diff --git a/50-backup-logs.conf b/50-backup-logs.conf new file mode 100644 index 0000000000000000000000000000000000000000..41b3a225a581f828b99117344deea77318c1282c --- /dev/null +++ b/50-backup-logs.conf @@ -0,0 +1,3 @@ +[LightDM] +## Disable log backup - if you choose to use logrotate instead +#backup-logs=false diff --git a/50-disable-guest.conf b/50-disable-guest.conf new file mode 100644 index 0000000000000000000000000000000000000000..4e01ff72f329afe491958ea3dd538dca4fe0b90e --- /dev/null +++ b/50-disable-guest.conf @@ -0,0 +1,5 @@ +# Disable guest sessions due to them not being confined in systemd +# CVE-2017-8900 +# https://bugs.launchpad.net/bugs/1663157 +[Seat:*] +allow-guest=false diff --git a/50-minimum-vt.conf b/50-minimum-vt.conf new file mode 100644 index 0000000000000000000000000000000000000000..3898370c1198d697549cb6d041f0f1f9e2298ee1 --- /dev/null +++ b/50-minimum-vt.conf @@ -0,0 +1,2 @@ +[LightDM] +minimum-vt=1 diff --git a/50-remove-wayland-session.conf b/50-remove-wayland-session.conf new file mode 100644 index 0000000000000000000000000000000000000000..90ad03f95291defcf887736998156f2532ab055c --- /dev/null +++ b/50-remove-wayland-session.conf @@ -0,0 +1,2 @@ +[LightDM] +sessions-directory=/usr/share/xsessions diff --git a/50-run-directory.conf b/50-run-directory.conf new file mode 100644 index 0000000000000000000000000000000000000000..52420c4f67ac143af16527824b9ab4ac479f920e --- /dev/null +++ b/50-run-directory.conf @@ -0,0 +1,2 @@ +[LightDM] +run-directory=/run/lightdm diff --git a/50-session-wrapper.conf b/50-session-wrapper.conf new file mode 100644 index 0000000000000000000000000000000000000000..36a66ef31e706554e217dc95774bce04ffff88bf --- /dev/null +++ b/50-session-wrapper.conf @@ -0,0 +1,2 @@ +[Seat:*] +session-wrapper=/etc/X11/xinit/Xsession diff --git a/50-user-authority-in-system-dir.conf b/50-user-authority-in-system-dir.conf new file mode 100644 index 0000000000000000000000000000000000000000..9ed89a11ae206de86ff4fad746d05514ccd72bbb --- /dev/null +++ b/50-user-authority-in-system-dir.conf @@ -0,0 +1,2 @@ +[LightDM] +user-authority-in-system-dir=true diff --git a/50-xserver-command.conf b/50-xserver-command.conf new file mode 100644 index 0000000000000000000000000000000000000000..ee0a1c83e2c3f0767979c833c53d6e37f971db2a --- /dev/null +++ b/50-xserver-command.conf @@ -0,0 +1,2 @@ +[Seat:*] +xserver-command=X -core -noreset diff --git a/lightdm-1.25.1-disable_dmrc.patch b/lightdm-1.25.1-disable_dmrc.patch new file mode 100644 index 0000000000000000000000000000000000000000..5be7ede4bce16cc40fc01bbab587d73c6753071b --- /dev/null +++ b/lightdm-1.25.1-disable_dmrc.patch @@ -0,0 +1,76 @@ +From 15722c7b2cb41dbe612d6b4c51c3dba11f5fe4c4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= +Date: Thu, 18 Jan 2018 17:40:50 +0100 +Subject: [PATCH 1/2] configure: Add option to disable writing dmrc files + +--- + configure.ac | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 711db441..3a20c84f 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -170,8 +170,18 @@ AC_MSG_CHECKING(whether to build tests) + AC_ARG_ENABLE(tests, + AS_HELP_STRING([--disable-tests], [Disable tests