Add support for dconf-0.13.x. Use pam_systemd.so if USE=systemd (bug #434798, thanks to Yang Zhao). Make libaudit non-automagic (bug #408063, thanks to Justin Lecher). Use pam_ldap in the greeter if USE=ldap to allow ldap users to be listed (bug #430740, thanks to Plopmaster). Silence errors in 49-keychain and 50-ssh-agent (bug #353068, thanks to Ian Abbott).

(Portage version: 2.2.0_alpha125/cvs/Linux x86_64)

13 files changed, 423 insertions, 1 deletions

diff --git a/gnome-base/gdm/ChangeLog b/gnome-base/gdm/ChangeLog
index a56b22e32f67..71683f2a76cd 100644
--- a/gnome-base/gdm/ChangeLog
+++ b/gnome-base/gdm/ChangeLog
@@ -1,6 +1,20 @@
 # ChangeLog for gnome-base/gdm
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/gnome-base/gdm/ChangeLog,v 1.353 2012/06/07 22:18:53 zmedico Exp $
+# $Header: /var/cvsroot/gentoo-x86/gnome-base/gdm/ChangeLog,v 1.354 2012/09/12 09:22:54 tetromino Exp $
+
+*gdm-3.4.1-r1 (12 Sep 2012)
+
+  12 Sep 2012; Alexandre Rostovtsev <tetromino@gentoo.org> +files/3.4.1/gdm,
+  +files/3.4.1/gdm.service, +files/3.4.1/gdm-autologin,
+  +files/3.4.1/gdm-fingerprint, +files/3.4.1/gdm-password,
+  +files/3.4.1/gdm-welcome, +files/49-keychain-r1, +files/50-ssh-agent-r1,
+  +gdm-3.4.1-r1.ebuild, +files/gdm-3.4.1-dconf-0.13.patch,
+  +files/3.4.1/gdm-smartcard, metadata.xml:
+  Add support for dconf-0.13.x. Use pam_systemd.so if USE=systemd (bug #434798,
+  thanks to Yang Zhao). Make libaudit non-automagic (bug #408063, thanks to
+  Justin Lecher). Use pam_ldap in the greeter if USE=ldap to allow ldap users
+  to be listed (bug #430740, thanks to Plopmaster). Silence errors in
+  49-keychain and 50-ssh-agent (bug #353068, thanks to Ian Abbott).
 
   07 Jun 2012; Zac Medico <zmedico@gentoo.org> gdm-2.20.11-r1.ebuild,
   gdm-2.20.11.ebuild, gdm-2.32.1-r1.ebuild, gdm-2.32.1.ebuild,
diff --git a/gnome-base/gdm/files/3.4.1/gdm b/gnome-base/gdm/files/3.4.1/gdm
new file mode 100644
index 000000000000..bdce065aa2db
--- /dev/null
+++ b/gnome-base/gdm/files/3.4.1/gdm
@@ -0,0 +1,12 @@
+#%PAM-1.0
+auth       optional		pam_env.so
+auth       include		system-login
+auth       required		pam_nologin.so
+
+account    include		system-login
+
+password   include		system-login
+
+session    include		system-auth
+#Systemd=-session   optional		pam_systemd.so
+#Keyring=session    optional		pam_gnome_keyring.so auto_start
diff --git a/gnome-base/gdm/files/3.4.1/gdm-autologin b/gnome-base/gdm/files/3.4.1/gdm-autologin
new file mode 100644
index 000000000000..26e3193baa08
--- /dev/null
+++ b/gnome-base/gdm/files/3.4.1/gdm-autologin
@@ -0,0 +1,11 @@
+#%PAM-1.0
+auth       optional		pam_env.so
+auth       required		pam_nologin.so
+auth       required		pam_permit.so
+account    include		system-login
+password   include		system-login
+session    include		system-auth
+#Systemd=-session   optional		pam_systemd.so
+# For the keyring to unlock with autologin, you need to set an empty
+# password on the keyring.
