41.0+r25+geb6d39a2-1

f3e09438 · Jan Alexander Steffens (heftig) · 582b5f75 · 582b5f75 · f3e09438
Commit f3e09438 authored 3 years ago by Jan Alexander Steffens (heftig)
--- a/0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch
+++ b/0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: "Jan Alexander Steffens (heftig)" <heftig@archlinux.org>
-Date: Tue, 31 Aug 2021 21:51:46 +0000
-Subject: [PATCH] pam-arch: Drop pam_faillock counting from fingerprint and
- smartcard
-
-As mentioned in an [fprintd issue comment][1], we need to make sure that
-the stack's error status is taken from the main auth module, i.e.
-pam_fprintd, otherwise GDM will not behave correctly.
-
-Still use pam_faillock preauth so that we test whether the account is
-locked, but don't use authfail/authsucc to log a failure/success so this
-stack doesn't participate in triggering the lock.
-
-Ideally we would check which return values we actually want to treat as
-a reason to lock the account (e.g. fingerprint mismatch) and which are
-neutral (e.g. no fingerprints enrolled), but that's much more effort.
-
-Should fix [FS#71750][2].
-
-[1]: https://gitlab.freedesktop.org/libfprint/fprintd/-/issues/112#note_1016191
-[2]: https://bugs.archlinux.org/task/71750
---
- data/pam-arch/gdm-fingerprint.pam | 10 ++--------
- data/pam-arch/gdm-smartcard.pam   | 10 ++--------
- 2 files changed, 4 insertions(+), 16 deletions(-)
-
-diff --git a/data/pam-arch/gdm-fingerprint.pam b/data/pam-arch/gdm-fingerprint.pam
-index cc660d9a90ba..2aaf9f6c88a0 100644
--- a/data/pam-arch/gdm-fingerprint.pam
-+++ b/data/pam-arch/gdm-fingerprint.pam
-@@ -2,16 +2,10 @@
- 
- auth       required                    pam_shells.so
- auth       requisite                   pam_nologin.so
-auth       required                    pam_faillock.so      preauth
-# Optionally use requisite above if you do not want to prompt for the fingerprint
-# on locked accounts.
-auth       [success=1 default=ignore]  pam_fprintd.so
-auth       [default=die]               pam_faillock.so      authfail
-+auth       requisite                   pam_faillock.so      preauth
-+auth       required                    pam_fprintd.so
- auth       optional                    pam_permit.so
- auth       required                    pam_env.so
-auth       required                    pam_faillock.so      authsucc
-# If you drop the above call to pam_faillock.so the lock will be done also
-# on non-consecutive authentication failures.
- auth       [success=ok default=1]      pam_gdm.so
- auth       optional                    pam_gnome_keyring.so
- 
-diff --git a/data/pam-arch/gdm-smartcard.pam b/data/pam-arch/gdm-smartcard.pam
-index e6ec129948a7..6d7333bf4204 100644
--- a/data/pam-arch/gdm-smartcard.pam
-+++ b/data/pam-arch/gdm-smartcard.pam
-@@ -2,16 +2,10 @@
- 
- auth       required                    pam_shells.so
- auth       requisite                   pam_nologin.so
-auth       required                    pam_faillock.so      preauth
-# Optionally use requisite above if you do not want to prompt for the smartcard
-# on locked accounts.
-auth       [success=1 default=ignore]  pam_pkcs11.so        wait_for_card card_only
-auth       [default=die]               pam_faillock.so      authfail
-+auth       requisite                   pam_faillock.so      preauth
-+auth       required                    pam_pkcs11.so        wait_for_card card_only
- auth       optional                    pam_permit.so
- auth       required                    pam_env.so
-auth       required                    pam_faillock.so      authsucc
-# If you drop the above call to pam_faillock.so the lock will be done also
-# on non-consecutive authentication failures.
- auth       [success=ok default=1]      pam_gdm.so
- auth       optional                    pam_gnome_keyring.so
- 
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,7 +3,7 @@

 pkgbase=gdm
 pkgname=(gdm libgdm)
-pkgver=41.0+r15+g23ebe617
+pkgver=41.0+r25+geb6d39a2
 pkgrel=1
 pkgdesc="Display manager and login screen"
 url="https://wiki.gnome.org/Projects/GDM"
@@ -13,14 +13,12 @@ depends=(gnome-shell gnome-session upower xorg-xrdb xorg-server xorg-xhost
         libxdmcp systemd)
 makedepends=(yelp-tools gobject-introspection git docbook-xsl meson)
 checkdepends=(check)
-_commit=23ebe617119506a0614f1bd2c76cd9bcf7e8fb7c  # main
+_commit=eb6d39a2473f4d58431cd599d9e8480c44aaebbc  # main
 source=("git+https://gitlab.gnome.org/GNOME/gdm.git#commit=$_commit"
        0001-Xsession-Don-t-start-ssh-agent-by-default.patch
-        0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch
        default.pa)
 sha256sums=('SKIP'
            '39a7e1189d423dd428ace9baac77ba0442c6706a861d3c3db9eb3a6643e223f8'
-            'e3dcaaa5ffa2dd4d3338c8b5827965ea2ca1efd9a95d7272a107e6121cb7898f'
            'e88410bcec9e2c7a22a319be0b771d1f8d536863a7fc618b6352a09d61327dcb')

 pkgver() {
@@ -31,14 +29,8 @@ pkgver() {
 prepare() {
  cd gdm

-  # https://bugs.archlinux.org/task/67485
-  git cherry-pick -n 8528a503ad70669a5f0c03d0a92ba19326983b82
-
  # Don't start ssh-agent by default
  git apply -3 ../0001-Xsession-Don-t-start-ssh-agent-by-default.patch
-
-  # https://bugs.archlinux.org/task/71750
-  git apply -3 ../0002-pam-arch-Drop-pam_faillock-counting-from-fingerprint.patch
 }

 build() {