Commit 0fc78afd authored by Björn Esser's avatar Björn Esser
Browse files

lightdm-1.24.0 (rhbz#1488270)

Disable guest login as system default preset (CVE-2017-8900)
Modernize spec-file
parent 640d8411
/lightdm-1.18.3.tar.xz
/lightdm-1.22.0.tar.xz
/lightdm-1.24.0.tar.xz
# Disable guest sessions due to them not being confined in systemd
# CVE-2017-8900
# https://bugs.launchpad.net/bugs/1663157
[Seat:*]
allow-guest=false
# leaving this disabled, means greeters will have to
# require lightdm too, instead of relying on -gobject,
# -qt to pull it in.
%bcond_with internal_deps
# FIXME: most tests currently fail
#global tests 1
%bcond_with tests
%global major 1.22
%global glib2_version %(pkg-config --modversion glib-2.0 2>/dev/null || echo "2.10")
%global major 1.24
%global minor 0
Name: lightdm
Summary: A cross-desktop Display Manager
Version: %{major}.%{minor}
Release: 6%{?dist}
Name: lightdm
Summary: A cross-desktop Display Manager
Version: %{major}.%{minor}
Release: 1%{?dist}
# library/bindings are LGPLv2 or LGPLv3, the rest GPLv3+
License: (LGPLv2 or LGPLv3) and GPLv3+
URL: https://launchpad.net/%{name}/%{major}
Source0: %{url}/%{version}/+download/%{name}-%{version}.tar.xz
License: (LGPLv2 or LGPLv3) and GPLv3+
URL: https://launchpad.net/%{name}/%{major}
Source0: %{url}/%{version}/+download/%{name}-%{version}.tar.xz
Source1: lightdm.pam
Source2: lightdm-autologin.pam
Source3: lightdm-tmpfiles.conf
Source4: lightdm.service
Source5: lightdm.logrotate
Source6: lightdm.rules
Source10: %{name}.pam
Source11: %{name}-autologin.pam
Source12: %{name}-tmpfiles.conf
Source13: %{name}.service
Source14: %{name}.logrotate
Source15: %{name}.rules
## .conf snippets
# use logrotate?
Source10: 50-backup-logs.conf
Source11: 50-minimum-vt.conf
Source12: 50-session-wrapper.conf
Source13: 50-user-authority-in-system-dir.conf
Source14: 50-xserver-command.conf
Source20: 50-backup-logs.conf
Source21: 50-minimum-vt.conf
Source22: 50-session-wrapper.conf
Source23: 50-user-authority-in-system-dir.conf
Source24: 50-xserver-command.conf
Source25: 50-disable-guest.conf
## Downstream patches:
# hack in support for --nodaemon option
Patch11: lightdm-1.10.2-nodaemon_option.patch
Patch0: %{name}-1.10.2-nodaemon_option.patch
# disable saving to ~/.dmrc (runs afoul of selinux, http://bugzilla.redhat.com/963238 )
Patch12: lightdm-1.9.8-no_dmrc_save.patch
Patch1: %{name}-1.9.8-no_dmrc_save.patch
## upstreamable patches
# search for moc-qt5, use -qt=5|4 (instead of --qt=qt4|qt5)
Patch51: lightdm-1.18-qtchooser.patch
# patch51
BuildRequires: gettext
BuildRequires: gnome-common
BuildRequires: gtk-doc itstool
BuildRequires: intltool
BuildRequires: libgcrypt-devel
BuildRequires: pam-devel
BuildRequires: pkgconfig(audit)
BuildRequires: pkgconfig(dbus-glib-1)
BuildRequires: pkgconfig(gio-2.0) >= 2.26
BuildRequires: pkgconfig(gio-unix-2.0)
BuildRequires: pkgconfig(glib-2.0)
BuildRequires: pkgconfig(gmodule-export-2.0)
BuildRequires: pkgconfig(gobject-2.0)
%global glib2_version %(pkg-config --modversion glib-2.0 2>/dev/null || echo "2.10")
BuildRequires: pkgconfig(gobject-introspection-1.0) >= 0.9.5
BuildRequires: pkgconfig(libxklavier)
BuildRequires: pkgconfig(QtCore) pkgconfig(QtDBus) pkgconfig(QtGui) pkgconfig(QtNetwork)
BuildRequires: pkgconfig(Qt5Core) pkgconfig(Qt5DBus) pkgconfig(Qt5Gui)
BuildRequires: pkgconfig(x11)
BuildRequires: pkgconfig(xcb)
BuildRequires: pkgconfig(xdmcp)
BuildRequires: systemd
BuildRequires: vala vala-tools
