it to FALSE to make gdm behave like it did in Debian 8. */
++ g_dbus_message_set_body (ret,
++ g_variant_new ("(" "ssss" "sssb" "b" ")",
++
++ service_name,
++ user_name,
++ x11_display,
++ x11_authority,
++
++ display_device,
++ display_seat,
++ hostname,
++ display_is_local,
++
++ FALSE));
++
++ g_object_unref (message);
++ return g_steal_pointer (&ret);
++}
++
+ static GObject *
+ gdm_session_worker_constructor (GType type,
+ guint n_construct_properties,
+@@ -3104,6 +3178,13 @@ gdm_session_worker_constructor (GType type,
+ exit (1);
+ }
+
++ if (worker->priv->is_reauth_session &&
++ g_file_test ("/run/gdm3-upgraded-from-debian-8",
++ G_FILE_TEST_EXISTS)) {
++ g_dbus_connection_add_filter (worker->priv->connection,
++ rewrite_messages, NULL, NULL);
++ }
++
+ worker->priv->manager = GDM_DBUS_WORKER_MANAGER (gdm_dbus_worker_manager_proxy_new_sync (worker->priv->connection,
+ G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES,
+ NULL, /* dbus name */
+--
+2.11.0
+
Index: debian/patches/series
===================================================================
--- debian/patches/series (revision 51941)
+++ debian/patches/series (working copy)
@@ -4,3 +4,4 @@
91_dconf_database_path.patch
92_systemd_unit.patch
94_retain_xorg_log.patch
+Hack-D-Bus-messages-from-Debian-8-libgdm-to-work-wit.patch
