Skip to content

Commit

Permalink
x11/lightdm: Fix login.conf issues, import various improvements
Browse files Browse the repository at this point in the history
- Add patch to use setusercontext(3) to setup user environment, so it respects login.conf among other things [1]
- Use autoreconf, since patch requires regenerating configure script to check for setusercontext(3) [2]
- Explicitly disable libaudit support, not supported in FreeBSD [3]
- Add QT5 options, disabled by default, to control linking against qt5 [4]
- Import patch adding option to enable alternative location for .xsession-errors file [5]
- Correctly define runtime dependencies
- Forcibly disable installation of apparmor files
- Install PAM configuration files as samples, so in the future they are not overwritten if customized
- Pet portclippy/portfmt
- Regenerate patches

Upstreaming:

[1] canonical/lightdm#334

[5] canonical/lightdm#335

Many thanks to all people involved!

PR:		266532 [1] [2],
		273720 [1],
		275885 [3] [4] [5]
Tested by:	Ivan Rozhuk <[email protected]>,
		Daniel Tameling <[email protected]> (provided setusercontext patch),
		Anton Saietskii <[email protected]>
  • Loading branch information
madpilot78 committed Dec 29, 2023
1 parent 9558eb4 commit 23a47f2
Show file tree
Hide file tree
Showing 11 changed files with 235 additions and 49 deletions.
71 changes: 45 additions & 26 deletions x11/lightdm/Makefile
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
PORTNAME= lightdm
PORTVERSION= 1.32.0
PORTREVISION= 1
PORTREVISION= 2
CATEGORIES= x11
MASTER_SITES= https://github.com/canonical/${PORTNAME}/releases/download/${DISTVERSIONPREFIX}${DISTVERSION}/

Expand All @@ -9,58 +9,77 @@ COMMENT= Lightweight Display Manager
WWW= https://github.com/canonical/lightdm

# library/bindings are LGPLv2 or LGPLv3, the rest GPLv3+
LICENSE= LGPL20 LGPL3 GPLv3
LICENSE= GPLv3 LGPL20 LGPL3
LICENSE_COMB= multi
LICENSE_FILE_GPLv3= ${WRKSRC}/COPYING.GPL3
LICENSE_FILE_LGPL20= ${WRKSRC}/COPYING.LGPL2
LICENSE_FILE_LGPL3= ${WRKSRC}/COPYING.LGPL3
LICENSE_FILE_GPLv3= ${WRKSRC}/COPYING.GPL3

BUILD_DEPENDS= itstool:textproc/itstool
LIB_DEPENDS= libaccountsservice.so:sysutils/accountsservice \
libck-connector.so:sysutils/consolekit2 \
libgcrypt.so:security/libgcrypt \
LIB_DEPENDS= libgcrypt.so:security/libgcrypt \
libxklavier.so:x11/libxklavier
RUN_DEPENDS= accountsservice>=0:sysutils/accountsservice \
ck-launch-session:sysutils/consolekit2

USES= compiler:c++11-lang cpe gettext gmake gnome libtool localbase \
pathfix pkgconfig tar:xz xorg
USES= autoreconf compiler:c++11-lang cpe gettext gmake gnome \
libtool localbase pathfix pkgconfig tar:xz xorg
CPE_VENDOR= ${PORTNAME}_project
USE_CXXSTD= c++11
USE_GNOME= glib20 intltool
USE_XORG= x11 xcb xdmcp
USE_LDCONFIG= yes
USE_RC_SUBR= lightdm
USE_XORG= x11 xcb xdmcp

GNU_CONFIGURE= yes
# tests causes PAM errors
CONFIGURE_ARGS= --disable-libaudit \
--disable-tests
INSTALL_TARGET= install-strip
LIBS= -lutil
CONFLICTS_INSTALL= sddm
PORTSCOUT= limitw:1,even
SUB_FILES= Xsession
USERS= lightdm
GROUPS= lightdm video

GNU_CONFIGURE= yes
CONFIGURE_ARGS= --disable-tests # PAM errors
INSTALL_TARGET= install-strip
USERS= lightdm
GROUPS= lightdm video
PORTSCOUT= limitw:1,even
SUB_FILES= Xsession
OPTIONS_DEFINE= DOCS QT5 VAPI
OPTIONS_DEFAULT= VAPI
OPTIONS_SUB= yes

