diff options
author | Taijian | 2020-08-19 20:41:32 +0200 |
---|---|---|
committer | Taijian | 2020-08-19 20:41:32 +0200 |
commit | 173f3cf3176107e2ef39ed5e6fb31e9dbcc7bf06 (patch) | |
tree | 84b6506e910fbeafe69adc17a5d4e8ba52de984b | |
parent | fd026ed6d56035c6685a71b6db55e8d79c02e6c6 (diff) | |
download | aur-173f3cf3176107e2ef39ed5e6fb31e9dbcc7bf06.tar.gz |
bring in line with extra/gdm and new pambase
-rw-r--r-- | .SRCINFO | 10 | ||||
-rw-r--r-- | 0001-Xsession-Don-t-start-ssh-agent-by-default.patch | 5 | ||||
-rw-r--r-- | 0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch | 5 | ||||
-rw-r--r-- | 0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch | 4 | ||||
-rw-r--r-- | 0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch | 201 | ||||
-rw-r--r-- | PKGBUILD | 15 |
6 files changed, 220 insertions, 20 deletions
@@ -1,7 +1,7 @@ pkgbase = gdm-plymouth pkgdesc = Display manager and login screen with plymouth support pkgver = 3.36.3 - pkgrel = 1 + pkgrel = 2 url = https://wiki.gnome.org/Projects/GDM install = gdm.install arch = x86_64 @@ -22,10 +22,12 @@ pkgbase = gdm-plymouth source = 0001-Xsession-Don-t-start-ssh-agent-by-default.patch source = 0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch source = 0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch + source = 0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch sha256sums = SKIP - sha256sums = 7a9a60ac3ec2a7ba8625ebd8974ac19469412e596d823d889628c971d3a27463 - sha256sums = 15c8d7e0a0e03cb45f6bb33b3d91e0332d5d1b835b4aee726118085a35f3b046 - sha256sums = 58105ba0634279e00729180831f82e85342167c6ac324a26e6f8b16483fb4018 + sha256sums = 6f386e5e7ca09adaa6f9309c40dd32c6ff85990ce4a7bb9da70cc2a3de1f320b + sha256sums = 88129b13ba9196d93d1c434ae8e3c48d2eee3e28fb2594b2c1c5f4385f05b15d + sha256sums = 2e27b0d16311f4e139ee77a8ad752517a715a4f85312810a7c401bba85576b70 + sha256sums = a999d49759fbe8b9a09598cc2a744b86c220486ae202e2bc351d170741142062 pkgname = gdm-plymouth groups = gnome diff --git a/0001-Xsession-Don-t-start-ssh-agent-by-default.patch b/0001-Xsession-Don-t-start-ssh-agent-by-default.patch index 15bb249525f1..5e87a7e85d37 100644 --- a/0001-Xsession-Don-t-start-ssh-agent-by-default.patch +++ b/0001-Xsession-Don-t-start-ssh-agent-by-default.patch @@ -2,7 +2,7 @@ From 328a315c21ec71e563d00699f0a79186b229270a Mon Sep 17 00:00:00 2001 Message-Id: <328a315c21ec71e563d00699f0a79186b229270a.1541542184.git.jan.steffens@gmail.com> From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> Date: Sat, 20 Jun 2015 17:22:38 +0200 -Subject: [PATCH 1/3] Xsession: Don't start ssh-agent by default +Subject: [PATCH] Xsession: Don't start ssh-agent by default --- data/Xsession.in | 8 -------- @@ -27,6 +27,3 @@ index 9d79558c..ff6d9de0 100755 echo "$0: Setup done, will execute: $command" eval exec $command --- -2.23.0 - diff --git a/0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch b/0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch index 6d4c5f75765b..e23dff2a5198 100644 --- a/0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch +++ b/0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch @@ -1,7 +1,7 @@ From a9c2cb0ae478caf40cc24001fbf6cfbbcc19196e Mon Sep 17 00:00:00 2001 From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> Date: Tue, 10 Sep 2019 20:37:08 +0000 -Subject: [PATCH 2/3] pam-arch: Don't check greeter account for expiry +Subject: [PATCH] pam-arch: Don't check greeter account for expiry systemd-sysusers now creates expired accounts, which broke the greeter on new installations. @@ -24,6 +24,3 @@ index 618a7d3a..89521472 100644 +account optional pam_permit.so password required pam_deny.so - --- -2.23.0 diff --git a/0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch b/0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch index 98c2c184ae2c..18f253da0b8f 100644 --- a/0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch +++ b/0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch @@ -1,7 +1,7 @@ From 3b6ca2e211b9874e61e9a6950c52b52f2a79dca3 Mon Sep 17 00:00:00 2001 From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> Date: Tue, 10 Sep 2019 20:41:10 +0000 -Subject: [PATCH 3/3] pam-arch: Restrict greeter service to the gdm user +Subject: [PATCH] pam-arch: Restrict greeter service to the gdm user Copied from pam-exherbo. --- @@ -26,5 +26,3 @@ index 89521472..d59c9cb9 100644 +session required pam_succeed_if.so audit quiet_success user = gdm session required pam_systemd.so session optional pam_permit.so --- -2.23.0 