Update to 41.0+r15+g23ebe617

author: Robin Lange 2021-11-27 10:10:55 +1100
committer: Robin Lange 2021-11-27 10:10:55 +1100
commit: b3040ac5c2f67dd764324beb0d1eca09fd7e4514 (patch)
tree: b0076823f1193564b2263ab30eb25d569014e8ce
parent: b2642d0a42fe117edd76c8c8da7fc120f4412e63 (diff)
download: aur-b3040ac5c2f67dd764324beb0d1eca09fd7e4514.tar.gz
5 files changed, 94 insertions, 234 deletions
diff --git a/.SRCINFO b/.SRCINFO
index cecad4495e38..db51fc331a93 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
 pkgbase = gdm-prime
 	pkgdesc = Display manager and login screen
-	pkgver = 40.0
+	pkgver = 41.0+r15+g23ebe617
 	pkgrel = 1
 	url = https://wiki.gnome.org/Projects/GDM
 	arch = x86_64
@@ -19,14 +19,14 @@ pkgbase = gdm-prime
 	depends = xorg-xhost
 	depends = libxdmcp
 	depends = systemd
-	source = git+https://gitlab.gnome.org/GNOME/gdm.git#commit=3246bf1af8589899621649df523e6840e4858cda
-	source = 0001-pam-arch-Update-to-match-pambase-20200721.1-2.patch
-	source = 0002-Xsession-Don-t-start-ssh-agent-by-default.patch
+	source = git+https://gitlab.gnome.org/GNOME/gdm.git#commit=23ebe617119506a0614f1bd2c76cd9bcf7e8fb7c
+	source = 0001-Xsession-Don-t-start-ssh-agent-by-default.patch
+	source = 0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch
 	source = 0003-nvidia-prime.patch
 	source = default.pa
 	sha256sums = SKIP
-	sha256sums = f32555703d4f3b6babbe49ddd2c82295238623050b63826c95a959d5caec37f8
-	sha256sums = aa751223e8664f65fe2cae032dc93bb94338a41cfca4c6b66a0fca0c788c4313
+	sha256sums = 39a7e1189d423dd428ace9baac77ba0442c6706a861d3c3db9eb3a6643e223f8
+	sha256sums = e3dcaaa5ffa2dd4d3338c8b5827965ea2ca1efd9a95d7272a107e6121cb7898f
 	sha256sums = a1fb80c69454492390e4b7edac0efe55b2178c7031051d3eab99ed8c14d3e0e4
 	sha256sums = e88410bcec9e2c7a22a319be0b771d1f8d536863a7fc618b6352a09d61327dcb
 
diff --git a/0002-Xsession-Don-t-start-ssh-agent-by-default.patch b/0001-Xsession-Don-t-start-ssh-agent-by-default.patch
index 568eb2c56828..56699008c6fc 100644
--- a/0002-Xsession-Don-t-start-ssh-agent-by-default.patch
+++ b/0001-Xsession-Don-t-start-ssh-agent-by-default.patch
@@ -8,7 +8,7 @@ Subject: [PATCH] Xsession: Don't start ssh-agent by default
  1 file changed, 8 deletions(-)
 