OPTIONS_DEFINE= DOCS VAPI
OPTIONS_DEFAULT=VAPI
OPTIONS_SUB= yes
DOCS_BUILD_DEPENDS= ${LOCALBASE}/share/aclocal/yelp.m4:textproc/yelp-tools \
gtkdoc-check:textproc/gtk-doc
DOCS_CONFIGURE_ON= --enable-gtk-doc

DOCS_BUILD_DEPENDS= gtkdoc-check:textproc/gtk-doc
DOCS_CONFIGURE_ENABLE= gtk-doc
QT5_USES= qt:5
QT5_USE= QT=buildtools,core,dbus,gui
QT5_CONFIGURE_ENABLE= liblightdm-qt5

VAPI_USES= vala:build
VAPI_USE= GNOME=introspection:build
VAPI_CONFIGURE_ENABLE= vala
VAPI_USE= gnome=introspection:build

post-patch:
@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' \
${WRKSRC}/data/lightdm.conf

post-patch-DOCS-off:
@${REINPLACE_CMD} -e '/^GTK_DOC_CHECK/d' \
-e '/^YELP_HELP_INIT/d' \
-e '/^doc\/Makefile/d' \
-e '/^help\/Makefile/d' \
${WRKSRC}/configure.ac
@${REINPLACE_CMD} -e '/^SUBDIRS/s/ doc help//' \
${WRKSRC}/Makefile.am

post-install:
${RM} -r ${STAGEDIR}${PREFIX}/etc/init
${INSTALL_SCRIPT} ${WRKDIR}/Xsession ${STAGEDIR}${PREFIX}/etc/lightdm/
${MV} ${STAGEDIR}${PREFIX}/etc/lightdm/keys.conf ${STAGEDIR}${PREFIX}/etc/lightdm/keys.conf.sample
${MV} ${STAGEDIR}${PREFIX}/etc/lightdm/lightdm.conf ${STAGEDIR}${PREFIX}/etc/lightdm/lightdm.conf.sample
${MV} ${STAGEDIR}${PREFIX}/etc/lightdm/users.conf ${STAGEDIR}${PREFIX}/etc/lightdm/users.conf.sample
${INSTALL_SCRIPT} ${WRKDIR}/Xsession ${STAGEDIR}${ETCDIR}
${MV} ${STAGEDIR}${ETCDIR}/keys.conf ${STAGEDIR}${ETCDIR}/keys.conf.sample
${MV} ${STAGEDIR}${ETCDIR}/lightdm.conf ${STAGEDIR}${ETCDIR}/lightdm.conf.sample
${MV} ${STAGEDIR}${ETCDIR}/users.conf ${STAGEDIR}${ETCDIR}/users.conf.sample
${MV} ${STAGEDIR}${PREFIX}/etc/pam.d/lightdm ${STAGEDIR}${PREFIX}/etc/pam.d/lightdm.sample
${MV} ${STAGEDIR}${PREFIX}/etc/pam.d/lightdm-autologin ${STAGEDIR}${PREFIX}/etc/pam.d/lightdm-autologin.sample
${MV} ${STAGEDIR}${PREFIX}/etc/pam.d/lightdm-greeter ${STAGEDIR}${PREFIX}/etc/pam.d/lightdm-greeter.sample
${MKDIR} ${STAGEDIR}/var/cache/lightdm \
${STAGEDIR}/var/log/lightdm \
${STAGEDIR}/var/run/lightdm
Expand Down
10 changes: 10 additions & 0 deletions x11/lightdm/files/patch-common_configuration.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
--- common/configuration.c.orig 2021-02-15 22:00:52 UTC
+++ common/configuration.c
@@ -346,6 +346,7 @@ config_init (Configuration *config)
g_hash_table_insert (config->priv->lightdm_keys, "greeters-directory", GINT_TO_POINTER (KEY_SUPPORTED));
g_hash_table_insert (config->priv->lightdm_keys, "backup-logs", GINT_TO_POINTER (KEY_SUPPORTED));
g_hash_table_insert (config->priv->lightdm_keys, "dbus-service", GINT_TO_POINTER (KEY_SUPPORTED));
+ g_hash_table_insert (config->priv->lightdm_keys, "smart-xsession-errors", GINT_TO_POINTER (KEY_SUPPORTED));
g_hash_table_insert (config->priv->lightdm_keys, "logind-load-seats", GINT_TO_POINTER (KEY_DEPRECATED));

g_hash_table_insert (config->priv->seat_keys, "type", GINT_TO_POINTER (KEY_SUPPORTED));
11 changes: 11 additions & 0 deletions x11/lightdm/files/patch-configure.ac
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
--- configure.ac.orig 2022-07-18 03:42:33 UTC
+++ configure.ac
@@ -48,7 +48,7 @@ AC_CHECK_HEADERS(gcrypt.h, [], AC_MSG_ERROR(libgcrypt