diff --git a/0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch b/0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch new file mode 100644 index 000000000000..b138042086a7 --- /dev/null +++ b/0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch @@ -0,0 +1,201 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" <heftig@archlinux.org> +Date: Sun, 9 Aug 2020 00:34:37 +0000 +Subject: [PATCH] pam-arch: Update to match pambase 20200721.1-2 + +https://bugs.archlinux.org/task/67485 +--- + data/pam-arch/gdm-autologin.pam | 22 +++++++++-------- + data/pam-arch/gdm-fingerprint.pam | 31 +++++++++++++++--------- + data/pam-arch/gdm-launch-environment.pam | 24 ++++++++++-------- + data/pam-arch/gdm-password.pam | 17 +++++++------ + data/pam-arch/gdm-pin.pam | 13 ---------- + data/pam-arch/gdm-smartcard.pam | 31 +++++++++++++++--------- + 6 files changed, 75 insertions(+), 63 deletions(-) + delete mode 100644 data/pam-arch/gdm-pin.pam + +diff --git a/data/pam-arch/gdm-autologin.pam b/data/pam-arch/gdm-autologin.pam +index 99b14209..30bdf529 100644 +--- a/data/pam-arch/gdm-autologin.pam ++++ b/data/pam-arch/gdm-autologin.pam +@@ -1,13 +1,15 @@ +-auth requisite pam_nologin.so +-auth required pam_env.so +-auth optional pam_gdm.so +-auth optional pam_gnome_keyring.so +-auth optional pam_permit.so ++#%PAM-1.0 + +-account include system-local-login ++auth required pam_shells.so ++auth requisite pam_nologin.so ++auth optional pam_permit.so ++auth required pam_env.so ++auth [success=ok default=1] pam_gdm.so ++auth optional pam_gnome_keyring.so + +-password include system-local-login ++account include system-local-login + +-session optional pam_keyinit.so force revoke +-session include system-local-login +-session optional pam_gnome_keyring.so auto_start ++password required pam_deny.so ++ ++session include system-local-login ++session optional pam_gnome_keyring.so auto_start +diff --git a/data/pam-arch/gdm-fingerprint.pam b/data/pam-arch/gdm-fingerprint.pam +index a4808617..cc660d9a 100644 +--- a/data/pam-arch/gdm-fingerprint.pam ++++ b/data/pam-arch/gdm-fingerprint.pam +@@ -1,14 +1,23 @@ +-auth required pam_tally.so onerr=succeed file=/var/log/faillog +-auth required pam_shells.so +-auth requisite pam_nologin.so +-auth required pam_env.so +-auth required pam_fprintd.so +-auth optional pam_permit.so ++#%PAM-1.0 + +-account include system-local-login ++auth required pam_shells.so ++auth requisite pam_nologin.so ++auth required pam_faillock.so preauth ++# Optionally use requisite above if you do not want to prompt for the fingerprint ++# on locked accounts. ++auth [success=1 default=ignore] pam_fprintd.so ++auth [default=die] pam_faillock.so authfail ++auth optional pam_permit.so ++auth required pam_env.so ++auth required pam_faillock.so authsucc ++# If you drop the above call to pam_faillock.so the lock will be done also ++# on non-consecutive authentication failures. ++auth [success=ok default=1] pam_gdm.so ++auth optional pam_gnome_keyring.so + +-password required pam_fprintd.so +-password optional pam_permit.so ++account include system-local-login + +-session optional pam_keyinit.so force revoke +-session include system-local-login ++password required pam_deny.so ++ ++session include system-local-login ++session optional pam_gnome_keyring.so auto_start +diff --git a/data/pam-arch/gdm-launch-environment.pam b/data/pam-arch/gdm-launch-environment.pam +index d59c9cb9..2ff5ae56 100644 +--- a/data/pam-arch/gdm-launch-environment.pam ++++ b/data/pam-arch/gdm-launch-environment.pam +@@ -1,13 +1,17 @@ +-auth required pam_env.so +-auth required pam_succeed_if.so audit quiet_success user = gdm +-auth optional pam_permit.so ++#%PAM-1.0 + +-account required pam_succeed_if.so audit quiet_success user = gdm +-account optional pam_permit.so ++auth required pam_succeed_if.so audit quiet_success user=gdm ++auth optional pam_permit.so ++auth required pam_env.so + +-password required pam_deny.so ++account required pam_succeed_if.so audit quiet_success user=gdm ++account optional pam_permit.so + +-session optional pam_keyinit.so force revoke +-session required pam_succeed_if.so audit quiet_success user = gdm +-session required pam_systemd.so +-session optional pam_permit.so ++password required pam_deny.so ++ ++session optional pam_loginuid.so ++session optional pam_keyinit.so force revoke ++session required pam_succeed_if.so audit quiet_success user=gdm ++session optional pam_permit.so ++-session optional pam_systemd.so ++session required