Skip to content

Commit 23a47f2

Browse files
committed
x11/lightdm: Fix login.conf issues, import various improvements
- Add patch to use setusercontext(3) to setup user environment, so it respects login.conf among other things [1] - Use autoreconf, since patch requires regenerating configure script to check for setusercontext(3) [2] - Explicitly disable libaudit support, not supported in FreeBSD [3] - Add QT5 options, disabled by default, to control linking against qt5 [4] - Import patch adding option to enable alternative location for .xsession-errors file [5] - Correctly define runtime dependencies - Forcibly disable installation of apparmor files - Install PAM configuration files as samples, so in the future they are not overwritten if customized - Pet portclippy/portfmt - Regenerate patches Upstreaming: [1] ubuntu/lightdm#334 [5] ubuntu/lightdm#335 Many thanks to all people involved! PR: 266532 [1] [2], 273720 [1], 275885 [3] [4] [5] Tested by: Ivan Rozhuk <rozhuk.im@gmail.com>, Daniel Tameling <tamelingdaniel@gmail.com> (provided setusercontext patch), Anton Saietskii <vsasjason@gmail.com>
1 parent 9558eb4 commit 23a47f2

11 files changed

+235
-49
lines changed

x11/lightdm/Makefile

Lines changed: 45 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
PORTNAME= lightdm
22
PORTVERSION= 1.32.0
3-
PORTREVISION= 1
3+
PORTREVISION= 2
44
CATEGORIES= x11
55
MASTER_SITES= https://github.com/canonical/${PORTNAME}/releases/download/${DISTVERSIONPREFIX}${DISTVERSION}/
66

@@ -9,58 +9,77 @@ COMMENT= Lightweight Display Manager
99
WWW= https://github.com/canonical/lightdm
1010

1111
# library/bindings are LGPLv2 or LGPLv3, the rest GPLv3+
12-
LICENSE= LGPL20 LGPL3 GPLv3
12+
LICENSE= GPLv3 LGPL20 LGPL3
1313
LICENSE_COMB= multi
14+
LICENSE_FILE_GPLv3= ${WRKSRC}/COPYING.GPL3
1415
LICENSE_FILE_LGPL20= ${WRKSRC}/COPYING.LGPL2
1516
LICENSE_FILE_LGPL3= ${WRKSRC}/COPYING.LGPL3
16-
LICENSE_FILE_GPLv3= ${WRKSRC}/COPYING.GPL3
1717

1818
BUILD_DEPENDS= itstool:textproc/itstool
19-
LIB_DEPENDS= libaccountsservice.so:sysutils/accountsservice \
20-
libck-connector.so:sysutils/consolekit2 \
21-
libgcrypt.so:security/libgcrypt \
19+
LIB_DEPENDS= libgcrypt.so:security/libgcrypt \
2220
libxklavier.so:x11/libxklavier
21+
RUN_DEPENDS= accountsservice>=0:sysutils/accountsservice \
22+
ck-launch-session:sysutils/consolekit2
2323

24-
USES= compiler:c++11-lang cpe gettext gmake gnome libtool localbase \
25-
pathfix pkgconfig tar:xz xorg
24+
USES= autoreconf compiler:c++11-lang cpe gettext gmake gnome \
25+
libtool localbase pathfix pkgconfig tar:xz xorg
2626
CPE_VENDOR= ${PORTNAME}_project
2727
USE_CXXSTD= c++11
2828
USE_GNOME= glib20 intltool
29-
USE_XORG= x11 xcb xdmcp
3029
USE_LDCONFIG= yes
3130
USE_RC_SUBR= lightdm
31+
USE_XORG= x11 xcb xdmcp
3232

33+
GNU_CONFIGURE= yes
34+
# tests causes PAM errors
35+
CONFIGURE_ARGS= --disable-libaudit \
36+
--disable-tests
37+
INSTALL_TARGET= install-strip
38+
LIBS= -lutil
3339
CONFLICTS_INSTALL= sddm
40+
PORTSCOUT= limitw:1,even
41+
SUB_FILES= Xsession
42+
USERS= lightdm
43+
GROUPS= lightdm video
3444

