Gentoo Archives: gentoo-commits

From: Andreas Sturmlechner <asturm@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: x11-misc/sddm/files/, x11-misc/sddm/
Date: Sun, 23 Jun 2019 14:55:55
Message-Id: 1561301735.e54d537de46adc04d15f8279e5e96821f420609b.asturm@gentoo
1 commit: e54d537de46adc04d15f8279e5e96821f420609b
2 Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
3 AuthorDate: Sat Jun 22 20:45:51 2019 +0000
4 Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
5 CommitDate: Sun Jun 23 14:55:35 2019 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e54d537d
7
8 x11-misc/sddm: EAPI-7 bump, PAM groups, reuse sessions, HiDPI default
9
10 Package-Manager: Portage-2.3.67, Repoman-2.3.15
11 Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>
12
13 ...m-0.18.1-honor-PAM-supplemental-groups-v2.patch | 182 +++++++++++++++++++++
14 .../sddm-0.18.1-only-reuse-online-sessions.patch | 27 +++
15 ...18.1-revert-honor-PAM-supplemental-groups.patch | 87 ++++++++++
16 x11-misc/sddm/sddm-0.18.1-r1.ebuild | 107 ++++++++++++
17 4 files changed, 403 insertions(+)
18
19 diff --git a/x11-misc/sddm/files/sddm-0.18.1-honor-PAM-supplemental-groups-v2.patch b/x11-misc/sddm/files/sddm-0.18.1-honor-PAM-supplemental-groups-v2.patch
20 new file mode 100644
21 index 00000000000..f4ce7ae7ad7
22 --- /dev/null
23 +++ b/x11-misc/sddm/files/sddm-0.18.1-honor-PAM-supplemental-groups-v2.patch
24 @@ -0,0 +1,182 @@
25 +From 75e6e00d9e1ecf25e3a9c8332530a1e40d737cdb Mon Sep 17 00:00:00 2001
26 +From: "J. Konrad Tegtmeier-Rottach" <jktr@××××.de>
27 +Date: Thu, 9 May 2019 03:06:48 +0200
28 +Subject: [PATCH] Honor PAM's supplemental groups (v2) (#834, #1159)
29 +
30 +This moves the supplemental group initialization step from
31 +UserSession.cpp to the Backend system, so that the Pam Backend can
32 +inject additional supplemental groups via modules like pam_group.so.
33 +
34 +pam_setcred(3) assumes that it operates on an already initialized
35 +supplemental group list. However, PamBackend calls
36 +pam_setcred(PAM_ESTABLISH_CRED) earlier, at the start
37 +PamBackend::openSession, so a pam_setcred(PAM_REINITIALIZE_CRED) call
38 +must be issued to repeat the injection of PAM's supplemental groups.
