moritzruth/void-packages
1
0
Fork 0
Code Releases Activity Actions 2

gdm: use Arch pam config files; bump requirements; misc tweaks.

Browse source
This commit is contained in:
Juan RP 2014-11-30 10:57:57 +01:00
parent a719ef80df
commit 4f3505b0f9
9 changed files with 209 additions and 129 deletions
Download patch file Download diff file Expand all files Collapse all files

20
srcpkgs/gdm/files/gdm-autologin.pam
View file

@ -1,20 +0,0 @@
#%PAM-1.0
auth requisite pam_nologin.so
auth required pam_env.so
auth requisite pam_permit.so
auth sufficient pam_succeed_if.so uid >= 1000 quiet
auth required pam_deny.so
account required pam_unix.so
password required pam_deny.so
session required pam_loginuid.so
session optional pam_keyinit.so revoke
session optional pam_gnome_keyring.so
-session optional pam_systemd.so
-session optional pam_ck_connector.so nox11
session required pam_unix.so
session required pam_limits.so

20
srcpkgs/gdm/files/gdm-fingerprint.pam
View file

@ -1,20 +0,0 @@
#%PAM-1.0
auth requisite pam_nologin.so
auth required pam_env.so
auth requisite pam_fprintd.so
auth sufficient pam_succeed_if.so uid >= 1000 quiet
auth required pam_deny.so
account required pam_unix.so
password required pam_deny.so
session required pam_loginuid.so
session optional pam_keyinit.so revoke
session optional pam_gnome_keyring.so
-session optional pam_systemd.so
-session optional pam_ck_connector.so nox11
session required pam_unix.so
session required pam_limits.so

14
srcpkgs/gdm/files/gdm-launch-environment.pam
View file

@ -1,14 +0,0 @@
#%PAM-1.0
auth required pam_env.so
auth required pam_permit.so
account required pam_nologin.so
account required pam_unix.so
password required pam_deny.so
session required pam_loginuid.so
session optional pam_gnome_keyring.so
-session optional pam_systemd.so
-session optional pam_ck_connector.so nox11
session optional pam_keyinit.so force revoke

21
srcpkgs/gdm/files/gdm-password.pam
View file

@ -1,21 +0,0 @@
#%PAM-1.0
auth requisite pam_nologin.so
auth required pam_env.so
auth requisite pam_unix.so nullok
auth optional pam_gnome_keyring.so
auth sufficient pam_succeed_if.so uid >= 1000 quiet
auth required pam_deny.so
account required pam_unix.so
password required pam_unix.so
session required pam_loginuid.so
session optional pam_keyinit.so revoke
session required pam_unix.so
session required pam_limits.so
-session optional pam_gnome_keyring.so auto_start
-session optional pam_systemd.so
-session optional pam_ck_connector.so nox11

20
srcpkgs/gdm/files/gdm-smartcard.pam
View file

@ -1,20 +0,0 @@
#%PAM-1.0
auth requisite pam_nologin.so
auth required pam_env.so
auth requisite pam_pkcs11.so wait_for_card card_only
auth sufficient pam_succeed_if.so uid >= 1000 quiet
auth required pam_deny.so
account required pam_unix.so
password required pam_pkcs11.so
session required pam_loginuid.so
session optional pam_keyinit.so revoke
-session optional pam_gnome_keyring.so
-session optional pam_systemd.so
-session optional pam_ck_connector.so nox11
session required pam_unix.so
session required pam_limits.so

12
srcpkgs/gdm/files/gdm.pam
View file

@ -1,12 +0,0 @@
#%PAM-1.0
auth requisite pam_nologin.so
auth required pam_env.so
auth required pam_unix.so
auth optional pam_gnome_keyring.so
account required pam_unix.so
session required pam_unix.so
-session optional pam_gnome_keyring.so auto_start
-session optional pam_systemd.so
-session optional pam_ck_connector.so nox11
session required pam_limits.so
password required pam_unix.so

1
srcpkgs/gdm/files/gdm.tmpfiles.d
View file

@ -1 +0,0 @@
d /run/gdm 0711 root gdm -

199
srcpkgs/gdm/patches/0001-Add-Arch-Linux-PAM-config-files.patch Normal file
View file

