1 |
commit: a8b4ea87fb06325487a0e079aacc0b5a2e4950d8 |
2 |
Author: Mart Raudsepp <leio <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Aug 17 00:35:22 2018 +0000 |
4 |
Commit: Mart Raudsepp <leio <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Aug 17 00:35:41 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8b4ea87 |
7 |
|
8 |
gnome-base/gdm: security cleanup |
9 |
|
10 |
Bug: https://bugs.gentoo.org/662782 |
11 |
Package-Manager: Portage-2.3.46, Repoman-2.3.10 |
12 |
|
13 |
gnome-base/gdm/gdm-3.24.3.ebuild | 211 --------------------------------------- |
14 |
1 file changed, 211 deletions(-) |
15 |
|
16 |
diff --git a/gnome-base/gdm/gdm-3.24.3.ebuild b/gnome-base/gdm/gdm-3.24.3.ebuild |
17 |
deleted file mode 100644 |
18 |
index 6dc61fc310a..00000000000 |
19 |
--- a/gnome-base/gdm/gdm-3.24.3.ebuild |
20 |
+++ /dev/null |
21 |
@@ -1,211 +0,0 @@ |
22 |
-# Copyright 1999-2018 Gentoo Foundation |
23 |
-# Distributed under the terms of the GNU General Public License v2 |
24 |
- |
25 |
-EAPI=6 |
26 |
-GNOME2_LA_PUNT="yes" |
27 |
- |
28 |
-inherit eutils gnome2 pam readme.gentoo-r1 systemd user versionator |
29 |
- |
30 |
-DESCRIPTION="GNOME Display Manager for managing graphical display servers and user logins" |
31 |
-HOMEPAGE="https://wiki.gnome.org/Projects/GDM" |
32 |
- |
33 |
-SRC_URI="${SRC_URI} |
34 |
- branding? ( https://www.mail-archive.com/tango-artists@×××××××××××××××××.org/msg00043/tango-gentoo-v1.1.tar.gz ) |
35 |
-" |
36 |
- |
37 |
-LICENSE=" |
38 |
- GPL-2+ |
39 |
- branding? ( CC-BY-SA-4.0 ) |
40 |
-" |
41 |
- |
42 |
-SLOT="0" |
43 |
- |
44 |
-IUSE="accessibility audit branding fprint +introspection ipv6 plymouth selinux smartcard tcpd test wayland xinerama" |
45 |
- |
46 |
-KEYWORDS="~alpha amd64 ~arm ~ia64 ~ppc ~ppc64 ~sh x86" |
47 |
- |
48 |
-# NOTE: x11-base/xorg-server dep is for X_SERVER_PATH etc, bug #295686 |
49 |
-# nspr used by smartcard extension |
50 |
-# dconf, dbus and g-s-d are needed at install time for dconf update |
51 |
-# We need either systemd or >=openrc-0.12 to restart gdm properly, bug #463784 |
52 |
-COMMON_DEPEND=" |
53 |
- app-text/iso-codes |
54 |
- >=dev-libs/glib-2.36:2[dbus] |
55 |
- >=x11-libs/gtk+-2.91.1:3 |
56 |
- >=gnome-base/dconf-0.20 |
57 |
- >=gnome-base/gnome-settings-daemon-3.1.4 |
58 |
- gnome-base/gsettings-desktop-schemas |
59 |
- >=media-libs/fontconfig-2.5.0:1.0 |
60 |
- >=media-libs/libcanberra-0.4[gtk3] |
61 |
- sys-apps/dbus |
62 |
- >=sys-apps/accountsservice-0.6.35 |
63 |
- |
64 |
- x11-apps/sessreg |
65 |
- x11-base/xorg-server |
66 |
- x11-libs/libXi |
67 |
- x11-libs/libXau |
68 |
- x11-libs/libX11 |
69 |
- x11-libs/libXdmcp |
70 |
- x11-libs/libXext |
71 |
- x11-libs/libXft |
72 |
- x11-libs/libxcb |
73 |
- >=x11-misc/xdg-utils-1.0.2-r3 |
74 |
- |
75 |
- virtual/pam |
76 |
- >=sys-apps/systemd-186:0=[pam] |
77 |
- |
78 |
- sys-auth/pambase[systemd] |
79 |