35-
GNU_CONFIGURE= yes
36-
CONFIGURE_ARGS= --disable-tests # PAM errors
37-
INSTALL_TARGET= install-strip
38-
USERS= lightdm
39-
GROUPS= lightdm video
40-
PORTSCOUT= limitw:1,even
41-
SUB_FILES= Xsession
45+
OPTIONS_DEFINE= DOCS QT5 VAPI
46+
OPTIONS_DEFAULT= VAPI
47+
OPTIONS_SUB= yes
4248

43-
OPTIONS_DEFINE= DOCS VAPI
44-
OPTIONS_DEFAULT=VAPI
45-
OPTIONS_SUB= yes
49+
DOCS_BUILD_DEPENDS= ${LOCALBASE}/share/aclocal/yelp.m4:textproc/yelp-tools \
50+
gtkdoc-check:textproc/gtk-doc
51+
DOCS_CONFIGURE_ON= --enable-gtk-doc
4652

47-
DOCS_BUILD_DEPENDS= gtkdoc-check:textproc/gtk-doc
48-
DOCS_CONFIGURE_ENABLE= gtk-doc
53+
QT5_USES= qt:5
54+
QT5_USE= QT=buildtools,core,dbus,gui
55+
QT5_CONFIGURE_ENABLE= liblightdm-qt5
4956

5057
VAPI_USES= vala:build
58+
VAPI_USE= GNOME=introspection:build
5159
VAPI_CONFIGURE_ENABLE= vala
52-
VAPI_USE= gnome=introspection:build
5360

5461
post-patch:
5562
@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' \
5663
${WRKSRC}/data/lightdm.conf
5764

65+
post-patch-DOCS-off:
66+
@${REINPLACE_CMD} -e '/^GTK_DOC_CHECK/d' \
67+
-e '/^YELP_HELP_INIT/d' \
68+
-e '/^doc\/Makefile/d' \
69+
-e '/^help\/Makefile/d' \
70+
${WRKSRC}/configure.ac
71+
@${REINPLACE_CMD} -e '/^SUBDIRS/s/ doc help//' \
72+
${WRKSRC}/Makefile.am
73+
5874
post-install:
5975
${RM} -r ${STAGEDIR}${PREFIX}/etc/init
60-
${INSTALL_SCRIPT} ${WRKDIR}/Xsession ${STAGEDIR}${PREFIX}/etc/lightdm/
61-
${MV} ${STAGEDIR}${PREFIX}/etc/lightdm/keys.conf ${STAGEDIR}${PREFIX}/etc/lightdm/keys.conf.sample
62-
${MV} ${STAGEDIR}${PREFIX}/etc/lightdm/lightdm.conf ${STAGEDIR}${PREFIX}/etc/lightdm/lightdm.conf.sample
63-
${MV} ${STAGEDIR}${PREFIX}/etc/lightdm/users.conf ${STAGEDIR}${PREFIX}/etc/lightdm/users.conf.sample
76+
${INSTALL_SCRIPT} ${WRKDIR}/Xsession ${STAGEDIR}${ETCDIR}
77+
${MV} ${STAGEDIR}${ETCDIR}/keys.conf ${STAGEDIR}${ETCDIR}/keys.conf.sample
78+
${MV} ${STAGEDIR}${ETCDIR}/lightdm.conf ${STAGEDIR}${ETCDIR}/lightdm.conf.sample
79+
${MV} ${STAGEDIR}${ETCDIR}/users.conf ${STAGEDIR}${ETCDIR}/users.conf.sample
80+
${MV} ${STAGEDIR}${PREFIX}/etc/pam.d/lightdm ${STAGEDIR}${PREFIX}/etc/pam.d/lightdm.sample
81+
${MV} ${STAGEDIR}${PREFIX}/etc/pam.d/lightdm-autologin ${STAGEDIR}${PREFIX}/etc/pam.d/lightdm-autologin.sample
82+
${MV} ${STAGEDIR}${PREFIX}/etc/pam.d/lightdm-greeter ${STAGEDIR}${PREFIX}/etc/pam.d/lightdm-greeter.sample
6483
${MKDIR} ${STAGEDIR}/var/cache/lightdm \
6584
${STAGEDIR}/var/log/lightdm \
6685
${STAGEDIR}/var/run/lightdm
Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
--- common/configuration.c.orig 2021-02-15 22:00:52 UTC
2+
+++ common/configuration.c
3+
@@ -346,6 +346,7 @@ config_init (Configuration *config)
4+
g_hash_table_insert (config->priv->lightdm_keys, "greeters-directory", GINT_TO_POINTER (KEY_SUPPORTED));
5+
g_hash_table_insert (config->priv->lightdm_keys, "backup-logs", GINT_TO_POINTER (KEY_SUPPORTED));
6+
g_hash_table_insert (config->priv->lightdm_keys, "dbus-service", GINT_TO_POINTER (KEY_SUPPORTED));
7+
+ g_hash_table_insert (config->priv->lightdm_keys, "smart-xsession-errors", GINT_TO_POINTER (KEY_SUPPORTED));
8+
g_hash_table_insert (config->priv->lightdm_keys, "logind-load-seats", GINT_TO_POINTER (KEY_DEPRECATED));
9+
10+
g_hash_table_insert (config->priv->seat_keys, "type", GINT_TO_POINTER (KEY_SUPPORTED));
Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
--- configure.ac.orig 2022-07-18 03:42:33 UTC
2+
+++ configure.ac
3+
@@ -48,7 +48,7 @@ AC_CHECK_HEADERS(gcrypt.h, [], AC_MSG_ERROR(libgcrypt
4+
5+
AC_CHECK_HEADERS(gcrypt.h, [], AC_MSG_ERROR(libgcrypt not found))
6+
7+
-AC_CHECK_FUNCS(setresgid setresuid clearenv __getgroups_chk)
8+
+AC_CHECK_FUNCS(setresgid setresuid setusercontext clearenv __getgroups_chk)
9+
10+
PKG_CHECK_MODULES(LIGHTDM, [
11+
glib-2.0 >= 2.44
Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
--- data/Makefile.am.orig 2022-05-01 23:00:26 UTC
2+
+++ data/Makefile.am
3+
@@ -15,18 +15,6 @@ dist_completions_DATA = bash-completion/dm-tool bash-c
4+
completionsdir = $(datadir)/bash-completion/completions
5+
dist_completions_DATA = bash-completion/dm-tool bash-completion/lightdm
6+
7+
-lightdm-guest-session: $(srcdir)/apparmor/lightdm-guest-session.in
8+
- sed -e 's|@libexecdir[@]|$(libexecdir)|g' $< >$@
9+
-
10+
-apparmor_profiledir = $(sysconfdir)/apparmor.d
11+
-apparmor_profile_DATA = \
12+
- lightdm-guest-session
13+
-
14+
-apparmor_profile_abstractionsdir = $(apparmor_profiledir)/abstractions
15+
-dist_apparmor_profile_abstractions_DATA = \
16+
- apparmor/abstractions/lightdm \
17+
- apparmor/abstractions/lightdm_chromium-browser
18+
-
19+
accountsservice_interface = org.freedesktop.DisplayManager.AccountsService.xml
20+
21+
dbusdir = $(datadir)/dbus-1/interfaces
22+
@@ -46,5 +34,5 @@ dist_man1_MANS = dm-tool.1 \
23+
dist_man1_MANS = dm-tool.1 \
24+
lightdm.1
25+
26+
-EXTRA_DIST = apparmor/lightdm-guest-session.in $(polkit_in_files)
27+
-CLEANFILES = lightdm-guest-session $(polkit_DATA)
28+
+EXTRA_DIST = $(polkit_in_files)
29+
+CLEANFILES = $(polkit_DATA)