+#Keyring=session    optional		pam_gnome_keyring.so auto_start
diff --git a/gnome-base/gdm/files/3.4.1/gdm-fingerprint b/gnome-base/gdm/files/3.4.1/gdm-fingerprint
new file mode 100644
index 000000000000..635fdd977a09
--- /dev/null
+++ b/gnome-base/gdm/files/3.4.1/gdm-fingerprint
@@ -0,0 +1,15 @@
+#%PAM-1.0
+# Note: no pam_gnome_keyring.so support since the login password is not used
+auth       optional		pam_env.so
+auth       required             pam_tally2.so onerr=succeed
+auth       required             pam_shells.so
+auth       required		pam_nologin.so
+auth       required             pam_fprintd.so
+auth       optional             pam_permit.so
+
+account    include		system-login
+
+password   required             pam_deny.so
+
+session    include		system-auth
+#Systemd=-session   optional		pam_systemd.so
diff --git a/gnome-base/gdm/files/3.4.1/gdm-password b/gnome-base/gdm/files/3.4.1/gdm-password
new file mode 100644
index 000000000000..bdce065aa2db
--- /dev/null
+++ b/gnome-base/gdm/files/3.4.1/gdm-password
@@ -0,0 +1,12 @@
+#%PAM-1.0
+auth       optional		pam_env.so
+auth       include		system-login
+auth       required		pam_nologin.so
+
+account    include		system-login
+
+password   include		system-login
+
+session    include		system-auth
+#Systemd=-session   optional		pam_systemd.so
+#Keyring=session    optional		pam_gnome_keyring.so auto_start
diff --git a/gnome-base/gdm/files/3.4.1/gdm-smartcard b/gnome-base/gdm/files/3.4.1/gdm-smartcard
new file mode 100644
index 000000000000..64e960e07320
--- /dev/null
+++ b/gnome-base/gdm/files/3.4.1/gdm-smartcard
@@ -0,0 +1,16 @@
+#%PAM-1.0
+auth       optional		pam_env.so
+auth       required             pam_tally2.so onerr=succeed
+auth       required             pam_shells.so
+auth       required		pam_nologin.so
+auth       [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card card_only
+auth       optional             pam_permit.so
+
+account    include		system-login
+
+password   optional             pam_pkcs11.so
+password   required             pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
+password   optional             pam_permit.so
+
+session    include		system-auth
+#Systemd=-session   optional		pam_systemd.so
diff --git a/gnome-base/gdm/files/3.4.1/gdm-welcome b/gnome-base/gdm/files/3.4.1/gdm-welcome
new file mode 100644
index 000000000000..a409a63e428c
--- /dev/null
+++ b/gnome-base/gdm/files/3.4.1/gdm-welcome
@@ -0,0 +1,11 @@
+#%PAM-1.0
+auth       required    pam_env.so
+# Allows greeter to list ldap users; bug #430740
+#LDAP=-auth      sufficient  pam_ldap.so try_first_pass ignore_authinfo_unavail
+auth       required    pam_permit.so
+account    required    pam_nologin.so
+account    include     system-services
+password   include     system-services
+session    required    pam_loginuid.so
+session    optional    pam_keyinit.so force revoke
+session    include     system-services
diff --git a/gnome-base/gdm/files/3.4.1/gdm.service b/gnome-base/gdm/files/3.4.1/gdm.service
new file mode 100644
index 000000000000..63bb08e90219
--- /dev/null
+++ b/gnome-base/gdm/files/3.4.1/gdm.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=GNOME Display Manager
+After=systemd-user-sessions.service
+
+[Service]
+ExecStart=/usr/bin/gdm --nodaemon
+Type=dbus
+BusName=org.gnome.DisplayManager
+
+[Install]
+WantedBy=graphical.target
diff --git a/gnome-base/gdm/files/49-keychain-r1 b/gnome-base/gdm/files/49-keychain-r1
new file mode 100644
index 000000000000..51a1ca87905c
--- /dev/null
+++ b/gnome-base/gdm/files/49-keychain-r1
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+# source keychain variables
+
+keychain="`which keychain 2>/dev/null`"
+if [ -n "$keychain" ] && [ -x "$keychain" ] && [ -f "$HOME/.bash_profile" ]
+then
+	. "${HOME}/.bash_profile"
+fi
diff --git a/gnome-base/gdm/files/50-ssh-agent-r1 b/gnome-base/gdm/files/50-ssh-agent-r1
new file mode 100644
index 000000000000..4d94fb04a14a
--- /dev/null
+++ b/gnome-base/gdm/files/50-ssh-agent-r1
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+# add ssh-agent if found
+
+sshagent="`which ssh-agent 2>/dev/null`"
+if [ -n "$sshagent" ] && [ -x "$sshagent" ] && [ -z "$SSH_AUTH_SOCK" ]; then
+	command="$sshagent -- $command"
+elif [ -z "$sshagent" ] ; then
+	echo "$0: ssh-agent not found!"
