Bug#1032914: phog: ships /etc/pam.d/greetd
Hi, I've filled #1034595 to get phog unblocked as well. (also this hopefully delays the autoremoval of phog). Cheers Jochen * Marc Dequènes [2023-04-07 19:45]: Quack Arnaud, greetd was unblocked today. Thanks for your help :-). \_o< -- Marc Dequènes signature.asc Description: PGP signature
Bug#1032914: phog: ships /etc/pam.d/greetd
Quack Arnaud, greetd was unblocked today. Thanks for your help :-). \_o< -- Marc Dequènes
Bug#1032914: phog: ships /etc/pam.d/greetd
Quack, On 2023-03-24 18:24, Arnaud Ferraris wrote: Well yes, it was only supposed to be transitional waiting for https://lists.sr.ht/~kennylevinsen/greetd/patches/36264 to land upstream, but I went a bit too optimistic on that one, my bad... That's fine. The greeter PAM config drops the gnome-keyring/kwallet bits in order to be a bit lighter at runtime (those lines cause at least "gnome-keyring-daemon" to be started for user "_greetd", which is basically useless as it's a system user with no actual use of a keyring). Therefore I feel it's best to keep both config separate, but I'd be fine with a single config if you prefer it that way. Ok, makes sense, I was not aware it spawned anything. Thanks for the comments, I'm attaching the updated patches. Thanks for your work. I just merged it and will be uploading shortly. Regards. \_o< -- Marc Dequènes
Bug#1032914: phog: ships /etc/pam.d/greetd
Hi, Le 22/03/2023 à 17:58, Marc Dequènes (duck) a écrit : Quack, Honestly when I read the title I really wondered how phog could have ended-up shipping this file. I forgot it initially, was asked about it and added it quickly, so it's not like I would have rejected the idea. Well yes, it was only supposed to be transitional waiting for https://lists.sr.ht/~kennylevinsen/greetd/patches/36264 to land upstream, but I went a bit too optimistic on that one, my bad... Anyway, back to the patch itself. First I wonder if it's useful to ship the second PAM config since in the code (greetd/src/server.rs#211) it simply use the base greetd PAM configuration as a fallback; this is not a blocker though. The greeter PAM config drops the gnome-keyring/kwallet bits in order to be a bit lighter at runtime (those lines cause at least "gnome-keyring-daemon" to be started for user "_greetd", which is basically useless as it's a system user with no actual use of a keyring). Therefore I feel it's best to keep both config separate, but I'd be fine with a single config if you prefer it that way. Then I would prefer if the changelog entries were shipped with the corresponding changes and not in a lump afterwards. Also the "debian:" and "d/*:" prefixes are not the style I use. Maybe I'm missing why some people still use it but with the VCS taking care of remembering which files have been changed I don't feel the need to add this anymore and it's not very non-DD friendly. I like your comments to clearly explain the rationale. Thanks for the comments, I'm attaching the updated patches. Cheers, Arnaud Regards. \_o< From 3494b22e9819cf6e1fd8c20623060272c1ea2c51 Mon Sep 17 00:00:00 2001 From: Arnaud Ferraris Date: Wed, 15 Mar 2023 13:51:11 +0100 Subject: [PATCH 1/2] Update PAM configuration(s) Except for the gnome-keyring bits, all items currently set in the `greetd` PAM config are already part of the `login` config. Including the latter makes the `greetd` config simpler. This commit also calls the PAM modules needed for unlocking the KDE wallet as well, and adds the `greetd-greeter` config (simply including `login` as the greeter itself doesn't need to deal with keyrings). Finally, switch to using debhelper for installing the configs instead of handling those manually. --- debian/changelog | 14 ++ debian/greetd.greetd-greeter.pam | 2 ++ debian/greetd.greetd.pam | 8 debian/greetd.install| 1 - debian/pam.d/greetd | 22 -- debian/rules | 5 - 6 files changed, 28 insertions(+), 24 deletions(-) create mode 100644 debian/greetd.greetd-greeter.pam create mode 100644 debian/greetd.greetd.pam delete mode 100644 debian/pam.d/greetd diff --git a/debian/changelog b/debian/changelog index 707afdf..ae9095e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,17 @@ +greetd (0.9.0-3) UNRELEASED; urgency=medium + + * Update PAM configuration(s) +Except for the gnome-keyring