39 +---
40 + src/helper/Backend.cpp | 5 +++++
41 + src/helper/Backend.h | 3 +++
42 + src/helper/HelperApp.cpp | 4 ++++
43 + src/helper/HelperApp.h | 1 +
44 + src/helper/UserSession.cpp | 13 ++++++++-----
45 + src/helper/backend/PamBackend.cpp | 18 ++++++++++++++++++
46 + src/helper/backend/PamBackend.h | 2 ++
47 + 7 files changed, 41 insertions(+), 5 deletions(-)
48 +
49 +diff --git a/src/helper/Backend.cpp b/src/helper/Backend.cpp
50 +index d6bb4d0a..35ae2bdf 100644
51 +--- a/src/helper/Backend.cpp
52 ++++ b/src/helper/Backend.cpp
53 +@@ -29,6 +29,7 @@
54 + #include <QtCore/QProcessEnvironment>
55 +
56 + #include <pwd.h>
57 ++#include <grp.h>
58 +
59 + namespace SDDM {
60 + Backend::Backend(HelperApp* parent)
61 +@@ -79,4 +80,8 @@ namespace SDDM {
62 + bool Backend::closeSession() {
63 + return true;
64 + }
65 ++
66 ++ bool Backend::setupSupplementalGroups(struct passwd *pw) {
67 ++ return !initgroups(pw->pw_name, pw->pw_gid);
68 ++ }
69 + }
70 +diff --git a/src/helper/Backend.h b/src/helper/Backend.h
71 +index b790e001..3caf1592 100644
72 +--- a/src/helper/Backend.h
73 ++++ b/src/helper/Backend.h
74 +@@ -22,6 +22,7 @@
75 + #define BACKEND_H
76 +
77 + #include <QtCore/QObject>
78 ++#include <pwd.h>
79 +
80 + namespace SDDM {
81 + class HelperApp;
82 +@@ -38,6 +39,8 @@ namespace SDDM {
83 + void setAutologin(bool on = true);
84 + void setGreeter(bool on = true);
85 +
86 ++ virtual bool setupSupplementalGroups(struct passwd *pw);
87 ++
88 + public slots:
89 + virtual bool start(const QString &user = QString()) = 0;
90 + virtual bool authenticate() = 0;
91 +diff --git a/src/helper/HelperApp.cpp b/src/helper/HelperApp.cpp
92 +index cad93bd8..d0891d75 100644
93 +--- a/src/helper/HelperApp.cpp
94 ++++ b/src/helper/HelperApp.cpp
95 +@@ -253,6 +253,10 @@ namespace SDDM {
96 + return m_session;
97 + }
98 +
99 ++ Backend *HelperApp::backend() {
100 ++ return m_backend;
101 ++ }
102 ++
103 + const QString& HelperApp::user() const {
104 + return m_user;
105 + }
106 +diff --git a/src/helper/HelperApp.h b/src/helper/HelperApp.h
107 +index 3742df12..cb5959a7 100644
108 +--- a/src/helper/HelperApp.h
109 ++++ b/src/helper/HelperApp.h
110 +@@ -39,6 +39,7 @@ namespace SDDM {
111 + virtual ~HelperApp();
112 +
113 + UserSession *session();
114 ++ Backend *backend();
115 + const QString &user() const;
116 + const QString &cookie() const;
117 +
118 +diff --git a/src/helper/UserSession.cpp b/src/helper/UserSession.cpp
119 +index f71fd358..62fd4d70 100644
120 +--- a/src/helper/UserSession.cpp
121 ++++ b/src/helper/UserSession.cpp
122 +@@ -19,6 +19,7 @@
123 + *
124 + */
125 +
126 ++#include "Backend.h"
127 + #include "Configuration.h"
128 + #include "UserSession.h"
129 + #include "HelperApp.h"
130 +@@ -129,7 +130,8 @@ namespace SDDM {
131 + #endif
132 +
133 + // switch user
134 +- const QByteArray username = qobject_cast<HelperApp*>(parent())->user().toLocal8Bit();
135 ++ HelperApp* app = qobject_cast<HelperApp*>(parent());
136 ++ const QByteArray username = app->user().toLocal8Bit();
137 + struct passwd pw;
138 + struct passwd *rpw;
139 + long bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
140 +@@ -146,12 +148,13 @@ namespace SDDM {
141 + qCritical() << "getpwnam_r(" << username << ") failed with error: " << strerror(err);
142 + exit(Auth::HELPER_OTHER_ERROR);
143 + }