+fi
diff --git a/gnome-base/gdm/files/gdm-3.4.1-dconf-0.13.patch b/gnome-base/gdm/files/gdm-3.4.1-dconf-0.13.patch
new file mode 100644
index 000000000000..3915514ef862
--- /dev/null
+++ b/gnome-base/gdm/files/gdm-3.4.1-dconf-0.13.patch
@@ -0,0 +1,24 @@
+From c0ad2d5b85b063bd7cb5dd2153f0755f4ebe3efb Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Thu, 19 Jul 2012 08:23:29 -0400
+Subject: [PATCH] Update the syntax of the dconf profile file
+
+We were using a deprecated syntax which stopped working in
+dconf 0.13.4 - without warning :-(. See
+http://live.gnome.org/dconf/SystemAdministrators
+---
+ data/dconf-profile | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/data/dconf-profile b/data/dconf-profile
+index d5a90e5..68deb5a 100644
+--- a/data/dconf-profile
++++ b/data/dconf-profile
+@@ -1,2 +1,2 @@
+-user
+-gdm
++user-db:user
++systemd-db:gdm
+-- 
+1.7.12
+
diff --git a/gnome-base/gdm/gdm-3.4.1-r1.ebuild b/gnome-base/gdm/gdm-3.4.1-r1.ebuild
new file mode 100644
index 000000000000..75bcf740e776
--- /dev/null
+++ b/gnome-base/gdm/gdm-3.4.1-r1.ebuild
@@ -0,0 +1,276 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/gnome-base/gdm/gdm-3.4.1-r1.ebuild,v 1.1 2012/09/12 09:22:54 tetromino Exp $
+
+EAPI="4"
+GNOME2_LA_PUNT="yes"
+
+inherit autotools eutils gnome2 pam systemd user
+
+DESCRIPTION="GNOME Display Manager"
+HOMEPAGE="http://www.gnome.org/projects/gdm/"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~sh ~x86"
+
+IUSE="accessibility audit +consolekit +fallback fprint +gnome-shell gnome-keyring +introspection ipv6 ldap plymouth selinux smartcard systemd tcpd test xinerama +xklavier"
+
+# NOTE: x11-base/xorg-server dep is for X_SERVER_PATH etc, bug #295686
+# nspr used by smartcard extension
+# dconf, dbus and g-s-d are needed at install time for dconf update
+COMMON_DEPEND="
+	>=dev-libs/dbus-glib-0.74
+	>=dev-libs/glib-2.29.3:2
+	>=x11-libs/gtk+-2.91.1:3
+	>=x11-libs/pango-1.3
+	dev-libs/nspr
+	>=dev-libs/nss-3.11.1
+	>=media-libs/fontconfig-2.5.0
+	>=media-libs/libcanberra-0.4[gtk3]
+	>=x11-misc/xdg-utils-1.0.2-r3
+	>=sys-power/upower-0.9
+	>=sys-apps/accountsservice-0.6.12
+
+	>=gnome-base/dconf-0.11.6
+	>=gnome-base/gnome-settings-daemon-3.1.4
+	gnome-base/gsettings-desktop-schemas
+	sys-apps/dbus
+
+	app-text/iso-codes
+
+	x11-base/xorg-server
+	x11-libs/libXi
+	x11-libs/libXau
+	x11-libs/libX11
+	x11-libs/libXdmcp
+	x11-libs/libXext
+	x11-libs/libXft
+	x11-libs/libXrandr
+	x11-apps/sessreg
+
+	virtual/pam
+	consolekit? ( sys-auth/consolekit )
+
+	accessibility? ( x11-libs/libXevie )
+	audit? ( sys-process/audit )
+	gnome-keyring? ( >=gnome-base/gnome-keyring-2.22[pam] )
+	introspection? ( >=dev-libs/gobject-introspection-0.9.12 )
+	plymouth? ( sys-boot/plymouth )
+	selinux? ( sys-libs/libselinux )
+	systemd? ( >=sys-apps/systemd-39 )
+	tcpd? ( >=sys-apps/tcp-wrappers-7.6 )
+	xinerama? ( x11-libs/libXinerama )
+	xklavier? ( >=x11-libs/libxklavier-4 )"
+DEPEND="${COMMON_DEPEND}
+	test? ( >=dev-libs/check-0.9.4 )
+	xinerama? ( x11-proto/xineramaproto )
+	app-text/docbook-xml-dtd:4.1.2
+	sys-devel/gettext
+	x11-proto/inputproto
+	x11-proto/randrproto
+	>=dev-util/intltool-0.40.0
+	>=app-text/scrollkeeper-0.1.4
+	>=app-text/gnome-doc-utils-0.3.2
+	virtual/pkgconfig"
+# XXX: These deps are from session and desktop files in data/ directory
+# at-spi:1 is needed for at-spi-registryd (spawned by simple-chooser)
+# fprintd is used via dbus by gdm-fingerprint-extension
+RDEPEND="${COMMON_DEPEND}
+	>=gnome-base/gnome-session-2.91.92
+	x11-apps/xhost
+	x11-themes/gnome-icon-theme-symbolic
+
+	accessibility? (
+		app-accessibility/gnome-mag
+		app-accessibility/gok
+		app-accessibility/orca
+		gnome-extra/at-spi:1 )
+	consolekit? ( gnome-extra/polkit-gnome )
+	fallback? ( x11-wm/metacity )
+	fprint? (
+		sys-auth/fprintd
+		sys-auth/pam_fprint )
+	gnome-shell? ( >=gnome-base/gnome-shell-3.1.90 )
+	!gnome-shell? ( x11-wm/metacity )
+	smartcard? (
+		app-crypt/coolkey
+		sys-auth/pam_pkcs11 )
+
+	!gnome-extra/fast-user-switch-applet"
+
+pkg_setup() {
+	DOCS="AUTHORS ChangeLog NEWS README TODO"
+
+	# PAM is the only auth scheme supported
+	# even though configure lists shadow and crypt
+	# they don't have any corresponding code.
