diff options
-rw-r--r-- | .SRCINFO | 57 | ||||
-rw-r--r-- | 0001-Xsession-Don-t-start-ssh-agent-by-default.patch | 30 | ||||
-rw-r--r-- | 0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch | 29 | ||||
-rw-r--r-- | 0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch | 30 | ||||
-rw-r--r-- | PKGBUILD | 93 | ||||
-rw-r--r-- | gdm.install | 17 |
6 files changed, 256 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..410fc42f8556 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,57 @@ +pkgbase = gdm-git + pkgdesc = Display manager and login screen + pkgver = 3.34.1+6+g8e109b8b + pkgrel = 1 + url = https://wiki.gnome.org/Projects/GDM + arch = x86_64 + license = GPL + checkdepends = check + makedepends = yelp-tools + makedepends = gobject-introspection + makedepends = git + makedepends = docbook-xsl + depends = gnome-shell + depends = gnome-session + depends = upower + depends = xorg-xrdb + depends = xorg-server + depends = xorg-xhost + source = git+https://gitlab.gnome.org/GNOME/gdm.git + source = 0001-Xsession-Don-t-start-ssh-agent-by-default.patch + source = 0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch + source = 0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch + sha256sums = SKIP + sha256sums = 098ffb1cdc0232f014e5fe5fb8d268b752afc54d6ee661664036879acd075b22 + sha256sums = 2e2b12d4609004a010245de51a8c017b164e84f249cd19706d020cb599d2d7e7 + sha256sums = 3fa02eb7bbbe1586eae4ae98221a284251ca2869dc731c80b753e7effc443379 + +pkgname = gdm-git + install = gdm.install + depends = gnome-shell + depends = gnome-session + depends = upower + depends = xorg-xrdb + depends = xorg-server + depends = xorg-xhost + depends = libgdm + optdepends = fprintd: fingerprint authentication + provides = gdm + conflicts = gdm + backup = etc/pam.d/gdm-autologin + backup = etc/pam.d/gdm-fingerprint + backup = etc/pam.d/gdm-launch-environment + backup = etc/pam.d/gdm-password + backup = etc/pam.d/gdm-smartcard + backup = etc/gdm/custom.conf + backup = etc/gdm/Xsession + backup = etc/gdm/PostSession/Default + backup = etc/gdm/PreSession/Default + +pkgname = libgdm-git + pkgdesc = GDM support library + depends = systemd + depends = glib2 + depends = dconf + provides = libgdm + conflicts = libgdm + diff --git a/0001-Xsession-Don-t-start-ssh-agent-by-default.patch b/0001-Xsession-Don-t-start-ssh-agent-by-default.patch new file mode 100644 index 000000000000..7c5efabcceea --- /dev/null +++ b/0001-Xsession-Don-t-start-ssh-agent-by-default.patch @@ -0,0 +1,30 @@ +From 58cdf43d7b053a7370e6779d06835c239598f59a Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> +Date: Sat, 20 Jun 2015 17:22:38 +0200 +Subject: [PATCH 1/3] Xsession: Don't start ssh-agent by default + +--- + data/Xsession.in | 8 -------- + 1 file changed, 8 deletions(-) + +diff --git a/data/Xsession.in b/data/Xsession.in +index 9d79558c..ff6d9de0 100755 +--- a/data/Xsession.in ++++ b/data/Xsession.in +@@ -175,14 +175,6 @@ if [ "x$command" = "xdefault" ] ; then + fi + fi + +-# add ssh-agent if found +-sshagent="`gdmwhich ssh-agent`" +-if [ -n "$sshagent" ] && [ -x "$sshagent" ] && [ -z "$SSH_AUTH_SOCK" ]; then +- command="$sshagent -- $command" +-elif [ -z "$sshagent" ] ; then +- echo "$0: ssh-agent not found!" +-fi +- + echo "$0: Setup done, will execute: $command" + + eval exec $command +-- +2.23.0 diff --git a/0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch b/0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch new file mode 100644 index 000000000000..fde4c6cbcc19 --- /dev/null +++ b/0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch @@ -0,0 +1,29 @@ +From a9c2cb0ae478caf40cc24001fbf6cfbbcc19196e Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> +Date: Tue, 10 Sep 2019 20:37:08 +0000 +Subject: [PATCH 2/3] pam-arch: Don't check greeter account for expiry + +systemd-sysusers now creates expired accounts, which broke the greeter +on new installations. + +Doesn't actually fully fix the problem as the user@.service still fails +to launch. +--- + data/pam-arch/gdm-launch-environment.pam | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/data/pam-arch/gdm-launch-environment.pam b/data/pam-arch/gdm-launch-environment.pam +index 618a7d3a..89521472 100644 +--- a/data/pam-arch/gdm-launch-environment.pam ++++ b/data/pam-arch/gdm-launch-environment.pam +@@ -1,7 +1,7 @@ + auth required pam_env.so + auth optional pam_permit.so + +-account include system-local-login ++account optional pam_permit.so + + password required pam_deny.so + +-- +2.23.0 diff --git a/0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch b/0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch new file