From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id B0E9E138334 for ; Tue, 19 Mar 2019 22:40:19 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C1ED2E0894; Tue, 19 Mar 2019 22:40:18 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 89204E0894 for ; Tue, 19 Mar 2019 22:40:18 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id A3F1D335D0E for ; Tue, 19 Mar 2019 22:40:16 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id F1857503 for ; Tue, 19 Mar 2019 22:40:14 +0000 (UTC) From: "Mart Raudsepp" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mart Raudsepp" Message-ID: <1553035160.003b0f462810dfbeee0edda88243d19983dc3333.leio@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: gnome-base/gdm/, gnome-base/gdm/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: gnome-base/gdm/files/3.30.3-pam-drop-legacy-arg.patch gnome-base/gdm/files/pam-elogind.patch gnome-base/gdm/gdm-3.30.3-r1.ebuild gnome-base/gdm/metadata.xml X-VCS-Directories: gnome-base/gdm/ gnome-base/gdm/files/ X-VCS-Committer: leio X-VCS-Committer-Name: Mart Raudsepp X-VCS-Revision: 003b0f462810dfbeee0edda88243d19983dc3333 X-VCS-Branch: master Date: Tue, 19 Mar 2019 22:40:14 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 4e9a5167-e9a6-4575-af66-440465d7eb9b X-Archives-Hash: 83ebf92790d9e78035ef9eb5b3b93ffe commit: 003b0f462810dfbeee0edda88243d19983dc3333 Author: Mart Raudsepp gentoo org> AuthorDate: Tue Mar 19 21:39:51 2019 +0000 Commit: Mart Raudsepp gentoo org> CommitDate: Tue Mar 19 22:39:20 2019 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=003b0f46 gnome-base/gdm: add elogind support Include a patch from 3.32 that removes long gone legacy argument to pam_systemd.so, as to make it uniform with the added elogind support (and not add that legacy arg there too) and be able to reuse the pam-elogind.patch bits for 3.32 without changes, just dropping the argument patch. The elogind support is achieved without configure.ac patches by making use of the standard PKG_CHECK_MODULES builtin AC_ARG_VAR provided variable override support and passing elogind values there as a drop-in replacement. So we don't need an eautoreconf and maintaing an autotools patch until upstream moves to meson. Initial VT is put back to 7 for elogind for the time being until there is more clarity what will happen with startDM.sh and how things interact with agetty out of the box (potential keyboard stealing, etc). Closes: https://bugs.gentoo.org/645348 Package-Manager: Portage-2.3.52, Repoman-2.3.12 Signed-off-by: Mart Raudsepp gentoo.org> .../gdm/files/3.30.3-pam-drop-legacy-arg.patch | 29 +++ gnome-base/gdm/files/pam-elogind.patch | 24 +++ gnome-base/gdm/gdm-3.30.3-r1.ebuild | 222 +++++++++++++++++++++ gnome-base/gdm/metadata.xml | 1 + 4 files changed, 276 insertions(+) diff --git a/gnome-base/gdm/files/3.30.3-pam-drop-legacy-arg.patch b/gnome-base/gdm/files/3.30.3-pam-drop-legacy-arg.patch new file mode 100644 index 00000000000..8d82a284bf5 --- /dev/null +++ b/gnome-base/gdm/files/3.30.3-pam-drop-legacy-arg.patch @@ -0,0 +1,29 @@ +From a26ed5502622c22daa175861fa9d651a32131cf5 Mon Sep 17 00:00:00 2001 +From: Marc-Antoine Perennou +Date: Sat, 16 Feb 2019 08:47:45 +0100 +Subject: [PATCH 1/2] pam-exherbo: drop legacy pam_systemd argument + +kill-session-processes=1 is long gone + +Signed-off-by: Marc-Antoine Perennou +(cherry picked from commit 13e6666b1e1000d757ac5621a83105110f55e3e3) +--- + data/pam-exherbo/gdm-launch-environment.pam | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/data/pam-exherbo/gdm-launch-environment.pam b/data/pam-exherbo/gdm-launch-environment.pam +index 8c13b3bc..51a8e003 100644 +--- a/data/pam-exherbo/gdm-launch-environment.pam ++++ b/data/pam-exherbo/gdm-launch-environment.pam +@@ -8,7 +8,7 @@ auth required pam_permit.so + + password required pam_deny.so + +--session optional pam_systemd.so kill-session-processes=1 ++-session optional pam_systemd.so + session optional pam_keyinit.so force revoke + session required pam_succeed_if.so audit quiet_success user = gdm + session required pam_permit.so +-- +2.17.0 + diff --git a/gnome-base/gdm/files/pam-elogind.patch b/gnome-base/gdm/files/pam-elogind.patch new file mode 100644 index 