Date: Tuesday, September 10, 2019 @ 20:48:51 Author: heftig Revision: 362173
3.32.0+2+g820f90f5-2: FS#63706 Added: gdm/trunk/0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch gdm/trunk/0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch Modified: gdm/trunk/0001-Xsession-Don-t-start-ssh-agent-by-default.patch gdm/trunk/PKGBUILD --------------------------------------------------------------+ 0001-Xsession-Don-t-start-ssh-agent-by-default.patch | 7 -- 0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch | 29 +++++++++ 0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch | 31 ++++++++++ PKGBUILD | 17 ++++- 4 files changed, 76 insertions(+), 8 deletions(-) Modified: 0001-Xsession-Don-t-start-ssh-agent-by-default.patch =================================================================== --- 0001-Xsession-Don-t-start-ssh-agent-by-default.patch 2019-09-10 20:37:55 UTC (rev 362172) +++ 0001-Xsession-Don-t-start-ssh-agent-by-default.patch 2019-09-10 20:48:51 UTC (rev 362173) @@ -1,8 +1,7 @@ -From 328a315c21ec71e563d00699f0a79186b229270a Mon Sep 17 00:00:00 2001 -Message-Id: <328a315c21ec71e563d00699f0a79186b229270a.1541542184.git.jan.steff...@gmail.com> +From 58cdf43d7b053a7370e6779d06835c239598f59a Mon Sep 17 00:00:00 2001 From: "Jan Alexander Steffens (heftig)" <[email protected]> Date: Sat, 20 Jun 2015 17:22:38 +0200 -Subject: [PATCH] Xsession: Don't start ssh-agent by default +Subject: [PATCH 1/3] Xsession: Don't start ssh-agent by default --- data/Xsession.in | 8 -------- @@ -28,5 +27,5 @@ eval exec $command -- -2.19.1 +2.23.0 Added: 0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch =================================================================== --- 0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch (rev 0) +++ 0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch 2019-09-10 20:48:51 UTC (rev 362173) @@ -0,0 +1,29 @@ +From c4f5540306a4efb8baeba46f68d6566f95e56802 Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" <[email protected]> +Date: Tue, 10 Sep 2019 20:37:08 +0000 +Subject: [PATCH 2/3] pam-arch: Don't check greeter account for expiry + +systemd-sysusers now creates expired accounts, which broke the greeter +on new installations. + +Fixes https://bugs.archlinux.org/task/63706 +--- + data/pam-arch/gdm-launch-environment.pam | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/data/pam-arch/gdm-launch-environment.pam b/data/pam-arch/gdm-launch-environment.pam +index 618a7d3a..89521472 100644 +--- a/data/pam-arch/gdm-launch-environment.pam ++++ b/data/pam-arch/gdm-launch-environment.pam +@@ -1,7 +1,7 @@ + auth required pam_env.so + auth optional pam_permit.so + +-account include system-local-login ++account optional pam_permit.so + + password required pam_deny.so + +-- +2.23.0 + Added: 0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch =================================================================== --- 0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch (rev 0) +++ 0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch 2019-09-10 20:48:51 UTC (rev 362173) @@ -0,0 +1,31 @@ +From d4d0a149153700b06215dbb5bb8d569080149c9f Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" <[email protected]> +Date: Tue, 10 Sep 2019 20:41:10 +0000 +Subject: [PATCH 3/3] pam-arch: Restrict greeter service to the gdm user + +Copied from pam-exherbo. +--- + data/pam-arch/gdm-launch-environment.pam | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/data/pam-arch/gdm-launch-environment.pam b/data/pam-arch/gdm-launch-environment.pam +index 89521472..d59c9cb9 100644 +--- a/data/pam-arch/gdm-launch-environment.pam ++++ b/data/pam-arch/gdm-launch-environment.pam +@@ -1,10 +1,13 @@ + auth required pam_env.so ++auth required pam_succeed_if.so audit quiet_success user = gdm + auth optional pam_permit.so + ++account required pam_succeed_if.so audit quiet_success user = gdm + account optional pam_permit.so + + password required pam_deny.so + + session optional pam_keyinit.so force revoke ++session required pam_succeed_if.so audit quiet_success user = gdm + session required pam_systemd.so + session optional pam_permit.so +-- +2.23.0 + Modified: PKGBUILD =================================================================== --- PKGBUILD 2019-09-10 20:37:55 UTC (rev 362172) +++ PKGBUILD 2019-09-10 20:48:51 UTC (rev 362173) @@ -4,7 +4,7 @@ pkgbase=gdm pkgname=(gdm libgdm) pkgver=3.32.0+2+g820f90f5 -pkgrel=1 +pkgrel=2 pkgdesc="Display manager and login screen" url="https://wiki.gnome.org/Projects/GDM"; arch=(x86_64) @@ -12,11 +12,15 @@ depends=(gnome-shell gnome-session upower xorg-xrdb xorg-server xorg-xhost) makedepends=(yelp-tools gobject-introspection git docbook-xsl) checkdepends=(check) -_commit=820f90f5a78b81b2e4610da14627266c2135c8b0 # master +_commit=820f90f5a78b81b2e4610da14627266c2135c8b0 # gnome-3-32 source=("git+https://gitlab.gnome.org/GNOME/gdm.git#commit=$_commit"; - 0001-Xsession-Don-t-start-ssh-agent-by-default.patch) + 0001-Xsession-Don-t-start-ssh-agent-by-default.patch + 0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch + 0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch) sha256sums=('SKIP' - '3412f7da0205409f08a126a1d166b644fe0f1d0444f7cdebdce8e59cea2d672c') + '098ffb1cdc0232f014e5fe5fb8d268b752afc54d6ee661664036879acd075b22' + '38c92ea27881112c601356e615b926fbef6e92737048406eead56a47e961ea56' + '6c20bf8929fdd996d89ad6aeeb53166252670961746e187f27598fd32921a6ce') pkgver() { cd gdm @@ -27,6 +31,11 @@ mkdir build cd gdm patch -Np1 -i ../0001-Xsession-Don-t-start-ssh-agent-by-default.patch + + # https://bugs.archlinux.org/task/63706 + patch -Np1 -i ../0002-pam-arch-Don-t-check-greeter-account-for-expiry.patch + patch -Np1 -i ../0003-pam-arch-Restrict-greeter-service-to-the-gdm-user.patch + NOCONFIGURE=1 ./autogen.sh }
