Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gdm.15731 for openSUSE:Leap:15.2:Update checked in at 2021-02-05 18:05:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/gdm.15731 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.gdm.15731.new.28504 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gdm.15731" Fri Feb 5 18:05:39 2021 rev:1 rq:868646 version:3.34.1 Changes: -------- New Changes file: --- /dev/null 2021-01-11 18:20:20.070723563 +0100 +++ /work/SRC/openSUSE:Leap:15.2:Update/.gdm.15731.new.28504/gdm.changes 2021-02-05 18:05:41.378410421 +0100 @@ -0,0 +1,5202 @@ +------------------------------------------------------------------- +Mon Jan 18 07:12:10 UTC 2021 - Alynx Zhou <[email protected]> + +- Add gdm-fix-crash-when-using-Xvfb.patch: For some reason gdm + fails to get display and does not set it to NULL when using + with Xvfb, and it leads into a crash, this patch sets display + to NULL by default. (bsc#1178292, glgo#GNOME/gdm!118) + +------------------------------------------------------------------- +Mon Jan 4 05:28:58 UTC 2021 - Xiaoguang Wang <[email protected]> + +- Update gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch: + Fix switching user issue(bsc#1179968, bsc#1174533). + +------------------------------------------------------------------- +Fri Nov 13 02:45:59 UTC 2020 - Xiaoguang Wang <[email protected]> + +- Add gdm-display-Exit-with-failure-if-loading-existing-users-fails.patch: + Exit with failure if loading existing users fails + (bsc#1178150 glgo#GNOME/gdm!117 CVE-2020-16125). +- Update gdm-disable-gnome-initial-setup.patch + +------------------------------------------------------------------- +Tue Aug 25 01:38:13 UTC 2020 - QK ZHU <[email protected]> + +- Add gdm-enable-Wayland-on-Cirrus.patch: Update udev rules to + enable Wayland on Cirrus (bsc#1168515, glgo#GNOME/gdm#586). + +------------------------------------------------------------------- +Tue May 26 00:36:52 UTC 2020 - Xiaoguang Wang <[email protected]> + +- Update gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch: + When user session reuses tty7 same as greeter session, gdm + doesn't bring up the greeter session after switching from other + tty to tty7 (bsc#1171290). + +------------------------------------------------------------------- +Wed Apr 22 01:32:07 UTC 2020 - Yifan Jiang <[email protected]> + +- Disable gnome-initial-setup under gdm mode in Leap and SLE + (jsc#SLE-11856). + +------------------------------------------------------------------- +Fri Apr 10 09:12:37 UTC 2020 - Yifan Jiang <[email protected]> + +- Add gdm-look-for-session-based-on-pid-first.patch: Look for + session based on pid first, then fall back to the uid based + approach (bsc#1159950, glgo#GNOME/gdm#526). + +------------------------------------------------------------------- +Wed Mar 4 09:44:06 UTC 2020 - QK ZHU <[email protected]> + +- Add gdm-disable-wayland-on-mgag200-chipsets.patch: disable wayland + on mgag200 chipsets, this patch used to be part of + gdm-disable-wayland-on-unsupported-chipsets.patch which was dropped, + however the mgag200 part is still not fixed by upstream. So we should + keep this part to make sure GNOME works properly on mgag200 chipsets + (bsc#1162888, glgo#GNOME/mutter#57). + +------------------------------------------------------------------- +Sat Jan 25 14:08:10 UTC 2020 - Dominique Leuenberger <[email protected]> + +- No longer recommend -lang: supplements are in use + +------------------------------------------------------------------- +Fri Nov 29 13:11:47 UTC 2019 - Frederic Crozat <[email protected]> + +- Refresh SLE patch gdm-s390-not-require-g-s-d_wacom.patch. + +------------------------------------------------------------------- +Thu Nov 28 08:17:48 UTC 2019 - QK ZHU <[email protected]> + +- Add --enable-systemd-journal for both SLE and Tumbleweed + (jsc#SLE-10383). + +------------------------------------------------------------------- +Tue Nov 19 08:52:53 UTC 2019 - Xiaoguang Wang <[email protected]> + +- Drop gdm-disable-wayland-for-proprietary-nvidia-machines.patch: + fixed upstream. + +------------------------------------------------------------------- +Fri Nov 8 01:36:08 UTC 2019 - Xiaoguang Wang <[email protected]> + +- Add gdm-switch-user-tty7.patch: Switch to tty7 when switch user + (bsc#1155408 glgo#GNOME#gdm#532). + +------------------------------------------------------------------- +Tue Oct 8 11:37:53 UTC 2019 - Felix Zhang <[email protected]> + +- Add gdm-initial-setup-hardening.patch: Introduce a persistent + state file to prevent gnome-initial-setup from running if any + regular users has previously logged into the system, replacing + the current runtime state file that pervents initial-setup from + running more than once per boot, so as to reduce the security + attack surface. + Make this fix openSUSE only for now as upstream discussion is + heading another way involving more complicated mechanisms + (boo#1140851, glgo#GNOME/gnome-initial-setup#76). +- Rebase gdm-disable-gnome-initial-setup.patch. + +------------------------------------------------------------------- +Mon Oct 7 10:02:43 UTC 2019 - Bj??rn Lie <[email protected]> + +- Update to version 3.34.1: + + De-duplicate sessions on pure Xorg too. + + Fix fast user switching by assuming the login screen VT is + always the initial one. + + Updated translations. + +------------------------------------------------------------------- +Wed Sep 18 02:59:55 UTC 2019 - Xiaoguang Wang <[email protected]> + +- Update gdm-switch-to-tty1.patch: switch tty after plymouth + terminates. + +------------------------------------------------------------------- +Wed Sep 11 16:25:58 UTC 2019 - Bj??rn Lie <[email protected]> + +- Update to version 3.34.0: + + Updated translations. + +------------------------------------------------------------------- +Thu Sep 5 12:30:54 NZST 2019 - [email protected] + +- Update to version 3.33.92: + + Fix typo in debug message + + Revert vt changing fix, because it exposes logind bug and it + wasn't quite right anyway + + Ensure login screen gets reaped when user switching + + Translation updates + +------------------------------------------------------------------- +Sun Sep 1 01:53:57 UTC 2019 - Michael Gorse <[email protected]> + +- Update to version 3.33.90: + + Update for changes to gnome-settings-daemon. + + initial-setup permissions fix. + + allow users to set PATH from ~/.config/environment. + + support systemd user sessions. + + misc warning fixes. + + leak fix in libgdm. + + vt changing fix. + + drop some deprecations. + + drop unused icons. + + Translation updates. + + Changes in version 3.33.4: + + Fix session search directories. + + Kill user sessions when stopping gdm. + + Add way for sessions to register when they successfully started + + Translation updates. +- Rebased gdm-xauthlocalhostname.patch and + gdm-disable-gnome-initial-setup.patch. +- Drop gdm-fails-to-restart-gnome-shell.patch, + gdm-kill-user-session.patch, and + gdm-remove-duplicate-sessions.patch: fixed upstream. +- Drop icons and pixmaps from files. + +------------------------------------------------------------------- +Fri Aug 02 19:05:30 UTC 2019 - [email protected] + +- Update to version 3.32.0+2: + + Remove erroneous NULL from session search directories. +- Switch to git checkout via source service, upstream is lacking in + stable releases. In the future we will use a stable