 diff --git a/data/Xsession.in b/data/Xsession.in
-index 2e4de4fe..29ebc30e 100755
+index 2e4de4fe384f..29ebc30ea0c5 100755
 --- a/data/Xsession.in
 +++ b/data/Xsession.in
 @@ -207,14 +207,6 @@ if [ "x$command" = "xdefault" ] ; then
diff --git a/0001-pam-arch-Update-to-match-pambase-20200721.1-2.patch b/0001-pam-arch-Update-to-match-pambase-20200721.1-2.patch
deleted file mode 100644
index 9f4cce14fc54..000000000000
--- a/0001-pam-arch-Update-to-match-pambase-20200721.1-2.patch
+++ /dev/null
@@ -1,216 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: "Jan Alexander Steffens (heftig)" <heftig@archlinux.org>
-Date: Tue, 27 Oct 2020 18:59:14 +0000
-Subject: [PATCH] pam-arch: Update to match pambase 20200721.1-2
-
-Update the PAM files for Arch Linux. This has been applied downstream
-since Aug 2020.
-
-https://bugs.archlinux.org/task/67485
----
- data/meson.build                         |  1 -
- data/pam-arch/gdm-autologin.pam          | 22 +++++++++--------
- data/pam-arch/gdm-fingerprint.pam        | 31 +++++++++++++++---------
- data/pam-arch/gdm-launch-environment.pam | 24 ++++++++++--------
- data/pam-arch/gdm-password.pam           | 17 +++++++------
- data/pam-arch/gdm-pin.pam                | 13 ----------
- data/pam-arch/gdm-smartcard.pam          | 31 +++++++++++++++---------
- 7 files changed, 75 insertions(+), 64 deletions(-)
- delete mode 100644 data/pam-arch/gdm-pin.pam
-
-diff --git a/data/meson.build b/data/meson.build
-index 23e2d7f9..7c5222ea 100644
---- a/data/meson.build
-+++ b/data/meson.build
-@@ -134,7 +134,6 @@ pam_data_files_map = {
-     'gdm-fingerprint',
-     'gdm-smartcard',
-     'gdm-password',
--    'gdm-pin',
-   ],
-   'none': [],
-   # We should no longer have 'autodetect' at this point
-diff --git a/data/pam-arch/gdm-autologin.pam b/data/pam-arch/gdm-autologin.pam
-index 99b14209..30bdf529 100644
---- a/data/pam-arch/gdm-autologin.pam
-+++ b/data/pam-arch/gdm-autologin.pam
-@@ -1,13 +1,15 @@
--auth     requisite pam_nologin.so
--auth     required  pam_env.so
--auth     optional  pam_gdm.so
--auth     optional  pam_gnome_keyring.so
--auth     optional  pam_permit.so
-+#%PAM-1.0
- 
--account  include   system-local-login
-+auth       required                    pam_shells.so
-+auth       requisite                   pam_nologin.so
-+auth       optional                    pam_permit.so
-+auth       required                    pam_env.so
-+auth       [success=ok default=1]      pam_gdm.so
-+auth       optional                    pam_gnome_keyring.so
- 
--password include   system-local-login
-+account    include                     system-local-login
- 
--session  optional  pam_keyinit.so force revoke
--session  include   system-local-login
--session  optional  pam_gnome_keyring.so auto_start
-+password   required                    pam_deny.so
-+
-+session    include                     system-local-login
-+session    optional                    pam_gnome_keyring.so auto_start
-diff --git a/data/pam-arch/gdm-fingerprint.pam b/data/pam-arch/gdm-fingerprint.pam
-index a4808617..cc660d9a 100644
---- a/data/pam-arch/gdm-fingerprint.pam
-+++ b/data/pam-arch/gdm-fingerprint.pam
-@@ -1,14 +1,23 @@
--auth     required  pam_tally.so onerr=succeed file=/var/log/faillog
--auth     required  pam_shells.so
--auth     requisite pam_nologin.so
--auth     required  pam_env.so
--auth     required  pam_fprintd.so
--auth     optional  pam_permit.so
-+#%PAM-1.0
- 
--account  include   system-local-login
-+auth       required                    pam_shells.so
-+auth       requisite                   pam_nologin.so
-+auth       required                    pam_faillock.so      preauth
-+# Optionally use requisite above if you do not want to prompt for the fingerprint
-+# on locked accounts.
-+auth       [success=1 default=ignore]  pam_fprintd.so
-+auth       [default=die]               pam_faillock.so      authfail
-+auth       optional                    pam_permit.so
-+auth       required                    pam_env.so
-+auth       required                    pam_faillock.so      authsucc
-+# If you drop the above call to pam_faillock.so the lock will be done also
-+# on non-consecutive authentication failures.
-+auth       [success=ok default=1]      pam_gdm.so
-+auth       optional                    pam_gnome_keyring.so
- 
--password required  pam_fprintd.so
--password optional  pam_permit.so
-+account    include                     system-local-login
- 
--session  optional  pam_keyinit.so force revoke
--session  include   system-local-login
-+password   required                    pam_deny.so
-+
-+session    include                     system-local-login
-+session    optional                    pam_gnome_keyring.so auto_start
-diff --git a/data/pam-arch/gdm-launch-environment.pam b/data/pam-arch/gdm-launch-environment.pam
-index d59c9cb9..20d1810a 100644
---- a/data/pam-arch/gdm-launch-environment.pam
-+++ b/data/pam-arch/gdm-launch-environment.pam
-@@ -1,13 +1,17 @@
--auth     required  pam_env.so
--auth     required  pam_succeed_if.so audit quiet_success user = gdm
--auth     optional  pam_permit.so
-+#%PAM-1.0
- 
--account  required  pam_succeed_if.so audit quiet_success user = gdm
--account  optional  pam_permit.so
-+auth       required                    pam_succeed_if.so    audit quiet_success user in gdm:gnome-initial-setup
-+auth       optional                    pam_permit.so
-+auth       required                    pam_env.so
- 
--password required  pam_deny.so
-+account    required                    pam_succeed_if.so    audit quiet_success user in gdm:gnome-initial-setup
-+account    optional                    pam_permit.so
- 
--session  optional  pam_keyinit.so force revoke
--session  required  pam_succeed_if.so audit quiet_success user = gdm
--session  required  pam_systemd.so
--session  optional  pam_permit.so
-+password   required                    pam_deny.so
-+
-+session    optional                    pam_loginuid.so
-+session    optional                    pam_keyinit.so       force revoke
-+session    required                    pam_succeed_if.so    audit quiet_success user in gdm:gnome-initial-setup
-+session    optional                    pam_permit.so
-+-session   optional                    pam_systemd.so
-+session    required                    pam_env.so           user_readenv=1
-diff --git a/data/pam-arch/gdm-password.pam b/data/pam-arch/gdm-password.pam
-index 8d34794e..137242a6 100644
---- a/data/pam-arch/gdm-password.pam
-+++ b/data/pam-arch/gdm-password.pam
-@@ -1,11 +1,12 @@
--auth     include   system-local-login
--auth     optional  pam_gnome_keyring.so
-+#%PAM-1.0
- 
--account  include   system-local-login
-+auth       include                     system-local-login
-+auth       optional                    pam_gnome_keyring.so
- 
--password include   system-local-login
--password optional  pam_gnome_keyring.so use_authtok