Requires: %{name}-gobject%{?_isa} = %{version}-%{release}
Requires: accountsservice
Requires: dbus-x11
%if 0%{?rhel} > 6 || 0%{?fedora} > 18
Requires: polkit-js-engine
Patch2: %{name}-1.18-qtchooser.patch
BuildRequires: gettext
BuildRequires: gnome-common
BuildRequires: gtk-doc itstool
BuildRequires: intltool
BuildRequires: libgcrypt-devel
BuildRequires: pam-devel
BuildRequires: pkgconfig(audit)
BuildRequires: pkgconfig(dbus-glib-1)
BuildRequires: pkgconfig(gio-2.0) >= 2.26
BuildRequires: pkgconfig(gio-unix-2.0)
BuildRequires: pkgconfig(glib-2.0)
BuildRequires: pkgconfig(gmodule-export-2.0)
BuildRequires: pkgconfig(gobject-2.0)
BuildRequires: pkgconfig(gobject-introspection-1.0) >= 0.9.5
BuildRequires: pkgconfig(libxklavier)
BuildRequires: pkgconfig(QtCore) pkgconfig(QtDBus) pkgconfig(QtGui) pkgconfig(QtNetwork)
BuildRequires: pkgconfig(Qt5Core) pkgconfig(Qt5DBus) pkgconfig(Qt5Gui)
BuildRequires: pkgconfig(x11)
BuildRequires: pkgconfig(xcb)
BuildRequires: pkgconfig(xdmcp)
BuildRequires: systemd
BuildRequires: vala vala-tools
Requires: %{name}-gobject%{?_isa} = %{version}-%{release}
Requires: accountsservice
Requires: dbus-x11
%if 0%{?fedora} || 0%{?rhel} >= 7
Requires: polkit-js-engine
%endif
Requires: systemd
%{?systemd_requires}
Requires: xorg-x11-xinit
Requires: systemd
Requires: xorg-x11-xinit
Requires(pre): shadow-utils
%if %{with internal_deps}
Requires: %{name}-greeter = 1.2
%endif
%{?systemd_requires}
# beware of bootstrapping -- rex
# leaving this here, means greeters will have to require lightdm too,
# instead of relying on -gobject, -qt to pull it in
Requires: lightdm-greeter = 1.2
Requires(pre): shadow-utils
# needed for anaconda to boot into runlevel 5 after install
Provides: service(graphical-login) = lightdm
Provides: service(graphical-login) = %{name}
%description
Lightdm is a display manager that:
......@@ -91,219 +96,252 @@ Lightdm is a display manager that:
* Supports different display technologies
* Is lightweight - low memory usage and fast performance
%package gobject
Summary: LightDM GObject client library
# omit base package, to allow for easier bootstrapping
# requires greeters to manually
# Requires: lightdm
#Requires: %{name} = %{version}-%{release}
Requires: glib2%{?_isa} >= %{glib2_version}
Summary: LightDM GObject client library
%if !%{with internal_deps}
Requires: %{name}%{?_isa} = %{version}-%{release}
%endif
Requires: glib2%{?_isa} >= %{glib2_version}
%description gobject
This package contains a GObject based library for LightDM clients to use to
interface with LightDM.
%package gobject-devel
Summary: Development files for %{name}-gobject
Requires: %{name}-gobject%{?_isa} = %{version}-%{release}
Summary: Development files for %{name}-gobject
Requires: %{name}-gobject%{?_isa} = %{version}-%{release}
%description gobject-devel
%{summary}.
%package qt
Summary: LightDM Qt4 client library
# see comment in -gobject above
#Requires: %{name} = %{version}-%{release}
%{?_qt4_version:Requires: qt4%{?_isa} >= %{_qt4_version}}
%if !%{with internal_deps}
Requires: %{name}%{?_isa} = %{version}-%{release}
%endif
%{?_qt4_version:Requires: qt4%{?_isa} >= %{_qt4_version}}
%description qt
This package contains a Qt4-based library for LightDM clients to use to interface
with LightDM.
%package qt-devel
Summary: Development files for %{name}-qt
Requires: %{name}-qt%{?_isa} = %{version}-%{release}
Summary: Development files for %{name}-qt
Requires: %{name}-qt%{?_isa} = %{version}-%{release}
%description qt-devel
%{summary}.