building]), + [], [enable_tests="yes"]) ++AC_MSG_RESULT([$enable_tests]) + AM_CONDITIONAL(COMPILE_TESTS, test x"$enable_tests" != "xno") + ++AC_MSG_CHECKING(whether to enable writing dmrc files) ++AC_ARG_ENABLE(dmrc, ++ AS_HELP_STRING([--disable-dmrc], [Disable writing .dmrc in user home]), ++ [], [enable_dmrc="yes"]) ++AC_MSG_RESULT([$enable_dmrc]) ++if test x"$enable_dmrc" != "xno"; then ++ AC_DEFINE([WRITE_DMRC], [1], [Enable writing .dmrc in user home]) ++fi ++ + dnl ########################################################################### + dnl Configurable values + dnl ########################################################################### +@@ -264,4 +274,5 @@ echo " + liblightdm-qt5: $compile_liblightdm_qt5 + libaudit support: $use_libaudit + Enable tests: $enable_tests ++ Write .dmrc files: $enable_dmrc + " + +From 1072c1b0fe917358c4bdb9ee8bb23fd3c19e349c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= +Date: Thu, 18 Jan 2018 17:41:30 +0100 +Subject: [PATCH 2/2] dmrc: Implement new configuration option + +--- + common/dmrc.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/common/dmrc.c b/common/dmrc.c +index 9b92a52b..795ec2aa 100644 +--- a/common/dmrc.c ++++ b/common/dmrc.c +@@ -13,6 +13,7 @@ + #include + #include + ++#include "config.h" + #include "dmrc.h" + #include "configuration.h" + #include "privileges.h" +@@ -54,6 +55,7 @@ dmrc_save (GKeyFile *dmrc_file, CommonUser *user) + gsize length; + g_autofree gchar *data = g_key_file_to_data (dmrc_file, &length, NULL); + ++#ifdef WRITE_DMRC + /* Update the users .dmrc */ + g_autofree gchar *path = g_build_filename (common_user_get_home_directory (user), ".dmrc", NULL); + +@@ -65,6 +67,7 @@ dmrc_save (GKeyFile *dmrc_file, CommonUser *user) + g_file_set_contents (path, data, length, NULL); + if (drop_privileges) + privileges_reclaim (); ++#endif + + /* Update the .dmrc cache */ + g_autofree gchar *cache_dir = config_get_string (config_get_instance (), "LightDM", "cache-directory"); diff --git a/lightdm-1.30.0.tar.gz b/lightdm-1.30.0.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..4253eb2a43b584165eae4197a593be47abbc11fb Binary files /dev/null and b/lightdm-1.30.0.tar.gz differ diff --git a/lightdm-autologin.pam b/lightdm-autologin.pam new file mode 100644 index 0000000000000000000000000000000000000000..010f6bb607aaf032e73ad0bedfa1a7c3ba87c54a --- /dev/null +++ b/lightdm-autologin.pam @@ -0,0 +1,18 @@ +#%PAM-1.0 +auth [success=done ignore=ignore default=bad] pam_selinux_permit.so +auth required pam_env.so +auth required pam_permit.so +auth include postlogin +account required pam_nologin.so +account include system-auth +password include system-auth +session required pam_selinux.so close +session required pam_loginuid.so +session required pam_limits.so +session optional pam_console.so +-session optional pam_ck_connector.so +session required pam_selinux.so open +session optional pam_keyinit.so force revoke +session required pam_namespace.so +session include system-auth +session include postlogin diff --git a/lightdm-tmpfiles.conf b/lightdm-tmpfiles.conf new file mode 100644 index 0000000000000000000000000000000000000000..ed0cc5229ea7a753e002602858dcc0b3a04b4e67 --- /dev/null +++ b/lightdm-tmpfiles.conf @@ -0,0 +1 @@ +d /run/lightdm 0775 lightdm lightdm diff --git a/lightdm.logrotate b/lightdm.logrotate new file mode 100644 index 0000000000000000000000000000000000000000..b33d2aa28f4edbed7c32d84630504e8d4b02e255 --- /dev/null +++ b/lightdm.logrotate @@ -0,0 +1,8 @@ +#/var/log/lightdm/*.log { +# copytruncate +# create 0660 lightdm lightdm +# maxsize 10M +# missingok +# notifempty +# weekly +#} diff --git a/lightdm.pam b/lightdm.pam new file mode 100644 index 0000000000000000000000000000000000000000..02edf67694b02319ea03bac82548c9b830ffcdf3 --- /dev/null +++ b/lightdm.pam @@ -0,0 +1,24 @@ +#%PAM-1.0 +auth [success=done ignore=ignore default=bad] pam_selinux_permit.so +auth required pam_env.so +auth substack system-auth +-auth optional pam_gnome_keyring.so +-auth optional pam_kwallet5.so +-auth optional pam_kwallet.so +auth include postlogin +account required pam_nologin.so +account include system-auth +password include system-auth +session required pam_selinux.so close +session required pam_loginuid.so +session optional pam_console.so +-session optional pam_ck_connector.so +session required pam_selinux.so open +session optional pam_keyinit.so force revoke +session required pam_namespace.so +session include system-auth +-session optional pam_gnome_keyring.so auto_start +-session optional pam_kwallet5.so +-session optional pam_kwallet.so +session optional pam_lastlog.so silent +session include postlogin diff --git a/lightdm.rules b/lightdm.rules new file mode 100644 index 0000000000000000000000000000000000000000..eda155bf304ea06048126da12c24ad543f3f0c07 --- /dev/null +++ b/lightdm.rules @@ -0,0 +1,15 @@ +polkit.addRule(function(action, subject) { + if (subject.user == "lightdm") { + polkit.log("action=" + action); + polkit.log("subject=" + subject); + if (action.id.indexOf("org.freedesktop.login1.") == 0) { + return polkit.Result.YES; + } + if (action.id.indexOf("org.freedesktop.consolekit.system.") == 0) { + return polkit.Result.YES; + } + if (action.id.indexOf("org.freedesktop.upower.") == 0) { + return polkit.Result.YES; + } + } +}); diff --git a/lightdm.service b/lightdm.service new file mode 100644 index 0000000000000000000000000000000000000000..506b2ffd33ee07c755ee18856abc3e0c1922ce88 --- /dev/null +++ b/lightdm.service @@ -0,0 +1,39 @@ +[Unit] +Description=Light Display Manager +Documentation=man:lightdm(1) + +# Replaces getty. +Conflicts=getty@tty1.service +After=getty@tty1.service + +# Replaces plymouth-quit since it quits plymouth on its own. +Conflicts=plymouth-quit.service +After=plymouth-quit.service + +# We need all the dependencies of the services we are replacing. +# Pulled from getty@.service and plymouth-quit.service (except +# for plymouth-quit-wait.service since it waits until plymouth +# is quit, which we do). +After=rc-local.service plymouth-start.service systemd-user-sessions.service livesys-late.service + +# We need DBus to be present. +Requires=dbus.service + +# We need the DBus socket and user slice to be present. +Wants=dbus.socket user.slice +After=dbus.socket user.slice + +# LighDM takes responsibility for stopping plymouth, so if it fails +# for any reason, make sure plymouth still stops. +OnFailure=plymouth-quit.service + +[Service] +Type=dbus +ExecStart=/usr/sbin/lightdm +Restart=always +IgnoreSIGPIPE=no +BusName=org.freedesktop.DisplayManager +LimitMEMLOCK=16777216 + +[Install] +Alias=display-manager.service diff --git a/lightdm.spec b/lightdm.spec new file mode 100644 index 0000000000000000000000000000000000000000..7e22fab0a9b1ce2e90353910a5cd0b40e87c138a --- /dev/null +++ b/lightdm.spec @@ -0,0 +1,311 @@ +# FIXME: most tests currently fail +%bcond_with tests + +%global glib2_version %(pkg-config --modversion glib-2.0 2>/dev/null || echo "2.44") +%global giturl https://github.com/CanonicalLtd/lightdm + +Name: lightdm +Summary: A cross-desktop Display Manager +Version: 1.30.0 +Release: 6%{?dist} + +# library/bindings are LGPLv2 or LGPLv3, the rest GPLv3+ +License: (LGPLv2 or LGPLv3) and GPLv3+ +URL: https://www.freedesktop.org/wiki/Software/LightDM/ +Source0: %{giturl}/archive/%{version}/lightdm-%{version}.tar.gz + +Source10: lightdm.pam +Source11: lightdm-autologin.pam +Source12: lightdm-tmpfiles.conf +Source13: lightdm.service +Source14: lightdm.logrotate +Source15: lightdm.rules + + +# .conf snippets +Source20: 50-backup-logs.conf +Source21: 50-minimum-vt.conf +Source22: 50-session-wrapper.conf +Source23: 50-user-authority-in-system-dir.conf +Source24: 50-xserver-command.conf +Source25: 50-disable-guest.conf +Source26: 50-remove-wayland-session.conf +Source27: 50-run-directory.conf + +# Upstreamed: +Patch0: %{giturl}/pull/5.patch#/lightdm-1.25.1-disable_dmrc.patch + +# Upstream commits + +BuildRequires: gettext +BuildRequires: gnome-common +BuildRequires: gtk-doc itstool +BuildRequires: intltool +BuildRequires: libgcrypt-devel +BuildRequires: pam-devel +BuildRequires: pkgconfig(audit) +BuildRequires: pkgconfig(dbus-glib-1) +BuildRequires: pkgconfig(gio-2.0) >= 2.26 +BuildRequires: pkgconfig(gio-unix-2.0) +BuildRequires: pkgconfig(glib-2.0) +BuildRequires: pkgconfig(gmodule-export-2.0) +BuildRequires: pkgconfig(gobject-2.0) +BuildRequires: pkgconfig(gobject-introspection-1.0) >= 0.9.5 +BuildRequires: pkgconfig(libxklavier) +%{?_with_qt4:BuildRequires: pkgconfig(QtCore) pkgconfig(QtDBus) pkgconfig(QtGui) pkgconfig(QtNetwork)} +BuildRequires: pkgconfig(Qt5Core) pkgconfig(Qt5DBus) pkgconfig(Qt5Gui) +BuildRequires: pkgconfig(x11) +BuildRequires: pkgconfig(xcb) +BuildRequires: pkgconfig(xdmcp) +BuildRequires: systemd +BuildRequires: vala + +Requires: %{name}-gobject%{?_isa} = %{version}-%{release} +Requires: accountsservice +Requires: dbus-x11 +%if 0%{?fedora} || 0%{?rhel} >= 7 +Requires: polkit-js-engine +%endif +Requires: systemd +Requires: xorg-x11-xinit + +#Requires: (lightdm-greeter = 1.2 if xorg-x11-server-Xorg) + +%{?systemd_requires} + +Requires(pre): shadow-utils +Requires(post): psmisc + +# needed for anaconda to boot into runlevel 5 after install +Provides: service(graphical-login) = lightdm + +%description +Lightdm is a display manager that: +* Is cross-desktop - supports different desktops +* Supports different display technologies +* Is lightweight - low memory usage and fast performance + + +%package gobject +Summary: LightDM GObject client library +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: glib2%{?