144 +- if (setgid(pw.pw_gid) != 0) {
145 +- qCritical() << "setgid(" << pw.pw_gid << ") failed for user: " << username;
146 ++
147 ++ if (!app->backend()->setupSupplementalGroups(&pw)) {
148 ++ qCritical() << "failed to set up supplemental groups for user: " << username;
149 + exit(Auth::HELPER_OTHER_ERROR);
150 + }
151 +- if (initgroups(pw.pw_name, pw.pw_gid) != 0) {
152 +- qCritical() << "initgroups(" << pw.pw_name << ", " << pw.pw_gid << ") failed for user: " << username;
153 ++ if (setgid(pw.pw_gid) != 0) {
154 ++ qCritical() << "setgid(" << pw.pw_gid << ") failed for user: " << username;
155 + exit(Auth::HELPER_OTHER_ERROR);
156 + }
157 + if (setuid(pw.pw_uid) != 0) {
158 +diff --git a/src/helper/backend/PamBackend.cpp b/src/helper/backend/PamBackend.cpp
159 +index f86d77d6..cccfa258 100644
160 +--- a/src/helper/backend/PamBackend.cpp
161 ++++ b/src/helper/backend/PamBackend.cpp
162 +@@ -289,6 +289,24 @@ namespace SDDM {
163 + return QString::fromLocal8Bit((const char*) m_pam->getItem(PAM_USER));
164 + }
165 +
166 ++ bool PamBackend::setupSupplementalGroups(struct passwd *pw) {
167 ++ if (!Backend::setupSupplementalGroups(pw))
168 ++ return false;
169 ++
170 ++ // pam_setcred(3) may inject additional groups into the user's
171 ++ // list of supplemental groups, and assumes that the user's
172 ++ // supplemental groups have already been initialized before
173 ++ // its invocation. Since pam_setcred was already called at the
174 ++ // start of openSession, we need to repeat this step here as
175 ++ // the user's groups have only just now been initialized.
176 ++
177 ++ if (!m_pam->setCred(PAM_REINITIALIZE_CRED)) {
178 ++ m_app->error(m_pam->errorString(), Auth::ERROR_AUTHENTICATION);
179 ++ return false;
180 ++ }
181 ++ return true;
182 ++ }
183 ++
184 + int PamBackend::converse(int n, const struct pam_message **msg, struct pam_response **resp) {
185 + qDebug() << "[PAM] Conversation with" << n << "messages";
186 +
187 +diff --git a/src/helper/backend/PamBackend.h b/src/helper/backend/PamBackend.h
188 +index 4c8b4b35..5b079099 100644
189 +--- a/src/helper/backend/PamBackend.h
190 ++++ b/src/helper/backend/PamBackend.h
191 +@@ -28,6 +28,7 @@
192 + #include <QtCore/QObject>
193 +
194 + #include <security/pam_appl.h>
195 ++#include <pwd.h>
196 +
197 + namespace SDDM {
198 + class PamHandle;
199 +@@ -61,6 +62,7 @@ namespace SDDM {
200 + explicit PamBackend(HelperApp *parent);
201 + virtual ~PamBackend();
202 + int converse(int n, const struct pam_message **msg, struct pam_response **resp);
203 ++ virtual bool setupSupplementalGroups(struct passwd *pw);
204 +
205 + public slots:
206 + virtual bool start(const QString &user = QString());
207
208 diff --git a/x11-misc/sddm/files/sddm-0.18.1-only-reuse-online-sessions.patch b/x11-misc/sddm/files/sddm-0.18.1-only-reuse-online-sessions.patch
209 new file mode 100644
210 index 00000000000..b3ea90ff768
211 --- /dev/null
212 +++ b/x11-misc/sddm/files/sddm-0.18.1-only-reuse-online-sessions.patch
213 @@ -0,0 +1,27 @@
214 +From f131270ff3ae6e6b4e2dc965cd05b46e194b48c1 Mon Sep 17 00:00:00 2001
215 +From: Fabian Vogt <fabian@×××××××××××.de>
216 +Date: Tue, 31 Jul 2018 16:51:13 +0200
217 +Subject: [PATCH] Session reuse: Only consider "online" sessions
218 +
219 +Otherwise it might switch to already dead sessions ("closing" or "lingering").