%package qt5
Summary: LightDM Qt5 client library
# see comment in -gobject above
#Requires: %{name} = %{version}-%{release}
%{?_qt5:Requires: %{?_qt5}%{?_isa} >= %{_qt5_version}}
Summary: LightDM Qt5 client library
%if !%{with internal_deps}
Requires: %{name}%{?_isa} = %{version}-%{release}
%endif
%{?_qt5:Requires: %{?_qt5}%{?_isa} >= %{_qt5_version}}
%description qt5
This package contains a Qt5-based library for LightDM clients to use to interface
with LightDM.
%package qt5-devel
Summary: Development files for %{name}-qt5
Requires: %{name}-qt5%{?_isa} = %{version}-%{release}
Summary: Development files for %{name}-qt5
Requires: %{name}-qt5%{?_isa} = %{version}-%{release}
%description qt5-devel
%{summary}.
%prep
%setup -q
%patch11 -p1 -b .nodaemon_option
%patch12 -p1 -b .no_dmrc_save
%patch51 -p1 -b .qtchooser
%autosetup -p 1
# rpath hack
sed -i -e 's|"/lib /usr/lib|"/%{_lib} %{_libdir}|' configure
%{__sed} -i -e 's|"/lib /usr/lib|"/%{_lib} %{_libdir}|' configure
%build
%configure \
--disable-silent-rules \
--disable-static \
--enable-gtk-doc \
--enable-libaudit \
--enable-liblightdm-qt \
--enable-liblightdm-qt5 \
--enable-introspection \
%{?tests:--enable-tests}%{!?tests:--disable-tests} \
--enable-vala \
--with-greeter-user=lightdm \
--with-greeter-session=lightdm-greeter
%configure \
--disable-silent-rules \
--disable-static \
--enable-gtk-doc \
--enable-libaudit \
--enable-lib%{name}-qt \
--enable-lib%{name}-qt5 \
--enable-introspection \
%if %{with tests}
--enable-tests \
%else
--disable-tests \
%endif
--enable-vala \
--with-greeter-user=%{name} \
--with-greeter-session=%{name}-greeter
%make_build
%install
%make_install INSTALL='install -p'
%make_install
# We need to own these
%{__mkdir_p} %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf.d/ \
%{buildroot}%{_datadir}/%{name}/%{name}.conf.d/ \
%{buildroot}%{_datadir}/%{name}/remote-sessions/ \
%{buildroot}%{_datadir}/xgreeters/ \
%{buildroot}%{_localstatedir}/cache/%{name}/ \
%{buildroot}%{_localstatedir}/run/%{name}/ \
%{buildroot}%{_localstatedir}/log/%{name}/ \
%{buildroot}%{_localstatedir}/lib/%{name}/ \
%{buildroot}%{_localstatedir}/lib/%{name}-data/
## unpackaged files
# libtool cruft
find %{buildroot}%{_libdir} -type f -name '*.a' -print -delete
find %{buildroot}%{_libdir} -type f -name '*.la' -print -delete
%{_bindir}/find %{buildroot}%{_libdir} -type f -name '*.a' -print -delete
%{_bindir}/find %{buildroot}%{_libdir} -type f -name '*.la' -print -delete
# We don't ship AppAmor
rm -rfv %{buildroot}%{_sysconfdir}/apparmor.d/
%{__rm} -rfv %{buildroot}%{_sysconfdir}/apparmor.d/
# omit upstart support
rm -rfv %{buildroot}%{_sysconfdir}/init
%{__rm} -rfv %{buildroot}%{_sysconfdir}/init
# install pam file
install -Dpm 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/lightdm
install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/lightdm-autologin
install -Dpm 644 %{SOURCE3} %{buildroot}%{_prefix}/lib/tmpfiles.d/lightdm.conf
# We need to own these
mkdir -p %{buildroot}%{_sysconfdir}/lightdm/lightdm.conf.d/
mkdir -p %{buildroot}%{_datadir}/lightdm/lightdm.conf.d/
mkdir -p %{buildroot}%{_datadir}/lightdm/remote-sessions/
mkdir -p %{buildroot}%{_datadir}/xgreeters/
mkdir -p %{buildroot}%{_localstatedir}/cache/lightdm/
mkdir -p %{buildroot}%{_localstatedir}/run/lightdm/