- |
80 |
- audit? ( sys-process/audit ) |
81 |
- introspection? ( >=dev-libs/gobject-introspection-0.9.12:= ) |
82 |
- plymouth? ( sys-boot/plymouth ) |
83 |
- selinux? ( sys-libs/libselinux ) |
84 |
- tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) |
85 |
- xinerama? ( x11-libs/libXinerama ) |
86 |
-" |
87 |
-# XXX: These deps are from session and desktop files in data/ directory |
88 |
-# fprintd is used via dbus by gdm-fingerprint-extension |
89 |
-# gnome-session-3.6 needed to avoid freezing with orca |
90 |
-RDEPEND="${COMMON_DEPEND} |
91 |
- >=gnome-base/gnome-session-3.6 |
92 |
- >=gnome-base/gnome-shell-3.1.90 |
93 |
- x11-apps/xhost |
94 |
- |
95 |
- accessibility? ( |
96 |
- >=app-accessibility/orca-3.10 |
97 |
- gnome-extra/mousetweaks ) |
98 |
- fprint? ( |
99 |
- sys-auth/fprintd |
100 |
- sys-auth/pam_fprint ) |
101 |
- |
102 |
- !gnome-extra/fast-user-switch-applet |
103 |
-" |
104 |
-DEPEND="${COMMON_DEPEND} |
105 |
- app-text/docbook-xml-dtd:4.1.2 |
106 |
- dev-util/gdbus-codegen |
107 |
- >=dev-util/intltool-0.40.0 |
108 |
- dev-util/itstool |
109 |
- virtual/pkgconfig |
110 |
- x11-base/xorg-proto |
111 |
- test? ( >=dev-libs/check-0.9.4 ) |
112 |
-" |
113 |
- |
114 |
-DOC_CONTENTS=" |
115 |
- To make GDM start at boot, run:\n |
116 |
- # systemctl enable gdm.service\n |
117 |
- \n |
118 |
- For passwordless login to unlock your keyring, you need to install |
119 |
- sys-auth/pambase with USE=gnome-keyring and set an empty password |
120 |
- on your keyring. Use app-crypt/seahorse for that.\n |
121 |
- \n |
122 |
- You may need to install app-crypt/coolkey and sys-auth/pam_pkcs11 |
123 |
- for smartcard support |
124 |
-" |
125 |
- |
126 |
-pkg_setup() { |
127 |
- enewgroup gdm |
128 |
- enewgroup video # Just in case it hasn't been created yet |
129 |
- enewuser gdm -1 -1 /var/lib/gdm gdm,video |
130 |
- |
131 |
- # For compatibility with certain versions of nvidia-drivers, etc., need to |
132 |
- # ensure that gdm user is in the video group |
133 |
- if ! egetent group video | grep -q gdm; then |
134 |
- # FIXME XXX: is this at all portable, ldap-safe, etc.? |
135 |
- # XXX: egetent does not have a 1-argument form, so we can't use it to |
136 |
- # get the list of gdm's groups |
137 |
- local g=$(groups gdm) |
138 |
- elog "Adding user gdm to video group" |
139 |
- usermod -G video,${g// /,} gdm || die "Adding user gdm to video group failed" |
140 |
- fi |
141 |
-} |
142 |
- |
143 |
-src_prepare() { |
144 |
- # ssh-agent handling must be done at xinitrc.d, bug #220603 |
145 |
- eapply "${FILESDIR}/${PN}-2.32.0-xinitrc-ssh-agent.patch" |
146 |
- |
147 |
- # Gentoo does not have a fingerprint-auth pam stack |
148 |
- eapply "${FILESDIR}/${PN}-3.8.4-fingerprint-auth.patch" |
149 |
- |
150 |
- # Show logo when branding is enabled |
151 |
- use branding && eapply "${FILESDIR}/${PN}-3.8.4-logo.patch" |
152 |
- |