tag when + possible, but when upstream slacks off, we will use a checkout of + the stable branch. +- Refresh patches with quilt. + +------------------------------------------------------------------- +Thu May 23 08:40:18 UTC 2019 - Dominique Leuenberger <[email protected]> + +- Fixup gdm.tmpfiles (boo#1135272). + +------------------------------------------------------------------- +Wed May 22 16:39:19 UTC 2019 - Markus S <[email protected]> + +- Make systemd service file optional instead of outright deleting it. + +------------------------------------------------------------------- +Wed May 15 01:57:12 UTC 2019 - Xiaoguang Wang <[email protected]> + +- Update gdm-switch-to-tty1.patch (bsc#1120307) + +------------------------------------------------------------------- +Thu May 9 08:58:52 UTC 2019 - Xiaoguang Wang <[email protected]> + +- New solution for auto login problem(bsc#1116011) + + Drop gdm-revert-commit-39fb4ff.patch + + Add reserveVT.conf file. + +------------------------------------------------------------------- +Sun Apr 28 07:23:07 UTC 2019 - qzheng <[email protected]> + +- Add gdm-remove-duplicate-sessions.patch: Backport from upstream + commit 187c8515 and 1795bb31 to remove duplicate sessions once, + after all sessions have been processed (boo#1131625, ++++ 5005 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.2:Update/.gdm.15731.new.28504/gdm.changes New: ---- X11-displaymanager-gdm _service autogen.sh gdm-3.34.1.obscpio gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch gdm-autologin.pamd gdm-default-wm.patch gdm-disable-gnome-initial-setup.patch gdm-disable-wayland-on-mgag200-chipsets.patch gdm-display-Exit-with-failure-if-loading-existing-users-fails.patch gdm-enable-Wayland-on-Cirrus.patch gdm-fingerprint.pamd gdm-fix-crash-when-using-Xvfb.patch gdm-initial-setup-hardening.patch gdm-launch-environment.pamd gdm-look-for-session-based-on-pid-first.patch gdm-s390-not-require-g-s-d_wacom.patch gdm-smartcard.pamd gdm-suse-xsession.patch gdm-switch-to-tty1.patch gdm-switch-user-tty7.patch gdm-sysconfig-settings.patch gdm-xauthlocalhostname.patch gdm.changes gdm.obsinfo gdm.pamd gdm.spec gdm.tmpfiles gdmflexiserver-wrapper reserveVT.conf ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gdm.spec ++++++ # # spec file for package gdm # # Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define systemdsystemunitdir %(pkg-config --variable=systemdsystemunitdir systemd) # FIXME: need to check what should be done to enable this (at least adapt the pam files). See bnc#699999 %define enable_split_authentication 0 Name: gdm Version: 3.34.1 Release: 0 Summary: The GNOME Display Manager License: GPL-2.0-or-later Group: System/GUI/GNOME URL: https://wiki.gnome.org/Projects/GDM Source0: %{name}-%{version}.tar.xz Source1: gdm.pamd Source2: gdm-autologin.pamd Source3: gdm-launch-environment.pamd Source4: gdm-fingerprint.pamd Source5: gdm-smartcard.pamd # gdmflexiserver wrapper, to enable other display managers to abuse the gdmflexiserver namespace (like lightdm) Source6: gdmflexiserver-wrapper # /etc/xinit.d/xdm integration script Source7: X11-displaymanager-gdm # GDM does not boostrap using gnome-autogen.sh, but has it's own bootstrap script Source8: autogen.sh # Use tmpfiles to create directories under /var to support transactional updates Source9: gdm.tmpfiles # Use reserveVT.conf to make autologin user session not to select tty1 Source10: reserveVT.conf # WARNING: do not remove/significantly change patch0 without updating the relevant patch in accountsservice too # PATCH-FIX-OPENSUSE gdm-sysconfig-settings.patch bnc432360 bsc#919723 [email protected] -- Read autologin options from /etc/sysconfig/displaymanager; note that accountsservice has a similar patch (accountsservice-sysconfig.patch) Patch0: gdm-sysconfig-settings.patch # PATCH-FIX-OPENSUSE gdm-suse-xsession.patch [email protected] -- Use the /etc/X11/xdm/* scripts Patch2: gdm-suse-xsession.patch # PATCH-FIX-OPENSUSE gdm-default-wm.patch [email protected] -- Use sysconfig to know to which desktop to use by default Patch3: gdm-default-wm.patch # PATCH-FIX-OPENSUSE gdm-xauthlocalhostname.patch bnc#538064 [email protected] -- Set XAUTHLOCALHOSTNAME to current hostname when we authenticate, for local logins, to avoid issues in the session in case the hostname changes later one. See comment 24 in the bug. Patch4: gdm-xauthlocalhostname.patch # PATCH-FIX-OPENSUSE gdm-switch-to-tty1.patch bsc#1113700 [email protected] -- switch to tty1 when stopping gdm service Patch6: gdm-switch-to-tty1.patch # PATCH-FIX-OPENSUSE gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch bnc#1075805 bgo#793255 [email protected] -- Add runtime option to start X under root instead of regular user. Necessary if no DRI drivers are present. rejected upstream Patch8: gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch # PATCH-FIX-OPENSUSE gdm-initial-setup-hardening.patch boo#1140851, glgo#GNOME/gnome-initial-setup#76 [email protected] -- Prevent gnome-initial-setup running if any regular user has perviously logged into the system Patch9: gdm-initial-setup-hardening.patch # PATCH-FIX-OPENSUSE gdm-s390-not-require-g-s-d_wacom.patch bsc#1129412 [email protected] -- Remove the runtime requirement of g-s-d Wacom plugin Patch13: gdm-s390-not-require-g-s-d_wacom.patch # PATCH-FIX-UPSTREAM gdm-switch-user-tty7.patch bsc#1155408 glgo#GNOME#gdm#532 [email protected] -- Switch to tty7 when switch user Patch14: gdm-switch-user-tty7.patch # PATCH-FIX-UPSTREAM gdm-disable-wayland-on-mgag200-chipsets.patch bsc#1162888 glgo#GNOME/mutter#57 [email protected] -- Disable Wayland on mgag200 chipsets Patch15: gdm-disable-wayland-on-mgag200-chipsets.patch # PATCH-FIX-UPSTREAM gdm-look-for-session-based-on-pid-first.patch bsc#1159950 glgo#GNOME/gdm#526 [email protected] -- Look for session based on pid first, then fall back to the uid based approach Patch16: gdm-look-for-session-based-on-pid-first.patch # PATCH-FIX-UPSTREAM gdm-enable-Wayland-on-Cirrus.patch bsc#1168515 glgo#GNOME/gdm#586 [email protected] -- Update udev rules to enable Wayland on Cirrus Patch17: gdm-enable-Wayland-on-Cirrus.patch # PATCH-FIX-UPSTREAM gdm-display-Exit-with-failure-if-loading-existing-users-fails.patch bsc#1178150 glgo#GNOME/gdm!117 [email protected] -- Exit with failure if loading existing users fails Patch18: gdm-display-Exit-with-failure-if-loading-existing-users-fails.patch # PATCH-FIX-UPSTREAM gdm-fix-crash-when-using-Xvfb.patch bsc#1178292, glgo#GNOME/gdm!118 [email protected] -- Fix crash when using Xvfb Patch19: gdm-fix-crash-when-using-Xvfb.patch ### NOTE: Keep please SLE-only patches at bottom (starting on 1000). # PATCH-FIX-SLE gdm-disable-gnome-initial-setup.patch bnc#1067976 [email protected] -- Disable gnome-initial-setup runs before gdm, g-i-s will only serve for CJK people to choose the input-method after login. Patch1000: gdm-disable-gnome-initial-setup.patch BuildRequires: check-devel # dconf and gnome-session-core are needed for directory ownership BuildRequires: dconf BuildRequires: fdupes BuildRequires: gnome-common BuildRequires: gnome-session-core BuildRequires: keyutils-devel BuildRequires: pam-devel BuildRequires: pkgconfig BuildRequires: pwdutils BuildRequires: tcpd-devel BuildRequires: translation-update-upstream BuildRequires: update-desktop-files BuildRequires: xorg-x11-server BuildRequires: xorg-x11-server-extra BuildRequires: pkgconfig(accountsservice) >= 0.6.35 BuildRequires: pkgconfig(check) BuildRequires: pkgconfig(gio-2.0) >= 2.36.0 BuildRequires: pkgconfig(gio-unix-2.0) >= 2.36.0 BuildRequires: pkgconfig(glib-2.0) >= 2.36.0 BuildRequires: pkgconfig(gobject-2.0) >= 2.36.0 BuildRequires: pkgconfig(gobject-introspection-1.0) >= 0.9.12 BuildRequires: pkgconfig(gthread-2.0) BuildRequires: pkgconfig(gtk+-3.0) >= 2.91.1 BuildRequires: pkgconfig(iso-codes) BuildRequires: pkgconfig(libcanberra-gtk3) >= 0.4 BuildRequires: pkgconfig(libsystemd) BuildRequires: pkgconfig(ply-boot-client) BuildRequires: pkgconfig(x11) BuildRequires: pkgconfig(xau) BuildRequires: pkgconfig(xcb) BuildRequires: pkgconfig(xdmcp) BuildRequires: pkgconfig(xi) BuildRequires: pkgconfig(xinerama) BuildRequires: pkgconfig(xrandr) Requires: %{name}-branding = %{version} Requires: gdmflexiserver Requires: gnome-session-core Requires: gnome-settings-daemon Requires: gnome-shell # xdm package ships systemd display-manager service and other common scripts # between display managers (bsc#1084655) Requires: xdm # FIXME: use proper Requires(pre/post/preun/...) # For groupadd, useradd, usermod PreReq: pwdutils Requires(post): dconf Requires(pre): group(video) Recommends: iso-codes # accessibility Recommends: orca Provides: gdm2 = %{version} Obsoletes: gdm2 < %{version} Provides: gnome-applets-gdm = %{version} Obsoletes: gnome-applets-gdm < %{version} DocDir: %{_defaultdocdir} %ifnarch s390 s390x BuildRequires: pkgconfig(xorg-server) %endif %description The GNOME Display Manager is a system service that is responsible for providing graphical log-ins and managing local and remote displays. %package -n libgdm1 Summary: Client Library for Communicating with GDM Greeter Server Group: System/Libraries Recommends: gdm %description -n libgdm1 The GNOME Display Manager is a system service that is responsible for providing graphical log-ins and managing local and remote displays. %package -n typelib-1_0-Gdm-1_0 Summary: Introspection bindings for gdm Group: System/Libraries %description -n typelib-1_0-Gdm-1_0 The GNOME Display Manager is a system service that is responsible for providing graphical log-ins and managing local and remote displays. This package provides the GObject Introspection bindings for communicating with the GDM greeter server. %package devel Summary: Libraries for GDM -- Development Files Group: Development/Libraries/GNOME Requires: libgdm1 = %{version} Requires: typelib-1_0-Gdm-1_0 = %{version} %description devel The GNOME Display Manager is a system service that is responsible for providing graphical log-ins and managing local and remote displays. %package branding-upstream Summary: The GNOME Display Manager -- Upstream default configuration Group: System/GUI/GNOME Requires: %{name} = %{version} Supplements: packageand(%{name}:branding-upstream) Conflicts: %{name}-branding Provides: %{name}-branding = %{version} BuildArch: noarch #BRAND: Provide one file: #BRAND: /etc/gdm/custom.conf #BRAND: Default configuration of gdm %description branding-upstream The GNOME Display Manager is a system service that is responsible for providing graphical log-ins and managing local and remote displays. This package provides the upstream default configuration for gdm. %package systemd Summary: systemd gdm.service file Group: System/GUI/GNOME Requires: gdm BuildArch: noarch %description systemd GDM's systemd service file. By default openSUSE uses xdm which enables the DM based on sysconfig. This package is only needed if the system administrator wishes to use 'systemctl' instead of openSUSE's default 'update-alternatives' method. %package -n gdmflexiserver Summary: Compatibility Wrapper for Display Managers Group: System/GUI/GNOME Suggests: gdm BuildArch: noarch %description -n gdmflexiserver The GDMFlexiServer tool interacts with the display manager to enable fast user switching. This package contains a wrapper that selects the correct Gdmflexiserver implementation, based on the running display manager. %lang_package %prep %setup -q cp %{SOURCE8} . %patch0 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch6 -p1 %patch8 -p1 %patch9 -p1 %ifarch s390 s390x %patch13 -p1 %endif %patch14 -p1 %patch15 -p1 %patch16 -p1 %patch17 -p1 %patch18 -p1 %patch19 -p1 # SLE and Leap only patches start at 1000 %if 0%{?sle_version} %patch1000 -p1 %endif %build NOCONFIGURE=1 sh autogen.sh autoreconf -fiv %configure\ --disable-static \ --libexecdir=%{_libexecdir}/gdm \ --localstatedir=%{_localstatedir} \ --with-at-spi-registryd-directory=%{_libexecdir}/at-spi \ --with-check-accelerated-directory=%{_libexecdir} \ --with-gnome-settings-daemon-directory=%{_libexecdir}/gnome-settings-daemon-3.0 \ --with-pam-mod-dir=/%{_lib}/security \ --enable-ipv6 \ --enable-gdm-xsession \ --with-plymouth \ --enable-wayland-support \ --enable-systemd-journal \ %if %{enable_split_authentication} --enable-split-authentication \ %else --disable-split-authentication \ %endif --with-initial-vt=7 \ --with-run-dir=/run/gdm \ --with-udevdir=%{_prefix}/lib/udev %make_build V=1 %install %make_install find %{buildroot} -type f -name "*.la" -delete -print ## Install PAM files. mkdir -p %{buildroot}%{_sysconfdir}/pam.d # Generic pam config cp %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/gdm # Pam config for autologin cp %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/gdm-autologin # Pam config for the greeter session cp %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/gdm-launch-environment %if %{enable_split_authentication} # Pam config for fingerprint authentication cp %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/gdm-fingerprint # Pam config for smartcard authentication cp %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/gdm-smartcard %endif # The default gdm pam configuration is the one to be used as pam-password too %if %{enable_split_authentication} rm %{buildroot}%{_sysconfdir}/pam.d/gdm-password echo "We are not ready for this, we need to know what to put in gdm-fingerprint and gdm-smartcard pam config files." false %endif ln -s gdm %{buildroot}%{_sysconfdir}/pam.d/gdm-password ## Install other files # Install PostLogin script. mv %{buildroot}%{_sysconfdir}/gdm/PostLogin/Default.sample %{buildroot}%{_sysconfdir}/gdm/PostLogin/Default # Move gdmflexiserver to libexecdir and replace it with the compatibility wrapper mv %{buildroot}%{_bindir}/gdmflexiserver %{buildroot}%{_libexecdir}/gdm/gdmflexiserver install -m 755 %{SOURCE6} %{buildroot}%{_bindir}/gdmflexiserver #Install /etc/xinit.d/xdm integration script install -D -m 644 %{SOURCE7} %{buildroot}%{_libexecdir}/X11/displaymanagers/gdm mkdir -p %{buildroot}%{_sysconfdir}/alternatives touch %{buildroot}%{_sysconfdir}/alternatives/default-displaymanager ln -s %{_sysconfdir}/alternatives/default-displaymanager %{buildroot}%{_libexecdir}/X11/displaymanagers/default-displaymanager # Install other files mkdir -p %{buildroot}/run/gdm mkdir -p %{buildroot}%{_bindir} ln -s ../sbin/gdm %{buildroot}%{_bindir}/gdm mkdir -p %{buildroot}%{_prefix}/lib/tmpfiles.d install -m 644 %{SOURCE9} %{buildroot}%{_prefix}/lib/tmpfiles.d/gdm.conf mkdir -p %{buildroot}%{_libexecdir}/systemd/logind.conf.d install -m 644 %{SOURCE10} %{buildroot}%{_libexecdir}/systemd/logind.conf.d/reserveVT.conf %find_lang %{name} %{?no_lang_C} %fdupes -s %{buildroot}%{_datadir}/help %pre %{_sbindir}/groupadd -r gdm 2> /dev/null || : %{_sbindir}/useradd -r -g gdm -G video -s /bin/false \ -c "Gnome Display Manager daemon" -d %{_localstatedir}/lib/gdm gdm 2> /dev/null || : %{_sbindir}/usermod -g gdm -G video -s /bin/false gdm 2> /dev/null %post %tmpfiles_create gdm.conf %{_sbindir}/update-alternatives --install %{_libexecdir}/X11/displaymanagers/default-displaymanager \ default-displaymanager %{_libexecdir}/X11/displaymanagers/gdm 25 %posttrans # Create dconf database for gdm, to lockdown the gdm session dconf update %postun [ -f %{_libexecdir}/X11/displaymanagers/gdm ] || %{_sbindir}/update-alternatives \ --remove default-displaymanager %{_libexecdir}/X11/displaymanagers/gdm %post -n libgdm1 -p /sbin/ldconfig %postun -n libgdm1 -p /sbin/ldconfig %files %license COPYING %doc AUTHORS NEWS README.md %doc %{_datadir}/help/C/%{name}/ %dir %config %{_sysconfdir}/gdm %config %{_sysconfdir}/gdm/[IPXl]* %{_sbindir}/gdm %{_bindir}/gdm %{_bindir}/gdm-screenshot %dir %{_datadir}/dconf %dir %{_datadir}/dconf/profile %{_datadir}/dconf/profile/gdm %{_datadir}/gdm/ %{_datadir}/gnome-session/sessions/gnome-login.session %{_datadir}/glib-2.0/schemas/org.gnome.login-screen.gschema.xml /%{_lib}/security/pam_gdm.so %dir %{_libexecdir}/gdm %{_libexecdir}/gdm/gdm-* %{_libexecdir}/gdm/gdmflexiserver %ghost %attr(750,gdm,gdm) %dir %{_localstatedir}/lib/gdm %ghost %attr(711,root,gdm) %dir %{_localstatedir}/log/gdm %ghost %dir %{_localstatedir}/cache/gdm %ghost %attr(711,root,gdm) %dir /run/gdm %config %{_sysconfdir}/pam.d/gdm %config %{_sysconfdir}/pam.d/gdm-autologin %if %{enable_split_authentication} %config %{_sysconfdir}/pam.d/gdm-fingerprint %config %{_sysconfdir}/pam.d/gdm-smartcard %endif %config %{_sysconfdir}/pam.d/gdm-password %config %{_sysconfdir}/pam.d/gdm-launch-environment %config %{_sysconfdir}/dbus-1/system.d/gdm.conf # /etc/xinit.d/xdm integration %dir %{_libexecdir}/X11/displaymanagers %{_libexecdir}/X11/displaymanagers/default-displaymanager %{_libexecdir}/X11/displaymanagers/gdm %ghost %{_sysconfdir}/alternatives/default-displaymanager %{_udevrulesdir}/61-gdm.rules %{_libexecdir}/tmpfiles.d/gdm.conf %dir %{_libexecdir}/systemd/logind.conf.d %{_libexecdir}/systemd/logind.conf.d/reserveVT.conf %files -n libgdm1 %{_libdir}/libgdm.so.* %files -n typelib-1_0-Gdm-1_0 %{_libdir}/girepository-1.0/Gdm-1.0.typelib %files devel %{_includedir}/gdm/ %{_libdir}/libgdm.so %{_libdir}/pkgconfig/gdm.pc %{_libdir}/pkgconfig/gdm-pam-extensions.pc %{_datadir}/gir-1.0/Gdm-1.0.gir %files branding-upstream %config(noreplace) %{_sysconfdir}/gdm/custom.conf %files systemd %{systemdsystemunitdir}/gdm.service %files -n gdmflexiserver %{_bindir}/gdmflexiserver %files lang -f %{name}.lang %changelog ++++++ X11-displaymanager-gdm ++++++ gdm_vars() { case "${DISPLAYMANAGER##*/}" in gdm|GDM|Gnome|GNOME) RELOADSIGNAL="-USR1" DISPLAYMANAGER=/usr/sbin/gdm PIDFILE=/run/gdm/gdm.pid # let gdm run the Xserver as root if access to /dev/fb* # is required (bsc#1075805) # The GDM_DISABLE_USER_DISPLAY_SERVER variable is added by patch # gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch if [ ! -c /dev/dri/card0 -a \ ! -c /dev/nvidiactl ]; then export GDM_DISABLE_USER_DISPLAY_SERVER=1 fi return 0 ;; *) return 1 ;; esac return 1 } ++++++ _service ++++++ <services> <service name="obs_scm" mode="disabled"> <param name="scm">git</param> <param name="url">https://gitlab.gnome.org/GNOME/gdm.git</param> <param name="revision">refs/tags/3.34.1</param> <param name="versionformat">@PARENT_TAG@</param> </service> <service name="tar" mode="buildtime"/> <service name="recompress" mode="buildtime"> <param name="file">*.tar</param> <param name="compression">xz</param> </service> <service name="set_version" mode="disabled" /> </services> ++++++ autogen.sh ++++++ #!/bin/sh # Run this to generate all the initial makefiles, etc. test -n "$srcdir" || srcdir=`dirname "$0"` test -n "$srcdir" || srcdir=. olddir=`pwd` cd $srcdir AUTORECONF=`which autoreconf` if test -z $AUTORECONF; then echo "*** No autoreconf found, please intall it ***" exit 1 fi INTLTOOLIZE=`which intltoolize` if test -z $INTLTOOLIZE; then echo "*** No intltoolize found, please install the intltool package ***" exit 1 fi set -e intltoolize --force --copy --automake autoreconf --force --install --verbose cd $olddir test -n "$NOCONFIGURE" || "$srcdir/configure" "$@" ++++++ gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch ++++++ >From a19b51ad9e446948ba60c359641f6c4c14fec1da Mon Sep 17 00:00:00 2001 From: Michal Srb <[email protected]> Date: Fri, 26 Jan 2018 10:49:18 +0100 Subject: [PATCH] Add runtime option to disable starting X server as user If the environmental variable GDM_DISABLE_USER_DISPLAY_SERVER is defined, the X server will be started under root. The same way as if gdm was built with --disable-user-display-server option. This allows system to run X server under root if and only-if necessary. --- Index: gdm-3.34.1/daemon/gdm-local-display-factory.c =================================================================== --- gdm-3.34.1.orig/daemon/gdm-local-display-factory.c +++ gdm-3.34.1/daemon/gdm-local-display-factory.c @@ -231,11 +231,12 @@ gdm_local_display_factory_create_transie g_debug ("GdmLocalDisplayFactory: Creating transient display"); -#ifdef ENABLE_USER_DISPLAY_SERVER - display = gdm_local_display_new (); - if (gdm_local_display_factory_use_wayland ()) - g_object_set (G_OBJECT (display), "session-type", "wayland", NULL); -#else + if (getenv ("GDM_DISABLE_USER_DISPLAY_SERVER") == NULL) { + display = gdm_local_display_new (); + if (gdm_local_display_factory_use_wayland ()) + g_object_set (G_OBJECT (display), "session-type", "wayland", NULL); + } + if (display == NULL) { guint32 num; @@ -243,7 +244,6 @@ gdm_local_display_factory_create_transie display = gdm_legacy_display_new (num); } -#endif g_object_set (display, "seat-id", "seat0", @@ -502,7 +502,7 @@ create_display (GdmLocalDisplayFactory * g_debug ("GdmLocalDisplayFactory: Adding display on seat %s", seat_id); #ifdef ENABLE_USER_DISPLAY_SERVER - if (g_strcmp0 (seat_id, "seat0") == 0) { + if (getenv ("GDM_DISABLE_USER_DISPLAY_SERVER") == NULL && g_strcmp0 (seat_id, "seat0") == 0) { display = gdm_local_display_new (); if (session_type != NULL) { g_object_set (G_OBJECT (display), "session-type", session_type, NULL); @@ -772,6 +772,10 @@ on_vt_changed (GIOChannel *source, g_debug ("GdmLocalDisplayFactory: VT changed from %u to %u", previous_vt, factory->active_vt); + if (getenv ("GDM_DISABLE_USER_DISPLAY_SERVER") != NULL) { + return G_SOURCE_CONTINUE; + } + store = gdm_display_factory_get_display_store (GDM_DISPLAY_FACTORY (factory)); /* if the old VT was running a wayland login screen kill it @@ -874,6 +878,7 @@ gdm_local_display_factory_start_monitor g_object_unref); #if defined(ENABLE_WAYLAND_SUPPORT) && defined(ENABLE_USER_DISPLAY_SERVER) + if (getenv ("GDM_DISABLE_USER_DISPLAY_SERVER") == NULL ) { io_channel = g_io_channel_new_file ("/sys/class/tty/tty0/active", "r", NULL); if (io_channel != NULL) { @@ -884,6 +889,7 @@ gdm_local_display_factory_start_monitor on_vt_changed, factory); } + } #endif } Index: gdm-3.34.1/daemon/gdm-session.c =================================================================== --- gdm-3.34.1.orig/daemon/gdm-session.c +++ gdm-3.34.1/daemon/gdm-session.c @@ -373,7 +373,11 @@ get_system_session_dirs (GdmSession *sel #ifdef ENABLE_WAYLAND_SUPPORT if (!self->ignore_wayland) { #ifdef ENABLE_USER_DISPLAY_SERVER - g_array_prepend_val (search_array, wayland_search_dir); + if (getenv ("GDM_DISABLE_USER_DISPLAY_SERVER") == NULL) { + g_array_prepend_val (search_array, wayland_search_dir); + } else { + g_array_append_val (search_array, wayland_search_dir); + } for (i = 0; system_data_dirs[i]; i++) { gchar *dir = g_build_filename (system_data_dirs[i], "wayland-sessions", NULL); @@ -3315,8 +3319,10 @@ gdm_session_get_display_mode (GdmSession * right now. It will die with an error if logind devices * are paused when handed out. */ - return GDM_SESSION_DISPLAY_MODE_NEW_VT; -#else + if (getenv ("GDM_DISABLE_USER_DISPLAY_SERVER") == NULL) { + return GDM_SESSION_DISPLAY_MODE_NEW_VT; + } +#endif #ifdef ENABLE_WAYLAND_SUPPORT /* Wayland sessions are for now assumed to run in a @@ -3327,7 +3333,6 @@ gdm_session_get_display_mode (GdmSession } #endif return GDM_SESSION_DISPLAY_MODE_REUSE_VT; -#endif } void Index: gdm-3.34.1/daemon/gdm-session-worker.c =================================================================== --- gdm-3.34.1.orig/daemon/gdm-session-worker.c +++ gdm-3.34.1/daemon/gdm-session-worker.c @@ -1055,12 +1055,14 @@ gdm_session_worker_uninitialize_pam (Gdm * identical to the session_vt. So in that case we never need to * do a VT switch. */ #ifdef ENABLE_USER_DISPLAY_SERVER + if (getenv ("GDM_DISABLE_USER_DISPLAY_SERVER") == NULL ) { if (g_strcmp0 (worker->priv->display_seat_id, "seat0") == 0) { /* Switch to the login VT if we are not the login screen. */ if (worker->priv->session_vt != GDM_INITIAL_VT) { jump_to_vt (worker, GDM_INITIAL_VT); } } + } #endif worker->priv->session_vt = 0; Index: gdm-3.34.1/daemon/gdm-manager.c =================================================================== --- gdm-3.34.1.orig/daemon/gdm-manager.c +++ gdm-3.34.1/daemon/gdm-manager.c @@ -1347,6 +1347,8 @@ set_up_automatic_login_session (GdmManag "display-is-initial", FALSE, NULL); + if (getenv ("GDM_DISABLE_USER_DISPLAY_SERVER") != NULL) + manager->priv->did_automatic_login = TRUE; g_debug ("GdmManager: Starting automatic login conversation"); gdm_session_start_conversation (session, "gdm-autologin"); } Index: gdm-3.34.1/daemon/gdm-server.c =================================================================== --- gdm-3.34.1.orig/daemon/gdm-server.c +++ gdm-3.34.1/daemon/gdm-server.c @@ -752,7 +752,7 @@ gdm_server_start (GdmServer *server) GError **error = &local_error; /* Hardcode the VT for the initial X server, but nothing else */ - if (server->is_initial) { + if (server->is_initial && g_strcmp0 (server->display_name, ":0") == 0) { vtarg = "vt" G_STRINGIFY (GDM_INITIAL_VT); } ++++++ gdm-autologin.pamd ++++++ #%PAM-1.0 # GDM PAM configuration for autologin auth requisite pam_nologin.so auth required pam_permit.so auth optional pam_gdm.so auth optional pam_gnome_keyring.so account include common-account password include common-password session required pam_loginuid.so session optional pam_keyinit.so force revoke session include common-session ++++++ gdm-default-wm.patch ++++++ Index: gdm-3.31.91/daemon/gdm-session.c =================================================================== --- gdm-3.31.91.orig/daemon/gdm-session.c 2019-02-21 20:44:22.000000000 +0100 +++ gdm-3.31.91/daemon/gdm-session.c 2019-02-27 07:46:21.417932330 +0100 @@ -43,6 +43,8 @@ #include <glib-object.h> #include <gio/gio.h> +#include "gdm-sysconfig.h" + #include "gdm-session.h" #include "gdm-session-glue.h" #include "gdm-dbus-util.h" @@ -562,6 +564,14 @@ get_fallback_session_name (GdmSession *s } } + name = gdm_sysconfig_load_value ("/etc/sysconfig/windowmanager", "DEFAULT_WM"); + if (name && get_session_command_for_name (self, name, NULL)) { + g_free (self->fallback_session_name); + self->fallback_session_name = name; + goto out; + } + g_free (name); + name = g_strdup ("gnome"); if (get_session_command_for_name (self, name, NULL)) { g_free (self->fallback_session_name); ++++++ gdm-disable-gnome-initial-setup.patch ++++++ Index: gdm-3.34.1/daemon/gdm-display.c =================================================================== --- gdm-3.34.1.orig/daemon/gdm-display.c +++ gdm-3.34.1/daemon/gdm-display.c @@ -573,7 +573,7 @@ gdm_display_prepare (GdmDisplay *self) exit (EXIT_FAILURE); } - priv->doing_initial_setup = wants_initial_setup (self); + priv->doing_initial_setup = FALSE; g_object_ref (self); ret = GDM_DISPLAY_GET_CLASS (self)->prepare (self); @@ -1512,6 +1512,7 @@ on_launch_environment_session_died (GdmL self_destruct (self); } +#if 0 static gboolean can_create_environment (const char *session_id) { @@ -1663,6 +1664,7 @@ wants_initial_setup (GdmDisplay *self) return enabled; } +#endif void gdm_display_start_greeter_session (GdmDisplay *self) Index: gdm-3.34.1/data/gdm.schemas.in =================================================================== --- gdm-3.34.1.orig/data/gdm.schemas.in +++ gdm-3.34.1/data/gdm.schemas.in @@ -50,7 +50,7 @@ <schema> <key>daemon/InitialSetupEnable</key> <signature>b</signature> - <default>true</default> + <default>false</default> </schema> <schema> <key>daemon/WaylandEnable</key> ++++++ gdm-disable-wayland-on-mgag200-chipsets.patch ++++++ diff --git a/data/61-gdm.rules.in b/data/61-gdm.rules.in index ad5b87d..f964259 100644 --- a/data/61-gdm.rules.in +++ b/data/61-gdm.rules.in @@ -4,3 +4,12 @@ ATTR{vendor}=="0x1013", ATTR{device}=="0x00b8", ATTR{subsystem_vendor}=="0x1af4" ATTR{vendor}=="0x19e5", ATTR{device}=="0x1711", RUN+="@libexecdir@/gdm-disable-wayland" # disable Wayland when using the proprietary nvidia driver DRIVER=="nvidia", RUN+="@libexecdir@/gdm-disable-wayland" +# disable Wayland on Matrox Electronics Systems Ltd. MGA G200 server engines +ATTR{vendor}=="0x102b", ATTR{device}=="0x0522", RUN+="@libexecdir@/gdm-disable-wayland" +ATTR{vendor}=="0x102b", ATTR{device}=="0x0524", RUN+="@libexecdir@/gdm-disable-wayland" +ATTR{vendor}=="0x102b", ATTR{device}=="0x0530", RUN+="@libexecdir@/gdm-disable-wayland" +ATTR{vendor}=="0x102b", ATTR{device}=="0x0532", RUN+="@libexecdir@/gdm-disable-wayland" +ATTR{vendor}=="0x102b", ATTR{device}=="0x0533", RUN+="@libexecdir@/gdm-disable-wayland" +ATTR{vendor}=="0x102b", ATTR{device}=="0x0534", RUN+="@libexecdir@/gdm-disable-wayland" +ATTR{vendor}=="0x102b", ATTR{device}=="0x0536", RUN+="@libexecdir@/gdm-disable-wayland" +ATTR{vendor}=="0x102b", ATTR{device}=="0x0538", RUN+="@libexecdir@/gdm-disable-wayland" ++++++ gdm-display-Exit-with-failure-if-loading-existing-users-fails.patch ++++++ >From dc8235128c3a1fcd5da8f30ab6839d413d353f28 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= <[email protected]> Date: Tue, 27 Oct 2020 15:14:27 +0100 Subject: [PATCH] display: Exit with failure if loading existing users fails Given not having users may make GDM to launch initial setup, that allows to create new users (potentially with sudo capabilities), it's better to make look_for_existing_users() to return its status and only if it didn't fail continue the gdm execution. GHSL-2020-202 CVE-2020-16125 Fixes #642 --- daemon/gdm-display.