From: Mart Raudsepp Date: Sun, 5 May 2019 11:31:53 +0000 (+0300) Subject: gnome-base/gdm: workaround file perm and bluetooth sound issues X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=f2394513fd33929540f0fe6c5500b41094038d29;p=gentoo.git gnome-base/gdm: workaround file perm and bluetooth sound issues Install a pulseaudio default config file which unloads bluetooth modules, to avoid logged in users failing to load these modules upon log-in due to device locks. As bluetooth sound may be important for a11y screen reader over bluetooth sound, a USE flag is provided to keep loading bluetooth modules; as this shouldn't be a common case (especially as normal sound still works, it's just about sound over bluetooth), this USE flag is default disabled. Add back file ownership tweaks, as users still somehow end up with wrong permissions. At least if the path where Xorg sessions log file gets written has wrong permissions, Xorg fails to start and gdm with it. Bug: https://bugs.gentoo.org/679526 Closes: https://bugs.gentoo.org/669146 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Mart Raudsepp --- diff --git a/gnome-base/gdm/files/default.pa b/gnome-base/gdm/files/default.pa new file mode 100644 index 000000000000..0922c37a7f92 --- /dev/null +++ b/gnome-base/gdm/files/default.pa @@ -0,0 +1,18 @@ +#!/usr/bin/pulseaudio -nF +# + +# load system wide configuration +.include /etc/pulse/default.pa + +### unload driver modules for Bluetooth hardware +.nofail + +.ifexists module-bluetooth-policy.so +unload-module module-bluetooth-policy +.endif + +.ifexists module-bluetooth-discover.so +unload-module module-bluetooth-discover +.endif + +.fail diff --git a/gnome-base/gdm/gdm-3.30.3-r3.ebuild b/gnome-base/gdm/gdm-3.30.3-r3.ebuild new file mode 100644 index 000000000000..85fce6002747 --- /dev/null +++ b/gnome-base/gdm/gdm-3.30.3-r3.ebuild @@ -0,0 +1,246 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +GNOME2_LA_PUNT="yes" +GNOME2_EAUTORECONF="yes" + +inherit eutils gnome2 pam readme.gentoo-r1 systemd udev user + +DESCRIPTION="GNOME Display Manager for managing graphical display servers and user logins" +HOMEPAGE="https://wiki.gnome.org/Projects/GDM" + +SRC_URI="${SRC_URI} + branding? ( https://www.mail-archive.com/tango-artists@lists.freedesktop.org/msg00043/tango-gentoo-v1.1.tar.gz ) +" + +LICENSE=" + GPL-2+ + branding? ( CC-BY-SA-4.0 ) +" + +SLOT="0" + +IUSE="accessibility audit bluetooth-sound branding elogind fprint +introspection ipv6 plymouth selinux smartcard systemd tcpd test wayland xinerama" +REQUIRED_USE="^^ ( elogind systemd )" + +KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sh ~x86" + +# NOTE: x11-base/xorg-server dep is for X_SERVER_PATH etc, bug #295686 +# nspr used by smartcard extension +# dconf, dbus and g-s-d are needed at install time for dconf update +# We need either systemd or >=openrc-0.12 to restart gdm properly, bug #463784 +COMMON_DEPEND=" + app-text/iso-codes + >=dev-libs/glib-2.44:2 + dev-libs/libgudev + >=x11-libs/gtk+-2.91.1:3 + >=gnome-base/dconf-0.20 + >=gnome-base/gnome-settings-daemon-3.1.4 + gnome-base/gsettings-desktop-schemas + >=media-libs/fontconfig-2.5.0:1.0 + >=media-libs/libcanberra-0.4[gtk3] + sys-apps/dbus + >=sys-apps/accountsservice-0.6.35 + + x11-base/xorg-server + x11-libs/libXau + x11-libs/libX11 + x11-libs/libXdmcp + x11-libs/libXext + x11-libs/libxcb + >=x11-misc/xdg-utils-1.0.2-r3 + + virtual/pam + elogind? ( >=sys-auth/elogind-239.3[pam] ) + systemd? ( >=sys-apps/systemd-186:0=[pam] ) + + sys-auth/pambase[elogind?,systemd?] + + audit? ( sys-process/audit ) + introspection? ( >=dev-libs/gobject-introspection-0.9.12:= ) + plymouth? ( sys-boot/plymouth ) + selinux? ( sys-libs/libselinux ) + tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) + xinerama? ( x11-libs/libXinerama ) +" +# XXX: These deps are from session and desktop files in data/ directory +# fprintd is used via dbus by gdm-fingerprint-extension +# gnome-session-3.6 needed to avoid freezing with orca +RDEPEND="${COMMON_DEPEND} + >=gnome-base/gnome-session-3.6 + >=gnome-base/gnome-shell-3.1.90 + x11-apps/xhost + + accessibility? ( + >=app-accessibility/orca-3.10 + gnome-extra/mousetweaks ) + fprint? ( + sys-auth/fprintd + sys-auth/pam_fprint ) + + !gnome-extra/fast-user-switch-applet +" +DEPEND="${COMMON_DEPEND} + app-text/docbook-xml-dtd:4.1.2 + dev-util/gdbus-codegen + dev-util/glib-utils + dev-util/itstool + >=sys-devel/gettext-0.19.8 + virtual/pkgconfig + x11-base/xorg-proto + test? ( >=dev-libs/check-0.9.4 ) + app-text/yelp-tools +" # yelp-tools needed for eautoreconf to not lose help docs (m4_ifdeffed YELP_HELP_INIT call and setup) + +DOC_CONTENTS=" + To make GDM start at boot with systemd, run:\n + # systemctl enable gdm.service\n + \n + To make GDM start at boot with OpenRC, edit /etc/conf.d to have + DISPLAYMANAGER=\"gdm\" and enable the xdm service:\n + # rc-update add xdm + \n + For passwordless login to unlock your keyring, you need to install + sys-auth/pambase with USE=gnome-keyring and set an empty password + on your keyring. Use app-crypt/seahorse for that.\n + \n + You may need to install app-crypt/coolkey and sys-auth/pam_pkcs11 + for smartcard support +" + +pkg_setup() { + enewgroup gdm + enewgroup video # Just in case it hasn't been created yet + enewuser gdm -1 -1 /var/lib/gdm gdm,video + + # For compatibility with certain versions of nvidia-drivers, etc., need to + # ensure that gdm user is in the video group + if ! egetent group video | grep -q gdm; then + # FIXME XXX: is this at all portable, ldap-safe, etc.? + # XXX: egetent does not have a 1-argument form, so we can't use it to + # get the list of gdm's groups + local g=$(groups gdm) + elog "Adding user gdm to video group" + usermod -G video,${g// /,} gdm || die "Adding user gdm to video group failed" + fi +} + +src_prepare() { + # ssh-agent handling must be done at xinitrc.d, bug #220603 + eapply "${FILESDIR}/${PN}-2.32.0-xinitrc-ssh-agent.patch" + + # Gentoo does not have a fingerprint-auth pam stack + eapply "${FILESDIR}/${PN}-3.8.4-fingerprint-auth.patch" + + # Drop legacy argument to pam_systemd.so, included in 3.32 + eapply "${FILESDIR}/${PV}-pam-drop-legacy-arg.patch" + # Support pam_elogind.so in gdm-launch-environment.pam + eapply "${FILESDIR}/pam-elogind.patch" + + # Wait 10 seconds for a DRM master with systemd. Workaround for gdm not waiting for CanGraphical=yes property on the seat. Bug #613222 + eapply "${FILESDIR}/gdm-CanGraphical-wait.patch" # needs eautoreconf + + # Show logo when branding is enabled + use branding && eapply "${FILESDIR}/${PN}-3.30.3-logo.patch" + + gnome2_src_prepare +} + +src_configure() { + # PAM is the only auth scheme supported + # even though configure lists shadow and crypt + # they don't have any corresponding code. + # --with-at-spi-registryd-directory= needs to be passed explicitly because + # of