x11/lightdm: Fix login.conf issues, import various improvements

- Add patch to use setusercontext(3) to setup user environment, so it respects login.conf among other things [1]
- Use autoreconf, since patch requires regenerating configure script to check for setusercontext(3) [2]
- Explicitly disable libaudit support, not supported in FreeBSD [3]
- Add QT5 options, disabled by default, to control linking against qt5 [4]
- Import patch adding option to enable alternative location for .xsession-errors file [5]
- Correctly define runtime dependencies
- Forcibly disable installation of apparmor files
- Install PAM configuration files as samples, so in the future they are not overwritten if customized
- Pet portclippy/portfmt
- Regenerate patches

Upstreaming:

[1] ubuntu/lightdm#334

[5] ubuntu/lightdm#335

Many thanks to all people involved!

PR:		266532 [1] [2],
		273720 [1],
		275885 [3] [4] [5]
Tested by:	Ivan Rozhuk <rozhuk.im@gmail.com>,
		Daniel Tameling <tamelingdaniel@gmail.com> (provided setusercontext patch),
		Anton Saietskii <vsasjason@gmail.com>

Author: madpilot78

x11/lightdm/Makefile

@@ -1,6 +1,6 @@
 PORTNAME=	lightdm
 PORTVERSION=	1.32.0
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	x11
 MASTER_SITES=	https://github.com/canonical/${PORTNAME}/releases/download/${DISTVERSIONPREFIX}${DISTVERSION}/
 
@@ -9,58 +9,77 @@ COMMENT=	Lightweight Display Manager
 WWW=		https://github.com/canonical/lightdm
 
 # library/bindings are LGPLv2 or LGPLv3, the rest GPLv3+
-LICENSE=	LGPL20 LGPL3 GPLv3
+LICENSE=	GPLv3 LGPL20 LGPL3
 LICENSE_COMB=	multi
+LICENSE_FILE_GPLv3=	${WRKSRC}/COPYING.GPL3
 LICENSE_FILE_LGPL20=	${WRKSRC}/COPYING.LGPL2
 LICENSE_FILE_LGPL3=	${WRKSRC}/COPYING.LGPL3
-LICENSE_FILE_GPLv3=	${WRKSRC}/COPYING.GPL3
 
 BUILD_DEPENDS=	itstool:textproc/itstool
-LIB_DEPENDS=	libaccountsservice.so:sysutils/accountsservice \
-		libck-connector.so:sysutils/consolekit2 \
-		libgcrypt.so:security/libgcrypt \
+LIB_DEPENDS=	libgcrypt.so:security/libgcrypt \
 		libxklavier.so:x11/libxklavier
+RUN_DEPENDS=	accountsservice>=0:sysutils/accountsservice \
+		ck-launch-session:sysutils/consolekit2
 
-USES=		compiler:c++11-lang cpe gettext gmake gnome libtool localbase \
-		pathfix pkgconfig tar:xz xorg
+USES=		autoreconf compiler:c++11-lang cpe gettext gmake gnome \
+		libtool localbase pathfix pkgconfig tar:xz xorg
 CPE_VENDOR=	${PORTNAME}_project
 USE_CXXSTD=	c++11
 USE_GNOME=	glib20 intltool
-USE_XORG=	x11 xcb xdmcp
 USE_LDCONFIG=	yes
 USE_RC_SUBR=	lightdm
+USE_XORG=	x11 xcb xdmcp
 
+GNU_CONFIGURE=		yes
+# tests causes PAM errors
+CONFIGURE_ARGS=		--disable-libaudit \
+			--disable-tests
+INSTALL_TARGET=		install-strip
+LIBS=			-lutil
 CONFLICTS_INSTALL=	sddm
+PORTSCOUT=		limitw:1,even
+SUB_FILES=		Xsession
+USERS=			lightdm
+GROUPS=			lightdm video
 
-GNU_CONFIGURE=	yes
-CONFIGURE_ARGS=	--disable-tests # PAM errors
-INSTALL_TARGET=	install-strip
-USERS=		lightdm
-GROUPS=		lightdm video
-PORTSCOUT=	limitw:1,even
-SUB_FILES=	Xsession
+OPTIONS_DEFINE=		DOCS QT5 VAPI
+OPTIONS_DEFAULT=	VAPI
+OPTIONS_SUB=		yes
 
-OPTIONS_DEFINE=	DOCS VAPI
-OPTIONS_DEFAULT=VAPI
-OPTIONS_SUB=	yes
+DOCS_BUILD_DEPENDS=	${LOCALBASE}/share/aclocal/yelp.m4:textproc/yelp-tools \
+			gtkdoc-check:textproc/gtk-doc
+DOCS_CONFIGURE_ON=	--enable-gtk-doc
 
-DOCS_BUILD_DEPENDS=	gtkdoc-check:textproc/gtk-doc
-DOCS_CONFIGURE_ENABLE=	gtk-doc
+QT5_USES=		qt:5
+QT5_USE=		QT=buildtools,core,dbus,gui
+QT5_CONFIGURE_ENABLE=	liblightdm-qt5
 
 VAPI_USES=		vala:build
+VAPI_USE=		GNOME=introspection:build
 VAPI_CONFIGURE_ENABLE=	vala
-VAPI_USE=		gnome=introspection:build
 
 post-patch:
 	@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' \
 		${WRKSRC}/data/lightdm.conf
 
+post-patch-DOCS-off:
+	@${REINPLACE_CMD} -e '/^GTK_DOC_CHECK/d' \
+		-e '/^YELP_HELP_INIT/d' \
+		-e '/^doc\/Makefile/d' \
+		-e '/^help\/Makefile/d' \
+		${WRKSRC}/configure.ac
+	@${REINPLACE_CMD} -e '/^SUBDIRS/s/ doc help//' \
+		${WRKSRC}/Makefile.am
+
 post-install:
 	${RM} -r ${STAGEDIR}${PREFIX}/etc/init
-	${INSTALL_SCRIPT} ${WRKDIR}/Xsession ${STAGEDIR}${PREFIX}/etc/lightdm/
-	${MV} ${STAGEDIR}${PREFIX}/etc/lightdm/keys.conf ${STAGEDIR}${PREFIX}/etc/lightdm/keys.conf.sample
-	${MV} ${STAGEDIR}${PREFIX}/etc/lightdm/lightdm.conf ${STAGEDIR}${PREFIX}/etc/lightdm/lightdm.conf.sample
-	${MV} ${STAGEDIR}${PREFIX}/etc/lightdm/users.conf ${STAGEDIR}${PREFIX}/etc/lightdm/users.conf.sample
+	${INSTALL_SCRIPT} ${WRKDIR}/Xsession ${STAGEDIR}${ETCDIR}
+	${MV} ${STAGEDIR}${ETCDIR}/keys.conf ${STAGEDIR}${ETCDIR}/keys.conf.sample
+	${MV} ${STAGEDIR}${ETCDIR}/lightdm.conf ${STAGEDIR}${ETCDIR}/lightdm.conf.sample
+	${MV} ${STAGEDIR}${ETCDIR}/users.conf ${STAGEDIR}${ETCDIR}/users.conf.sample
+	${MV} ${STAGEDIR}${PREFIX}/etc/pam.d/lightdm ${STAGEDIR}${PREFIX}/etc/pam.d/lightdm.sample
+	${MV} ${STAGEDIR}${PREFIX}/etc/pam.d/lightdm-autologin ${STAGEDIR}${PREFIX}/etc/pam.d/lightdm-autologin.sample
+	${MV} ${STAGEDIR}${PREFIX}/etc/pam.d/lightdm-greeter ${STAGEDIR}${PREFIX}/etc/pam.d/lightdm-greeter.sample
 	${MKDIR} ${STAGEDIR}/var/cache/lightdm \
 		${STAGEDIR}/var/log/lightdm \
 		${STAGEDIR}/var/run/lightdm

x11/lightdm/files/patch-common_configuration.c

@@ -0,0 +1,10 @@
+--- common/configuration.c.orig	2021-02-15 22:00:52 UTC
++++ common/configuration.c
+@@ -346,6 +346,7 @@ config_init (Configuration *config)
+     g_hash_table_insert (config->priv->lightdm_keys, "greeters-directory", GINT_TO_POINTER (KEY_SUPPORTED));
+     g_hash_table_insert (config->priv->lightdm_keys, "backup-logs", GINT_TO_POINTER (KEY_SUPPORTED));
+     g_hash_table_insert (config->priv->lightdm_keys, "dbus-service", GINT_TO_POINTER (KEY_SUPPORTED));
++    g_hash_table_insert (config->priv->lightdm_keys, "smart-xsession-errors", GINT_TO_POINTER (KEY_SUPPORTED));
+     g_hash_table_insert (config->priv->lightdm_keys, "logind-load-seats", GINT_TO_POINTER (KEY_DEPRECATED));
+ 
+     g_hash_table_insert (config->priv->seat_keys, "type", GINT_TO_POINTER (KEY_SUPPORTED));

x11/lightdm/files/patch-configure.ac

@@ -0,0 +1,11 @@
+--- configure.ac.orig	2022-07-18 03:42:33 UTC
++++ configure.ac
+@@ -48,7 +48,7 @@ AC_CHECK_HEADERS(gcrypt.h, [], AC_MSG_ERROR(libgcrypt 
+ 
+ AC_CHECK_HEADERS(gcrypt.h, [], AC_MSG_ERROR(libgcrypt not found))
+ 
+-AC_CHECK_FUNCS(setresgid setresuid clearenv __getgroups_chk)
++AC_CHECK_FUNCS(setresgid setresuid setusercontext clearenv __getgroups_chk)
+ 
+ PKG_CHECK_MODULES(LIGHTDM, [
+     glib-2.0 >= 2.44

x11/lightdm/files/patch-data_Makefile.am

@@ -0,0 +1,29 @@
+--- data/Makefile.am.orig	2022-05-01 23:00:26 UTC
++++ data/Makefile.am
+@@ -15,18 +15,6 @@ dist_completions_DATA = bash-completion/dm-tool bash-c
+ completionsdir = $(datadir)/bash-completion/completions
+ dist_completions_DATA = bash-completion/dm-tool bash-completion/lightdm
+ 
+-lightdm-guest-session: $(srcdir)/apparmor/lightdm-guest-session.in
+-	sed -e 's|@libexecdir[@]|$(libexecdir)|g' $< >$@
+-
+-apparmor_profiledir = $(sysconfdir)/apparmor.d
+-apparmor_profile_DATA = \
+-    lightdm-guest-session
+-
+-apparmor_profile_abstractionsdir = $(apparmor_profiledir)/abstractions
+-dist_apparmor_profile_abstractions_DATA = \
+-    apparmor/abstractions/lightdm \
+-    apparmor/abstractions/lightdm_chromium-browser
+-
+ accountsservice_interface = org.freedesktop.DisplayManager.AccountsService.xml
+ 
+ dbusdir = $(datadir)/dbus-1/interfaces
+@@ -46,5 +34,5 @@ dist_man1_MANS = dm-tool.1 \
+ dist_man1_MANS = dm-tool.1 \
+                  lightdm.1
+ 
+-EXTRA_DIST = apparmor/lightdm-guest-session.in $(polkit_in_files)
+-CLEANFILES = lightdm-guest-session $(polkit_DATA)
++EXTRA_DIST = $(polkit_in_files)
++CLEANFILES = $(polkit_DATA)

x11/lightdm/files/patch-data_lightdm.conf

@@ -1,6 +1,13 @@
---- data/lightdm.conf.orig	2018-09-05 01:33:31 UTC
+--- data/lightdm.conf.orig	2022-07-04 03:28:22 UTC
 +++ data/lightdm.conf
-@@ -22,8 +22,8 @@
+@@ -17,13 +17,15 @@
+ # greeters-directory = Directory to find greeters
+ # backup-logs = True to move add a .old suffix to old log files when opening new ones
+ # dbus-service = True if LightDM provides a D-Bus service to control it
++# smart-xsession-errors = True to force .xsesion.errors file to be positioned according to XDG standards
++#                              Default False, put it in ~/.xsession-errors
+ #
+ [LightDM]
  #start-default-seat=true
  #greeter-user=lightdm
  #minimum-display-number=0
@@ -10,8 +17,16 @@
 +lock-memory=false
  #user-authority-in-system-dir=false
  #guest-account-script=guest-account
- #logind-check-graphical=false
-@@ -108,7 +108,7 @@
+ #logind-check-graphical=true
+@@ -35,6 +37,7 @@
+ #greeters-directory=$XDG_DATA_DIRS/lightdm/greeters:$XDG_DATA_DIRS/xgreeters
+ #backup-logs=true
+ #dbus-service=true
++#smart-xsession-errors=false
+ 
+ #
+ # Seat configuration
+@@ -108,7 +111,7 @@
  #allow-user-switching=true
  #allow-guest=true
  #guest-session=

x11/lightdm/files/patch-data_users.conf

@@ -1,4 +1,4 @@
---- data/users.conf.orig	2015-08-09 23:30:00 UTC
+--- data/users.conf.orig	2019-08-04 22:29:55 UTC
 +++ data/users.conf
 @@ -9,6 +9,6 @@
  # hidden-shells = Shells that indicate a user cannot login
@@ -7,4 +7,4 @@
 -minimum-uid=500
 +minimum-uid=1001
  hidden-users=nobody nobody4 noaccess
- hidden-shells=/bin/false /usr/sbin/nologin
+ hidden-shells=/bin/false /usr/sbin/nologin /sbin/nologin

x11/lightdm/files/patch-liblightdm-gobject_language.c

@@ -1,8 +1,8 @@
 https://bugs.launchpad.net/lightdm/+bug/790186
 
---- liblightdm-gobject/language.c.orig	2018-08-29 22:30:07 UTC
+--- liblightdm-gobject/language.c.orig	2021-02-15 22:06:28 UTC
 +++ liblightdm-gobject/language.c
-@@ -57,6 +57,12 @@ G_DEFINE_TYPE_WITH_PRIVATE (LightDMLanguage, lightdm_l
+@@ -55,6 +55,12 @@ static GList *languages = NULL;
  static gboolean have_languages = FALSE;
  static GList *languages = NULL;
 
@@ -15,7 +15,7 @@
  static void
  update_languages (void)
  {
-@@ -83,7 +89,7 @@ update_languages (void)
+@@ -81,7 +87,7 @@ update_languages (void)
                  continue;
 
              /* Ignore the non-interesting languages */
@@ -24,7 +24,7 @@
                  continue;
 
              LightDMLanguage *language = g_object_new (LIGHTDM_TYPE_LANGUAGE, "code", code, NULL);
-@@ -94,12 +100,6 @@ update_languages (void)
+@@ -92,12 +98,6 @@ update_languages (void)
      have_languages = TRUE;
  }
 
@@ -37,7 +37,7 @@
  /* Get a valid locale name that can be passed to setlocale(), so we always can use nl_langinfo() to get language and country names. */
  static gchar *
  get_locale_name (const gchar *code)
-@@ -131,7 +131,7 @@ get_locale_name (const gchar *code)
+@@ -129,7 +129,7 @@ get_locale_name (const gchar *code)
      for (gint i = 0; avail_locales[i]; i++)
      {
          const gchar *loc = avail_locales[i];

x11/lightdm/files/patch-src_lightdm.c

@@ -1,6 +1,15 @@
 --- src/lightdm.c.orig	2022-07-10 21:17:23 UTC
 +++ src/lightdm.c
-@@ -813,7 +813,7 @@ main (int argc, char **argv)
+@@ -758,6 +758,8 @@ main (int argc, char **argv)
+         config_set_boolean (config_get_instance (), "LightDM", "backup-logs", TRUE);
+     if (!config_has_key (config_get_instance (), "LightDM", "dbus-service"))
+         config_set_boolean (config_get_instance (), "LightDM", "dbus-service", TRUE);
++    if (!config_has_key (config_get_instance (), "LightDM", "smart-xsession-errors"))
++        config_set_boolean (config_get_instance (), "LightDM", "smart-xsession-errors", FALSE);
+     if (!config_has_key (config_get_instance (), "Seat:*", "type"))
+         config_set_string (config_get_instance (), "Seat:*", "type", "local");
+     if (!config_has_key (config_get_instance (), "Seat:*", "pam-service"))
+@@ -813,7 +815,7 @@ main (int argc, char **argv)
      if (!config_has_key (config_get_instance (), "XDMCPServer", "hostname"))
          config_set_string (config_get_instance (), "XDMCPServer", "hostname", g_get_host_name ());
      if (!config_has_key (config_get_instance (), "LightDM", "logind-check-graphical"))

x11/lightdm/files/patch-src_session-child.c

@@ -1,14 +1,19 @@
---- src/session-child.c.orig	2018-02-06 23:31:03 UTC
+--- src/session-child.c.orig	2021-04-12 04:52:50 UTC
 +++ src/session-child.c
-@@ -13,7 +13,6 @@
+@@ -13,9 +13,11 @@
  #include <grp.h>
  #include <glib.h>
  #include <security/pam_appl.h>
 -#include <utmp.h>
  #include <utmpx.h>
  #include <sys/mman.h>
++#if HAVE_SETUSERCONTEXT
++#include <login_cap.h>
++#endif
 