x11/lightdm/files/patch-data_lightdm.conf

Lines changed: 19 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,13 @@
1-
--- data/lightdm.conf.orig 2018-09-05 01:33:31 UTC
1+
--- data/lightdm.conf.orig 2022-07-04 03:28:22 UTC
22
+++ data/lightdm.conf
3-
@@ -22,8 +22,8 @@
3+
@@ -17,13 +17,15 @@
4+
# greeters-directory = Directory to find greeters
5+
# backup-logs = True to move add a .old suffix to old log files when opening new ones
6+
# dbus-service = True if LightDM provides a D-Bus service to control it
7+
+# smart-xsession-errors = True to force .xsesion.errors file to be positioned according to XDG standards
8+
+# Default False, put it in ~/.xsession-errors
9+
#
10+
[LightDM]
411
#start-default-seat=true
512
#greeter-user=lightdm
613
#minimum-display-number=0
@@ -10,8 +17,16 @@
1017
+lock-memory=false
1118
#user-authority-in-system-dir=false
1219
#guest-account-script=guest-account
13-
#logind-check-graphical=false
14-
@@ -108,7 +108,7 @@
20+
#logind-check-graphical=true
21+
@@ -35,6 +37,7 @@
22+
#greeters-directory=$XDG_DATA_DIRS/lightdm/greeters:$XDG_DATA_DIRS/xgreeters
23+
#backup-logs=true
24+
#dbus-service=true
25+
+#smart-xsession-errors=false
26+
27+
#
28+
# Seat configuration
29+
@@ -108,7 +111,7 @@
1530
#allow-user-switching=true
1631
#allow-guest=true
1732
#guest-session=
Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
--- data/users.conf.orig 2015-08-09 23:30:00 UTC
1+
--- data/users.conf.orig 2019-08-04 22:29:55 UTC
22
+++ data/users.conf
33
@@ -9,6 +9,6 @@
44
# hidden-shells = Shells that indicate a user cannot login
@@ -7,4 +7,4 @@
77
-minimum-uid=500
88
+minimum-uid=1001
99
hidden-users=nobody nobody4 noaccess
10-
hidden-shells=/bin/false /usr/sbin/nologin
10+
hidden-shells=/bin/false /usr/sbin/nologin /sbin/nologin

x11/lightdm/files/patch-liblightdm-gobject_language.c

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
https://bugs.launchpad.net/lightdm/+bug/790186
22

3-
--- liblightdm-gobject/language.c.orig 2018-08-29 22:30:07 UTC
3+
--- liblightdm-gobject/language.c.orig 2021-02-15 22:06:28 UTC
44
+++ liblightdm-gobject/language.c
5-
@@ -57,6 +57,12 @@ G_DEFINE_TYPE_WITH_PRIVATE (LightDMLanguage, lightdm_l
5+
@@ -55,6 +55,12 @@ static GList *languages = NULL;
66
static gboolean have_languages = FALSE;
77
static GList *languages = NULL;
88

@@ -15,7 +15,7 @@
1515
static void
1616
update_languages (void)
1717
{
18-
@@ -83,7 +89,7 @@ update_languages (void)
18+
@@ -81,7 +87,7 @@ update_languages (void)
1919
continue;
2020

2121
/* Ignore the non-interesting languages */
@@ -24,7 +24,7 @@
2424
continue;
2525

2626
LightDMLanguage *language = g_object_new (LIGHTDM_TYPE_LANGUAGE, "code", code, NULL);
27-
@@ -94,12 +100,6 @@ update_languages (void)
27+
@@ -92,12 +98,6 @@ update_languages (void)
2828
have_languages = TRUE;
2929
}
3030