-+account    include                     system-local-login
- 
--session  optional  pam_keyinit.so force revoke
--session  include   system-local-login
--session  optional  pam_gnome_keyring.so auto_start
-+password   include                     system-local-login
-+password   optional                    pam_gnome_keyring.so use_authtok
-+
-+session    include                     system-local-login
-+session    optional                    pam_gnome_keyring.so auto_start
-diff --git a/data/pam-arch/gdm-pin.pam b/data/pam-arch/gdm-pin.pam
-deleted file mode 100644
-index 135e205e..00000000
---- a/data/pam-arch/gdm-pin.pam
-+++ /dev/null
-@@ -1,13 +0,0 @@
--auth     requisite pam_pin.so
--auth     include   system-local-login
--auth     optional  pam_gnome_keyring.so
--
--account  include   system-local-login
--
--password include   system-local-login
--password optional  pam_pin.so
--password optional  pam_gnome_keyring.so use_authtok
--
--session  optional  pam_keyinit.so force revoke
--session  include   system-local-login
--session  optional  pam_gnome_keyring.so auto_start
-diff --git a/data/pam-arch/gdm-smartcard.pam b/data/pam-arch/gdm-smartcard.pam
-index ec6f75d5..e6ec1299 100644
---- a/data/pam-arch/gdm-smartcard.pam
-+++ b/data/pam-arch/gdm-smartcard.pam
-@@ -1,14 +1,23 @@
--auth     required  pam_tally.so onerr=succeed file=/var/log/faillog
--auth     required  pam_shells.so
--auth     requisite pam_nologin.so
--auth     required  pam_env.so
--auth     required  pam_pkcs11.so wait_for_card card_only
--auth     optional  pam_permit.so
-+#%PAM-1.0
- 
--account  include   system-local-login
-+auth       required                    pam_shells.so
-+auth       requisite                   pam_nologin.so
-+auth       required                    pam_faillock.so      preauth
-+# Optionally use requisite above if you do not want to prompt for the smartcard
-+# on locked accounts.
-+auth       [success=1 default=ignore]  pam_pkcs11.so        wait_for_card card_only
-+auth       [default=die]               pam_faillock.so      authfail
-+auth       optional                    pam_permit.so
-+auth       required                    pam_env.so
-+auth       required                    pam_faillock.so      authsucc
-+# If you drop the above call to pam_faillock.so the lock will be done also
-+# on non-consecutive authentication failures.
-+auth       [success=ok default=1]      pam_gdm.so
-+auth       optional                    pam_gnome_keyring.so
- 
--password required  pam_pkcs11.so
--password optional  pam_permit.so
-+account    include                     system-local-login
- 
--session  optional  pam_keyinit.so force revoke
--session  include   system-local-login
-+password   required                    pam_deny.so
-+
-+session    include                     system-local-login
-+session    optional                    pam_gnome_keyring.so auto_start
diff --git a/0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch b/0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch
new file mode 100644
index 000000000000..ce6d5539376f
--- /dev/null
+++ b/0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch
@@ -0,0 +1,73 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <heftig@archlinux.org>
+Date: Tue, 31 Aug 2021 21:51:46 +0000
+Subject: [PATCH] pam-arch: Drop pam_faillock counting from fingerprint and
+ smartcard
+
+As mentioned in an [fprintd issue comment][1], we need to make sure that
+the stack's error status is taken from the main auth module, i.e.
+pam_fprintd, otherwise GDM will not behave correctly.
+
+Still use pam_faillock preauth so that we test whether the account is
+locked, but don't use authfail/authsucc to log a failure/success so this
+stack doesn't participate in triggering the lock.
+
+Ideally we would check which return values we actually want to treat as
+a reason to lock the account (e.g. fingerprint mismatch) and which are
+neutral (e.g. no fingerprints enrolled), but that's much more effort.
+
+Should fix [FS#71750][2].
+
+[1]: https://gitlab.freedesktop.org/libfprint/fprintd/-/issues/112#note_1016191
+[2]: https://bugs.archlinux.org/task/71750
+---
+ data/pam-arch/gdm-fingerprint.pam | 10 ++--------
+ data/pam-arch/gdm-smartcard.pam   | 10 ++--------
+ 2 files changed, 4 insertions(+), 16 deletions(-)
+
+diff --git a/data/pam-arch/gdm-fingerprint.pam b/data/pam-arch/gdm-fingerprint.pam
+index cc660d9a90ba..2aaf9f6c88a0 100644
+--- a/data/pam-arch/gdm-fingerprint.pam
++++ b/data/pam-arch/gdm-fingerprint.pam
+@@ -2,16 +2,10 @@
+ 
+ auth       required                    pam_shells.so
+ auth       requisite                   pam_nologin.so
+-auth       required                    pam_faillock.so      preauth
+-# Optionally use requisite above if you do not want to prompt for the fingerprint
+-# on locked accounts.
+-auth       [success=1 default=ignore]  pam_fprintd.so
+-auth       [default=die]               pam_faillock.so      authfail
++auth       requisite                   pam_faillock.so      preauth
++auth       required                    pam_fprintd.so
+ auth       optional                    pam_permit.so
+ auth       required                    pam_env.so
+-auth       required                    pam_faillock.so      authsucc
+-# If you drop the above call to pam_faillock.so the lock will be done also
+-# on non-consecutive authentication failures.
+ auth       [success=ok default=1]      pam_gdm.so
+ auth       optional                    pam_gnome_keyring.so
+ 
+diff --git a/data/pam-arch/gdm-smartcard.pam b/data/pam-arch/gdm-smartcard.pam
+index e6ec129948a7..6d7333bf4204 100644
+--- a/data/pam-arch/gdm-smartcard.pam
++++ b/data/pam-arch/gdm-smartcard.pam
+@@ -2,16 +2,10 @@
+ 
+ auth       required                    pam_shells.so
+ auth       requisite                   pam_nologin.so
+-auth       required                    pam_faillock.so      preauth
+-# Optionally use requisite above if you do not want to prompt for the smartcard
+-# on locked accounts.
+-auth       [success=1 default=ignore]  pam_pkcs11.so        wait_for_card card_only
+-auth       [default=die]               pam_faillock.so      authfail
++auth       requisite                   pam_faillock.so      preauth
++auth       required                    pam_pkcs11.so        wait_for_card card_only
+ auth       optional                    pam_permit.so
+ auth       required                    pam_env.so
+-auth       required                    pam_faillock.so      authsucc
+-# If you drop the above call to pam_faillock.so the lock will be done also
+-# on non-consecutive authentication failures.
+ auth       [success=ok default=1]      pam_gdm.so
+ auth       optional                    pam_gnome_keyring.so
+ 
diff --git a/PKGBUILD b/PKGBUILD
index 8bef453ca0b1..13d74437a090 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -4,7 +4,7 @@
 