153 |
- gnome2_src_prepare |
154 |
-} |
155 |
- |
156 |
-src_configure() { |
157 |
- local myconf |
158 |
- # PAM is the only auth scheme supported |
159 |
- # even though configure lists shadow and crypt |
160 |
- # they don't have any corresponding code. |
161 |
- # --with-at-spi-registryd-directory= needs to be passed explicitly because |
162 |
- # of https://bugzilla.gnome.org/show_bug.cgi?id=607643#c4 |
163 |
- # Xevie is obsolete, bug #482304 |
164 |
- # --with-initial-vt=7 conflicts with plymouth, bug #453392 |
165 |
- ! use plymouth && myconf="${myconf} --with-initial-vt=7" |
166 |
- |
167 |
- gnome2_src_configure \ |
168 |
- --enable-gdm-xsession \ |
169 |
- --enable-user-display-server \ |
170 |
- --with-run-dir=/run/gdm \ |
171 |
- --localstatedir="${EPREFIX}"/var \ |
172 |
- --disable-static \ |
173 |
- --with-xdmcp=yes \ |
174 |
- --enable-authentication-scheme=pam \ |
175 |
- --with-default-pam-config=exherbo \ |
176 |
- --with-pam-mod-dir=$(getpam_mod_dir) \ |
177 |
- --with-at-spi-registryd-directory="${EPREFIX}"/usr/libexec \ |
178 |
- --without-xevie \ |
179 |
- --enable-systemd-journal \ |
180 |
- --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \ |
181 |
- $(use_with audit libaudit) \ |
182 |
- $(use_enable ipv6) \ |
183 |
- $(use_with plymouth) \ |
184 |
- $(use_with selinux) \ |
185 |
- $(use_with tcpd tcp-wrappers) \ |
186 |
- $(use_enable wayland wayland-support) \ |
187 |
- $(use_with xinerama) \ |
188 |
- ${myconf} |
189 |
-} |
190 |
- |
191 |
-src_install() { |
192 |
- gnome2_src_install |
193 |
- |
194 |
- if ! use accessibility ; then |
195 |
- rm "${ED}"/usr/share/gdm/greeter/autostart/orca-autostart.desktop || die |
196 |
- fi |
197 |
- |
198 |
- exeinto /etc/X11/xinit/xinitrc.d |
199 |
- newexe "${FILESDIR}/49-keychain-r1" 49-keychain |
200 |
- newexe "${FILESDIR}/50-ssh-agent-r1" 50-ssh-agent |
201 |
- |
202 |
- # gdm user's home directory |
203 |
- keepdir /var/lib/gdm |
204 |
- fowners gdm:gdm /var/lib/gdm |
205 |
- |
206 |
- # install XDG_DATA_DIRS gdm changes |
207 |
- echo 'XDG_DATA_DIRS="/usr/share/gdm"' > 99xdg-gdm |
208 |
- doenvd 99xdg-gdm |
209 |
- |
210 |
- use branding && newicon "${WORKDIR}/tango-gentoo-v1.1/scalable/gentoo.svg" gentoo-gdm.svg |
211 |
- |
212 |
- readme.gentoo_create_doc |
213 |
-} |
214 |
- |
215 |
-pkg_postinst() { |
216 |
- local d ret |
217 |
- |
218 |
- gnome2_pkg_postinst |
219 |
- |
220 |
- # bug #436456; gdm crashes if /var/lib/gdm subdirs are not owned by gdm:gdm |
221 |
- ret=0 |
222 |
- ebegin "Fixing "${EROOT}"var/lib/gdm ownership" |
223 |
- chown gdm:gdm "${EROOT}var/lib/gdm" || ret=1 |
224 |
- for d in "${EROOT}var/lib/gdm/"{.cache,.config,.local}; do |
225 |
- [[ ! -e "${d}" ]] || chown -R gdm:gdm "${d}" || ret=1 |
226 |
- done |
227 |
- eend ${ret} |
228 |
- |
229 |
- systemd_reenable gdm.service |
230 |
- |
231 |
- readme.gentoo_print_elog |
232 |
-} |