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/daemon/gdm-display.c b/daemon/gdm-display.c index d1d24956..687e7da4 100644 --- a/daemon/gdm-display.c +++ b/daemon/gdm-display.c @@ -510,7 +510,7 @@ gdm_display_real_prepare (GdmDisplay *self) return TRUE; } -static void +static gboolean look_for_existing_users_sync (GdmDisplay *self) { GdmDisplayPrivate *priv; @@ -528,7 +528,7 @@ look_for_existing_users_sync (GdmDisplay *self) &error); if (!priv->accountsservice_proxy) { - g_warning ("Failed to contact accountsservice: %s", error->message); + g_critical ("Failed to contact accountsservice: %s", error->message); goto out; } @@ -541,7 +541,7 @@ look_for_existing_users_sync (GdmDisplay *self) &error); if (!call_result) { - g_warning ("Failed to list cached users: %s", error->message); + g_critical ("Failed to list cached users: %s", error->message); goto out; } @@ -551,6 +551,7 @@ look_for_existing_users_sync (GdmDisplay *self) g_variant_unref (call_result); out: g_clear_error (&error); + return priv->accountsservice_proxy != NULL && call_result != NULL; } gboolean @@ -568,7 +569,9 @@ gdm_display_prepare (GdmDisplay *self) /* FIXME: we should probably do this in a more global place, * asynchronously */ - look_for_existing_users_sync (self); + if (!look_for_existing_users_sync (self)) { + exit (EXIT_FAILURE); + } priv->doing_initial_setup = wants_initial_setup (self); -- 2.28.0 ++++++ gdm-enable-Wayland-on-Cirrus.patch ++++++ commit 81cf4baa5cf9a6e79f6adab750e6b0eb865689c0 Author: Chingkai Chu <[email protected]> Date: Thu Apr 2 20:39:20 2020 +0800 data: Update udev rules to enable Wayland on Cirrus We disable Wayland on Cirrus since f15e6451, but the cirrus driver was reimplemented in kernel v5.2 or later. This commit will enable Wayland on Cirrus chipset. Closes #586 diff --git a/data/61-gdm.rules.in b/data/61-gdm.rules.in index ad5b87d4..ba0b697a 100644 --- a/data/61-gdm.rules.in +++ b/data/61-gdm.rules.in @@ -1,5 +1,3 @@ -# disable Wayland on Cirrus chipsets -ATTR{vendor}=="0x1013", ATTR{device}=="0x00b8", ATTR{subsystem_vendor}=="0x1af4", ATTR{subsystem_device}=="0x1100", RUN+="@libexecdir@/gdm-disable-wayland" # disable Wayland on Hi1710 chipsets ATTR{vendor}=="0x19e5", ATTR{device}=="0x1711", RUN+="@libexecdir@/gdm-disable-wayland" # disable Wayland when using the proprietary nvidia driver ++++++ gdm-fingerprint.pamd ++++++ # Sample PAM file for doing fingerprint authentication. # Distros should replace this with what makes sense for them. auth requisite pam_nologin.so auth required pam_env.so auth sufficient pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session required pam_unix.so ++++++ gdm-fix-crash-when-using-Xvfb.patch ++++++ >From b7bbd224b0aef9d6c75c876153fdf778b5346fd9 Mon Sep 17 00:00:00 2001 From: Benjamin Berg <[email protected]> Date: Fri, 21 Aug 2020 12:14:32 +0200 Subject: [PATCH 1/2] manager: Fix possible crash by initializing display Some people insist on running sessions in ways where we cannot detect them properly. In that case, we shouldn't find a display, but the variable was not initialized and we could end up accessing random memory resulting in a crash. Fix it by adding the missing initializer. Closes: #555 --- daemon/gdm-manager.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c index 907eca37..e1bc09b1 100644 --- a/daemon/gdm-manager.c +++ b/daemon/gdm-manager.c @@ -811,7 +811,7 @@ gdm_manager_handle_register_session (GdmDBusManager *manager, GVariant *details) { GdmManager *self = GDM_MANAGER (manager); - GdmDisplay *display; + GdmDisplay *display = NULL; const char *sender; GDBusConnection *connection; -- 2.30.0 >From 84b4f871e3d8276a102285ac83d21ef11256d6c3 Mon Sep 17 00:00:00 2001 From: Benjamin Berg <[email protected]> Date: Fri, 21 Aug 2020 12:15:47 +0200 Subject: [PATCH 2/2] manager: Always write out parameter The get_display_and_details_for_bus_sender function does not return a proper error value. Due to this, it makes sense to always write the out parameters (though, I expect we have still more that we might need to write). This is just slightly safer, but the function probably isn't great as is. --- daemon/gdm-manager.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c index e1bc09b1..012be49d 100644 --- a/daemon/gdm-manager.c +++ b/daemon/gdm-manager.c @@ -576,10 +576,11 @@ get_display_and_details_for_bus_sender (GdmManager *self, lookup_by_session_id, (gpointer) session_id); +out: if (out_display != NULL) { *out_display = display; } -out: + g_free (session_id); } -- 2.30.0 ++++++ gdm-initial-setup-hardening.patch ++++++ Index: b/daemon/gdm-display.c =================================================================== --- a/daemon/gdm-display.c 2019-10-07 16:56:30.000000000 +0800 +++ b/daemon/gdm-display.c 2019-10-11 18:32:02.962410140 +0800 @@ -1523,12 +1523,12 @@ can_create_environment (const char *sess return session_exists; } -#define ALREADY_RAN_INITIAL_SETUP_ON_THIS_BOOT GDM_RUN_DIR "/gdm.ran-initial-setup" +#define BLOCK_INITIAL_SETUP LOCALSTATEDIR "/lib/gdm/block-initial-setup" static gboolean -already_done_initial_setup_on_this_boot (void) +already_done_initial_setup (void) { - if (g_file_test (ALREADY_RAN_INITIAL_SETUP_ON_THIS_BOOT, G_FILE_TEST_EXISTS)) + if (g_file_test (BLOCK_INITIAL_SETUP, G_FILE_TEST_EXISTS)) return TRUE; return FALSE; @@ -1624,7 +1624,7 @@ wants_initial_setup (GdmDisplay *self) priv = gdm_display_get_instance_private (self); - if (already_done_initial_setup_on_this_boot ()) { + if (already_done_initial_setup ()) { return FALSE; } Index: b/daemon/gdm-manager.c =================================================================== --- a/daemon/gdm-manager.c 2019-10-07 16:56:30.000000000 +0800 +++ b/daemon/gdm-manager.c 2019-10-11 18:32:26.370601206 +0800 @@ -62,7 +62,7 @@ #define GDM_MANAGER_DISPLAYS_PATH GDM_DBUS_PATH "/Displays" #define INITIAL_SETUP_USERNAME "gnome-initial-setup" -#define ALREADY_RAN_INITIAL_SETUP_ON_THIS_BOOT GDM_RUN_DIR "/gdm.ran-initial-setup" +#define BLOCK_INITIAL_SETUP LOCALSTATEDIR "/lib/gdm/block-initial-setup" typedef struct { @@ -1781,6 +1781,7 @@ on_start_user_session (StartUserSessionO gboolean doing_initial_setup = FALSE; GdmDisplay *display; const char *session_id; + int fd = -1; #if defined(ENABLE_WAYLAND_SUPPORT) && defined(ENABLE_USER_DISPLAY_SERVER) g_autofree char *display_session_type = NULL; #endif @@ -1813,6 +1814,15 @@ on_start_user_session (StartUserSessionO #endif NULL); + fd = open(BLOCK_INITIAL_SETUP, O_RDONLY|O_CREAT|O_EXCL|O_NOFOLLOW|O_CLOEXEC, 0644); + if (fd == -1 && errno != EEXIST) { + g_warning ("GdmDisplay: Could not write initial-setup-done marker to %s: %s", + BLOCK_INITIAL_SETUP, + strerror(errno)); + } + else { + close(fd); + } if (doing_initial_setup) chown_initial_setup_home_dir (); @@ -1833,8 +1843,6 @@ on_start_user_session (StartUserSessionO g_object_ref (display); if (doing_initial_setup) { - g_autoptr(GError) error = NULL; - #if defined(ENABLE_WAYLAND_SUPPORT) && defined(ENABLE_USER_DISPLAY_SERVER) if (g_strcmp0 (display_session_type, "wayland") == 0) { g_debug ("GdmManager: closing down initial setup display in background"); @@ -1847,16 +1855,6 @@ on_start_user_session (StartUserSessionO gdm_display_unmanage (display); gdm_display_finish (display); } - - if (!g_file_set_contents (ALREADY_RAN_INITIAL_SETUP_ON_THIS_BOOT, - "1", - 1, - &error)) { - g_warning ("GdmDisplay: Could not write initial-setup-done marker to %s: %s", - ALREADY_RAN_INITIAL_SETUP_ON_THIS_BOOT, - error->message); - g_clear_error (&error); - } } else { g_debug ("GdmManager: session has its display server, reusing our server for another login screen"); } ++++++ gdm-launch-environment.pamd ++++++ #%PAM-1.0 # GDM PAM configuration used only for the greeter session auth required pam_permit.so account required pam_permit.so password include common-password session optional pam_keyinit.so force revoke