 pkgbase=gdm-prime
 pkgname=(gdm-prime libgdm-prime)
-pkgver=40.0
+pkgver=41.0+r15+g23ebe617
 pkgrel=1
 pkgdesc="Display manager and login screen"
 url="https://wiki.gnome.org/Projects/GDM"
@@ -14,31 +14,34 @@ depends=(gnome-shell gnome-session upower xorg-xrdb xorg-server xorg-xhost
          libxdmcp systemd)
 makedepends=(yelp-tools gobject-introspection git docbook-xsl meson)
 checkdepends=(check)
-_commit=3246bf1af8589899621649df523e6840e4858cda  # tags/40.0^0
+_commit=23ebe617119506a0614f1bd2c76cd9bcf7e8fb7c  # main
 source=("git+https://gitlab.gnome.org/GNOME/gdm.git#commit=$_commit"
-        0001-pam-arch-Update-to-match-pambase-20200721.1-2.patch
-        0002-Xsession-Don-t-start-ssh-agent-by-default.patch
+        0001-Xsession-Don-t-start-ssh-agent-by-default.patch
+        0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch
         0003-nvidia-prime.patch
         default.pa)
 sha256sums=('SKIP'
-            'f32555703d4f3b6babbe49ddd2c82295238623050b63826c95a959d5caec37f8'
-            'aa751223e8664f65fe2cae032dc93bb94338a41cfca4c6b66a0fca0c788c4313'
+            '39a7e1189d423dd428ace9baac77ba0442c6706a861d3c3db9eb3a6643e223f8'
+            'e3dcaaa5ffa2dd4d3338c8b5827965ea2ca1efd9a95d7272a107e6121cb7898f'
             'a1fb80c69454492390e4b7edac0efe55b2178c7031051d3eab99ed8c14d3e0e4'
             'e88410bcec9e2c7a22a319be0b771d1f8d536863a7fc618b6352a09d61327dcb')
 
