diff options
-rw-r--r-- | .SRCINFO | 32 | ||||
-rw-r--r-- | 0001-Xsession-Don-t-start-ssh-agent-by-default.patch | 12 | ||||
-rw-r--r-- | 0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch | 29 | ||||
-rw-r--r-- | 0002-pam-arch-Remove-user_readenv-1-from-pam_env.patch | 21 | ||||
-rw-r--r-- | 0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch | 30 | ||||
-rw-r--r-- | PKGBUILD | 139 | ||||
-rw-r--r-- | gdm.install | 10 |
7 files changed, 125 insertions, 148 deletions
@@ -1,9 +1,8 @@ pkgbase = gdm-plymouth pkgdesc = Display manager and login screen with plymouth support - pkgver = 3.34.0 + pkgver = 43.0 pkgrel = 1 url = https://wiki.gnome.org/Projects/GDM - install = gdm.install arch = x86_64 license = GPL checkdepends = check @@ -11,31 +10,38 @@ pkgbase = gdm-plymouth makedepends = gobject-introspection makedepends = git makedepends = docbook-xsl + makedepends = meson depends = plymouth depends = gnome-shell depends = gnome-session depends = upower + depends = systemd depends = xorg-xrdb depends = xorg-server depends = xorg-xhost - source = git+https://gitlab.gnome.org/GNOME/gdm.git#commit=7c8950d94de854a227d2aa0eda82d3145f529a61 + depends = libxdmcp + depends = libcanberra + options = debug + source = git+https://gitlab.gnome.org/GNOME/gdm.git#commit=afa6f2ef3d34048cd7a3e1a1ec478be2ff464806 source = 0001-Xsession-Don-t-start-ssh-agent-by-default.patch - source = 0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch - source = 0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch + source = 0002-pam-arch-Remove-user_readenv-1-from-pam_env.patch sha256sums = SKIP - sha256sums = 7a9a60ac3ec2a7ba8625ebd8974ac19469412e596d823d889628c971d3a27463 - sha256sums = 15c8d7e0a0e03cb45f6bb33b3d91e0332d5d1b835b4aee726118085a35f3b046 - sha256sums = 58105ba0634279e00729180831f82e85342167c6ac324a26e6f8b16483fb4018 + sha256sums = 39a7e1189d423dd428ace9baac77ba0442c6706a861d3c3db9eb3a6643e223f8 + sha256sums = 7e42077a89a6fcf8b02244b01127af7000a10ed55e09e385eb6fac5aef421c07 pkgname = gdm-plymouth + install = gdm.install groups = gnome depends = plymouth depends = gnome-shell depends = gnome-session depends = upower + depends = systemd depends = xorg-xrdb depends = xorg-server depends = xorg-xhost + depends = libxdmcp + depends = libcanberra depends = libgdm-plymouth optdepends = fprintd: fingerprint authentication provides = gdm @@ -51,10 +57,10 @@ pkgname = gdm-plymouth backup = etc/gdm/PreSession/Default pkgname = libgdm-plymouth - pkgdesc = GDM support library with plymouth support - depends = systemd - depends = glib2 - depends = dconf + pkgdesc = Display manager and login screen with plymouth support - support library + depends = libsystemd.so + depends = libglib-2.0.so + depends = libgobject-2.0.so + depends = libgio-2.0.so provides = libgdm conflicts = libgdm - diff --git a/0001-Xsession-Don-t-start-ssh-agent-by-default.patch b/0001-Xsession-Don-t-start-ssh-agent-by-default.patch index 15bb249525f1..56699008c6fc 100644 --- a/0001-Xsession-Don-t-start-ssh-agent-by-default.patch +++ b/0001-Xsession-Don-t-start-ssh-agent-by-default.patch @@ -1,18 +1,17 @@ -From 328a315c21ec71e563d00699f0a79186b229270a Mon Sep 17 00:00:00 2001 -Message-Id: <328a315c21ec71e563d00699f0a79186b229270a.1541542184.git.jan.steffens@gmail.com> +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> Date: Sat, 20 Jun 2015 17:22:38 +0200 -Subject: [PATCH 1/3] Xsession: Don't start ssh-agent by default +Subject: [PATCH] Xsession: Don't start ssh-agent by default --- data/Xsession.in | 8 -------- 1 file changed, 8 deletions(-) diff --git a/data/Xsession.in b/data/Xsession.in -index 9d79558c..ff6d9de0 100755 +index 2e4de4fe384f..29ebc30ea0c5 100755 --- a/data/Xsession.in +++ b/data/Xsession.in -@@ -175,14 +175,6 @@ if [ "x$command" = "xdefault" ] ; then +@@ -207,14 +207,6 @@ if [ "x$command" = "xdefault" ] ; then fi fi @@ -27,6 +26,3 @@ index 9d79558c..ff6d9de0 100755 echo "$0: Setup done, will execute: $command" eval exec $command --- -2.23.0 - diff --git a/0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch b/0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch deleted file mode 100644 index 6d4c5f75765b..000000000000 --- a/0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch +++ /dev/null @@ -1,29 +0,0 @@ -From a9c2cb0ae478caf40cc24001fbf6cfbbcc19196e Mon Sep 17 00:00:00 2001 -From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> -Date: Tue, 10 Sep 2019 20:37:08 +0000 -Subject: [PATCH 2/3] pam-arch: Don't check greeter account for expiry - -systemd-sysusers now creates expired accounts, which broke the greeter -on new installations. - -Doesn't actually fully fix the problem as the user@.service still fails -to launch. ---- - data/pam-arch/gdm-launch-environment.pam | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/data/pam-arch/gdm-launch-environment.pam b/data/pam-arch/gdm-launch-environment.pam -index 618a7d3a..89521472 100644 ---- a/data/pam-arch/gdm-launch-environment.pam -+++ b/data/pam-arch/gdm-launch-environment.pam -@@ -1,7 +1,7 @@ - auth required pam_env.so - auth optional pam_permit.so - --account include system-local-login -+account optional pam_permit.so - - password required pam_deny.so - --- -2.23.0 diff --git a/0002-pam-arch-Remove-user_readenv-1-from-pam_env.patch b/0002-pam-arch-Remove-user_readenv-1-from-pam_env.patch new file mode 100644 index 000000000000..fcc39cf93f19 --- /dev/null +++ b/0002-pam-arch-Remove-user_readenv-1-from-pam_env.patch @@ -0,0 +1,21 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" <heftig@archlinux.org> +Date: Thu, 20 Oct 2022 20:03:36 +0000 +Subject: [PATCH] pam-arch: Remove user_readenv=1 from pam_env + +The insecure `user_readenv` setting has been deprecated with pam 1.5.0 +and will be removed in a future release. +--- + data/pam-arch/gdm-launch-environment.pam | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/data/pam-arch/gdm-launch-environment.pam b/data/pam-arch/gdm-launch-environment.pam +index 20d1810a68f5..3c4ad407df89 100644 +--- a/data/pam-arch/gdm-launch-environment.pam ++++ b/data/pam-arch/gdm-launch-environment.pam +@@ -14,4 +14,4 @@ session optional pam_keyinit.so force revoke + session required pam_succeed_if.so audit quiet_success user in gdm:gnome-initial-setup + session optional pam_permit.so + -session optional pam_systemd.so +-session required pam_env.so user_readenv=1 ++session required pam_env.so diff --git a/0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch b/0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch deleted file mode 100644 index 98c2c184ae2c..000000000000 --- a/0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 3b6ca2e211b9874e61e9a6950c52b52f2a79dca3 Mon Sep 17 00:00:00 2001 -From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> -Date: Tue, 10 Sep 2019 20:41:10 +0000 -Subject: [PATCH 3/3] pam-arch: Restrict greeter service to the gdm user - -Copied from