@ -0,0 +1,199 @@
From 0ec12ab21edeffbb58b2cb49081abeb8e2ac0cb1 Mon Sep 17 00:00:00 2001
From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
Date: Thu, 9 Oct 2014 00:55:31 +0200
Subject: [PATCH] Add Arch Linux PAM config files
---
configure.ac | 6 ++++--
data/Makefile.am | 12 ++++++++++++
data/pam-arch/gdm-autologin.pam | 10 ++++++++++
data/pam-arch/gdm-fingerprint.pam | 14 ++++++++++++++
data/pam-arch/gdm-launch-environment.pam | 10 ++++++++++
data/pam-arch/gdm-password.pam | 11 +++++++++++
data/pam-arch/gdm-pin.pam | 13 +++++++++++++
data/pam-arch/gdm-smartcard.pam | 14 ++++++++++++++
8 files changed, 88 insertions(+), 2 deletions(-)
create mode 100644 data/pam-arch/gdm-autologin.pam
create mode 100644 data/pam-arch/gdm-fingerprint.pam
create mode 100644 data/pam-arch/gdm-launch-environment.pam
create mode 100644 data/pam-arch/gdm-password.pam
create mode 100644 data/pam-arch/gdm-pin.pam
create mode 100644 data/pam-arch/gdm-smartcard.pam
diff --git a/configure.ac b/configure.ac
index 9cac4de..f4aeaeb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -189,12 +189,13 @@ if test x$enable_split_authentication = xyes; then
fi
AC_ARG_WITH(default-pam-config,
- AS_HELP_STRING([--with-default-pam-config: One of redhat, openembedded, exherbo, lfs, none @<:@default=auto@:>@]))
+ AS_HELP_STRING([--with-default-pam-config: One of redhat, openembedded, exherbo, lfs, arch, none @<:@default=auto@:>@]))
dnl If not given, try autodetecting from release files (see NetworkManager source)
if test x$with_default_pam_config = x; then
AC_CHECK_FILE(/etc/redhat-release,with_default_pam_config="redhat")
AC_CHECK_FILE(/etc/fedora-release,with_default_pam_config="redhat")
AC_CHECK_FILE(/etc/exherbo-release,with_default_pam_config="exherbo")
+ AC_CHECK_FILE(/etc/arch-release,with_default_pam_config="arch")
AC_CHECK_FILE(/etc/lfs-release,with_default_pam_config="lfs")
dnl If not autodetected, default to none
if test x$with_default_pam_config = x; then
@@ -202,7 +203,7 @@ if test x$with_default_pam_config = x; then
fi
fi
case x$with_default_pam_config in
- xredhat|xopenembedded|xexherbo|xlfs|xnone) ;;
+ xredhat|xopenembedded|xexherbo|xlfs|xarch|xnone) ;;
*)
AC_MSG_ERROR([Invalid --with-default-pam-config ${with_default_pam_config}])
exit 1
@@ -212,6 +213,7 @@ AM_CONDITIONAL(ENABLE_REDHAT_PAM_CONFIG, test x$with_default_pam_config = xredha
AM_CONDITIONAL(ENABLE_OPENEMBEDDED_PAM_CONFIG, test x$with_default_pam_config = xopenembedded)
AM_CONDITIONAL(ENABLE_EXHERBO_PAM_CONFIG, test x$with_default_pam_config = xexherbo)
AM_CONDITIONAL(ENABLE_LFS_PAM_CONFIG, test x$with_default_pam_config = xlfs)
+AM_CONDITIONAL(ENABLE_ARCH_PAM_CONFIG, test x$with_default_pam_config = xarch)
AC_ARG_ENABLE(console-helper,
AS_HELP_STRING([--enable-console-helper],
diff --git a/data/Makefile.am b/data/Makefile.am
index 1b79bc3..341b779 100644
--- a/data/Makefile.am
+++ b/data/Makefile.am
@@ -140,6 +140,15 @@ pam_lfs_files = pam-lfs/gdm.pam \
$(NULL)
EXTRA_DIST += $(pam_lfs_files)
+pam_arch_files = pam-arch/gdm-autologin.pam \
+ pam-arch/gdm-launch-environment.pam \
+ pam-arch/gdm-fingerprint.pam \
+ pam-arch/gdm-smartcard.pam \
+ pam-arch/gdm-password.pam \
+ pam-arch/gdm-pin.pam \
+ $(NULL)
+EXTRA_DIST += $(pam_arch_files)
+
if ENABLE_REDHAT_PAM_CONFIG
pam_files = $(pam_redhat_files)
endif
@@ -152,6 +161,9 @@ endif
if ENABLE_LFS_PAM_CONFIG
