summarylogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.SRCINFO57
-rw-r--r--0001-Xsession-Don-t-start-ssh-agent-by-default.patch30
-rw-r--r--0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch29
-rw-r--r--0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch30
-rw-r--r--PKGBUILD93
-rw-r--r--gdm.install17
6 files changed, 256 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO
new file mode 100644
index 000000000000..410fc42f8556
--- /dev/null
+++ b/.SRCINFO
@@ -0,0 +1,57 @@
+pkgbase = gdm-git
+ pkgdesc = Display manager and login screen
+ pkgver = 3.34.1+6+g8e109b8b
+ pkgrel = 1
+ url = https://wiki.gnome.org/Projects/GDM
+ arch = x86_64
+ license = GPL
+ checkdepends = check
+ makedepends = yelp-tools
+ makedepends = gobject-introspection
+ makedepends = git
+ makedepends = docbook-xsl
+ depends = gnome-shell
+ depends = gnome-session
+ depends = upower
+ depends = xorg-xrdb
+ depends = xorg-server
+ depends = xorg-xhost
+ source = git+https://gitlab.gnome.org/GNOME/gdm.git
+ source = 0001-Xsession-Don-t-start-ssh-agent-by-default.patch
+ source = 0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch
+ source = 0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch
+ sha256sums = SKIP
+ sha256sums = 098ffb1cdc0232f014e5fe5fb8d268b752afc54d6ee661664036879acd075b22
+ sha256sums = 2e2b12d4609004a010245de51a8c017b164e84f249cd19706d020cb599d2d7e7
+ sha256sums = 3fa02eb7bbbe1586eae4ae98221a284251ca2869dc731c80b753e7effc443379
+
+pkgname = gdm-git
+ install = gdm.install
+ depends = gnome-shell
+ depends = gnome-session
+ depends = upower
+ depends = xorg-xrdb
+ depends = xorg-server
+ depends = xorg-xhost
+ depends = libgdm
+ optdepends = fprintd: fingerprint authentication
+ provides = gdm
+ conflicts = gdm
+ backup = etc/pam.d/gdm-autologin
+ backup = etc/pam.d/gdm-fingerprint
+ backup = etc/pam.d/gdm-launch-environment
+ backup = etc/pam.d/gdm-password
+ backup = etc/pam.d/gdm-smartcard
+ backup = etc/gdm/custom.conf
+ backup = etc/gdm/Xsession
+ backup = etc/gdm/PostSession/Default
+ backup = etc/gdm/PreSession/Default
+
+pkgname = libgdm-git
+ pkgdesc = GDM support library
+ depends = systemd
+ depends = glib2
+ depends = dconf
+ provides = libgdm
+ conflicts = libgdm
+
diff --git a/0001-Xsession-Don-t-start-ssh-agent-by-default.patch b/0001-Xsession-Don-t-start-ssh-agent-by-default.patch
new file mode 100644
index 000000000000..7c5efabcceea
--- /dev/null
+++ b/0001-Xsession-Don-t-start-ssh-agent-by-default.patch
@@ -0,0 +1,30 @@
+From 58cdf43d7b053a7370e6779d06835c239598f59a Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
+Date: Sat, 20 Jun 2015 17:22:38 +0200
+Subject: [PATCH 1/3] Xsession: Don't start ssh-agent by default
+
+---
+ data/Xsession.in | 8 --------
+ 1 file changed, 8 deletions(-)
+
+diff --git a/data/Xsession.in b/data/Xsession.in
+index 9d79558c..ff6d9de0 100755
+--- a/data/Xsession.in
++++ b/data/Xsession.in
+@@ -175,14 +175,6 @@ if [ "x$command" = "xdefault" ] ; then
+ fi
+ fi
+
+-# add ssh-agent if found
+-sshagent="`gdmwhich ssh-agent`"
+-if [ -n "$sshagent" ] && [ -x "$sshagent" ] && [ -z "$SSH_AUTH_SOCK" ]; then
+- command="$sshagent -- $command"
+-elif [ -z "$sshagent" ] ; then
+- echo "$0: ssh-agent not found!"
+-fi
+-
+ echo "$0: Setup done, will execute: $command"
+
+ eval exec $command
+--
+2.23.0
diff --git a/0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch b/0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch
new file mode 100644
index 000000000000..fde4c6cbcc19
--- /dev/null
+++ b/0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch
@@ -0,0 +1,29 @@
+From a9c2cb0ae478caf40cc24001fbf6cfbbcc19196e Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
+Date: Tue, 10 Sep 2019 20:37:08 +0000
+Subject: [PATCH 2/3] pam-arch: Don't check greeter account for expiry
+
+systemd-sysusers now creates expired accounts, which broke the greeter
+on new installations.
+
+Doesn't actually fully fix the problem as the user@.service still fails
+to launch.
+---
+ data/pam-arch/gdm-launch-environment.pam | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/data/pam-arch/gdm-launch-environment.pam b/data/pam-arch/gdm-launch-environment.pam
+index 618a7d3a..89521472 100644
+--- a/data/pam-arch/gdm-launch-environment.pam
++++ b/data/pam-arch/gdm-launch-environment.pam
+@@ -1,7 +1,7 @@
+ auth required pam_env.so
+ auth optional pam_permit.so
+
+-account include system-local-login
++account optional pam_permit.so
+
+ password required pam_deny.so
+
+--
+2.23.0
diff --git a/0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch b/0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch
new file mode 100644
index 000000000000..16f462336b06
--- /dev/null
+++ b/0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch
@@ -0,0 +1,30 @@
+From 3b6ca2e211b9874e61e9a6950c52b52f2a79dca3 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
+Date: Tue, 10 Sep 2019 20:41:10 +0000
+Subject: [PATCH 3/3] pam-arch: Restrict greeter service to the gdm user
+
+Copied from pam-exherbo.
