[gdm] Fix pam_ecryptfs. unfortunately adds back gross last login messages.
Ray Strode
rstrode at fedoraproject.org
Fri Jan 16 14:56:41 UTC 2015
commit d3d8f74ba5e51e738cda5b23360598e6bf351f6b
Author: Ray Strode <rstrode at redhat.com>
Date: Fri Jan 16 09:55:39 2015 -0500
Fix pam_ecryptfs. unfortunately adds back gross last login messages.
Resolves: #1174366
fix-pam-ecryptfs.patch | 174 ++++++++++++++++++++++++++++++++++++++++++++++++
gdm.spec | 8 ++-
2 files changed, 181 insertions(+), 1 deletions(-)
---
diff --git a/fix-pam-ecryptfs.patch b/fix-pam-ecryptfs.patch
new file mode 100644
index 0000000..8080eb9
--- /dev/null
+++ b/fix-pam-ecryptfs.patch
@@ -0,0 +1,174 @@
+From 4d25bda84d9ed57efecb8a6444ef8d978f74b2d6 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode at redhat.com>
+Date: Fri, 16 Jan 2015 09:46:26 -0500
+Subject: [PATCH] Revert "pam: drop postlogin from fedora pam config"
+
+This reverts commit 76d26d8c1c37c6bd38bcac082d5cc62670fe5d39.
+
+It breaks pam_ecryptfs.
+Downstream: https://bugzilla.redhat.com/show_bug.cgi?id=1174366
+
+https://bugzilla.gnome.org/show_bug.cgi?id=743045
+---
+ data/pam-redhat/gdm-autologin.pam | 2 ++
+ data/pam-redhat/gdm-fingerprint.pam | 2 ++
+ data/pam-redhat/gdm-launch-environment.pam | 2 ++
+ data/pam-redhat/gdm-password.pam | 2 ++
+ data/pam-redhat/gdm-pin.pam | 2 ++
+ data/pam-redhat/gdm-smartcard.pam | 2 ++
+ data/pam-redhat/gdm.pam | 3 +++
+ 7 files changed, 15 insertions(+)
+
+diff --git a/data/pam-redhat/gdm-autologin.pam b/data/pam-redhat/gdm-autologin.pam
+index 08d4543..0616e66 100644
+--- a/data/pam-redhat/gdm-autologin.pam
++++ b/data/pam-redhat/gdm-autologin.pam
+@@ -1,14 +1,16 @@
+ #%PAM-1.0
+ auth required pam_env.so
+ auth required pam_permit.so
++auth include postlogin
+ account required pam_nologin.so
+ account include system-auth
+ password include system-auth
+ session required pam_selinux.so close
+ session required pam_loginuid.so
+ session optional pam_console.so
+ -session optional pam_ck_connector.so
+ session required pam_selinux.so open
+ session optional pam_keyinit.so force revoke
+ session required pam_namespace.so
+ session include system-auth
++session include postlogin
+diff --git a/data/pam-redhat/gdm-fingerprint.pam b/data/pam-redhat/gdm-fingerprint.pam
+index ee0635d..c5a3598 100644
+--- a/data/pam-redhat/gdm-fingerprint.pam
++++ b/data/pam-redhat/gdm-fingerprint.pam
+@@ -1,15 +1,17 @@
+ auth substack fingerprint-auth
++auth include postlogin
+
+ account required pam_nologin.so
+ account include fingerprint-auth
+
+ password include fingerprint-auth
+
+ session required pam_selinux.so close
+ session required pam_loginuid.so
+ session optional pam_console.so
+ -session optional pam_ck_connector.so
+ session required pam_selinux.so open
+ session optional pam_keyinit.so force revoke
+ session required pam_namespace.so
+ session include fingerprint-auth
++session include postlogin
+diff --git a/data/pam-redhat/gdm-launch-environment.pam b/data/pam-redhat/gdm-launch-environment.pam
+index f1811f1..a5130ea 100644
+--- a/data/pam-redhat/gdm-launch-environment.pam
++++ b/data/pam-redhat/gdm-launch-environment.pam
+@@ -1,7 +1,9 @@
+ #%PAM-1.0
+ auth required pam_env.so
+ auth required pam_permit.so
++auth include postlogin
+ account include system-auth
+ password include system-auth
+ session optional pam_keyinit.so force revoke
+ session include system-auth
++session include postlogin
+diff --git a/data/pam-redhat/gdm-password.pam b/data/pam-redhat/gdm-password.pam
+index b95ca16..3006d0c 100644
+--- a/data/pam-redhat/gdm-password.pam
++++ b/data/pam-redhat/gdm-password.pam
+@@ -1,19 +1,21 @@
+ auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
+ auth substack password-auth
+ auth optional pam_gnome_keyring.so
++auth include postlogin
+
+ account required pam_nologin.so
+ account include password-auth
+