@@ -37,7 +37,7 @@
3737
/* Get a valid locale name that can be passed to setlocale(), so we always can use nl_langinfo() to get language and country names. */
3838
static gchar *
3939
get_locale_name (const gchar *code)
40-
@@ -131,7 +131,7 @@ get_locale_name (const gchar *code)
40+
@@ -129,7 +129,7 @@ get_locale_name (const gchar *code)
4141
for (gint i = 0; avail_locales[i]; i++)
4242
{
4343
const gchar *loc = avail_locales[i];

x11/lightdm/files/patch-src_lightdm.c

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,15 @@
11
--- src/lightdm.c.orig 2022-07-10 21:17:23 UTC
22
+++ src/lightdm.c
3-
@@ -813,7 +813,7 @@ main (int argc, char **argv)
3+
@@ -758,6 +758,8 @@ main (int argc, char **argv)
4+
config_set_boolean (config_get_instance (), "LightDM", "backup-logs", TRUE);
5+
if (!config_has_key (config_get_instance (), "LightDM", "dbus-service"))
6+
config_set_boolean (config_get_instance (), "LightDM", "dbus-service", TRUE);
7+
+ if (!config_has_key (config_get_instance (), "LightDM", "smart-xsession-errors"))
8+
+ config_set_boolean (config_get_instance (), "LightDM", "smart-xsession-errors", FALSE);
9+
if (!config_has_key (config_get_instance (), "Seat:*", "type"))
10+
config_set_string (config_get_instance (), "Seat:*", "type", "local");
11+
if (!config_has_key (config_get_instance (), "Seat:*", "pam-service"))
12+
@@ -813,7 +815,7 @@ main (int argc, char **argv)
413
if (!config_has_key (config_get_instance (), "XDMCPServer", "hostname"))
514
config_set_string (config_get_instance (), "XDMCPServer", "hostname", g_get_host_name ());
615
if (!config_has_key (config_get_instance (), "LightDM", "logind-check-graphical"))

x11/lightdm/files/patch-src_session-child.c

Lines changed: 67 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,19 @@
1-
--- src/session-child.c.orig 2018-02-06 23:31:03 UTC
1+
--- src/session-child.c.orig 2021-04-12 04:52:50 UTC
22
+++ src/session-child.c
3-
@@ -13,7 +13,6 @@
3+
@@ -13,9 +13,11 @@
44
#include <grp.h>
55
#include <glib.h>
66
#include <security/pam_appl.h>
77
-#include <utmp.h>
88
#include <utmpx.h>
99
#include <sys/mman.h>
10+
+#if HAVE_SETUSERCONTEXT
11+
+#include <login_cap.h>
12+
+#endif
1013

11-
@@ -192,28 +191,6 @@ read_xauth (void)
14+
#if HAVE_LIBAUDIT
15+
#include <libaudit.h>
16+
@@ -193,28 +195,6 @@ read_xauth (void)
1217
return x_authority_new (x_authority_family, x_authority_address, x_authority_address_length, x_authority_number, x_authority_name, x_authority_data, x_authority_data_length);
1318
}
1419

@@ -37,32 +42,86 @@
3742
#if HAVE_LIBAUDIT
3843
static void
3944
audit_event (int type, const gchar *username, uid_t uid, const gchar *remote_host_name, const gchar *tty, gboolean success)
40-
@@ -363,7 +340,6 @@ session_child_run (int argc, char **argv)
45+
@@ -364,7 +344,6 @@ session_child_run (int argc, char **argv)
4146
ut.ut_tv.tv_sec = tv.tv_sec;
4247
ut.ut_tv.tv_usec = tv.tv_usec;
4348

4449
- updwtmpx ("/var/log/btmp", &ut);
4550

4651
#if HAVE_LIBAUDIT
4752
audit_event (AUDIT_USER_LOGIN, username, -1, remote_host_name, tty, FALSE);
48-
@@ -393,7 +369,7 @@ session_child_run (int argc, char **argv)
53+
@@ -394,7 +373,7 @@ session_child_run (int argc, char **argv)
4954
else
5055
{
5156
/* Set POSIX variables */
5257
- pam_putenv (pam_handle, "PATH=/usr/local/bin:/usr/bin:/bin");
53-
+ pam_putenv (pam_handle, "PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:~/bin");
58+
+ pam_putenv (pam_handle, "PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin");
5459
pam_putenv (pam_handle, g_strdup_printf ("USER=%s", username));
5560
pam_putenv (pam_handle, g_strdup_printf ("LOGNAME=%s", username));
5661
pam_putenv (pam_handle, g_strdup_printf ("HOME=%s", user_get_home_directory (user)));
57-
@@ -708,7 +684,6 @@ session_child_run (int argc, char **argv)
62+
@@ -636,7 +615,29 @@ session_child_run (int argc, char **argv)
63+
/* Make this process its own session */
64+
if (setsid () < 0)
65+
_exit (errno);
66+
-
67+
+#if HAVE_SETUSERCONTEXT
68+
+ /* Setup user context
69+
+ * Reset the current environment to what is in the PAM context,
70+
+ * then setusercontext will add to it as necessary as there is no
71+
+ * option for setusercontext to add to a PAM context.
72+
+ */
73+
+ extern char **environ;
74+
+ environ = pam_getenvlist (pam_handle);
75+
+ struct passwd* pwd = getpwnam (username);
76+
+ if (pwd) {
77+
+ if (setusercontext (NULL, pwd, pwd->pw_uid, LOGIN_SETALL) < 0) {
78+
+ int _errno = errno;
79+
+ fprintf(stderr, "setusercontext for \"%s\" (%d) failed: %s\n",
80+
+ username, user_get_uid (user), strerror (errno));
81+
+ _exit (_errno);
82+
+ }
83+
+ endpwent();
84+
+ } else {
85+
+ fprintf (stderr, "getpwname for \"%s\" failed: %s\n",
86+
+ username, strerror (errno));
87+
+ _exit (ENOENT);
88+
+ }
89+
+#else
90+
/* Change to this user */
91+
if (getuid () == 0)
92+
{
93+
@@ -646,6 +647,7 @@ session_child_run (int argc, char **argv)
94+
if (setuid (uid) != 0)
95+
_exit (errno);
96+
}
97+
+#endif
98+
99+
/* Change working directory */
100+
/* NOTE: This must be done after the permissions are changed because NFS filesystems can
101+
@@ -668,7 +670,13 @@ session_child_run (int argc, char **argv)
102+
signal (SIGPIPE, SIG_DFL);
103+
104+
/* Run the command */
105+
- execve (command_argv[0], command_argv, pam_getenvlist (pam_handle));
106+
+ execve (command_argv[0], command_argv,
107+
+#if HAVE_SETUSERCONTEXT
108+
+ environ
109+
+#else
110+
+ pam_getenvlist (pam_handle)
111+
+#endif
112+
+ );
113+
_exit (EXIT_FAILURE);
114+
}
115+
116+
@@ -709,7 +717,6 @@ session_child_run (int argc, char **argv)
58117
if (!pututxline (&ut))
59118
g_printerr ("Failed to write utmpx: %s\n", strerror (errno));
60119
endutxent ();
61120
- updwtmpx ("/var/log/wtmp", &ut);
62121

63122
#if HAVE_LIBAUDIT
64123
audit_event (AUDIT_USER_LOGIN, username, uid, remote_host_name, tty, TRUE);
65-
@@ -749,7 +724,6 @@ session_child_run (int argc, char **argv)
124+
@@ -750,7 +757,6 @@ session_child_run (int argc, char **argv)
66125
if (!pututxline (&ut))
67126
g_printerr ("Failed to write utmpx: %s\n", strerror (errno));
68127
endutxent ();

0 commit comments

Comments
 (0)