session include common-session ++++++ gdm-look-for-session-based-on-pid-first.patch ++++++ >From 82c3c9bbe924c43e93e74cd622207a54bc44962c Mon Sep 17 00:00:00 2001 From: Benjamin Berg <[email protected]> Date: Thu, 23 Jan 2020 14:32:38 +0100 Subject: [PATCH] manager: Try looking up session based on PID first Unfortunately, GDM may be running multiple greeters, and each greeter is currently using the same user. So while in a lot of setups each user should only have one graphical session and also only one DBus session bus, this is not true for the gdm greeter. Lacking another solution (e.g. separate users), we need to be able to correctly lookup the session information for all greeter instances. We can do so by using sd_pid_get_session and using this information is safe if it does return something. See: #526 --- common/gdm-common.c | 30 ++++++++++++++++++++++++++---- common/gdm-common.h | 7 ++++--- daemon/gdm-manager.c | 2 +- libgdm/gdm-user-switching.c | 2 +- 4 files changed, 32 insertions(+), 9 deletions(-) diff --git a/common/gdm-common.c b/common/gdm-common.c index 41bdb389..d13cf618 100644 --- a/common/gdm-common.c +++ b/common/gdm-common.c @@ -497,7 +497,7 @@ goto_login_session (GDBusConnection *connection, * since the data allocated is from libsystemd-logind, which * does not use GLib's g_malloc (). */ - if (!gdm_find_display_session_for_uid (getuid (), &our_session, &local_error)) { + if (!gdm_find_display_session (0, getuid (), &our_session, &local_error)) { g_propagate_prefixed_error (error, local_error, _("Could not identify the current session: ")); return FALSE; @@ -898,16 +898,38 @@ _systemd_session_is_active (const char *session_id) } gboolean -gdm_find_display_session_for_uid (const uid_t uid, - char **out_session_id, - GError **error) +gdm_find_display_session (int pid, + const uid_t uid, + char **out_session_id, + GError **error) { char *local_session_id = NULL; g_auto(GStrv) sessions = NULL; int n_sessions; + int res; g_return_val_if_fail (out_session_id != NULL, FALSE); + /* First try to look up the session using the pid. We need this + * at least for the greeter, because it currently runs multiple + * sessions under the same user. + * See also commit 2b52d8933c8ab38e7ee83318da2363d00d8c5581 + * which added an explicit dbus-run-session for all but seat0. + */ + res = sd_pid_get_session (pid, &local_session_id); + if (res >= 0) { + g_debug ("Found session %s for PID %d, using", local_session_id, pid); + + *out_session_id = g_strdup (local_session_id); + g_free (local_session_id); + + return TRUE; + } else { + if (res != -ENODATA) + g_warning ("Failed to retrieve session information for pid %d: %s", + pid, strerror (-res)); + } + g_debug ("Finding a graphical session for user %d", uid); n_sessions = sd_uid_get_sessions (uid, diff --git a/common/gdm-common.h b/common/gdm-common.h index 5c3fe137..3d037d68 100644 --- a/common/gdm-common.h +++ b/common/gdm-common.h @@ -51,9 +51,10 @@ int gdm_wait_on_and_disown_pid (int pid, int gdm_signal_pid (int pid, int signal); -gboolean gdm_find_display_session_for_uid (const uid_t uid, - char **out_session_id, - GError **error); +gboolean gdm_find_display_session (int pid, + const uid_t uid, + char **out_session_id, + GError **error); gboolean gdm_get_pwent_for_name (const char *name, struct passwd **pwentp); diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c index 907eca37..d8dfa843 100644 --- a/daemon/gdm-manager.c +++ b/daemon/gdm-manager.c @@ -501,7 +501,7 @@ get_display_and_details_for_bus_sender (GdmManager *self, goto out; } - ret = gdm_find_display_session_for_uid (caller_uid, &session_id, &error); + ret = gdm_find_display_session (pid, caller_uid, &session_id, &error); if (!ret) { g_debug ("GdmManager: Unable to find display session for uid %d: %s", diff --git a/libgdm/gdm-user-switching.c b/libgdm/gdm-user-switching.c index 3a33fcbb..20235fd8 100644 --- a/libgdm/gdm-user-switching.c +++ b/libgdm/gdm-user-switching.c @@ -203,7 +203,7 @@ goto_login_session (GDBusConnection *connection, /* Note that we mostly use free () here, instead of g_free () * since the data allocated is from libsystemd-logind, which * does not use GLib's g_malloc (). */ - if (!gdm_find_display_session_for_uid (getuid (), &our_session, &local_error)) { + if (!gdm_find_display_session (0, getuid (), &our_session, &local_error)) { g_propagate_prefixed_error (error, local_error, _("Could not identify the current session: ")); return FALSE; -- 2.24.1 ++++++ gdm-s390-not-require-g-s-d_wacom.patch ++++++ Index: gdm-3.34.1/data/gnome-login.session.in =================================================================== --- gdm-3.34.1.orig/data/gnome-login.session.in 2019-11-29 14:10:23.384796127 +0100 +++ gdm-3.34.1/data/gnome-login.session.in 2019-11-29 14:10:44.760797059 +0100 @@ -1,3 +1,3 @@ [GNOME Session] Name=Display Manager -RequiredComponents=org.gnome.Shell;org.gnome.SettingsDaemon.A11ySettings;org.gnome.SettingsDaemon.Color;org.gnome.SettingsDaemon.Datetime;org.gnome.SettingsDaemon.Housekeeping;org.gnome.SettingsDaemon.Keyboard;org.gnome.SettingsDaemon.MediaKeys;org.gnome.SettingsDaemon.Power;org.gnome.SettingsDaemon.PrintNotifications;org.gnome.SettingsDaemon.Rfkill;org.gnome.SettingsDaemon.ScreensaverProxy;org.gnome.SettingsDaemon.Sharing;org.gnome.SettingsDaemon.Smartcard;org.gnome.SettingsDaemon.Sound;org.gnome.SettingsDaemon.Wacom; +RequiredComponents=org.gnome.Shell;org.gnome.SettingsDaemon.A11ySettings;org.gnome.SettingsDaemon.Color;org.gnome.SettingsDaemon.Datetime;org.gnome.SettingsDaemon.Housekeeping;org.gnome.SettingsDaemon.Keyboard;org.gnome.SettingsDaemon.MediaKeys;org.gnome.SettingsDaemon.Power;org.gnome.SettingsDaemon.PrintNotifications;org.gnome.SettingsDaemon.Rfkill;org.gnome.SettingsDaemon.ScreensaverProxy;org.gnome.SettingsDaemon.Sharing;org.gnome.SettingsDaemon.Smartcard;org.gnome.SettingsDaemon.Sound; ++++++ gdm-smartcard.pamd ++++++ # Sample PAM file for doing smartcard authentication. # Distros should replace this with what makes sense for them. auth requisite pam_nologin.so auth required pam_env.so auth [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card card_only auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so password optional pam_pkcs11.so password requisite pam_cracklib.so try_first_pass retry=3 type= session optional pam_keyinit.so revoke session required pam_limits.so session required pam_unix.so ++++++ gdm-suse-xsession.patch ++++++ Index: gdm-3.31.91/data/Init.in =================================================================== --- gdm-3.31.91.orig/data/Init.in 2019-02-21 20:44:14.000000000 +0100 +++ gdm-3.31.91/data/Init.in 2019-02-27 07:46:21.401932235 +0100 @@ -1,4 +1,9 @@ #!/bin/sh + +if test -x /etc/X11/xdm/Xsetup; then + exec /etc/X11/xdm/Xsetup +fi + # Stolen from the debian kdm setup, aren't I sneaky # Plus a lot of fun stuff added # -George Index: gdm-3.31.91/data/PostSession.in =================================================================== --- gdm-3.31.91.orig/data/PostSession.in 2018-10-12 23:05:26.000000000 +0200 +++ gdm-3.31.91/data/PostSession.in 2019-02-27 07:46:21.401932235 +0100 @@ -1,3 +1,7 @@ #!/bin/sh +if test -x /etc/X11/xdm/Xreset; then + exec /etc/X11/xdm/Xreset +fi + exit 0 Index: gdm-3.31.91/data/Xsession.in =================================================================== --- gdm-3.31.91.orig/data/Xsession.in 2019-02-21 20:44:14.000000000 +0100 +++ gdm-3.31.91/data/Xsession.in 2019-02-27 07:46:21.401932235 +0100 @@ -1,4 +1,9 @@ #!