mode 100644 index 000000000000..16f462336b06 --- /dev/null +++ b/0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch @@ -0,0 +1,30 @@ +From 3b6ca2e211b9874e61e9a6950c52b52f2a79dca3 Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> +Date: Tue, 10 Sep 2019 20:41:10 +0000 +Subject: [PATCH 3/3] pam-arch: Restrict greeter service to the gdm user + +Copied from pam-exherbo. +--- + data/pam-arch/gdm-launch-environment.pam | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/data/pam-arch/gdm-launch-environment.pam b/data/pam-arch/gdm-launch-environment.pam +index 89521472..d59c9cb9 100644 +--- a/data/pam-arch/gdm-launch-environment.pam ++++ b/data/pam-arch/gdm-launch-environment.pam +@@ -1,10 +1,13 @@ + auth required pam_env.so ++auth required pam_succeed_if.so audit quiet_success user = gdm + auth optional pam_permit.so + ++account required pam_succeed_if.so audit quiet_success user = gdm + account optional pam_permit.so + + password required pam_deny.so + + session optional pam_keyinit.so force revoke ++session required pam_succeed_if.so audit quiet_success user = gdm + session required pam_systemd.so + session optional pam_permit.so +-- +2.23.0 diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..a5a5328f7cc4 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,93 @@ +pkgbase=gdm-git +pkgname=(gdm-git libgdm-git) +pkgver=3.34.1+6+g8e109b8b +pkgrel=1 +pkgdesc="Display manager and login screen" +url="https://wiki.gnome.org/Projects/GDM" +arch=(x86_64) +license=(GPL) +depends=('gnome-shell' 'gnome-session' 'upower' 'xorg-xrdb' 'xorg-server' 'xorg-xhost') +makedepends=('yelp-tools' 'gobject-introspection' 'git' 'docbook-xsl') +checkdepends=('check') +source=("git+https://gitlab.gnome.org/GNOME/gdm.git" + 0001-Xsession-Don-t-start-ssh-agent-by-default.patch + 0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch + 0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch) +sha256sums=('SKIP' + '098ffb1cdc0232f014e5fe5fb8d268b752afc54d6ee661664036879acd075b22' + '2e2b12d4609004a010245de51a8c017b164e84f249cd19706d020cb599d2d7e7' + '3fa02eb7bbbe1586eae4ae98221a284251ca2869dc731c80b753e7effc443379') + +pkgver() { + cd gdm + git describe --tags | sed 's/-/+/g' +} + +prepare() { + mkdir build + cd gdm + patch -Np1 -i ../0001-Xsession-Don-t-start-ssh-agent-by-default.patch + + # https://bugs.archlinux.org/task/63706 + patch -Np1 -i ../0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch + patch -Np1 -i ../0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch + + NOCONFIGURE=1 ./autogen.sh +} + +build() { + cd build + ../gdm/configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --sbindir=/usr/bin \ + --libexecdir=/usr/lib \ + with_dbus_sys=/usr/share/dbus-1/system.d \ + --disable-schemas-compile \ + --disable-static \ + --enable-gdm-xsession \ + --enable-ipv6 \ + --with-default-pam-config=arch \ + --with-default-path=/usr/local/bin:/usr/local/sbin:/usr/bin \ + --without-plymouth \ + --without-tcp-wrappers + sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool + make +} + +check() { + make -C build check +} + +package_gdm-git() { + depends+=('libgdm') + optdepends=('fprintd: fingerprint authentication') + provides=('gdm') + conflicts=('gdm') + backup=(etc/pam.d/gdm-autologin etc/pam.d/gdm-fingerprint etc/pam.d/gdm-launch-environment + etc/pam.d/gdm-password etc/pam.d/gdm-smartcard etc/gdm/custom.conf + etc/gdm/Xsession etc/gdm/PostSession/Default etc/gdm/PreSession/Default) + install=gdm.install + + DESTDIR="$pkgdir" make -C build install + + chown -Rc 120:120 "$pkgdir/var/lib/gdm" + + # Unused or created at start + rm -r "$pkgdir"/var/{cache,log,run} + +### Split libgdm + mkdir -p libgdm/{lib,share} + mv -t libgdm "$pkgdir"/usr/include + mv -t libgdm/lib "$pkgdir"/usr/lib/{girepository-1.0,libgdm*,pkgconfig} + mv -t libgdm/share "$pkgdir"/usr/share/{gir-1.0,glib-2.0} +} + +package_libgdm-git() { + pkgdesc="GDM support library" + depends=('systemd' 'glib2' 'dconf') + provides=('libgdm') + conflicts=('libgdm') + mv libgdm "$pkgdir/usr" +} diff --git a/gdm.install b/gdm.install new file mode 100644 index 000000000000..74aa44da143d --- /dev/null +++ b/gdm.install @@ -0,0 +1,17 @@ +post_install() { + # Can't use sysusers as the greeter session cannot launch with an expired 'gdm' account + # https://bugs.archlinux.org/task/63706 + if ! getent passwd gdm >/dev/null; then + groupadd -r -g 120 gdm + useradd -r -c "Gnome Display Manager" -u 120 -g gdm -d /var/lib/gdm -s /sbin/nologin gdm + passwd -ql gdm + fi +} + +post_upgrade() { + if (( $(vercmp $2 3.34.0-2) < 0 )); then + usermod --expiredate= gdm >/dev/null + fi +} + +# vim:set ft=sh sw=2 et: |