+ password substack password-auth
+ -password optional pam_gnome_keyring.so use_authtok
+
+ session required pam_selinux.so close
+ session required pam_loginuid.so
+ session optional pam_console.so
+ -session optional pam_ck_connector.so
+ session required pam_selinux.so open
+ session optional pam_keyinit.so force revoke
+ session required pam_namespace.so
+ session include password-auth
+ session optional pam_gnome_keyring.so auto_start
++session include postlogin
+diff --git a/data/pam-redhat/gdm-pin.pam b/data/pam-redhat/gdm-pin.pam
+index d0a4e71..7594653 100644
+--- a/data/pam-redhat/gdm-pin.pam
++++ b/data/pam-redhat/gdm-pin.pam
+@@ -1,20 +1,22 @@
+ auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
+ auth requisite pam_pin.so
+ auth substack password-auth
+ auth optional pam_gnome_keyring.so
++auth include postlogin
+
+ account required pam_nologin.so
+ account include password-auth
+
+ password include password-auth
+ password optional pam_pin.so
+
+ session required pam_selinux.so close
+ session required pam_loginuid.so
+ session optional pam_console.so
+ -session optional pam_ck_connector.so
+ session required pam_selinux.so open
+ session optional pam_keyinit.so force revoke
+ session required pam_namespace.so
+ session include password-auth
+ session optional pam_gnome_keyring.so auto_start
++session include postlogin
+diff --git a/data/pam-redhat/gdm-smartcard.pam b/data/pam-redhat/gdm-smartcard.pam
+index d49eef9..c91cf0d 100644
+--- a/data/pam-redhat/gdm-smartcard.pam
++++ b/data/pam-redhat/gdm-smartcard.pam
+@@ -1,15 +1,17 @@
+ auth substack smartcard-auth
++auth include postlogin
+
+ account required pam_nologin.so
+ account include smartcard-auth
+
+ password include smartcard-auth
+
+ session required pam_selinux.so close
+ session required pam_loginuid.so
+ session optional pam_console.so
+ -session optional pam_ck_connector.so
+ session required pam_selinux.so open
+ session optional pam_keyinit.so force revoke
+ session required pam_namespace.so
+ session include smartcard-auth
++session include postlogin
+diff --git a/data/pam-redhat/gdm.pam b/data/pam-redhat/gdm.pam
+index 9d95a51..baa058b 100644
+--- a/data/pam-redhat/gdm.pam
++++ b/data/pam-redhat/gdm.pam
+@@ -1,10 +1,13 @@
+ #%PAM-1.0
+ auth required pam_env.so
+ auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
++auth include postlogin
+ auth include system-auth
++account required pam_nologin.so
+ account include system-auth
+ password include system-auth
+ session optional pam_keyinit.so force revoke
+ session include system-auth
+ session required pam_loginuid.so
+ session optional pam_console.so
++session include postlogin
+--
+2.1.0
+
diff --git a/gdm.spec b/gdm.spec
index fc28441..319e83c 100644
--- a/gdm.spec
+++ b/gdm.spec
@@ -12,7 +12,7 @@
Summary: The GNOME Display Manager
Name: gdm
Version: 3.15.3.1
-Release: 1%{?dist}
+Release: 2%{?dist}
Epoch: 1
License: GPLv2+
Group: User Interface/X
@@ -20,6 +20,7 @@ URL: http://download.gnome.org/sources/gdm
#VCS: git:git://git.gnome.org/gdm
Source: http://download.gnome.org/sources/gdm/3.15/gdm-%{version}.tar.xz
Source1: org.gnome.login-screen.gschema.override
+Patch0: fix-pam-ecryptfs.patch
BuildRequires: pkgconfig(libcanberra-gtk)
BuildRequires: pango-devel >= 0:%{pango_version}
@@ -105,6 +106,7 @@ files needed to build custom greeters.
%prep
%setup -q
+%patch0 -p1 -b .fix-pam-ecryptfs
autoreconf -i -f
intltoolize -f
@@ -294,6 +296,10 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor >&/dev/null || :
%{_libdir}/pkgconfig/gdm.pc
%changelog
+* Fri Jan 16 2015 Ray Strode <rstrode at redhat.com> 3.13.91-2
+- Fix pam_ecryptfs. unfortunately adds back gross last login messages.
+ Resolves: #1174366
+
* Fri Dec 19 2014 Richard Hughes <rhughes at redhat.com> - 1:3.15.3.1-1
- Update to 3.15.3.1
More information about the scm-commits
mailing list