pam_files = $(pam_lfs_files)
endif
+if ENABLE_ARCH_PAM_CONFIG
+pam_files = $(pam_arch_files)
+endif
EXTRA_DIST += \
$(dconf_db_files) \
diff --git a/data/pam-arch/gdm-autologin.pam b/data/pam-arch/gdm-autologin.pam
new file mode 100644
index 0000000..9f45c65
--- /dev/null
+++ b/data/pam-arch/gdm-autologin.pam
@@ -0,0 +1,10 @@
+auth requisite pam_nologin.so
+auth required pam_env.so
+auth optional pam_permit.so
+
+account include system-local-login
+
+password include system-local-login
+
+session optional pam_keyinit.so force revoke
+session include system-local-login
diff --git a/data/pam-arch/gdm-fingerprint.pam b/data/pam-arch/gdm-fingerprint.pam
new file mode 100644
index 0000000..a480861
--- /dev/null
+++ b/data/pam-arch/gdm-fingerprint.pam
@@ -0,0 +1,14 @@
+auth required pam_tally.so onerr=succeed file=/var/log/faillog
+auth required pam_shells.so
+auth requisite pam_nologin.so
+auth required pam_env.so
+auth required pam_fprintd.so
+auth optional pam_permit.so
+
+account include system-local-login
+
+password required pam_fprintd.so
+password optional pam_permit.so
+
+session optional pam_keyinit.so force revoke
+session include system-local-login
diff --git a/data/pam-arch/gdm-launch-environment.pam b/data/pam-arch/gdm-launch-environment.pam
new file mode 100644
index 0000000..618a7d3
--- /dev/null
+++ b/data/pam-arch/gdm-launch-environment.pam
@@ -0,0 +1,10 @@
+auth required pam_env.so
+auth optional pam_permit.so
+
+account include system-local-login
+
+password required pam_deny.so
+
+session optional pam_keyinit.so force revoke
+session required pam_systemd.so
+session optional pam_permit.so
diff --git a/data/pam-arch/gdm-password.pam b/data/pam-arch/gdm-password.pam
new file mode 100644
index 0000000..8d34794
--- /dev/null
+++ b/data/pam-arch/gdm-password.pam
@@ -0,0 +1,11 @@
+auth include system-local-login
+auth optional pam_gnome_keyring.so
+
+account include system-local-login
+
+password include system-local-login
+password optional pam_gnome_keyring.so use_authtok
+
+session optional pam_keyinit.so force revoke
+session include system-local-login
+session optional pam_gnome_keyring.so auto_start
diff --git a/data/pam-arch/gdm-pin.pam b/data/pam-arch/gdm-pin.pam
new file mode 100644
index 0000000..135e205
--- /dev/null
+++ b/data/pam-arch/gdm-pin.pam
@@ -0,0 +1,13 @@
+auth requisite pam_pin.so
+auth include system-local-login
+auth optional pam_gnome_keyring.so
+
+account include system-local-login
+
+password include system-local-login
+password optional pam_pin.so
+password optional pam_gnome_keyring.so use_authtok
+
+session optional pam_keyinit.so force revoke
+session include system-local-login
+session optional pam_gnome_keyring.so auto_start
diff --git a/data/pam-arch/gdm-smartcard.pam b/data/pam-arch/gdm-smartcard.pam
new file mode 100644
index 0000000..ec6f75d
--- /dev/null
+++ b/data/pam-arch/gdm-smartcard.pam
@@ -0,0 +1,14 @@
+auth required pam_tally.so onerr=succeed file=/var/log/faillog
+auth required pam_shells.so
+auth requisite pam_nologin.so
+auth required pam_env.so
+auth required pam_pkcs11.so wait_for_card card_only
+auth optional pam_permit.so
+
+account include system-local-login
+
+password required pam_pkcs11.so
+password optional pam_permit.so
+
+session optional pam_keyinit.so force revoke
+session include system-local-login
--
2.1.2