bits, all items currently set in the +`greetd` PAM config are already part of the `login` config. Including +the latter makes the `greetd` config simpler. +This commit also calls the PAM modules needed for unlocking the KDE +wallet as well, and adds the `greetd-greeter` config (simply including +`login` as the greeter itself doesn't need to deal with keyrings). +Finally, switch to using debhelper for installing the configs instead of +handling those manually. + + -- Arnaud Ferraris Fri, 24 Mar 2023 10:20:21 +0100 + greetd (0.9.0-2) unstable; urgency=medium * Provide PAM configuration (Closes: #1032786). diff --git a/debian/greetd.greetd-greeter.pam b/debian/greetd.greetd-greeter.pam new file mode 100644 index 000..1ed7162 --- /dev/null +++ b/debian/greetd.greetd-greeter.pam @@ -0,0 +1,2 @@ +#%PAM-1.0 +@include login diff --git a/debian/greetd.greetd.pam b/debian/greetd.greetd.pam new file mode 100644 index 000..7f2a906 --- /dev/null +++ b/debian/greetd.greetd.pam @@ -0,0 +1,8 @@ +#%PAM-1.0 +@include login + +-authoptionalpam_gnome_keyring.so +-authoptionalpam_kwallet5.so + +-session optionalpam_gnome_keyring.so auto_start +-session optionalpam_kwallet5.so auto_start diff --git a/debian/greetd.install b/debian/greetd.install index 0a3fbfb..83f2dad 100644 --- a/debian/greetd.install +++ b/debian/greetd.install @@ -1,4 +1,3 @@ greetd.service /lib/systemd/system/ config.toml /etc/greetd/ debian/needrestart/50_greetd.conf /etc/needrestart/conf.d/ -debian/pam.d/greetd /etc/pam.d/ diff --git a/debian/pam.d/greetd b/debian/pam.d/greetd deleted file mode 100644 index 062217b..000 --- a/debian/pam.d/greetd +++ /dev/null @@ -1,22 +0,0 @@ -#%PAM-1.0 - -# Block login if they are globally disabled -auth requisite pam_nologin.so - -# Load environment from /etc/environment and ~/.pam_environment -session
Bug#1032914: phog: ships /etc/pam.d/greetd
Quack, On 2023-03-21 18:49, Arnaud Ferraris wrote: @duck, any comment on the above? Thanks for the contribution. Honestly when I read the title I really wondered how phog could have ended-up shipping this file. I forgot it initially, was asked about it and added it quickly, so it's not like I would have rejected the idea. Anyway, back to the patch itself. First I wonder if it's useful to ship the second PAM config since in the code (greetd/src/server.rs#211) it simply use the base greetd PAM configuration as a fallback; this is not a blocker though. Then I would prefer if the changelog entries were shipped with the corresponding changes and not in a lump afterwards. Also the "debian:" and "d/*:" prefixes are not the style I use. Maybe I'm missing why some people still use it but with the VCS taking care of remembering which files have been changed I don't feel the need to add this anymore and it's not very non-DD friendly. I like your comments to clearly explain the rationale. Regards. \_o< -- Marc Dequènes
Bug#1032914: phog: ships /etc/pam.d/greetd
Control: tags -1 + patch Hi, On Tue, 14 Mar 2023 00:20:10 +0100 Andreas Beckmann wrote: > > Hi, > > during a test with piuparts I noticed your package failed to install > because it tries to overwrite other packages files. > > From the attached log (scroll to the bottom...): > > https://ci.debian.net/data/autopkgtest/testing/amd64/p/phog/32130044/log.gz > > Preparing to unpack .../phog_0.1.3-1_amd64.deb ... > Unpacking phog (0.1.3-1) ... > dpkg: error processing archive /var/cache/apt/archives/phog_0.1.3-1_amd64.deb (--unpack): > trying to overwrite '/etc/pam.d/greetd', which is also in package greetd 0.9.0-2 > Errors were encountered while processing: > /var/cache/apt/archives/phog_0.1.3-1_amd64.deb > E: Sub-process /usr/bin/dpkg returned an error code (1) > > > greetd recently started to ship /etc/pam.d/greetd (with different > content) itself. Thanks for the heads-up! I have a pending MR for fixing this bug on phog's side (see https://salsa.debian.org/DebianOnMobile-team/phog/-/merge_requests/5), however this would require small changes to greetd as well (+cc duck for that matter) to ensure users don't end up in a messed up situation. I opened a MR on salsa's greetd (https://salsa.debian.org/debian/greetd/-/merge_requests/1), attaching the corresponding patches here as well for completeness. @duck, any comment on the