220 +---
221 + src/daemon/Display.cpp | 4 ++--
222 + 1 file changed, 2 insertions(+), 2 deletions(-)
223 +
224 +diff --git a/src/daemon/Display.cpp b/src/daemon/Display.cpp
225 +index 86e597e..ec442b0 100644
226 +--- a/src/daemon/Display.cpp
227 ++++ b/src/daemon/Display.cpp
228 +@@ -290,8 +290,8 @@ namespace SDDM {
229 + foreach(const SessionInfo &s, reply.value()) {
230 + if (s.userName == user) {
231 + OrgFreedesktopLogin1SessionInterface session(Logind::serviceName(), s.sessionPath.path(), QDBusConnection::systemBus());
232 +- if (session.service() == QLatin1String("sddm")) {
233 +- m_reuseSessionId = s.sessionId;
234 ++ if (session.service() == QLatin1String("sddm") && session.state() == QLatin1String("online")) {
235 ++ m_reuseSessionId = s.sessionId;
236 + break;
237 + }
238 + }
239 +--
240 +2.18.0
241
242 diff --git a/x11-misc/sddm/files/sddm-0.18.1-revert-honor-PAM-supplemental-groups.patch b/x11-misc/sddm/files/sddm-0.18.1-revert-honor-PAM-supplemental-groups.patch
243 new file mode 100644
244 index 00000000000..f14ff7670c8
245 --- /dev/null
246 +++ b/x11-misc/sddm/files/sddm-0.18.1-revert-honor-PAM-supplemental-groups.patch
247 @@ -0,0 +1,87 @@
248 +From d3953e88a94ec25a87d3c5136517b3d1009cb1fd Mon Sep 17 00:00:00 2001
249 +From: "J. Konrad Tegtmeier-Rottach" <jktr@××××.de>
250 +Date: Wed, 8 May 2019 18:58:53 +0200
251 +Subject: [PATCH] Revert "Honor PAM's ambient supplemental groups. (#834)"
252 +
253 +This reverts commit 1bc813d08b8130e458a6550ec47fb2bfbe6de080, which
254 +misuses PAM and leads to pulling in all of root's supplemental groups
255 +during session initialization instead of only adding PAM's extra
256 +groups. The problem was masked due to the root user not having any
257 +supplemental groups in some common contexts, like running sddm from a
258 +systemd unit.
259 +---
260 + src/helper/UserSession.cpp | 57 --------------------------------------
261 + 1 file changed, 57 deletions(-)
262 +
263 +diff --git a/src/helper/UserSession.cpp b/src/helper/UserSession.cpp
264 +index b3aec356..f71fd358 100644
265 +--- a/src/helper/UserSession.cpp
266 ++++ b/src/helper/UserSession.cpp
267 +@@ -150,67 +150,10 @@ namespace SDDM {
268 + qCritical() << "setgid(" << pw.pw_gid << ") failed for user: " << username;
269 + exit(Auth::HELPER_OTHER_ERROR);
270 + }
271 +-
272 +-#ifdef USE_PAM
273 +-
274 +- // fetch ambient groups from PAM's environment;
275 +- // these are set by modules such as pam_groups.so
276 +- int n_pam_groups = getgroups(0, NULL);
277 +- gid_t *pam_groups = NULL;
278 +- if (n_pam_groups > 0) {
279 +- pam_groups = new gid_t[n_pam_groups];
280 +- if ((n_pam_groups = getgroups(n_pam_groups, pam_groups)) == -1) {
281 +- qCritical() << "getgroups() failed to fetch supplemental"
282 +- << "PAM groups for user:" << username;