AC_CHECK_HEADERS(gcrypt.h, [], AC_MSG_ERROR(libgcrypt not found))

-AC_CHECK_FUNCS(setresgid setresuid clearenv __getgroups_chk)
+AC_CHECK_FUNCS(setresgid setresuid setusercontext clearenv __getgroups_chk)

PKG_CHECK_MODULES(LIGHTDM, [
glib-2.0 >= 2.44
29 changes: 29 additions & 0 deletions x11/lightdm/files/patch-data_Makefile.am
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
--- data/Makefile.am.orig 2022-05-01 23:00:26 UTC
+++ data/Makefile.am
@@ -15,18 +15,6 @@ dist_completions_DATA = bash-completion/dm-tool bash-c
completionsdir = $(datadir)/bash-completion/completions
dist_completions_DATA = bash-completion/dm-tool bash-completion/lightdm

-lightdm-guest-session: $(srcdir)/apparmor/lightdm-guest-session.in
- sed -e 's|@libexecdir[@]|$(libexecdir)|g' $< >$@
-
-apparmor_profiledir = $(sysconfdir)/apparmor.d
-apparmor_profile_DATA = \
- lightdm-guest-session
-
-apparmor_profile_abstractionsdir = $(apparmor_profiledir)/abstractions
-dist_apparmor_profile_abstractions_DATA = \
- apparmor/abstractions/lightdm \
- apparmor/abstractions/lightdm_chromium-browser
-
accountsservice_interface = org.freedesktop.DisplayManager.AccountsService.xml

dbusdir = $(datadir)/dbus-1/interfaces
@@ -46,5 +34,5 @@ dist_man1_MANS = dm-tool.1 \
dist_man1_MANS = dm-tool.1 \
lightdm.1

-EXTRA_DIST = apparmor/lightdm-guest-session.in $(polkit_in_files)
-CLEANFILES = lightdm-guest-session $(polkit_DATA)
+EXTRA_DIST = $(polkit_in_files)
+CLEANFILES = $(polkit_DATA)
23 changes: 19 additions & 4 deletions x11/lightdm/files/patch-data_lightdm.conf
Original file line number Diff line number Diff line change
@@ -1,6 +1,13 @@
--- data/lightdm.conf.orig 2018-09-05 01:33:31 UTC
--- data/lightdm.conf.orig 2022-07-04 03:28:22 UTC
+++ data/lightdm.conf
@@ -22,8 +22,8 @@
@@ -17,13 +17,15 @@
# greeters-directory = Directory to find greeters
# backup-logs = True to move add a .old suffix to old log files when opening new ones
# dbus-service = True if LightDM provides a D-Bus service to control it
+# smart-xsession-errors = True to force .xsesion.errors file to be positioned according to XDG standards
+# Default False, put it in ~/.xsession-errors
#
[LightDM]
#start-default-seat=true
#greeter-user=lightdm
#minimum-display-number=0
Expand All @@ -10,8 +17,16 @@
+lock-memory=false
#user-authority-in-system-dir=false
#guest-account-script=guest-account
#logind-check-graphical=false
@@ -108,7 +108,7 @@
#logind-check-graphical=true
@@ -35,6 +37,7 @@
#greeters-directory=$XDG_DATA_DIRS/lightdm/greeters:$XDG_DATA_DIRS/xgreeters
#backup-logs=true
#dbus-service=true
+#smart-xsession-errors=false