-@@ -192,28 +191,6 @@ read_xauth (void)
+ #if HAVE_LIBAUDIT
+ #include <libaudit.h>
+@@ -193,28 +195,6 @@ read_xauth (void)
      return x_authority_new (x_authority_family, x_authority_address, x_authority_address_length, x_authority_number, x_authority_name, x_authority_data, x_authority_data_length);
  }
 
@@ -37,32 +42,86 @@
  #if HAVE_LIBAUDIT
  static void
  audit_event (int type, const gchar *username, uid_t uid, const gchar *remote_host_name, const gchar *tty, gboolean success)
-@@ -363,7 +340,6 @@ session_child_run (int argc, char **argv)
+@@ -364,7 +344,6 @@ session_child_run (int argc, char **argv)
              ut.ut_tv.tv_sec = tv.tv_sec;
              ut.ut_tv.tv_usec = tv.tv_usec;
 
 -            updwtmpx ("/var/log/btmp", &ut);
 
  #if HAVE_LIBAUDIT
              audit_event (AUDIT_USER_LOGIN, username, -1, remote_host_name, tty, FALSE);
-@@ -393,7 +369,7 @@ session_child_run (int argc, char **argv)
+@@ -394,7 +373,7 @@ session_child_run (int argc, char **argv)
          else
          {
              /* Set POSIX variables */
 -            pam_putenv (pam_handle, "PATH=/usr/local/bin:/usr/bin:/bin");
-+            pam_putenv (pam_handle, "PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:~/bin");
++            pam_putenv (pam_handle, "PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin");
              pam_putenv (pam_handle, g_strdup_printf ("USER=%s", username));
              pam_putenv (pam_handle, g_strdup_printf ("LOGNAME=%s", username));
              pam_putenv (pam_handle, g_strdup_printf ("HOME=%s", user_get_home_directory (user)));
-@@ -708,7 +684,6 @@ session_child_run (int argc, char **argv)
+@@ -636,7 +615,29 @@ session_child_run (int argc, char **argv)
+         /* Make this process its own session */
+         if (setsid () < 0)
+             _exit (errno);
+-
++#if HAVE_SETUSERCONTEXT
++        /* Setup user context
++        * Reset the current environment to what is in the PAM context,
++        * then setusercontext will add to it as necessary as there is no
++        * option for setusercontext to add to a PAM context.
++        */
++        extern char **environ;
++        environ = pam_getenvlist (pam_handle);
++        struct passwd* pwd = getpwnam (username);
++        if (pwd) {
++            if (setusercontext (NULL, pwd, pwd->pw_uid, LOGIN_SETALL) < 0) {
++                int _errno = errno;
++                fprintf(stderr, "setusercontext for \"%s\" (%d) failed: %s\n",
++                    username, user_get_uid (user), strerror (errno));
++                _exit (_errno);
++            }
++            endpwent();
++        } else {
++            fprintf (stderr, "getpwname for \"%s\" failed: %s\n",
++                username, strerror (errno));
++            _exit (ENOENT);
++        }
++#else
+         /* Change to this user */
+         if (getuid () == 0)
+         {
+@@ -646,6 +647,7 @@ session_child_run (int argc, char **argv)
+             if (setuid (uid) != 0)
+                 _exit (errno);
+         }
++#endif
+ 
+         /* Change working directory */
+         /* NOTE: This must be done after the permissions are changed because NFS filesystems can
+@@ -668,7 +670,13 @@ session_child_run (int argc, char **argv)
+         signal (SIGPIPE, SIG_DFL);
+ 
+         /* Run the command */
+-        execve (command_argv[0], command_argv, pam_getenvlist (pam_handle));
++        execve (command_argv[0], command_argv,
++#if HAVE_SETUSERCONTEXT
++            environ
++#else
++            pam_getenvlist (pam_handle)
++#endif
++        );
+         _exit (EXIT_FAILURE);
+     }
+ 
+@@ -709,7 +717,6 @@ session_child_run (int argc, char **argv)
              if (!pututxline (&ut))
                  g_printerr ("Failed to write utmpx: %s\n", strerror (errno));
              endutxent ();
 -            updwtmpx ("/var/log/wtmp", &ut);
 
  #if HAVE_LIBAUDIT
              audit_event (AUDIT_USER_LOGIN, username, uid, remote_host_name, tty, TRUE);
-@@ -749,7 +724,6 @@ session_child_run (int argc, char **argv)
+@@ -750,7 +757,6 @@ session_child_run (int argc, char **argv)
              if (!pututxline (&ut))
                  g_printerr ("Failed to write utmpx: %s\n", strerror (errno));
              endutxent ();