above? Cheers, Arnaud > > > cheers, > > Andreas > > From eca07bda4c0b272ded196008c3d4528c756f5bb6 Mon Sep 17 00:00:00 2001 From: Arnaud Ferraris Date: Wed, 15 Mar 2023 13:51:11 +0100 Subject: [PATCH 1/3] debian: update PAM config(s) Except for the gnome-keyring bits, all items currently set in the `greetd` PAM config are already part of the `login` config. Including the latter makes the `greetd` config simpler. This commit also calls the PAM modules needed for unlocking the KDE wallet as well, and adds the `greetd-greeter` config (simply including `login` as the greeter itself doesn't need to deal with keyrings). Finally, switch to using debhelper for installing the configs instead of handling those manually. --- debian/greetd.greetd-greeter.pam | 2 ++ debian/greetd.greetd.pam | 8 debian/greetd.install| 1 - debian/pam.d/greetd | 22 -- debian/rules | 5 - 5 files changed, 14 insertions(+), 24 deletions(-) create mode 100644 debian/greetd.greetd-greeter.pam create mode 100644 debian/greetd.greetd.pam delete mode 100644 debian/pam.d/greetd diff --git a/debian/greetd.greetd-greeter.pam b/debian/greetd.greetd-greeter.pam new file mode 100644 index 000..1ed7162 --- /dev/null +++ b/debian/greetd.greetd-greeter.pam @@ -0,0 +1,2 @@ +#%PAM-1.0 +@include login diff --git a/debian/greetd.greetd.pam b/debian/greetd.greetd.pam new file mode 100644 index 000..7f2a906 --- /dev/null +++ b/debian/greetd.greetd.pam @@ -0,0 +1,8 @@ +#%PAM-1.0 +@include login + +-authoptionalpam_gnome_keyring.so +-authoptionalpam_kwallet5.so + +-session optionalpam_gnome_keyring.so auto_start +-session optionalpam_kwallet5.so auto_start diff --git a/debian/greetd.install b/debian/greetd.install index 0a3fbfb..83f2dad 100644 --- a/debian/greetd.install +++ b/debian/greetd.install @@ -1,4 +1,3 @@ greetd.service /lib/systemd/system/ config.toml /etc/greetd/ debian/needrestart/50_greetd.conf /etc/needrestart/conf.d/ -debian/pam.d/greetd /etc/pam.d/ diff --git a/debian/pam.d/greetd b/debian/pam.d/greetd deleted file mode 100644 index 062217b..000 --- a/debian/pam.d/greetd +++ /dev/null @@ -1,22 +0,0 @@ -#%PAM-1.0 - -# Block login if they are globally disabled -auth requisite pam_nologin.so - -# Load environment from /etc/environment and ~/.pam_environment -session required pam_env.so readenv=1 -session required pam_env.so readenv=1 envfile=/etc/default/locale - -@include common-auth - --auth optional pam_gnome_keyring.so - -@include common-account - -session requiredpam_limits.so -session requiredpam_loginuid.so -@include common-session - --session optionalpam_gnome_keyring.so auto_start - -@include common-password diff --git a/debian/rules b/debian/rules index 523b72b..1c1d9c5 100755 --- a/debian/rules +++ b/debian/rules @@ -30,10 +30,13 @@ execute_after_dh_install: # bad perms chmod a-x debian/greetd/lib/systemd/system/greetd.service +override_dh_installpam: + dh_installpam --name=greetd + dh_installpam --name=greetd-greeter + override_dh_installsystemd: dh_installsystemd --no-stop-on-upgrade --no-start execute_after_dh_auto_clean: make -C man clean rm -f debian/cargo-checksum.json - -- 2.39.1 From be90d0cb662cf94de32bbb95f9070a6127b25bef Mon Sep 17 00:00:00 2001 From: Arnaud Ferraris Date: Wed, 15 Mar 2023 13:52:39 +0100 Subject: [PATCH 2/3] d/control: break/replace older `phog` `phog` used to ship the `greetd` and `greetd-greeter` PAM configs, leading to conflicts with the
Bug#1032914: phog: ships /etc/pam.d/greetd
Package: phog Version: 0.1.3-1 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Control: affects -1 + src:greetd Hi, during a test with piuparts I noticed your package failed to install because it tries to overwrite other packages files. >From the attached log (scroll to the bottom...): https://ci.debian.net/data/autopkgtest/testing/amd64/p/phog/32130044/log.gz Preparing to unpack .../phog_0.1.3-1_amd64.deb ... Unpacking phog (0.1.3-1) ... dpkg: error processing archive /var/cache/apt/archives/phog_0.1.3-1_amd64.deb (--unpack): trying to overwrite '/etc/pam.d/greetd', which is also in package greetd 0.9.0-2 Errors were encountered while processing: /var/cache/apt/archives/phog_0.1.3-1_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1) greetd recently started to ship /etc/pam.d/greetd (with different content) itself. cheers, Andreas