 pkgver() {
   cd gdm
-  git describe --tags | sed 's/\.rc/rc/;s/-/+/g'
+  git describe --tags | sed 's/\.rc/rc/;s/[^-]*-g/r&/;s/-/+/g'
 }
 
 prepare() {
   cd gdm
 
   # https://bugs.archlinux.org/task/67485
-  git apply -3 ../0001-pam-arch-Update-to-match-pambase-20200721.1-2.patch
+  git cherry-pick -n 8528a503ad70669a5f0c03d0a92ba19326983b82
 
   # Don't start ssh-agent by default
-  git apply -3 ../0002-Xsession-Don-t-start-ssh-agent-by-default.patch
+  git apply -3 ../0001-Xsession-Don-t-start-ssh-agent-by-default.patch
+
+  # https://bugs.archlinux.org/task/71750
+  git apply -3 ../0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch
 
   git apply -3 ../0003-nvidia-prime.patch
 }
@@ -72,7 +75,7 @@ package_gdm-prime() {
   groups=(gnome)
   install=gdm-prime.install
 
-  DESTDIR="$pkgdir" meson install -C build
+  meson install -C build --destdir "$pkgdir"
 
   install -d "$pkgdir/var/lib"
   install -d "$pkgdir/var/lib/gdm"                           -o120 -g120 -m1770
@@ -83,7 +86,7 @@ package_gdm-prime() {
   install -d "$pkgdir/var/lib/gdm/.local/share/applications" -o120 -g120
 
   # https://src.fedoraproject.org/rpms/gdm/blob/master/f/default.pa-for-gdm
-  install -Dt "$pkgdir/var/lib/gdm/.config/pulse" -o120 -g120 -m644 default.pa
+  install -t "$pkgdir/var/lib/gdm/.config/pulse" -o120 -g120 -m644 default.pa
 
   install -Dm644 /dev/stdin "$pkgdir/usr/lib/sysusers.d/gdm.conf" <<END
 g gdm 120 -
author	Robin Lange	2021-11-27 10:10:55 +1100
committer	Robin Lange	2021-11-27 10:10:55 +1100
commit	b3040ac5c2f67dd764324beb0d1eca09fd7e4514 (patch)
tree	b0076823f1193564b2263ab30eb25d569014e8ce
parent	b2642d0a42fe117edd76c8c8da7fc120f4412e63 (diff)
download	aur-b3040ac5c2f67dd764324beb0d1eca09fd7e4514.tar.gz