00000000000..e17bed395b5 --- /dev/null +++ b/gnome-base/gdm/files/pam-elogind.patch @@ -0,0 +1,24 @@ +From 96e605d6bd832a89f022872492a9c9cb1eb62f66 Mon Sep 17 00:00:00 2001 +From: Mart Raudsepp +Date: Tue, 19 Mar 2019 23:13:29 +0200 +Subject: [PATCH 2/2] pam-exherbo: Support elogind + +--- + data/pam-exherbo/gdm-launch-environment.pam | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/data/pam-exherbo/gdm-launch-environment.pam b/data/pam-exherbo/gdm-launch-environment.pam +index 51a8e003..c697a528 100644 +--- a/data/pam-exherbo/gdm-launch-environment.pam ++++ b/data/pam-exherbo/gdm-launch-environment.pam +@@ -8,6 +8,7 @@ auth required pam_permit.so + + password required pam_deny.so + ++-session optional pam_elogind.so + -session optional pam_systemd.so + session optional pam_keyinit.so force revoke + session required pam_succeed_if.so audit quiet_success user = gdm +-- +2.17.0 + diff --git a/gnome-base/gdm/gdm-3.30.3-r1.ebuild b/gnome-base/gdm/gdm-3.30.3-r1.ebuild new file mode 100644 index 00000000000..fe94fdcdbc4 --- /dev/null +++ b/gnome-base/gdm/gdm-3.30.3-r1.ebuild @@ -0,0 +1,222 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +GNOME2_LA_PUNT="yes" + +inherit eutils gnome2 pam readme.gentoo-r1 systemd udev user + +DESCRIPTION="GNOME Display Manager for managing graphical display servers and user logins" +HOMEPAGE="https://wiki.gnome.org/Projects/GDM" + +SRC_URI="${SRC_URI} + branding? ( https://www.mail-archive.com/tango-artists@lists.freedesktop.org/msg00043/tango-gentoo-v1.1.tar.gz ) +" + +LICENSE=" + GPL-2+ + branding? ( CC-BY-SA-4.0 ) +" + +SLOT="0" + +IUSE="accessibility audit branding elogind fprint +introspection ipv6 plymouth selinux smartcard systemd tcpd test wayland xinerama" +REQUIRED_USE="^^ ( elogind systemd )" + +KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sh ~x86" + +# NOTE: x11-base/xorg-server dep is for X_SERVER_PATH etc, bug #295686 +# nspr used by smartcard extension +# dconf, dbus and g-s-d are needed at install time for dconf update +# We need either systemd or >=openrc-0.12 to restart gdm properly, bug #463784 +COMMON_DEPEND=" + app-text/iso-codes + >=dev-libs/glib-2.44:2 + >=x11-libs/gtk+-2.91.1:3 + >=gnome-base/dconf-0.20 + >=gnome-base/gnome-settings-daemon-3.1.4 + gnome-base/gsettings-desktop-schemas + >=media-libs/fontconfig-2.5.0:1.0 + >=media-libs/libcanberra-0.4[gtk3] + sys-apps/dbus + >=sys-apps/accountsservice-0.6.35 + + x11-base/xorg-server + x11-libs/libXau + x11-libs/libX11 + x11-libs/libXdmcp + x11-libs/libXext + x11-libs/libxcb + >=x11-misc/xdg-utils-1.0.2-r3 + + virtual/pam + elogind? ( >=sys-auth/elogind-239.3[pam] ) + systemd? ( >=sys-apps/systemd-186:0=[pam] ) + + sys-auth/pambase[elogind?,systemd?] + + audit? ( sys-process/audit ) + introspection? ( >=dev-libs/gobject-introspection-0.9.12:= ) + plymouth? ( sys-boot/plymouth ) + selinux? ( sys-libs/libselinux ) + tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) + xinerama? ( x11-libs/libXinerama ) +" +# XXX: These deps are from session and desktop files in data/ directory +# fprintd is used via dbus by gdm-fingerprint-extension +# gnome-session-3.6 needed to avoid freezing with orca +RDEPEND="${COMMON_DEPEND} + >=gnome-base/gnome-session-3.6 + >=gnome-base/gnome-shell-3.1.90 + x11-apps/xhost + + accessibility? ( + >=app-accessibility/orca-3.10 + gnome-extra/mousetweaks ) + fprint? ( + sys-auth/fprintd + sys-auth/pam_fprint ) + + !gnome-extra/fast-user-switch-applet +" +DEPEND="${COMMON_DEPEND} + app-text/docbook-xml-dtd:4.1.2 + dev-util/gdbus-codegen + dev-util/glib-utils + dev-util/itstool + >=sys-devel/gettext-0.19.8 + virtual/pkgconfig + x11-base/xorg-proto + test? ( >=dev-libs/check-0.9.4 ) +" + +DOC_CONTENTS=" + To make GDM start at boot with systemd, run:\n + # systemctl enable gdm.service\n + \n + To make GDM start at boot with OpenRC, edit /etc/conf.d to have + DISPLAYMANAGER=\"gdm\" and enable the xdm service:\n + # rc-update add xdm + \n + For passwordless login to unlock your keyring, you need to install + sys-auth/pambase with USE=gnome-keyring and set an empty password + on your keyring. Use app-crypt/seahorse for that.