Bug#1032914: phog: ships /etc/pam.d/greetd

Fri, 24 Mar 2023 02:27:17 -0700 

Hi,

Le 22/03/2023 à 17:58, Marc Dequènes (duck) a écrit :

Quack,
Honestly when I read the title I really wondered how phog could have ended-up shipping this file. I forgot it initially, was asked about it and added it quickly, so it's not like I would have rejected the idea.
Well yes, it was only supposed to be transitional waiting for https://lists.sr.ht/~kennylevinsen/greetd/patches/36264 to land upstream, but I went a bit too optimistic on that one, my bad...
Anyway, back to the patch itself. First I wonder if it's useful to ship the second PAM config since in the code (greetd/src/server.rs#211) it simply use the base greetd PAM configuration as a fallback; this is not a blocker though.
The greeter PAM config drops the gnome-keyring/kwallet bits in order to be a bit lighter at runtime (those lines cause at least "gnome-keyring-daemon" to be started for user "_greetd", which is basically useless as it's a system user with no actual use of a keyring). Therefore I feel it's best to keep both config separate, but I'd be fine with a single config if you prefer it that way.
Then I would prefer if the changelog entries were shipped with the corresponding changes and not in a lump afterwards. Also the "debian:" and "d/*:" prefixes are not the style I use. Maybe I'm missing why some people still use it but with the VCS taking care of remembering which files have been changed I don't feel the need to add this anymore and it's not very non-DD friendly. I like your comments to clearly explain the rationale. 

Thanks for the comments, I'm attaching the updated patches.

Cheers,
Arnaud



Regards.
\_o<


From 3494b22e9819cf6e1fd8c20623060272c1ea2c51 Mon Sep 17 00:00:00 2001
From: Arnaud Ferraris <arnaud.ferra...@collabora.com>
Date: Wed, 15 Mar 2023 13:51:11 +0100
Subject: [PATCH 1/2] Update PAM configuration(s)

Except for the gnome-keyring bits, all items currently set in the
`greetd` PAM config are already part of the `login` config. Including
the latter makes the `greetd` config simpler.

This commit also calls the PAM modules needed for unlocking the KDE
wallet as well, and adds the `greetd-greeter` config (simply including
`login` as the greeter itself doesn't need to deal with keyrings).

Finally, switch to using debhelper for installing the configs instead of
handling those manually.
---
 debian/changelog                 | 14 ++++++++++++++
 debian/greetd.greetd-greeter.pam |  2 ++
 debian/greetd.greetd.pam         |  8 ++++++++
 debian/greetd.install            |  1 -
 debian/pam.d/greetd              | 22 ----------------------
 debian/rules                     |  5 ++++-
 6 files changed, 28 insertions(+), 24 deletions(-)
 create mode 100644 debian/greetd.greetd-greeter.pam
 create mode 100644 debian/greetd.greetd.pam
 delete mode 100644 debian/pam.d/greetd

diff --git a/debian/changelog b/debian/changelog
index 707afdf..ae9095e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+greetd (0.9.0-3) UNRELEASED; urgency=medium
+
+  * Update PAM configuration(s)
+    Except for the gnome-keyring bits, all items currently set in the
+    `greetd` PAM config are already part of the `login` config. Including
+    the latter makes the `greetd` config simpler.
+    This commit also calls the PAM modules needed for unlocking the KDE
+    wallet as well, and adds the `greetd-greeter` config (simply including
+    `login` as the greeter itself doesn't need to deal with keyrings).
+    Finally, switch to using debhelper for installing the configs instead of
+    handling those manually.
+
+ -- Arnaud Ferraris <aferra...@debian.org>  Fri, 24 Mar 2023 10:20:21 +0100
+
 greetd (0.9.0-2) unstable; urgency=medium
 