283 +- exit(Auth::HELPER_OTHER_ERROR);
284 +- }
285 +- } else {
286 +- n_pam_groups = 0;
287 +- }
288 +-
289 +- // fetch session's user's groups
290 +- int n_user_groups = 0;
291 +- gid_t *user_groups = NULL;
292 +- if (-1 == getgrouplist(username.constData(), pw.pw_gid,
293 +- NULL, &n_user_groups)) {
294 +- user_groups = new gid_t[n_user_groups];
295 +- if ((n_user_groups = getgrouplist(username.constData(),
296 +- pw.pw_gid, user_groups,
297 +- &n_user_groups)) == -1 ) {
298 +- qCritical() << "getgrouplist(" << username << ", " << pw.pw_gid
299 +- << ") failed";
300 +- exit(Auth::HELPER_OTHER_ERROR);
301 +- }
302 +- }
303 +-
304 +- // set groups to concatenation of PAM's ambient
305 +- // groups and the session's user's groups
306 +- int n_groups = n_pam_groups + n_user_groups;
307 +- if (n_groups > 0) {
308 +- gid_t *groups = new gid_t[n_groups];
309 +- memcpy(groups, pam_groups, (n_pam_groups * sizeof(gid_t)));
310 +- memcpy((groups + n_pam_groups), user_groups,
311 +- (n_user_groups * sizeof(gid_t)));
312 +-
313 +- // setgroups(2) handles duplicate groups
314 +- if (setgroups(n_groups, groups) != 0) {
315 +- qCritical() << "setgroups() failed for user: " << username;
316 +- exit (Auth::HELPER_OTHER_ERROR);
317 +- }
318 +- delete[] groups;
319 +- }
320 +- delete[] pam_groups;
321 +- delete[] user_groups;
322 +-
323 +-#else
324 +-
325 + if (initgroups(pw.pw_name, pw.pw_gid) != 0) {
326 + qCritical() << "initgroups(" << pw.pw_name << ", " << pw.pw_gid << ") failed for user: " << username;
327 + exit(Auth::HELPER_OTHER_ERROR);
328 + }
329 +-
330 +-#endif /* USE_PAM */
331 +-
332 + if (setuid(pw.pw_uid) != 0) {
333 + qCritical() << "setuid(" << pw.pw_uid << ") failed for user: " << username;
334 + exit(Auth::HELPER_OTHER_ERROR);
335
336 diff --git a/x11-misc/sddm/sddm-0.18.1-r1.ebuild b/x11-misc/sddm/sddm-0.18.1-r1.ebuild
337 new file mode 100644
338 index 00000000000..f0955a4b7f7
339 --- /dev/null
340 +++ b/x11-misc/sddm/sddm-0.18.1-r1.ebuild
341 @@ -0,0 +1,107 @@
342 +# Copyright 1999-2019 Gentoo Authors
343 +# Distributed under the terms of the GNU General Public License v2
344 +
345 +EAPI=7
346 +
347 +PLOCALES="ar bn ca cs da de es et fi fr hi_IN hu is it ja kk ko lt lv nb nl nn pl pt_BR pt_PT ro ru sk sr sr@ijekavian sr@ijekavianlatin sr@latin sv tr uk zh_CN zh_TW"
348 +inherit cmake-utils l10n systemd user
349 +
350 +DESCRIPTION="Simple Desktop Display Manager"
351 +HOMEPAGE="https://github.com/sddm/sddm"
352 +SRC_URI="https://github.com/${PN}/${PN}/releases/download/v${PV}/${P}.tar.xz"
353 +
354 +LICENSE="GPL-2+ MIT CC-BY-3.0 CC-BY-SA-3.0 public-domain"
355 +SLOT="0"
356 +KEYWORDS="~amd64 ~arm ~arm64 ~x86"
357 +IUSE="consolekit elogind +pam systemd test"
358 +
359 +REQUIRED_USE="?? ( elogind systemd )"
360 +
361 +BDEPEND="
362 + dev-python/docutils