\n + \n + You may need to install app-crypt/coolkey and sys-auth/pam_pkcs11 + for smartcard support +" + +pkg_setup() { + enewgroup gdm + enewgroup video # Just in case it hasn't been created yet + enewuser gdm -1 -1 /var/lib/gdm gdm,video + + # For compatibility with certain versions of nvidia-drivers, etc., need to + # ensure that gdm user is in the video group + if ! egetent group video | grep -q gdm; then + # FIXME XXX: is this at all portable, ldap-safe, etc.? + # XXX: egetent does not have a 1-argument form, so we can't use it to + # get the list of gdm's groups + local g=$(groups gdm) + elog "Adding user gdm to video group" + usermod -G video,${g// /,} gdm || die "Adding user gdm to video group failed" + fi +} + +src_prepare() { + # ssh-agent handling must be done at xinitrc.d, bug #220603 + eapply "${FILESDIR}/${PN}-2.32.0-xinitrc-ssh-agent.patch" + + # Gentoo does not have a fingerprint-auth pam stack + eapply "${FILESDIR}/${PN}-3.8.4-fingerprint-auth.patch" + + # Drop legacy argument to pam_systemd.so, included in 3.32 + eapply "${FILESDIR}/${PV}-pam-drop-legacy-arg.patch" + # Support pam_elogind.so in gdm-launch-environment.pam + eapply "${FILESDIR}/pam-elogind.patch" + + # Show logo when branding is enabled + use branding && eapply "${FILESDIR}/${PN}-3.30.3-logo.patch" + + gnome2_src_prepare +} + +src_configure() { + # PAM is the only auth scheme supported + # even though configure lists shadow and crypt + # they don't have any corresponding code. + # --with-at-spi-registryd-directory= needs to be passed explicitly because + # of https://bugzilla.gnome.org/show_bug.cgi?id=607643#c4 + # Xevie is obsolete, bug #482304 + + # --with-initial-vt=7 conflicts with plymouth, bug #453392 + # gdm-3.30 now reaps (stops) the login screen when the login VT isn't active, which + # saves on memory. However this means if we don't start on VT1, gdm doesn't start up + # before user manually goes to VT7. Thus as-is we can not keep gdm away from VT1, + # so lets try always having it in VT1 and see if that is an issue for people before + # hacking up workarounds for the initial start case. + # ! use plymouth && myconf="${myconf} --with-initial-vt=7" + local myconf=( + --enable-gdm-xsession + --enable-user-display-server + --with-run-dir=/run/gdm + --localstatedir="${EPREFIX}"/var + --disable-static + --with-xdmcp=yes + --enable-authentication-scheme=pam + --with-default-pam-config=exherbo + --with-pam-mod-dir=$(getpam_mod_dir) + --with-udevdir=$(get_udevdir) + --with-at-spi-registryd-directory="${EPREFIX}"/usr/libexec + --without-xevie + $(use_enable systemd systemd-journal) + --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" + $(use_with audit libaudit) + $(use_enable ipv6) + $(use_with plymouth) + $(use_with selinux) + $(use_with tcpd tcp-wrappers) + $(use_enable wayland wayland-support) + $(use_with xinerama) + ) + + if use elogind; then + myconf+=( + --with-initial-vt=7 # TODO: Revisit together with startDM.sh and other xinit talks; also ignores plymouth possibility + SYSTEMD_CFLAGS=`pkg-config --cflags "libelogind" 2>/dev/null` + SYSTEMD_LIBS=`pkg-config --libs "libelogind" 2>/dev/null` + ) + fi + + gnome2_src_configure "${myconf[@]}" +} + +src_install() { + gnome2_src_install + + if ! use accessibility ; then + rm "${ED}"/usr/share/gdm/greeter/autostart/orca-autostart.desktop || die + fi + + exeinto /etc/X11/xinit/xinitrc.d + newexe "${FILESDIR}/49-keychain-r1" 49-keychain + newexe "${FILESDIR}/50-ssh-agent-r1" 50-ssh-agent + + # gdm user's home directory + keepdir /var/lib/gdm + fowners gdm:gdm /var/lib/gdm + + # install XDG_DATA_DIRS gdm changes + echo 'XDG_DATA_DIRS="/usr/share/gdm"' > 99xdg-gdm + doenvd 99xdg-gdm + + use branding && newicon "${WORKDIR}/tango-gentoo-v1.1/scalable/gentoo.svg" gentoo-gdm.svg + + readme.gentoo_create_doc +} + +pkg_postinst() { + gnome2_pkg_postinst + systemd_reenable gdm.service + readme.gentoo_print_elog +} diff --git a/gnome-base/gdm/metadata.xml b/gnome-base/gdm/metadata.xml index 747420ed8b5..ac51d07ebe2 100644 --- a/gnome-base/gdm/metadata.xml +++ b/gnome-base/gdm/metadata.xml @@ -6,6 +6,7 @@ Gentoo GNOME Desktop + Use sys-auth/elogind for session management Enables experimental fingerprint authentication using sys-auth/fprintd Enable support for smooth transition from