https://bugzilla.gnome.org/show_bug.cgi?id=607643#c4 + # Xevie is obsolete, bug #482304 + + # --with-initial-vt=7 conflicts with plymouth, bug #453392 + # gdm-3.30 now reaps (stops) the login screen when the login VT isn't active, which + # saves on memory. However this means if we don't start on VT1, gdm doesn't start up + # before user manually goes to VT7. Thus as-is we can not keep gdm away from VT1, + # so lets try always having it in VT1 and see if that is an issue for people before + # hacking up workarounds for the initial start case. + # ! use plymouth && myconf="${myconf} --with-initial-vt=7" + local myconf=( + --enable-gdm-xsession + --enable-user-display-server + --with-run-dir=/run/gdm + --localstatedir="${EPREFIX}"/var + --disable-static + --with-xdmcp=yes + --enable-authentication-scheme=pam + --with-default-pam-config=exherbo + --with-pam-mod-dir=$(getpam_mod_dir) + --with-udevdir=$(get_udevdir) + --with-at-spi-registryd-directory="${EPREFIX}"/usr/libexec + --without-xevie + $(use_enable systemd systemd-journal) + --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" + $(use_with audit libaudit) + $(use_enable ipv6) + $(use_with plymouth) + $(use_with selinux) + $(use_with tcpd tcp-wrappers) + $(use_enable wayland wayland-support) + $(use_with xinerama) + ) + + if use elogind; then + myconf+=( + --with-initial-vt=7 # TODO: Revisit together with startDM.sh and other xinit talks; also ignores plymouth possibility + SYSTEMD_CFLAGS=`pkg-config --cflags "libelogind" 2>/dev/null` + SYSTEMD_LIBS=`pkg-config --libs "libelogind" 2>/dev/null` + ) + fi + + gnome2_src_configure "${myconf[@]}" +} + +src_install() { + gnome2_src_install + + if ! use accessibility ; then + rm "${ED}"/usr/share/gdm/greeter/autostart/orca-autostart.desktop || die + fi + + exeinto /etc/X11/xinit/xinitrc.d + newexe "${FILESDIR}/49-keychain-r1" 49-keychain + newexe "${FILESDIR}/50-ssh-agent-r1" 50-ssh-agent + + # gdm user's home directory + keepdir /var/lib/gdm + fowners gdm:gdm /var/lib/gdm + + if ! use bluetooth-sound ; then + # Workaround https://gitlab.freedesktop.org/pulseaudio/pulseaudio/merge_requests/10 + # bug #679526 + insinto /var/lib/gdm/.config/pulse + doins "${FILESDIR}"/default.pa + fi + + # install XDG_DATA_DIRS gdm changes + echo 'XDG_DATA_DIRS="/usr/share/gdm"' > 99xdg-gdm + doenvd 99xdg-gdm + + use branding && newicon "${WORKDIR}/tango-gentoo-v1.1/scalable/gentoo.svg" gentoo-gdm.svg + + readme.gentoo_create_doc +} + +pkg_postinst() { + gnome2_pkg_postinst + local d ret + + # bug #669146; gdm may crash if /var/lib/gdm subdirs are not owned by gdm:gdm + ret=0 + ebegin "Fixing "${EROOT}"var/lib/gdm ownership" + chown --no-dereference gdm:gdm "${EROOT}var/lib/gdm" || ret=1 + for d in "${EROOT}var/lib/gdm/"{.cache,.color,.config,.dbus,.local}; do + [[ ! -e "${d}" ]] || chown --no-dereference -R gdm:gdm "${d}" || ret=1 + done + eend ${ret} + + systemd_reenable gdm.service + readme.gentoo_print_elog +} diff --git a/gnome-base/gdm/metadata.xml b/gnome-base/gdm/metadata.xml index ac51d07ebe21..905cfca7884b 100644 --- a/gnome-base/gdm/metadata.xml +++ b/gnome-base/gdm/metadata.xml @@ -6,6 +6,9 @@ Gentoo GNOME Desktop + Allow loading of bluetooth sound modules. + This may be necessary for accessibility screen readers, but may cause bluetooth + sound issues for users logging in. Use sys-auth/elogind for session management Enables experimental fingerprint authentication using sys-auth/fprintd