363 + >=dev-qt/linguist-tools-5.9.4:5
364 + kde-frameworks/extra-cmake-modules:5
365 + virtual/pkgconfig
366 +"
367 +RDEPEND="
368 + >=dev-qt/qtcore-5.9.4:5
369 + >=dev-qt/qtdbus-5.9.4:5
370 + >=dev-qt/qtdeclarative-5.9.4:5
371 + >=dev-qt/qtgui-5.9.4:5
372 + >=dev-qt/qtnetwork-5.9.4:5
373 + >=x11-base/xorg-server-1.15.1
374 + x11-libs/libxcb[xkb]
375 + consolekit? ( >=sys-auth/consolekit-0.9.4 )
376 + elogind? ( sys-auth/elogind )
377 + pam? ( sys-libs/pam )
378 + systemd? ( sys-apps/systemd:= )
379 + !systemd? ( sys-power/upower )
380 +"
381 +DEPEND="${RDEPEND}
382 + test? ( >=dev-qt/qttest-5.9.4:5 )
383 +"
384 +
385 +PATCHES=(
386 + "${FILESDIR}/${PN}-0.12.0-respect-user-flags.patch"
387 + "${FILESDIR}/${PN}-0.18.0-Xsession.patch" # bug 611210
388 + "${FILESDIR}/${PN}-0.18.0-sddmconfdir.patch"
389 + # fix for groups: https://github.com/sddm/sddm/issues/1159
390 + "${FILESDIR}/${P}-revert-honor-PAM-supplemental-groups.patch"
391 + "${FILESDIR}/${P}-honor-PAM-supplemental-groups-v2.patch"
392 + # fix for ReuseSession=true
393 + "${FILESDIR}/${P}-only-reuse-online-sessions.patch"
394 + # TODO: fix properly
395 + "${FILESDIR}/${PN}-0.16.0-ck2-revert.patch" # bug 633920
396 +)
397 +
398 +src_prepare() {
399 + cmake-utils_src_prepare
400 +
401 + disable_locale() {
402 + sed -e "/${1}\.ts/d" -i data/translations/CMakeLists.txt || die
403 + }
404 + l10n_find_plocales_changes "data/translations" "" ".ts"
405 + l10n_for_each_disabled_locale_do disable_locale
406 +
407 + if ! use test; then
408 + sed -e "/^find_package/s/ Test//" -i CMakeLists.txt || die
409 + cmake_comment_add_subdirectory test
410 + fi
411 +}
412 +
413 +src_configure() {
414 + local mycmakeargs=(
415 + -DENABLE_PAM=$(usex pam)
416 + -DNO_SYSTEMD=$(usex '!systemd')
417 + -DUSE_ELOGIND=$(usex 'elogind')
418 + -DBUILD_MAN_PAGES=ON
419 + -DDBUS_CONFIG_FILENAME="org.freedesktop.sddm.conf"
420 + )
421 + cmake-utils_src_configure
422 +}
423 +
424 +src_install() {
425 + cmake-utils_src_install
426 +
427 + # Create a default.conf as upstream dropped /etc/sddm.conf w/o replacement
428 + local confd="/usr/share/sddm/sddm.conf.d"
429 + dodir ${confd}
430 + "${D}"/usr/bin/sddm --example-config > "${D}/${confd}"/00default.conf \
431 + || die "Failed to create 00default.conf"
432 +
433 + sed -e "/^InputMethod/s/qtvirtualkeyboard//" \
434 + -e "/^ReuseSession/s/false/true/" \
435 + -e "/^EnableHiDPI/s/false/true/" \
436 + -i "${D}/${confd}"/00default.conf || die
437 +}
438 +
439 +pkg_postinst() {
440 + elog "Starting with 0.18.0, SDDM no longer installs /etc/sddm.conf"
441 + elog "Use it to override specific options. SDDM defaults are now"
442 + elog "found in: /usr/share/sddm/sddm.conf.d/00default.conf"
443 +
444 + enewgroup ${PN}
445 + enewuser ${PN} -1 -1 /var/lib/${PN} ${PN},video
446 +
447 + systemd_reenable sddm.service
448 +}