+---
+ data/pam-arch/gdm-launch-environment.pam | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/data/pam-arch/gdm-launch-environment.pam b/data/pam-arch/gdm-launch-environment.pam
+index 89521472..d59c9cb9 100644
+--- a/data/pam-arch/gdm-launch-environment.pam
++++ b/data/pam-arch/gdm-launch-environment.pam
+@@ -1,10 +1,13 @@
+ auth required pam_env.so
++auth required pam_succeed_if.so audit quiet_success user = gdm
+ auth optional pam_permit.so
+
++account required pam_succeed_if.so audit quiet_success user = gdm
+ account optional pam_permit.so
+
+ password required pam_deny.so
+
+ session optional pam_keyinit.so force revoke
++session required pam_succeed_if.so audit quiet_success user = gdm
+ session required pam_systemd.so
+ session optional pam_permit.so
+--
+2.23.0
diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 000000000000..a5a5328f7cc4
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,93 @@
+pkgbase=gdm-git
+pkgname=(gdm-git libgdm-git)
+pkgver=3.34.1+6+g8e109b8b
+pkgrel=1
+pkgdesc="Display manager and login screen"
+url="https://wiki.gnome.org/Projects/GDM"
+arch=(x86_64)
+license=(GPL)
+depends=('gnome-shell' 'gnome-session' 'upower' 'xorg-xrdb' 'xorg-server' 'xorg-xhost')
+makedepends=('yelp-tools' 'gobject-introspection' 'git' 'docbook-xsl')
+checkdepends=('check')
+source=("git+https://gitlab.gnome.org/GNOME/gdm.git"
+ 0001-Xsession-Don-t-start-ssh-agent-by-default.patch
+ 0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch
+ 0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch)
+sha256sums=('SKIP'
+ '098ffb1cdc0232f014e5fe5fb8d268b752afc54d6ee661664036879acd075b22'
+ '2e2b12d4609004a010245de51a8c017b164e84f249cd19706d020cb599d2d7e7'
+ '3fa02eb7bbbe1586eae4ae98221a284251ca2869dc731c80b753e7effc443379')
+
+pkgver() {
+ cd gdm
+ git describe --tags | sed 's/-/+/g'
+}
+
+prepare() {
+ mkdir build
+ cd gdm
+ patch -Np1 -i ../0001-Xsession-Don-t-start-ssh-agent-by-default.patch
+
+ # https://bugs.archlinux.org/task/63706
+ patch -Np1 -i ../0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch
+ patch -Np1 -i ../0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch
+
+ NOCONFIGURE=1 ./autogen.sh
+}
+
+build() {
+ cd build
+ ../gdm/configure \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --sbindir=/usr/bin \
+ --libexecdir=/usr/lib \
+ with_dbus_sys=/usr/share/dbus-1/system.d \
+ --disable-schemas-compile \
+ --disable-static \
+ --enable-gdm-xsession \
+ --enable-ipv6 \
+ --with-default-pam-config=arch \
+ --with-default-path=/usr/local/bin:/usr/local/sbin:/usr/bin \
+ --without-plymouth \
+ --without-tcp-wrappers
+ sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
+ make
+}
+
+check() {
+ make -C build check
+}
+
+package_gdm-git() {
+ depends+=('libgdm')
+ optdepends=('fprintd: fingerprint authentication')
+ provides=('gdm')
+ conflicts=('gdm')
+ backup=(etc/pam.d/gdm-autologin etc/pam.d/gdm-fingerprint etc/pam.d/gdm-launch-environment
+ etc/pam.d/gdm-password etc/pam.d/gdm-smartcard etc/gdm/custom.conf
+ etc/gdm/Xsession etc/gdm/PostSession/Default etc/gdm/PreSession/Default)
+ install=gdm.install
+
+ DESTDIR="$pkgdir" make -C build install
+
+ chown -Rc 120:120 "$pkgdir/var/lib/gdm"
+
+ # Unused or created at start
+ rm -r "$pkgdir"/var/{cache,log,run}
+
+### Split libgdm
+ mkdir -p libgdm/{lib,share}
+ mv -t libgdm "$pkgdir"/usr/include
+ mv -t libgdm/lib "$pkgdir"/usr/lib/{girepository-1.0,libgdm*,pkgconfig}
+ mv -t libgdm/share "$pkgdir"/usr/share/{gir-1.0,glib-2.0}
+}
+
+package_libgdm-git() {
+ pkgdesc="GDM support library"
+ depends=('systemd' 'glib2' 'dconf')
+ provides=('libgdm')
+ conflicts=('libgdm')
+ mv libgdm "$pkgdir/usr"
+}
diff --git a/gdm.install b/gdm.install
new file mode 100644
index 000000000000..74aa44da143d
--- /dev/null
+++ b/gdm.install
@@ -0,0 +1,17 @@
+post_install() {
+ # Can't use sysusers as the greeter session cannot launch with an expired 'gdm' account
+ # https://bugs.archlinux.org/task/63706
+ if ! getent passwd gdm >/dev/null; then
+ groupadd -r -g 120 gdm
+ useradd -r -c "Gnome Display Manager" -u 120 -g gdm -d /var/lib/gdm -s /sbin/nologin gdm
+ passwd -ql gdm
+ fi
+}
+
+post_upgrade() {
+ if (( $(vercmp $2 3.34.0-2) < 0 )); then
+ usermod --expiredate= gdm >/dev/null
+ fi
+}
+
+# vim:set ft=sh sw=2 et: