diff --git a/.gitignore b/.gitignore index c02272e..f65c20b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ /lightdm-1.18.3.tar.xz /lightdm-1.22.0.tar.xz +/lightdm-1.24.0.tar.xz diff --git a/50-disable-guest.conf b/50-disable-guest.conf new file mode 100644 index 0000000..4e01ff7 --- /dev/null +++ b/50-disable-guest.conf @@ -0,0 +1,5 @@ +# Disable guest sessions due to them not being confined in systemd +# CVE-2017-8900 +# https://bugs.launchpad.net/bugs/1663157 +[Seat:*] +allow-guest=false diff --git a/lightdm.spec b/lightdm.spec index 5f0916e..c2c0f0f 100644 --- a/lightdm.spec +++ b/lightdm.spec @@ -1,89 +1,94 @@ +# leaving this disabled, means greeters will have to +# require lightdm too, instead of relying on -gobject, +# -qt to pull it in. +%bcond_with internal_deps + # FIXME: most tests currently fail -#global tests 1 +%bcond_with tests + -%global major 1.22 +%global glib2_version %(pkg-config --modversion glib-2.0 2>/dev/null || echo "2.10") +%global major 1.24 %global minor 0 -Name: lightdm -Summary: A cross-desktop Display Manager -Version: %{major}.%{minor} -Release: 6%{?dist} +Name: lightdm +Summary: A cross-desktop Display Manager +Version: %{major}.%{minor} +Release: 1%{?dist} # library/bindings are LGPLv2 or LGPLv3, the rest GPLv3+ -License: (LGPLv2 or LGPLv3) and GPLv3+ -URL: https://launchpad.net/%{name}/%{major} -Source0: %{url}/%{version}/+download/%{name}-%{version}.tar.xz +License: (LGPLv2 or LGPLv3) and GPLv3+ +URL: https://launchpad.net/%{name}/%{major} +Source0: %{url}/%{version}/+download/%{name}-%{version}.tar.xz -Source1: lightdm.pam -Source2: lightdm-autologin.pam -Source3: lightdm-tmpfiles.conf -Source4: lightdm.service -Source5: lightdm.logrotate -Source6: lightdm.rules +Source10: %{name}.pam +Source11: %{name}-autologin.pam +Source12: %{name}-tmpfiles.conf +Source13: %{name}.service +Source14: %{name}.logrotate +Source15: %{name}.rules ## .conf snippets -# use logrotate? -Source10: 50-backup-logs.conf -Source11: 50-minimum-vt.conf -Source12: 50-session-wrapper.conf -Source13: 50-user-authority-in-system-dir.conf -Source14: 50-xserver-command.conf +Source20: 50-backup-logs.conf +Source21: 50-minimum-vt.conf +Source22: 50-session-wrapper.conf +Source23: 50-user-authority-in-system-dir.conf +Source24: 50-xserver-command.conf +Source25: 50-disable-guest.conf ## Downstream patches: # hack in support for --nodaemon option -Patch11: lightdm-1.10.2-nodaemon_option.patch +Patch0: %{name}-1.10.2-nodaemon_option.patch # disable saving to ~/.dmrc (runs afoul of selinux, http://bugzilla.redhat.com/963238 ) -Patch12: lightdm-1.9.8-no_dmrc_save.patch +Patch1: %{name}-1.9.8-no_dmrc_save.patch ## upstreamable patches # search for moc-qt5, use -qt=5|4 (instead of --qt=qt4|qt5) -Patch51: lightdm-1.18-qtchooser.patch - -# patch51 -BuildRequires: gettext -BuildRequires: gnome-common -BuildRequires: gtk-doc itstool -BuildRequires: intltool -BuildRequires: libgcrypt-devel -BuildRequires: pam-devel -BuildRequires: pkgconfig(audit) -BuildRequires: pkgconfig(dbus-glib-1) -BuildRequires: pkgconfig(gio-2.0) >= 2.26 -BuildRequires: pkgconfig(gio-unix-2.0) -BuildRequires: pkgconfig(glib-2.0) -BuildRequires: pkgconfig(gmodule-export-2.0) -BuildRequires: pkgconfig(gobject-2.0) -%global glib2_version %(pkg-config --modversion glib-2.0 2>/dev/null || echo "2.10") -BuildRequires: pkgconfig(gobject-introspection-1.0) >= 0.9.5 -BuildRequires: pkgconfig(libxklavier) -BuildRequires: pkgconfig(QtCore) pkgconfig(QtDBus) pkgconfig(QtGui) pkgconfig(QtNetwork) -BuildRequires: pkgconfig(Qt5Core) pkgconfig(Qt5DBus) pkgconfig(Qt5Gui) -BuildRequires: pkgconfig(x11) -BuildRequires: pkgconfig(xcb) -BuildRequires: pkgconfig(xdmcp) -BuildRequires: systemd -BuildRequires: vala vala-tools - -Requires: %{name}-gobject%{?