#
# Seat configuration
@@ -108,7 +111,7 @@
#allow-user-switching=true
#allow-guest=true
#guest-session=
Expand Down
4 changes: 2 additions & 2 deletions x11/lightdm/files/patch-data_users.conf
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
--- data/users.conf.orig 2015-08-09 23:30:00 UTC
--- data/users.conf.orig 2019-08-04 22:29:55 UTC
+++ data/users.conf
@@ -9,6 +9,6 @@
# hidden-shells = Shells that indicate a user cannot login
Expand All @@ -7,4 +7,4 @@
-minimum-uid=500
+minimum-uid=1001
hidden-users=nobody nobody4 noaccess
hidden-shells=/bin/false /usr/sbin/nologin
hidden-shells=/bin/false /usr/sbin/nologin /sbin/nologin
10 changes: 5 additions & 5 deletions x11/lightdm/files/patch-liblightdm-gobject_language.c
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
https://bugs.launchpad.net/lightdm/+bug/790186

--- liblightdm-gobject/language.c.orig 2018-08-29 22:30:07 UTC
--- liblightdm-gobject/language.c.orig 2021-02-15 22:06:28 UTC
+++ liblightdm-gobject/language.c
@@ -57,6 +57,12 @@ G_DEFINE_TYPE_WITH_PRIVATE (LightDMLanguage, lightdm_l
@@ -55,6 +55,12 @@ static GList *languages = NULL;
static gboolean have_languages = FALSE;
static GList *languages = NULL;

Expand All @@ -15,7 +15,7 @@
static void
update_languages (void)
{
@@ -83,7 +89,7 @@ update_languages (void)
@@ -81,7 +87,7 @@ update_languages (void)
continue;

/* Ignore the non-interesting languages */
Expand All @@ -24,7 +24,7 @@
continue;

LightDMLanguage *language = g_object_new (LIGHTDM_TYPE_LANGUAGE, "code", code, NULL);
@@ -94,12 +100,6 @@ update_languages (void)
@@ -92,12 +98,6 @@ update_languages (void)
have_languages = TRUE;
}

Expand All @@ -37,7 +37,7 @@
/* Get a valid locale name that can be passed to setlocale(), so we always can use nl_langinfo() to get language and country names. */
static gchar *
get_locale_name (const gchar *code)
@@ -131,7 +131,7 @@ get_locale_name (const gchar *code)
@@ -129,7 +129,7 @@ get_locale_name (const gchar *code)
for (gint i = 0; avail_locales[i]; i++)
{
const gchar *loc = avail_locales[i];
Expand Down
11 changes: 10 additions & 1 deletion x11/lightdm/files/patch-src_lightdm.c
Original file line number Diff line number Diff line change
@@ -1,6 +1,15 @@
--- src/lightdm.c.orig 2022-07-10 21:17:23 UTC
+++ src/lightdm.c
@@ -813,7 +813,7 @@ main (int argc, char **argv)
@@ -758,6 +758,8 @@ main (int argc, char **argv)
config_set_boolean (config_get_instance (), "LightDM", "backup-logs", TRUE);
if (!config_has_key (config_get_instance (), "LightDM", "dbus-service"))
config_set_boolean (config_get_instance (), "LightDM", "dbus-service", TRUE);
+ if (!config_has_key (config_get_instance (), "LightDM", "smart-xsession-errors"))
+ config_set_boolean (config_get_instance (), "LightDM", "smart-xsession-errors", FALSE);
if (!config_has_key (config_get_instance (), "Seat:*", "type"))
config_set_string (config_get_instance (), "Seat:*", "type", "local");
if (!config_has_key (config_get_instance (), "Seat:*", "pam-service"))
@@ -813,7 +815,7 @@ main (int argc, char **argv)
if (!config_has_key (config_get_instance (), "XDMCPServer", "hostname"))
config_set_string (config_get_instance (), "XDMCPServer", "hostname", g_get_host_name ());
if (!config_has_key (config_get_instance (), "LightDM", "logind-check-graphical"))
Expand Down
75 changes: 67 additions & 8 deletions x11/lightdm/files/patch-src_session-child.c
Original file line number Diff line number Diff line change
@@ -1,14 +1,19 @@
--- src/session-child.c.orig 2018-02-06 23:31:03 UTC
--- src/session-child.c.orig 2021-04-12 04:52:50 UTC
+++ src/session-child.c
@@ -13,7 +13,6 @@
@@ -13,9 +13,11 @@
#include <grp.h>
#include <glib.h>
#include <security/pam_appl.h>
-#include <utmp.h>
#include <utmpx.h>
#include <sys/mman.h>
+#if HAVE_SETUSERCONTEXT
+#include <login_cap.h>
+#endif