+	# --with-at-spi-registryd-directory= needs to be passed explicitly because
+	# of https://bugzilla.gnome.org/show_bug.cgi?id=607643#c4
+	G2CONF="${G2CONF}
+		--disable-static
+		--localstatedir=${EPREFIX}/var
+		--with-xdmcp=yes
+		--enable-authentication-scheme=pam
+		--with-pam-prefix=${EPREFIX}/etc
+		--with-at-spi-registryd-directory=${EPREFIX}/usr/libexec
+		$(use_with accessibility xevie)
+		$(use_with audit libaudit)
+		$(use_enable ipv6)
+		$(use_enable xklavier libxklavier)
+		$(use_with consolekit console-kit)
+		$(use_with plymouth)
+		$(use_with selinux)
+		$(use_with systemd)
+		$(use_with tcpd tcp-wrappers)
+		$(use_with xinerama)"
+
+	enewgroup gdm
+	enewgroup video # Just in case it hasn't been created yet
+	enewuser gdm -1 -1 /var/lib/gdm gdm,video
+
+	# For compatibility with certain versions of nvidia-drivers, etc., need to
+	# ensure that gdm user is in the video group
+	if ! egetent group video | grep -q gdm; then
+		# FIXME XXX: is this at all portable, ldap-safe, etc.?
+		# XXX: egetent does not have a 1-argument form, so we can't use it to
+		# get the list of gdm's groups
+		local g=$(groups gdm)
+		elog "Adding user gdm to video group"
+		usermod -G video,${g// /,} gdm || die "Adding user gdm to video group failed"
+	fi
+}
+
+src_prepare() {
+	# remove unneeded linker directive for selinux, bug #41022
+	epatch "${FILESDIR}/${PN}-2.32.0-selinux-remove-attr.patch"
+
+	# daemonize so that the boot process can continue, bug #236701
+	epatch "${FILESDIR}/${PN}-2.32.0-fix-daemonize-regression.patch"
+
+	# GDM grabs VT2 instead of VT7, bug 261339, bug 284053, bug 288852
+	epatch "${FILESDIR}/${PN}-2.32.0-fix-vt-problems.patch"
+
+	# make custom session work, bug #216984
+	epatch "${FILESDIR}/${PN}-3.2.1.1-custom-session.patch"
+
+	# ssh-agent handling must be done at xinitrc.d, bug #220603
+	epatch "${FILESDIR}/${PN}-2.32.0-xinitrc-ssh-agent.patch"
+
+	# fix libxklavier automagic support
+	epatch "${FILESDIR}/${PN}-2.32.0-automagic-libxklavier-support.patch"
+
+	# plymouth support (in next release)
+	epatch "${FILESDIR}/${P}-save-root-window.patch"
+	epatch "${FILESDIR}/${P}-plymouth.patch"
+
+	# dconf-0.13.x compatibility (next release)
+	epatch "${FILESDIR}/${P}-dconf-0.13.patch"
+
+	# don't load accessibility support at runtime when USE=-accessibility
+	use accessibility || epatch "${FILESDIR}/${PN}-3.3.92.1-disable-accessibility.patch"
+
+	# make gdm-fallback session the default if USE=-gnome-shell
+	if ! use gnome-shell; then
+		sed -e "s:'gdm-shell':'gdm-fallback':" \
+			-i data/00-upstream-settings || die "sed failed"
+	fi
+
+	mkdir -p "${S}"/m4
+	eautoreconf
+
+	gnome2_src_prepare
+}
+
+src_install() {
+	gnome2_src_install
+
+	# Install the systemd unit file
+	systemd_dounit "${FILESDIR}/3.4.1/gdm.service"
+
+	# gdm-binary should be gdm to work with our init (#5598)
+	rm -f "${ED}/usr/sbin/gdm"
+	ln -sfn /usr/sbin/gdm-binary "${ED}/usr/sbin/gdm"
+	# our x11's scripts point to /usr/bin/gdm
+	ln -sfn /usr/sbin/gdm-binary "${ED}/usr/bin/gdm"
+
+	# log, etc.