   * Provide PAM configuration (Closes: #1032786).
diff --git a/debian/greetd.greetd-greeter.pam b/debian/greetd.greetd-greeter.pam
new file mode 100644
index 0000000..1ed7162
--- /dev/null
+++ b/debian/greetd.greetd-greeter.pam
@@ -0,0 +1,2 @@
+#%PAM-1.0
+@include login
diff --git a/debian/greetd.greetd.pam b/debian/greetd.greetd.pam
new file mode 100644
index 0000000..7f2a906
--- /dev/null
+++ b/debian/greetd.greetd.pam
@@ -0,0 +1,8 @@
+#%PAM-1.0
+@include login
+
+-auth        optional        pam_gnome_keyring.so
+-auth        optional        pam_kwallet5.so
+
+-session     optional        pam_gnome_keyring.so auto_start
+-session     optional        pam_kwallet5.so auto_start
diff --git a/debian/greetd.install b/debian/greetd.install
index 0a3fbfb..83f2dad 100644
--- a/debian/greetd.install
+++ b/debian/greetd.install
@@ -1,4 +1,3 @@
 greetd.service /lib/systemd/system/
 config.toml /etc/greetd/
 debian/needrestart/50_greetd.conf /etc/needrestart/conf.d/
-debian/pam.d/greetd /etc/pam.d/
diff --git a/debian/pam.d/greetd b/debian/pam.d/greetd
deleted file mode 100644
index 062217b..0000000
--- a/debian/pam.d/greetd
+++ /dev/null
@@ -1,22 +0,0 @@
-#%PAM-1.0
-
-# Block login if they are globally disabled
-auth      requisite pam_nologin.so
-
-# Load environment from /etc/environment and ~/.pam_environment
-session      required pam_env.so readenv=1
-session      required pam_env.so readenv=1 envfile=/etc/default/locale
-
-@include common-auth
-
--auth  optional pam_gnome_keyring.so
-
-@include common-account
-
-session  required        pam_limits.so
-session  required        pam_loginuid.so
-@include common-session
-
--session optional        pam_gnome_keyring.so auto_start
-
-@include common-password
diff --git a/debian/rules b/debian/rules
index 523b72b..1c1d9c5 100755
--- a/debian/rules
+++ b/debian/rules
@@ -30,10 +30,13 @@ execute_after_dh_install:
 	# bad perms
 	chmod a-x debian/greetd/lib/systemd/system/greetd.service
 
+override_dh_installpam:
+	dh_installpam --name=greetd
+	dh_installpam --name=greetd-greeter
+
 override_dh_installsystemd:
 	dh_installsystemd --no-stop-on-upgrade --no-start
 
 execute_after_dh_auto_clean:
 	make -C man clean
 	rm -f debian/cargo-checksum.json
-
-- 
2.39.1


From 058e8d82ef7ed744d92ab3e25cdec89ae1ce743c Mon Sep 17 00:00:00 2001
From: Arnaud Ferraris <arnaud.ferra...@collabora.com>
Date: Wed, 15 Mar 2023 13:52:39 +0100
Subject: [PATCH 2/2] Add Breaks/Replaces relationships on older `phog`

`phog` used to ship the `greetd` and `greetd-greeter` PAM configs,
leading to conflicts with the latest version of the `greetd` package.
This commit ensures we avoid this conflict and maintain a clean
upgrade path for both those packages.
---
 debian/changelog | 7 ++++++-
 debian/control   | 3 ++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index ae9095e..2d5959d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,8 +9,13 @@ greetd (0.9.0-3) UNRELEASED; urgency=medium
     `login` as the greeter itself doesn't need to deal with keyrings).
     Finally, switch to using debhelper for installing the configs instead of
     handling those manually.
+  * Add Breaks/Replaces relationships on older `phog`
+    `phog` used to ship the `greetd` and `greetd-greeter` PAM configs,
+    leading to conflicts with the latest version of the `greetd` package.
+    This commit ensures we avoid this conflict and maintain a clean
+    upgrade path for both those packages.
 
- -- Arnaud Ferraris <aferra...@debian.org>  Fri, 24 Mar 2023 10:20:21 +0100
+ -- Arnaud Ferraris <aferra...@debian.org>  Fri, 24 Mar 2023 10:21:55 +0100
 
 greetd (0.9.0-2) unstable; urgency=medium
 
diff --git a/debian/control b/debian/control
index 98466f4..c5d8cb6 100644
--- a/debian/control
+++ b/debian/control
@@ -35,7 +35,8 @@ Depends:
  adduser
 Provides: x-display-manager
 Suggests: wlgreet
+Breaks: phog (<< 0.1.3-2)
+Replaces: phog (<< 0.1.3-2)
 Description: minimal Wayland login manager
  greetd is a minimal and flexible login manager daemon that makes no
  assumptions about what you want to launch.
-
-- 
2.39.1

Reply via email to