31
srcpkgs/gdm/template
View file

@ -1,13 +1,15 @@
# Template file for 'gdm' # Template file for 'gdm'
pkgname=gdm pkgname=gdm
version=3.14.1 version=3.14.1
revision=6 revision=1
patch_args="-Np1"
build_style=gnu-configure build_style=gnu-configure
configure_args="--disable-schemas-compile --disable-static configure_args="$(vopt_enable gir introspection)
--disable-schemas-compile --disable-static --with-default-pam-config=arch
--with-at-spi-registryd-directory=/usr/libexec --without-tcp-wrappers --with-at-spi-registryd-directory=/usr/libexec --without-tcp-wrappers
--with-screenshot-dir=/var/lib/gdm/greeter --with-screenshot-dir=/var/lib/gdm/greeter
--with-xauth-dir=/run/gdm --with-pid-file=/run/gdm/gdm.pid" --with-xauth-dir=/run/gdm --with-pid-file=/run/gdm/gdm.pid"
hostmakedepends="pkg-config itstool intltool gnome-doc-utils" hostmakedepends="automake pkg-config itstool intltool gnome-doc-utils"
makedepends="glib-devel iso-codes makedepends="glib-devel iso-codes
pam-devel nss-devel accountsservice-devel gtk+3-devel>=3.10 upower-devel pam-devel nss-devel accountsservice-devel gtk+3-devel>=3.10 upower-devel
libSM-devel libcanberra-devel dconf" libSM-devel libcanberra-devel dconf"
@ -19,12 +21,11 @@ conf_files="
/etc/pam.d/gdm-password /etc/pam.d/gdm-password
/etc/pam.d/gdm-smartcard /etc/pam.d/gdm-smartcard
/etc/pam.d/gdm-welcome" /etc/pam.d/gdm-welcome"
replaces="runit-void<20141013_2"
# Create the 'gdm' system user/group. # Create the 'gdm' system user/group.
system_accounts="gdm" system_accounts="gdm"
gdm_homedir="/var/lib/gdm" gdm_homedir="/var/lib/gdm"
depends="iso-codes xrdb xorg-server hicolor-icon-theme depends="iso-codes xrdb xorg-server hicolor-icon-theme
dconf>=0.20 gnome-session>=3.12 gnome-settings-daemon>=3.12" dconf>=0.20 gnome-session>=3.14 gnome-settings-daemon>=3.14 gnome-shell>=3.14"
short_desc="GNOME Display Manager" short_desc="GNOME Display Manager"
maintainer="Juan RP <xtraeme@gmail.com>" maintainer="Juan RP <xtraeme@gmail.com>"
homepage="http://www.gnome.org" homepage="http://www.gnome.org"
@ -39,13 +40,6 @@ if [ -z "$CROSS_BUILD" ]; then
build_options_default+=" gir" build_options_default+=" gir"
fi fi
if [ "$build_option_gir" ]; then
configure_args+=" --enable-introspection"
makedepends+=" gobject-introspection"
else
configure_args+=" --disable-introspection"
fi
if [ "$build_option_systemd" ]; then if [ "$build_option_systemd" ]; then
configure_args+=" --with-systemd --enable-systemd-journal --with-initial-vt=1" configure_args+=" --with-systemd --enable-systemd-journal --with-initial-vt=1"
configure_args+=" --with-systemdsystemunitdir=/usr/lib/systemd/system" configure_args+=" --with-systemdsystemunitdir=/usr/lib/systemd/system"
@ -54,17 +48,12 @@ else
configure_args+=" --without-systemd --disable-systemd-journal --with-initial-vt=7" configure_args+=" --without-systemd --disable-systemd-journal --with-initial-vt=7"
fi fi
pre_configure() {
AUTOPOINT='intltoolize --automake -c' NOCONFIGURE=1 autoreconf -fi
}
post_install() { post_install() {
# Use our own pam files. # runit service
rm -f ${DESTDIR}/etc/pam.d/*
for f in ${FILESDIR}/*.pam; do
vinstall ${f} 644 etc/pam.d ${f%.pam}
done
if [ "$build_option_systemd" ]; then
vinstall ${FILESDIR}/gdm.tmpfiles.d 644 usr/lib/tmpfiles.d gdm.conf
fi
vsv gdm vsv gdm
chmod 1770 ${DESTDIR}/var/log/gdm
} }
libgdm_package() { libgdm_package() {