@@ -192,28 +191,6 @@ read_xauth (void)
#if HAVE_LIBAUDIT
#include <libaudit.h>
@@ -193,28 +195,6 @@ read_xauth (void)
return x_authority_new (x_authority_family, x_authority_address, x_authority_address_length, x_authority_number, x_authority_name, x_authority_data, x_authority_data_length);
}

Expand Down Expand Up @@ -37,32 +42,86 @@
#if HAVE_LIBAUDIT
static void
audit_event (int type, const gchar *username, uid_t uid, const gchar *remote_host_name, const gchar *tty, gboolean success)
@@ -363,7 +340,6 @@ session_child_run (int argc, char **argv)
@@ -364,7 +344,6 @@ session_child_run (int argc, char **argv)
ut.ut_tv.tv_sec = tv.tv_sec;
ut.ut_tv.tv_usec = tv.tv_usec;

- updwtmpx ("/var/log/btmp", &ut);

#if HAVE_LIBAUDIT
audit_event (AUDIT_USER_LOGIN, username, -1, remote_host_name, tty, FALSE);
@@ -393,7 +369,7 @@ session_child_run (int argc, char **argv)
@@ -394,7 +373,7 @@ session_child_run (int argc, char **argv)
else
{
/* Set POSIX variables */
- pam_putenv (pam_handle, "PATH=/usr/local/bin:/usr/bin:/bin");
+ pam_putenv (pam_handle, "PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:~/bin");
+ pam_putenv (pam_handle, "PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin");
pam_putenv (pam_handle, g_strdup_printf ("USER=%s", username));
pam_putenv (pam_handle, g_strdup_printf ("LOGNAME=%s", username));
pam_putenv (pam_handle, g_strdup_printf ("HOME=%s", user_get_home_directory (user)));
@@ -708,7 +684,6 @@ session_child_run (int argc, char **argv)
@@ -636,7 +615,29 @@ session_child_run (int argc, char **argv)
/* Make this process its own session */
if (setsid () < 0)
_exit (errno);
-
+#if HAVE_SETUSERCONTEXT
+ /* Setup user context
+ * Reset the current environment to what is in the PAM context,
+ * then setusercontext will add to it as necessary as there is no
+ * option for setusercontext to add to a PAM context.
+ */
+ extern char **environ;
+ environ = pam_getenvlist (pam_handle);
+ struct passwd* pwd = getpwnam (username);
+ if (pwd) {
+ if (setusercontext (NULL, pwd, pwd->pw_uid, LOGIN_SETALL) < 0) {
+ int _errno = errno;
+ fprintf(stderr, "setusercontext for \"%s\" (%d) failed: %s\n",
+ username, user_get_uid (user), strerror (errno));
+ _exit (_errno);
+ }
+ endpwent();
+ } else {
+ fprintf (stderr, "getpwname for \"%s\" failed: %s\n",
+ username, strerror (errno));
+ _exit (ENOENT);
+ }
+#else
/* Change to this user */
if (getuid () == 0)
{
@@ -646,6 +647,7 @@ session_child_run (int argc, char **argv)
if (setuid (uid) != 0)
_exit (errno);
}
+#endif

/* Change working directory */
/* NOTE: This must be done after the permissions are changed because NFS filesystems can
@@ -668,7 +670,13 @@ session_child_run (int argc, char **argv)
signal (SIGPIPE, SIG_DFL);
/* Run the command */
- execve (command_argv[0], command_argv, pam_getenvlist (pam_handle));
+ execve (command_argv[0], command_argv,
+#if HAVE_SETUSERCONTEXT
+ environ
+#else
+ pam_getenvlist (pam_handle)
+#endif
+ );
_exit (EXIT_FAILURE);
}

@@ -709,7 +717,6 @@ session_child_run (int argc, char **argv)
if (!pututxline (&ut))
g_printerr ("Failed to write utmpx: %s\n", strerror (errno));
endutxent ();
- updwtmpx ("/var/log/wtmp", &ut);

#if HAVE_LIBAUDIT
audit_event (AUDIT_USER_LOGIN, username, uid, remote_host_name, tty, TRUE);
@@ -749,7 +724,6 @@ session_child_run (int argc, char **argv)
@@ -750,7 +757,6 @@ session_child_run (int argc, char **argv)
if (!pututxline (&ut))
g_printerr ("Failed to write utmpx: %s\n", strerror (errno));
endutxent ();
Expand Down
Loading

0 comments on commit 23a47f2

Please sign in to comment.