_isa} >= %{glib2_version} +%description gobject +This package contains a GObject based library for LightDM clients to use to +interface with LightDM. + + +%package gobject-devel +Summary: Development files for %{name}-gobject +Requires: %{name}-gobject%{?_isa} = %{version}-%{release} +%description gobject-devel +%{summary}. + +%if 0%{?_with_qt4} +%package qt +Summary: LightDM Qt4 client library +Requires: %{name}%{?_isa} = %{version}-%{release} +%{?_qt4_version:Requires: qt4%{?_isa} >= %{_qt4_version}} +%description qt +This package contains a Qt4-based library for LightDM clients to use to interface +with LightDM. + +%package qt-devel +Summary: Development files for %{name}-qt +Requires: %{name}-qt%{?_isa} = %{version}-%{release} +%description qt-devel +%{summary}. +%endif + +%package qt5 +Summary: LightDM Qt5 client library +Requires: %{name}%{?_isa} = %{version}-%{release} +%description qt5 +This package contains a Qt5-based library for LightDM clients to use to interface +with LightDM. + + +%package qt5-devel +Summary: Development files for %{name}-qt5 +Requires: %{name}-qt5%{?_isa} = %{version}-%{release} +%description qt5-devel +%{summary}. + + +%prep +%autosetup -p 1 + + +%build +# Make libtoolize happy. +%{__cat} %{_datadir}/aclocal/intltool.m4 > aclocal.m4 +# Bootstrap +NOCONFIGURE=1 ./autogen.sh + +%configure \ + --disable-dmrc \ + --disable-silent-rules \ + --disable-static \ + --enable-gtk-doc \ + --enable-libaudit \ + %{?_with_qt4:--enable-liblightdm-qt} \ + --enable-liblightdm-qt5 \ + --enable-introspection \ +%if %{with tests} + --enable-tests \ +%else + --disable-tests \ +%endif + --enable-vala \ + --with-greeter-user=lightdm \ + --with-greeter-session=lightdm-greeter + +%make_build + + +%install +%make_install + +# We need to own these +%{__mkdir_p} %{buildroot}%{_sysconfdir}/lightdm/lightdm.conf.d/ \ + %{buildroot}%{_datadir}/dbus-1/interfaces \ + %{buildroot}%{_datadir}/dbus-1/system.d \ + %{buildroot}%{_datadir}/lightdm/lightdm.conf.d/ \ + %{buildroot}%{_datadir}/lightdm/remote-sessions/ \ + %{buildroot}%{_datadir}/xgreeters/ \ + %{buildroot}%{_localstatedir}/cache/lightdm/ \ + %{buildroot}%{_rundir}/lightdm/ \ + %{buildroot}%{_localstatedir}/log/lightdm/ \ + %{buildroot}%{_localstatedir}/lib/lightdm/ \ + %{buildroot}%{_localstatedir}/lib/lightdm-data/ + +# libtool cruft +rm -fv %{buildroot}%{_libdir}/lib*.la + +# We don't ship AppAmor +%{__rm} -rfv %{buildroot}%{_sysconfdir}/apparmor.d/ + +# omit upstart support +%{__rm} -rfv %{buildroot}%{_sysconfdir}/init + +# install pam file +%{__install} -Dpm 0644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/lightdm +%{__install} -Dpm 0644 %{SOURCE11} %{buildroot}%{_sysconfdir}/pam.d/lightdm-autologin +%{__install} -Dpm 0644 %{SOURCE12} %{buildroot}%{_prefix}/lib/tmpfiles.d/lightdm.conf +%{__install} -Dpm 0644 %{SOURCE13} %{buildroot}%{_unitdir}/lightdm.service +%{__install} -Dpm 0644 %{SOURCE14} %{buildroot}%{_sysconfdir}/logrotate.d/lightdm +%{__install} -Dpm 0644 %{SOURCE15} %{buildroot}%{_datadir}/polkit-1/rules.d/lightdm.rules +%{__install} -pm 0644 %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE23} \ + %{SOURCE24} %{SOURCE25} %{SOURCE26} %{SOURCE27} %{buildroot}%{_datadir}/lightdm/lightdm.conf.d/ + +# Move DBus config to proper location. +# why is this needed? -- rex +%{__mv} -f %{buildroot}%{_sysconfdir}/dbus-1/system.d/*.conf \ + %{buildroot}%{_datadir}/dbus-1/system.d + +%find_lang lightdm --with-gnome + + +%if %{with tests} +%check +%make_build check ||: +%endif + + +%pre +%{_bindir}/getent group lightdm >/dev/null || %{_sbindir}/groupadd -r lightdm +%{_bindir}/getent passwd lightdm >/dev/null || %{_sbindir}/useradd -g lightdm \ + -M -d /var/lib/lightdm -s /sbin/nologin -r lightdm +exit 0 + +%post +# todo: document need/purpose for this snippet +if [ $1 = 1 ] ; then + %{_bindir}/killall -HUP dbus-daemon 2>&1 > /dev/null +fi +%{?systemd_post:%systemd_post lightdm.service} + +%preun +%{?systemd_preun:%systemd_preun lightdm.service} + +%postun +%{?systemd_postun} + +%files -f lightdm.lang +%license COPYING.GPL3 +%doc NEWS +%dir %{_sysconfdir}/lightdm/ +%dir %{_sysconfdir}/lightdm/lightdm.conf.d +%config(noreplace) %{_sysconfdir}/pam.d/lightdm* +%config(noreplace) %{_sysconfdir}/lightdm/keys.conf +%config(noreplace) %{_sysconfdir}/lightdm/lightdm.conf +%config(noreplace) %{_sysconfdir}/lightdm/users.conf +%dir %{_sysconfdir}/logrotate.d/ +%{_sysconfdir}/logrotate.d/lightdm +%dir %attr(-,lightdm,lightdm) %{_localstatedir}/cache/lightdm/ +%dir %attr(-,lightdm,lightdm) %{_localstatedir}/lib/lightdm/ +%dir %attr(-,lightdm,lightdm) %{_localstatedir}/lib/lightdm-data/ +%dir %attr(-,lightdm,lightdm) %{_localstatedir}/log/lightdm/ +%dir %{_datadir}/bash-completion/ +%dir %{_datadir}/bash-completion/completions/ +%dir %{_datadir}/xgreeters/ +%ghost %dir %{_rundir}/lightdm +%{_bindir}/dm-tool +%{_sbindir}/lightdm +%{_libexecdir}/lightdm-guest-session +%{_datadir}/lightdm/ +%{_libdir}/girepository-1.0/LightDM-1.typelib +%{_mandir}/man1/dm-tool.1* +%{_mandir}/man1/lightdm* +%{_unitdir}/lightdm.service +%{_datadir}/accountsservice +%{_datadir}/dbus-1/interfaces/*.xml +%{_datadir}/dbus-1/system.d/*.conf +%{_datadir}/polkit-1/rules.d/lightdm.rules +%{_datadir}/polkit-1/actions/org.freedesktop.DisplayManager.AccountsService.policy +%{_datadir}/bash-completion/completions/dm-tool +%{_datadir}/bash-completion/completions/lightdm +%{_prefix}/lib/tmpfiles.d/lightdm.conf + +%ldconfig_scriptlets gobject + +%files gobject +%license COPYING.LGPL2 COPYING.LGPL3 +%{_libdir}/liblightdm-gobject-1.so.0* + +%files gobject-devel +%doc %{_datadir}/gtk-doc/html/lightdm-gobject-1/ +%{_includedir}/lightdm-gobject-1/ +%{_libdir}/liblightdm-gobject-1.so +%{_libdir}/pkgconfig/liblightdm-gobject-1.pc +%{_datadir}/gir-1.0/LightDM-1.gir +%{_datadir}/vala/vapi/liblightdm-gobject-1.* + +%if 0%{?_with_qt4} +%ldconfig_scriptlets qt + +%files qt +%license COPYING.LGPL2 COPYING.LGPL3 +%{_libdir}/liblightdm-qt-3.so.0* + +%files qt-devel +%{_includedir}/lightdm-qt-3/ +%{_libdir}/liblightdm-qt-3.so +%{_libdir}/pkgconfig/liblightdm-qt-3.pc +%endif + +%ldconfig_scriptlets qt5 + +%files qt5 +%license COPYING.LGPL2 COPYING.LGPL3 +%{_libdir}/liblightdm-qt5-3.so.0* + +%files qt5-devel +%{_includedir}/lightdm-qt5-3/ +%{_libdir}/liblightdm-qt5-3.so +%{_libdir}/pkgconfig/liblightdm-qt5-3.pc + + +%changelog +* Fri Jun 19 2020 dou33 - 1.30.0-6 +- Initial package