+	keepdir /var/log/gdm
+
+	# add xinitrc.d scripts
+	exeinto /etc/X11/xinit/xinitrc.d
+	newexe "${FILESDIR}/49-keychain-r1" 49-keychain
+	newexe "${FILESDIR}/50-ssh-agent-r1" 50-ssh-agent
+
+	# install XDG_DATA_DIRS gdm changes
+	echo 'XDG_DATA_DIRS="/usr/share/gdm"' > 99xdg-gdm
+	doenvd 99xdg-gdm
+
+	# install PAM files
+	mkdir "${T}/pam.d" || die "mkdir failed"
+	cp "${FILESDIR}/3.4.1"/gdm{,-autologin,-password,-fingerprint,-smartcard,-welcome} \
+		"${T}/pam.d" || die "cp failed"
+	use gnome-keyring && sed -i "s:#Keyring=::g" "${T}/pam.d"/*
+	use ldap && sed -i "s:#LDAP=::g" "${T}/pam.d"/*
+	use systemd && sed -i "s:#Systemd=::g" "${T}/pam.d"/*
+	dopamd "${T}/pam.d"/*
+}
+
+pkg_postinst() {
+	gnome2_pkg_postinst
+
+	dbus-launch dconf update || die "'dconf update' failed"
+
+	ewarn
+	ewarn "This is an EXPERIMENTAL release, please bear with its bugs and"
+	ewarn "visit us on #gentoo-desktop if you have problems."
+	ewarn
+
+	elog "To make GDM start at boot, edit /etc/conf.d/xdm"
+	elog "and then execute 'rc-update add xdm default'."
+	elog "If you already have GDM running, you will need to restart it."
+
+	elog
+	elog "GDM ignores most non-localization environment variables. If you"
+	elog "need GDM to launch gnome-session with a particular environment,"
+	elog "you need to use pam_env.so in /etc/pam.d/gdm-welcome; see"
+	elog "the pam_env man page for more information."
+	elog
+
+	if use gnome-keyring; then
+		elog "For autologin to unlock your keyring, you need to set an empty"
+		elog "password on your keyring. Use app-crypt/seahorse for that."
+	fi
+
+	if [ -f "/etc/X11/gdm/gdm.conf" ]; then
+		elog "You had /etc/X11/gdm/gdm.conf which is the old configuration"
+		elog "file.  It has been moved to /etc/X11/gdm/gdm-pre-gnome-2.16"
+		mv /etc/X11/gdm/gdm.conf /etc/X11/gdm/gdm-pre-gnome-2.16
+	fi
+
+	# https://bugzilla.redhat.com/show_bug.cgi?id=513579
+	# Lennart says this problem is fixed, but users are still reporting problems
+	# XXX: Do we want this elog?
+#	if has_version "media-libs/libcanberra[pulseaudio]" ; then
+#		elog
+#		elog "You have media-libs/libcanberra with the pulseaudio USE flag"
+#		elog "enabled. GDM will start a pulseaudio process to play sounds. This"
+#		elog "process should automatically terminate when a user logs into a"
+#		elog "desktop session. If GDM's pulseaudio fails to terminate and"
+#		elog "causes problems for users' audio, you can prevent GDM from"
+#		elog "starting pulseaudio by editing /var/lib/gdm/.pulse/client.conf"
+#		elog "so it contains the following two lines:"
+#		elog
+#		elog "autospawn = no"
+#		elog "daemon-binary = /bin/true"
+#	fi
+}
+
+pkg_postrm() {
+	gnome2_pkg_postrm
+
+	if rc-config list default | grep -q xdm; then
+		elog "To remove GDM from startup please execute"
+		elog "'rc-update del xdm default'"
+	fi
+}
diff --git a/gnome-base/gdm/metadata.xml b/gnome-base/gdm/metadata.xml
index 1bf8c9589183..baf8cbdf90e2 100644
--- a/gnome-base/gdm/metadata.xml
+++ b/gnome-base/gdm/metadata.xml
@@ -3,6 +3,7 @@
 <pkgmetadata>
 <herd>gnome</herd>
 <use>
+	<flag name="audit">Enable support for <pkg>sys-process/audit</pkg></flag>
 	<flag name="consolekit">Allow proper handling of removable media according
 		to who is actually present on the machine.</flag>
 	<flag name="dmx">Enables Distributed Multihead X (DMX) support</flag>