pam-exherbo. ---- - data/pam-arch/gdm-launch-environment.pam | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/data/pam-arch/gdm-launch-environment.pam b/data/pam-arch/gdm-launch-environment.pam -index 89521472..d59c9cb9 100644 ---- a/data/pam-arch/gdm-launch-environment.pam -+++ b/data/pam-arch/gdm-launch-environment.pam -@@ -1,10 +1,13 @@ - auth required pam_env.so -+auth required pam_succeed_if.so audit quiet_success user = gdm - auth optional pam_permit.so - -+account required pam_succeed_if.so audit quiet_success user = gdm - account optional pam_permit.so - - password required pam_deny.so - - session optional pam_keyinit.so force revoke -+session required pam_succeed_if.so audit quiet_success user = gdm - session required pam_systemd.so - session optional pam_permit.so --- -2.23.0 @@ -7,68 +7,66 @@ _pkgbase=gdm pkgbase=gdm-plymouth pkgname=(gdm-plymouth libgdm-plymouth) -pkgver=3.34.0 +pkgver=43.0 pkgrel=1 pkgdesc="Display manager and login screen with plymouth support" url="https://wiki.gnome.org/Projects/GDM" arch=(x86_64) license=(GPL) -depends=(plymouth gnome-shell gnome-session upower xorg-xrdb xorg-server xorg-xhost) -makedepends=(yelp-tools gobject-introspection git docbook-xsl) +depends=(plymouth gnome-shell gnome-session upower systemd xorg-xrdb xorg-server xorg-xhost libxdmcp libcanberra) +makedepends=(yelp-tools gobject-introspection git docbook-xsl meson) checkdepends=(check) -_commit=7c8950d94de854a227d2aa0eda82d3145f529a61 # tags/3.34.0^0 +options=(debug) +_commit=afa6f2ef3d34048cd7a3e1a1ec478be2ff464806 # tags/43.0 source=("git+https://gitlab.gnome.org/GNOME/gdm.git#commit=$_commit" 0001-Xsession-Don-t-start-ssh-agent-by-default.patch - 0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch - 0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch) + 0002-pam-arch-Remove-user_readenv-1-from-pam_env.patch) sha256sums=('SKIP' - '7a9a60ac3ec2a7ba8625ebd8974ac19469412e596d823d889628c971d3a27463' - '15c8d7e0a0e03cb45f6bb33b3d91e0332d5d1b835b4aee726118085a35f3b046' - '58105ba0634279e00729180831f82e85342167c6ac324a26e6f8b16483fb4018') -install=gdm.install - -pkgver() { - cd gdm - git describe --tags | sed 's/-/+/g' -} + '39a7e1189d423dd428ace9baac77ba0442c6706a861d3c3db9eb3a6643e223f8' + '7e42077a89a6fcf8b02244b01127af7000a10ed55e09e385eb6fac5aef421c07') -prepare() { - mkdir -p build - cd gdm - patch -Np1 -i ../0001-Xsession-Don-t-start-ssh-agent-by-default.patch +#pkgver() { +# cd $_pkgbase +# git describe --tags | sed 's/[^-]*-g/r&/;s/-/+/g' +#} -# https://bugs.archlinux.org/task/63706 - patch -Np1 -i ../0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch - patch -Np1 -i ../0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch +prepare() { + cd $_pkgbase + + # Don't start ssh-agent by default + git apply -3 ../0001-Xsession-Don-t-start-ssh-agent-by-default.patch - NOCONFIGURE=1 ./autogen.sh + # https://bugs.archlinux.org/task/68945 + git apply -3 ../0002-pam-arch-Remove-user_readenv-1-from-pam_env.patch } build() { - cd build - ../gdm/configure \ - --prefix=/usr \ - --sysconfdir=/etc \ - --localstatedir=/var \ - --sbindir=/usr/bin \ - --libexecdir=/usr/lib \ - with_dbus_sys=/usr/share/dbus-1/system.d \ - --disable-schemas-compile \ - --disable-static \ - --enable-gdm-xsession \ - --enable-ipv6 \ - --with-default-pam-config=arch \ - --with-default-path=/usr/local/bin:/usr/local/sbin:/usr/bin \ - --with-plymouth \ - --without-tcp-wrappers - - sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool - - make + local meson_options=( + -D dbus-sys="/usr/share/dbus-1/system.d" + -D default-pam-config=arch + -D default-path="/usr/local/bin:/usr/local/sbin:/usr/bin" + -D gdm-xsession=true + -D ipv6=true + -D run-dir=/run/gdm + -D selinux=disabled + ) + + arch-meson gdm build "${meson_options[@]}" + meson compile -C build } check() { - make -C build check + meson test -C build --print-errorlogs +} + +_pick() { + local p="$1" f d; shift + for f; do + d="$srcdir/$p/${f#$pkgdir/}" + mkdir -p "$(dirname "$d")" + mv "$f" "$d" + rmdir -p --ignore-fail-on-non-empty "$(dirname "$f")" + done } package_gdm-plymouth() { @@ -80,25 +78,50 @@ package_gdm-plymouth() { etc/pam.d/gdm-password etc/pam.d/gdm-smartcard etc/gdm/custom.conf etc/gdm/Xsession etc/gdm/PostSession/Default etc/gdm/PreSession/Default) groups=(gnome) + install=gdm.install + + meson install -C build --destdir "$pkgdir" - DESTDIR="$pkgdir" make -C build install + cd "$pkgdir" - chown -Rc 120:120 "$pkgdir/var/lib/gdm" + install -d -o 0 -g 0 -m 0755 var + install -d -o 0 -g 0 -m 0755 var/lib + install -d -o 120 -g 120 -m 1770 var/lib/gdm + install -d -o 120 -g 120 -m 0700 var/lib/gdm/.config + install -d -o 120 -g 120 -m 0700 var/lib/gdm/.config/pulse + install -d -o 120 -g 120 -m 0700 var/lib/gdm/.local + install -d -o 120 -g 120 -m 0755 var/lib/gdm/.local/share + install -d -o 120 -g 120 -m 0755 var/lib/gdm/.local/share/applications - # Unused or created at start - rm -r "$pkgdir"/var/{cache,log,run} + # https://src.fedoraproject.org/rpms/gdm/blob/master/f/default.pa-for-gdm + install -o120 -g120 -m644 /dev/stdin var/lib/gdm/.config/pulse/default.pa <<END +load-module module-device-restore +load-module module-card-restore +load-module module-udev-detect +load-module module-native-protocol-unix +load-module module-default-device-restore +load-module module-always-sink +load-module module-intended-roles +load-module module-suspend-on-idle +load-module module-systemd-login +load-module module-position-event-sounds +END -### Split libgdm - mkdir -p libgdm/{lib,share} - mv -t libgdm "$pkgdir"/usr/include - mv -t libgdm/lib "$pkgdir"/usr/lib/{girepository-1.0,libgdm*,pkgconfig} - mv -t libgdm/share "$pkgdir"/usr/share/{gir-1.0,glib-2.0} + install -Dm644 /dev/stdin "$pkgdir/usr/lib/sysusers.d/gdm.conf" <<END +g gdm 120 - +u gdm 120 "Gnome Display Manager" /var/lib/gdm +END + + _pick libgdm usr/include + _pick libgdm usr/lib/{girepository-1.0,libgdm*,pkgconfig} + _pick libgdm usr/share/{gir-1.0,glib-2.0} } package_libgdm-plymouth() { - pkgdesc="GDM support library with plymouth support" - depends=(systemd glib2 dconf) - provides=("libgdm") - conflicts=("libgdm") - mv libgdm "$pkgdir/usr" + pkgdesc+=" - support library" + depends=(libsystemd.so libg{lib,object,io}-2.0.so) + provides=(libgdm) + conflicts=(libgdm) + + mv libgdm/* "$pkgdir" } diff --git a/gdm.install b/gdm.install index 74aa44da143d..4b39564cba61 100644 --- a/gdm.install +++ b/gdm.install @@ -1,13 +1,3 @@ -post_install() { - # Can't use sysusers as the greeter session cannot launch with an expired 'gdm' account - # https://bugs.archlinux.org/task/63706 - if ! getent passwd gdm >/dev/null; then - groupadd -r -g 120 gdm - useradd -r -c "Gnome Display Manager" -u 120 -g gdm -d /var/lib/gdm -s /sbin/nologin gdm - passwd -ql gdm - fi -} - post_upgrade() { if (( $(vercmp $2 3.34.0-2) < 0 )); then usermod --expiredate= gdm >/dev/null |