@XSESSION_SHELL@ + +if test -x /etc/X11/xdm/Xsession; then + exec /etc/X11/xdm/Xsession $1 $GDM_LANG +fi + # # This is SORT OF LIKE an X session, but not quite. You get a command as the # first argument (it could be multiple words, so run it with "eval"). As a Index: gdm-3.31.91/data/PreSession.in =================================================================== --- gdm-3.31.91.orig/data/PreSession.in 2018-10-12 23:05:26.000000000 +0200 +++ gdm-3.31.91/data/PreSession.in 2019-02-27 07:46:21.401932235 +0100 @@ -6,4 +6,8 @@ # # Note that output goes into the .xsession-errors file for easy debugging # +if test -x /etc/X11/xdm/Xstartup; then + exec /etc/X11/xdm/Xstartup +fi + PATH="@X_PATH@:$PATH" ++++++ gdm-switch-to-tty1.patch ++++++ Index: gdm-3.32.0+2/daemon/main.c =================================================================== --- gdm-3.32.0+2.orig/daemon/main.c +++ gdm-3.32.0+2/daemon/main.c @@ -61,6 +61,31 @@ static GdmSettings *settings = static uid_t gdm_uid = -1; static gid_t gdm_gid = -1; +#define SHELLSCRIPT "\ +/bin/bash -c \ +\'PROCESS=\"X Xwayland plymouth\"\;\ +R=$(pidof $PROCESS)\;\ +while [ $? == 0 ]\;\ +do sleep 1\;\ + R=$(pidof $PROCESS)\;\ +done\;\ +systemd-cat echo Switch to tty1 Successfully\;\ +/usr/bin/chvt 1\'\ +" + +static void +jump_to_tty1 () +{ + g_autoptr(GError) error = NULL; + + g_debug ("Spawn jump to tty1 process"); + g_spawn_command_line_async (SHELLSCRIPT, + &error); + + if (error != NULL) + g_warning ("Error chvt to tty1: %s", error->message); +} + static gboolean timed_exit_cb (GMainLoop *loop) { @@ -263,6 +288,12 @@ on_shutdown_signal_cb (gpointer user_dat return FALSE; } +static void +on_signal_term_cb () +{ + g_debug ("Received SIGTERM again"); +} + static gboolean on_sighup_cb (gpointer user_data) { @@ -395,6 +426,7 @@ main (int argc, g_main_loop_run (main_loop); g_debug ("GDM finished, cleaning up..."); + signal (SIGTERM, on_signal_term_cb); g_clear_object (&manager); g_clear_object (&settings); @@ -402,6 +434,10 @@ main (int argc, gdm_settings_direct_shutdown (); gdm_log_shutdown (); + jump_to_tty1 (); + + g_debug ("GDM finished"); + g_main_loop_unref (main_loop); return EXIT_SUCCESS; ++++++ gdm-switch-user-tty7.patch ++++++ >From 89aa8f63555dd2e4a6b9fcdc49553e9feb231768 Mon Sep 17 00:00:00 2001 From: Xiaoguang Wang <[email protected]> Date: Tue, 5 Nov 2019 15:03:05 +0800 Subject: [PATCH] session-worker: Select GDM_INITIAL_VT tty for greeter session Closes #532 --- daemon/gdm-session-worker.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c index 1319907e..0ca3dd0c 100644 --- a/daemon/gdm-session-worker.c +++ b/daemon/gdm-session-worker.c @@ -2201,7 +2201,7 @@ set_up_for_new_vt (GdmSessionWorker *worker) return FALSE; } - if (worker->priv->display_is_initial) { + if (strcmp (worker->priv->service, "gdm-launch-environment") == 0) { session_vt = GDM_INITIAL_VT; } else { if (ioctl(fd, VT_OPENQRY, &session_vt) < 0) { -- 2.16.4 ++++++ gdm-sysconfig-settings.patch ++++++ ++++ 1025 lines (skipped) ++++++ gdm-xauthlocalhostname.patch ++++++ diff -urp gdm-3.33.90.orig/common/gdm-common.c gdm-3.33.90/common/gdm-common.c --- gdm-3.33.90.orig/common/gdm-common.c 2019-08-13 14:42:23.000000000 -0500 +++ gdm-3.33.90/common/gdm-common.c 2019-08-31 20:49:56.456485182 -0500 @@ -631,6 +631,8 @@ gdm_get_script_environment (const char * if (display_hostname) { g_hash_table_insert (hash, g_strdup ("REMOTE_HOST"), g_strdup (display_hostname)); + } else { + g_hash_table_insert (hash, g_strdup ("XAUTHLOCALHOSTNAME"), gdm_gethostname ()); } /* Runs as root */ @@ -952,3 +954,14 @@ gdm_find_display_session_for_uid (const return TRUE; } + +char * +gdm_gethostname (void) +{ + char localhost[HOST_NAME_MAX + 1] = ""; + if (gethostname (localhost, HOST_NAME_MAX) == 0) { + return g_strdup (localhost); + } else { + return g_strdup ("localhost"); + } +} diff -urp gdm-3.33.90.orig/common/gdm-common.h gdm-3.33.90/common/gdm-common.h --- gdm-3.33.90.orig/common/gdm-common.h 2019-08-13 14:42:23.000000000 -0500 +++ gdm-3.33.90/common/gdm-common.h 2019-08-31 20:49:56.460485202 -0500 @@ -65,6 +65,7 @@ char *gdm_generate_random_bytes gboolean gdm_get_login_window_session_id (const char *seat_id, char **session_id); gboolean gdm_goto_login_session (GError **error); +char *gdm_gethostname (void); GPtrArray *gdm_get_script_environment (const char *username, const char *display_name, diff -urp gdm-3.33.90.orig/daemon/gdm-display-access-file.c gdm-3.33.90/daemon/gdm-display-access-file.c --- gdm-3.33.90.orig/daemon/gdm-display-access-file.c 2019-08-02 14:44:35.000000000 -0500 +++ gdm-3.33.90/daemon/gdm-display-access-file.c 2019-08-31 20:49:56.460485202 -0500 @@ -441,13 +441,10 @@ _get_auth_info_for_display (GdmDisplayAc * * https://bugs.freedesktop.org/show_bug.cgi?id=43425 */ - char localhost[HOST_NAME_MAX + 1] = ""; *family = FamilyLocal; - if (gethostname (localhost, HOST_NAME_MAX) == 0) { - *address = g_strdup (localhost); - } else { - *address = g_strdup ("localhost"); - } + /* using the new function we create in the patch, to detect + * changes here, in the original code */ + *address = gdm_gethostname (); } else { *family = FamilyWild; gdm_display_get_remote_hostname (display, address, NULL); diff -urp gdm-3.33.90.orig/daemon/gdm-launch-environment.c gdm-3.33.90/daemon/gdm-launch-environment.c --- gdm-3.33.90.orig/daemon/gdm-launch-environment.c 2019-08-13 20:37:16.000000000 -0500 +++ gdm-3.33.90/daemon/gdm-launch-environment.c 2019-08-31 20:49:56.460485202 -0500 @@ -216,6 +216,11 @@ build_launch_environment (GdmLaunchEnvir g_hash_table_insert (hash, g_strdup ("GDM_SEAT_ID"), g_strdup (seat_id)); } + if (launch_environment->priv->x11_display_is_local) { + g_hash_table_remove (hash, "XAUTHLOCALHOSTNAME"); + g_hash_table_insert (hash, g_strdup ("XAUTHLOCALHOSTNAME"), gdm_gethostname ()); + } + g_hash_table_insert (hash, g_strdup ("RUNNING_UNDER_GDM"), g_strdup ("true")); return hash; diff -urp gdm-3.33.90.orig/daemon/gdm-session.c gdm-3.33.90/daemon/gdm-session.c --- gdm-3.33.90.orig/daemon/gdm-session.c 2019-08-31 20:49:31.756354259 -0500 +++ gdm-3.33.90/daemon/gdm-session.c 2019-08-31 20:49:56.464485224 -0500 @@ -2683,6 +2683,14 @@ set_up_session_environment (GdmSession * } } + if (self->display_is_local) { + char *hostname = gdm_gethostname (); + gdm_session_set_environment_variable (self, + "XAUTHLOCALHOSTNAME", + hostname); + g_free (hostname); + } + if (g_getenv ("WINDOWPATH") != NULL) { gdm_session_set_environment_variable (self, "WINDOWPATH", ++++++ gdm.obsinfo ++++++ name: gdm version: 3.34.1 mtime: 1570438590 commit: 80e010198217284d3cf52e8b334862a80b00cbd1 ++++++ gdm.pamd ++++++ #%PAM-1.0 # GDM PAM standard configuration (with passwords) auth requisite pam_nologin.so auth include common-auth account include common-account password include common-password session required pam_loginuid.so session optional pam_keyinit.so force revoke session include common-session ++++++ gdm.tmpfiles ++++++ d /var/lib/gdm/ 0750 gdm gdm - d /var/log/gdm/ 0711 root gdm - d /var/cache/gdm/ 1755 root root - ++++++ gdmflexiserver-wrapper ++++++ #!/bin/sh if test ! -x "${GDMFLEXISERVER:-/usr/lib/gdm/gdmflexiserver}"; then echo "No gdmflexiserver implementation found. Maybe install gdm?" >&2 exit 1 else exec "${GDMFLEXISERVER:-/usr/lib/gdm/gdmflexiserver}" fi ++++++ reserveVT.conf ++++++ [Login] ReserveVT=1