pam_env.so user_readenv=1 +diff --git a/data/pam-arch/gdm-password.pam b/data/pam-arch/gdm-password.pam +index 8d34794e..137242a6 100644 +--- a/data/pam-arch/gdm-password.pam ++++ b/data/pam-arch/gdm-password.pam +@@ -1,11 +1,12 @@ +-auth include system-local-login +-auth optional pam_gnome_keyring.so ++#%PAM-1.0 + +-account include system-local-login ++auth include system-local-login ++auth optional pam_gnome_keyring.so + +-password include system-local-login +-password optional pam_gnome_keyring.so use_authtok ++account include system-local-login + +-session optional pam_keyinit.so force revoke +-session include system-local-login +-session optional pam_gnome_keyring.so auto_start ++password include system-local-login ++password optional pam_gnome_keyring.so use_authtok ++ ++session include system-local-login ++session optional pam_gnome_keyring.so auto_start +diff --git a/data/pam-arch/gdm-pin.pam b/data/pam-arch/gdm-pin.pam +deleted file mode 100644 +index 135e205e..00000000 +--- a/data/pam-arch/gdm-pin.pam ++++ /dev/null +@@ -1,13 +0,0 @@ +-auth requisite pam_pin.so +-auth include system-local-login +-auth optional pam_gnome_keyring.so +- +-account include system-local-login +- +-password include system-local-login +-password optional pam_pin.so +-password optional pam_gnome_keyring.so use_authtok +- +-session optional pam_keyinit.so force revoke +-session include system-local-login +-session optional pam_gnome_keyring.so auto_start +diff --git a/data/pam-arch/gdm-smartcard.pam b/data/pam-arch/gdm-smartcard.pam +index ec6f75d5..e6ec1299 100644 +--- a/data/pam-arch/gdm-smartcard.pam ++++ b/data/pam-arch/gdm-smartcard.pam +@@ -1,14 +1,23 @@ +-auth required pam_tally.so onerr=succeed file=/var/log/faillog +-auth required pam_shells.so +-auth requisite pam_nologin.so +-auth required pam_env.so +-auth required pam_pkcs11.so wait_for_card card_only +-auth optional pam_permit.so ++#%PAM-1.0 + +-account include system-local-login ++auth required pam_shells.so ++auth requisite pam_nologin.so ++auth required pam_faillock.so preauth ++# Optionally use requisite above if you do not want to prompt for the smartcard ++# on locked accounts. ++auth [success=1 default=ignore] pam_pkcs11.so wait_for_card card_only ++auth [default=die] pam_faillock.so authfail ++auth optional pam_permit.so ++auth required pam_env.so ++auth required pam_faillock.so authsucc ++# If you drop the above call to pam_faillock.so the lock will be done also ++# on non-consecutive authentication failures. ++auth [success=ok default=1] pam_gdm.so ++auth optional pam_gnome_keyring.so + +-password required pam_pkcs11.so +-password optional pam_permit.so ++account include system-local-login + +-session optional pam_keyinit.so force revoke +-session include system-local-login ++password required pam_deny.so ++ ++session include system-local-login ++session optional pam_gnome_keyring.so auto_start + @@ -8,7 +8,7 @@ _pkgbase=gdm pkgbase=gdm-plymouth pkgname=(gdm-plymouth libgdm-plymouth) pkgver=3.36.3 -pkgrel=1 +pkgrel=2 pkgdesc="Display manager and login screen with plymouth support" url="https://wiki.gnome.org/Projects/GDM" arch=(x86_64) @@ -20,11 +20,13 @@ _commit=24a4c0afe337a7a381397c87a39e3a666c0ae6cc # tags/3.36.3^0 source=("git+https://gitlab.gnome.org/GNOME/gdm.git#commit=$_commit" '0001-Xsession-Don-t-start-ssh-agent-by-default.patch' '0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch' - '0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch') + '0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch' + '0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch') sha256sums=('SKIP' - '7a9a60ac3ec2a7ba8625ebd8974ac19469412e596d823d889628c971d3a27463' - '15c8d7e0a0e03cb45f6bb33b3d91e0332d5d1b835b4aee726118085a35f3b046' - '58105ba0634279e00729180831f82e85342167c6ac324a26e6f8b16483fb4018') + '6f386e5e7ca09adaa6f9309c40dd32c6ff85990ce4a7bb9da70cc2a3de1f320b' + '88129b13ba9196d93d1c434ae8e3c48d2eee3e28fb2594b2c1c5f4385f05b15d' + '2e27b0d16311f4e139ee77a8ad752517a715a4f85312810a7c401bba85576b70' + 'a999d49759fbe8b9a09598cc2a744b86c220486ae202e2bc351d170741142062') install=gdm.install pkgver() { @@ -40,6 +42,9 @@ prepare() { # https://bugs.archlinux.org/task/63706 patch -Np1 -i ../0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch patch -Np1 -i ../0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch + + # https://bugs.archlinux.org/task/67485 + patch -Np1 -i ../0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch NOCONFIGURE=1 ./autogen.sh } |