_isa} = %{version}-%{release} -Requires: accountsservice -Requires: dbus-x11 -%if 0%{?rhel} > 6 || 0%{?fedora} > 18 -Requires: polkit-js-engine +Patch2: %{name}-1.18-qtchooser.patch + +BuildRequires: gettext +BuildRequires: gnome-common +BuildRequires: gtk-doc itstool +BuildRequires: intltool +BuildRequires: libgcrypt-devel +BuildRequires: pam-devel +BuildRequires: pkgconfig(audit) +BuildRequires: pkgconfig(dbus-glib-1) +BuildRequires: pkgconfig(gio-2.0) >= 2.26 +BuildRequires: pkgconfig(gio-unix-2.0) +BuildRequires: pkgconfig(glib-2.0) +BuildRequires: pkgconfig(gmodule-export-2.0) +BuildRequires: pkgconfig(gobject-2.0) +BuildRequires: pkgconfig(gobject-introspection-1.0) >= 0.9.5 +BuildRequires: pkgconfig(libxklavier) +BuildRequires: pkgconfig(QtCore) pkgconfig(QtDBus) pkgconfig(QtGui) pkgconfig(QtNetwork) +BuildRequires: pkgconfig(Qt5Core) pkgconfig(Qt5DBus) pkgconfig(Qt5Gui) +BuildRequires: pkgconfig(x11) +BuildRequires: pkgconfig(xcb) +BuildRequires: pkgconfig(xdmcp) +BuildRequires: systemd +BuildRequires: vala vala-tools + +Requires: %{name}-gobject%{?_isa} = %{version}-%{release} +Requires: accountsservice +Requires: dbus-x11 +%if 0%{?fedora} || 0%{?rhel} >= 7 +Requires: polkit-js-engine %endif -Requires: systemd -%{?systemd_requires} -Requires: xorg-x11-xinit +Requires: systemd +Requires: xorg-x11-xinit -Requires(pre): shadow-utils +%if %{with internal_deps} +Requires: %{name}-greeter = 1.2 +%endif + +%{?systemd_requires} -# beware of bootstrapping -- rex -# leaving this here, means greeters will have to require lightdm too, -# instead of relying on -gobject, -qt to pull it in -Requires: lightdm-greeter = 1.2 +Requires(pre): shadow-utils # needed for anaconda to boot into runlevel 5 after install -Provides: service(graphical-login) = lightdm +Provides: service(graphical-login) = %{name} %description Lightdm is a display manager that: @@ -91,219 +96,252 @@ Lightdm is a display manager that: * Supports different display technologies * Is lightweight - low memory usage and fast performance + %package gobject -Summary: LightDM GObject client library -# omit base package, to allow for easier bootstrapping -# requires greeters to manually -# Requires: lightdm -#Requires: %{name} = %{version}-%{release} -Requires: glib2%{?_isa} >= %{glib2_version} +Summary: LightDM GObject client library + +%if !%{with internal_deps} +Requires: %{name}%{?_isa} = %{version}-%{release} +%endif +Requires: glib2%{?_isa} >= %{glib2_version} + %description gobject This package contains a GObject based library for LightDM clients to use to interface with LightDM. + %package gobject-devel -Summary: Development files for %{name}-gobject -Requires: %{name}-gobject%{?_isa} = %{version}-%{release} +Summary: Development files for %{name}-gobject +Requires: %{name}-gobject%{?_isa} = %{version}-%{release} %description gobject-devel %{summary}. + %package qt Summary: LightDM Qt4 client library -# see comment in -gobject above -#Requires: %{name} = %{version}-%{release} -%{?_qt4_version:Requires: qt4%{?_isa} >= %{_qt4_version}} + +%if !%{with internal_deps} +Requires: %{name}%{?_isa} = %{version}-%{release} +%endif +%{?_qt4_version:Requires: qt4%{?_isa} >= %{_qt4_version}} + %description qt This package contains a Qt4-based library for LightDM clients to use to interface with LightDM. + %package qt-devel -Summary: Development files for %{name}-qt -Requires: %{name}-qt%{?_isa} = %{version}-%{release} +Summary: Development files for %{name}-qt +Requires: %{name}-qt%{?_isa} = %{version}-%{release} + %description qt-devel %{summary}. + %package qt5 -Summary: LightDM Qt5 client library -# see comment in -gobject above -#Requires: %{name} = %{version}-%{release} -%{?_qt5:Requires: %{?_qt5}%{?_isa} >= %{_qt5_version}} +Summary: LightDM Qt5 client library + +%if !%{with internal_deps} +Requires: %{name}%{?_isa} = %{version}-%{release} +%endif +%{?_qt5:Requires: %{?_qt5}%{?_isa} >= %{_qt5_version}} + %description qt5 This package contains a Qt5-based library for LightDM clients to use to interface with LightDM. + %package qt5-devel -Summary: Development files for %{name}-qt5 -Requires: %{name}-qt5%{?_isa} = %{version}-%{release} +Summary: Development files for %{name}-qt5 +Requires: %{name}-qt5%{?_isa} = %{version}-%{release} + %description qt5-devel %{summary}. %prep -%setup -q - -%patch11 -p1 -b .nodaemon_option -%patch12 -p1 -b .no_dmrc_save - -%patch51 -p1 -b .qtchooser +%autosetup -p 1 # rpath hack -sed -i -e 's|"/lib /usr/lib|"/%{_lib} %{_libdir}|' configure +%{__sed} -i -e 's|"/lib /usr/lib|"/%{_lib} %{_libdir}|' configure %build -%configure \ - --disable-silent-rules \ - --disable-static \ - --enable-gtk-doc \ - --enable-libaudit \ - --enable-liblightdm-qt \ - --enable-liblightdm-qt5 \ - --enable-introspection \ - %{?tests:--enable-tests}%{!?tests:--disable-tests} \ - --enable-vala \ - --with-greeter-user=lightdm \ - --with-greeter-session=lightdm-greeter - +%configure \ + --disable-silent-rules \ + --disable-static \ + --enable-gtk-doc \ + --enable-libaudit \ + --enable-lib%{name}-qt \ + --enable-lib%{name}-qt5 \ + --enable-introspection \ +%if %{with tests} + --enable-tests \ +%else + --disable-tests \ +%endif + --enable-vala \ + --with-greeter-user=%{name} \ + --with-greeter-session=%{name}-greeter %make_build %install -%make_install INSTALL='install -p' +%make_install + +# We need to own these +%{__mkdir_p} %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf.d/ \ + %{buildroot}%{_datadir}/%{name}/%{name}.conf.d/ \ + %{buildroot}%{_datadir}/%{name}/remote-sessions/ \ + %{buildroot}%{_datadir}/xgreeters/ \ + %{buildroot}%{_localstatedir}/cache/%{name}/ \ + %{buildroot}%{_localstatedir}/run/%{name}/ \ + %{buildroot}%{_localstatedir}/log/%{name}/ \ + %{buildroot}%{_localstatedir}/lib/%{name}/ \ + %{buildroot}%{_localstatedir}/lib/%{name}-data/ -## unpackaged files # libtool cruft -find %{buildroot}%{_libdir} -type f -name '*.a' -print -delete -find %{buildroot}%{_libdir} -type f -name '*.la' -print -delete +%{_bindir}/find %{buildroot}%{_libdir} -type f -name '*.a' -print -delete +%{_bindir}/find %{buildroot}%{_libdir} -type f -name '*.la' -print -delete + # We don't ship AppAmor -rm -rfv %{buildroot}%{_sysconfdir}/apparmor.d/ +%{__rm} -rfv %{buildroot}%{_sysconfdir}/apparmor.d/ + # omit upstart support -rm -rfv %{buildroot}%{_sysconfdir}/init +%{__rm} -rfv %{buildroot}%{_sysconfdir}/init # install pam file -install -Dpm 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/lightdm -install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/lightdm-autologin - -install -Dpm 644 %{SOURCE3} %{buildroot}%{_prefix}/lib/tmpfiles.d/lightdm.conf - -# We need to own these -mkdir -p %{buildroot}%{_sysconfdir}/lightdm/lightdm.conf.d/ -mkdir -p %{buildroot}%{_datadir}/lightdm/lightdm.conf.d/ -mkdir -p %{buildroot}%{_datadir}/lightdm/remote-sessions/ -mkdir -p %{buildroot}%{_datadir}/xgreeters/ -mkdir -p %{buildroot}%{_localstatedir}/cache/lightdm/ -mkdir -p %{buildroot}%{_localstatedir}/run/lightdm/ -mkdir -p %{buildroot}%{_localstatedir}/log/lightdm/ -mkdir -p %{buildroot}%{_localstatedir}/lib/lightdm/ -mkdir -p %{buildroot}%{_localstatedir}/lib/lightdm-data/ +%{__install} -Dpm 0644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/%{name} +%{__install} -Dpm 0644 %{SOURCE11} %{buildroot}%{_sysconfdir}/pam.d/%{name}-autologin +%{__install} -Dpm 0644 %{SOURCE12} %{buildroot}%{_prefix}/lib/tmpfiles.d/%{name}.conf +%{__install} -Dpm 0644 %{SOURCE13} %{buildroot}%{_unitdir}/%{name}.service +%{__install} -Dpm 0644 %{SOURCE14} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} +%{__install} -Dpm 0644 %{SOURCE15} %{buildroot}%{_datadir}/polkit-1/rules.d/%{name}.rules +%{__install} -pm 0644 %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE23} \ + %{SOURCE24} %{SOURCE25} %{buildroot}%{_datadir}/%{name}/%{name}.conf.d/ %find_lang %{name} --with-gnome -install -m644 -p -D %{SOURCE4} %{buildroot}%{_unitdir}/lightdm.service -install -m644 -p -D %{SOURCE5} %{buildroot}%{_sysconfdir}/logrotate.d/lightdm -install -m644 -p -D %{SOURCE6} %{buildroot}%{_datadir}/polkit-1/rules.d/lightdm.rules -install -m644 -p %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} \ - %{buildroot}%{_datadir}/lightdm/lightdm.conf.d/ %check -# FIXME: most of these currently fail :( -- rex -%if 0%{?tests:1} -make check ||: +%if %{with tests} +%make_build check ||: %endif %pre -getent group lightdm >/dev/null || groupadd -r lightdm -getent passwd lightdm >/dev/null || \ - /usr/sbin/useradd -g lightdm -M -d /var/lib/lightdm -s /sbin/nologin -r lightdm +%{_bindir}/getent group %{name} >/dev/null || %{_sbindir}/groupadd -r %{name} +%{_bindir}/getent passwd %{name} >/dev/null || %{_sbindir}/useradd -g %{name} \ + -M -d /var/lib/%{name} -s /sbin/nologin -r %{name} exit 0 + %post -%{?systemd_post:%systemd_post lightdm.service} +%{?systemd_post:%systemd_post %{name}.service} + + +%post gobject -p /sbin/ldconfig + + +%post qt -p /sbin/ldconfig + + +%post qt5 -p /sbin/ldconfig + %preun -%{?systemd_preun:%systemd_preun lightdm.service} +%{?systemd_preun:%systemd_preun %{name}.service} + %postun %{?systemd_postun} + +%postun gobject -p /sbin/ldconfig + + +%postun qt -p /sbin/ldconfig + + +%postun qt5 -p /sbin/ldconfig + + %files -f %{name}.lang %license COPYING.GPL3 %doc NEWS %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.freedesktop.DisplayManager.conf -%config(noreplace) %{_sysconfdir}/pam.d/lightdm* -%dir %{_sysconfdir}/lightdm/ -%dir %{_sysconfdir}/lightdm/lightdm.conf.d -%config(noreplace) %{_sysconfdir}/lightdm/keys.conf -%config(noreplace) %{_sysconfdir}/lightdm/lightdm.conf -%config(noreplace) %{_sysconfdir}/lightdm/users.conf +%config(noreplace) %{_sysconfdir}/pam.d/%{name}* +%config(noreplace) %{_sysconfdir}/%{name}/keys.conf +%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf +%config(noreplace) %{_sysconfdir}/%{name}/users.conf +%dir %{_sysconfdir}/%{name}/ +%dir %{_sysconfdir}/%{name}/%{name}.conf.d %dir %{_sysconfdir}/logrotate.d/ -%{_sysconfdir}/logrotate.d/lightdm +%dir %attr(-,%{name},%{name}) %{_localstatedir}/cache/%{name}/ +%dir %attr(-,%{name},%{name}) %{_localstatedir}/lib/%{name}/ +%dir %attr(-,%{name},%{name}) %{_localstatedir}/lib/%{name}-data/ +%dir %attr(-,%{name},%{name}) %{_localstatedir}/log/%{name}/ +%dir %{_datadir}/bash-completion/ +%dir %{_datadir}/bash-completion/completions/ +%dir %{_datadir}/xgreeters/ +%ghost %dir %{_localstatedir}/run/%{name} +%{_sysconfdir}/logrotate.d/%{name} %{_bindir}/dm-tool -%{_sbindir}/lightdm -%{_libexecdir}/lightdm-guest-session -%{_datadir}/lightdm/ +%{_sbindir}/%{name} +%{_libexecdir}/%{name}-guest-session +%{_datadir}/%{name}/ %{_libdir}/girepository-1.0/LightDM-1.typelib %{_mandir}/man1/dm-tool.1* -%{_mandir}/man1/lightdm* -%dir %attr(-,lightdm,lightdm) %{_localstatedir}/cache/lightdm/ -%{_unitdir}/lightdm.service -%{_datadir}/polkit-1/rules.d/lightdm.rules -%dir %{_datadir}/bash-completion/ -%dir %{_datadir}/bash-completion/completions/ +%{_mandir}/man1/%{name}* +%{_unitdir}/%{name}.service +%{_datadir}/polkit-1/rules.d/%{name}.rules %{_datadir}/bash-completion/completions/dm-tool -%{_datadir}/bash-completion/completions/lightdm -%dir %{_datadir}/xgreeters/ - -# because of systemd -%{_prefix}/lib/tmpfiles.d/lightdm.conf -%ghost %dir %{_localstatedir}/run/lightdm +%{_datadir}/bash-completion/completions/%{name} +%{_prefix}/lib/tmpfiles.d/%{name}.conf -%dir %attr(-,lightdm,lightdm) %{_localstatedir}/lib/lightdm/ -%dir %attr(-,lightdm,lightdm) %{_localstatedir}/lib/lightdm-data/ -%dir %attr(-,lightdm,lightdm) %{_localstatedir}/log/lightdm/ - -%post gobject -p /sbin/ldconfig -%postun gobject -p /sbin/ldconfig %files gobject %license COPYING.LGPL2 COPYING.LGPL3 -%{_libdir}/liblightdm-gobject-1.so.0* +%{_libdir}/lib%{name}-gobject-1.so.0* + %files gobject-devel -%doc %{_datadir}/gtk-doc/html/lightdm-gobject-1/ -%{_includedir}/lightdm-gobject-1/ -%{_libdir}/liblightdm-gobject-1.so -%{_libdir}/pkgconfig/liblightdm-gobject-1.pc +%doc %{_datadir}/gtk-doc/html/%{name}-gobject-1/ +%{_includedir}/%{name}-gobject-1/ +%{_libdir}/lib%{name}-gobject-1.so +%{_libdir}/pkgconfig/lib%{name}-gobject-1.pc %{_datadir}/gir-1.0/LightDM-1.gir -%{_datadir}/vala/vapi/liblightdm-gobject-1.* +%{_datadir}/vala/vapi/lib%{name}-gobject-1.* -%post qt -p /sbin/ldconfig -%postun qt -p /sbin/ldconfig %files qt %license COPYING.LGPL2 COPYING.LGPL3 -%{_libdir}/liblightdm-qt-3.so.0* +%{_libdir}/lib%{name}-qt-3.so.0* + %files qt-devel -%{_includedir}/lightdm-qt-3/ -%{_libdir}/liblightdm-qt-3.so -%{_libdir}/pkgconfig/liblightdm-qt-3.pc +%{_includedir}/%{name}-qt-3/ +%{_libdir}/lib%{name}-qt-3.so +%{_libdir}/pkgconfig/lib%{name}-qt-3.pc -%post qt5 -p /sbin/ldconfig -%postun qt5 -p /sbin/ldconfig %files qt5 %license COPYING.LGPL2 COPYING.LGPL3 -%{_libdir}/liblightdm-qt5-3.so.0* +%{_libdir}/lib%{name}-qt5-3.so.0* + %files qt5-devel -%{_includedir}/lightdm-qt5-3/ -%{_libdir}/liblightdm-qt5-3.so -%{_libdir}/pkgconfig/liblightdm-qt5-3.pc +%{_includedir}/%{name}-qt5-3/ +%{_libdir}/lib%{name}-qt5-3.so +%{_libdir}/pkgconfig/lib%{name}-qt5-3.pc %changelog +* Tue Sep 05 2017 Björn Esser - 1.24.0-1 +- lightdm-1.24.0 (rhbz#1488270) +- Disable guest login as system default preset (CVE-2017-8900) +- Modernize spec-file + * Thu Aug 31 2017 Björn Esser - 1.22.0-6 - Start lightdm after dbus.service diff --git a/sources b/sources index cc2a276..a9ea3c9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (lightdm-1.22.0.tar.xz) = 58be4428465dda66be8ba1cf4718ece40888af810bfd83d8ae059b3f5432ab7053373af2ecdcafd5e1fade77f0194eae7ded7d6c28e9c4be4aef56d9b432f0cc +SHA512 (lightdm-1.24.0.tar.xz) = 30bad8887928f22bf2cc7ce8d7a323637dec669d47d69fb326cfcf1bb5ee9e52c1232cf680af94a25cf90a9de13d9b5ff73307c1dc8829422600d350401555b8