mkdir -p %{buildroot}%{_localstatedir}/log/lightdm/
mkdir -p %{buildroot}%{_localstatedir}/lib/lightdm/
mkdir -p %{buildroot}%{_localstatedir}/lib/lightdm-data/
%{__install} -Dpm 0644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/%{name}
%{__install} -Dpm 0644 %{SOURCE11} %{buildroot}%{_sysconfdir}/pam.d/%{name}-autologin
%{__install} -Dpm 0644 %{SOURCE12} %{buildroot}%{_prefix}/lib/tmpfiles.d/%{name}.conf
%{__install} -Dpm 0644 %{SOURCE13} %{buildroot}%{_unitdir}/%{name}.service
%{__install} -Dpm 0644 %{SOURCE14} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
%{__install} -Dpm 0644 %{SOURCE15} %{buildroot}%{_datadir}/polkit-1/rules.d/%{name}.rules
%{__install} -pm 0644 %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE23} \
%{SOURCE24} %{SOURCE25} %{buildroot}%{_datadir}/%{name}/%{name}.conf.d/
%find_lang %{name} --with-gnome
install -m644 -p -D %{SOURCE4} %{buildroot}%{_unitdir}/lightdm.service
install -m644 -p -D %{SOURCE5} %{buildroot}%{_sysconfdir}/logrotate.d/lightdm
install -m644 -p -D %{SOURCE6} %{buildroot}%{_datadir}/polkit-1/rules.d/lightdm.rules
install -m644 -p %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} \
%{buildroot}%{_datadir}/lightdm/lightdm.conf.d/
%check
# FIXME: most of these currently fail :( -- rex
%if 0%{?tests:1}
make check ||:
%if %{with tests}
%make_build check ||:
%endif
%pre
getent group lightdm >/dev/null || groupadd -r lightdm
getent passwd lightdm >/dev/null || \
/usr/sbin/useradd -g lightdm -M -d /var/lib/lightdm -s /sbin/nologin -r lightdm
%{_bindir}/getent group %{name} >/dev/null || %{_sbindir}/groupadd -r %{name}
%{_bindir}/getent passwd %{name} >/dev/null || %{_sbindir}/useradd -g %{name} \
-M -d /var/lib/%{name} -s /sbin/nologin -r %{name}
exit 0
%post
%{?systemd_post:%systemd_post lightdm.service}
%{?systemd_post:%systemd_post %{name}.service}
%post gobject -p /sbin/ldconfig
%post qt -p /sbin/ldconfig
%post qt5 -p /sbin/ldconfig
%preun
%{?systemd_preun:%systemd_preun lightdm.service}
%{?systemd_preun:%systemd_preun %{name}.service}
%postun
%{?systemd_postun}
%postun gobject -p /sbin/ldconfig
%postun qt -p /sbin/ldconfig
%postun qt5 -p /sbin/ldconfig
%files -f %{name}.lang
%license COPYING.GPL3
%doc NEWS
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.freedesktop.DisplayManager.conf
%config(noreplace) %{_sysconfdir}/pam.d/lightdm*
%dir %{_sysconfdir}/lightdm/
%dir %{_sysconfdir}/lightdm/lightdm.conf.d
%config(noreplace) %{_sysconfdir}/lightdm/keys.conf
%config(noreplace) %{_sysconfdir}/lightdm/lightdm.conf
%config(noreplace) %{_sysconfdir}/lightdm/users.conf
%config(noreplace) %{_sysconfdir}/pam.d/%{name}*
%config(noreplace) %{_sysconfdir}/%{name}/keys.conf
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
%config(noreplace) %{_sysconfdir}/%{name}/users.conf
%dir %{_sysconfdir}/%{name}/
%dir %{_sysconfdir}/%{name}/%{name}.conf.d
%dir %{_sysconfdir}/logrotate.d/
%{_sysconfdir}/logrotate.d/lightdm
%dir %attr(-,%{name},%{name}) %{_localstatedir}/cache/%{name}/
%dir %attr(-,%{name},%{name}) %{_localstatedir}/lib/%{name}/
%dir %attr(-,%{name},%{name}) %{_localstatedir}/lib/%{name}-data/
%dir %attr(-,%{name},%{name}) %{_localstatedir}/log/%{name}/
%dir %{_datadir}/bash-completion/
%dir %{_datadir}/bash-completion/completions/
%dir %{_datadir}/xgreeters/
%ghost %dir %{_localstatedir}/run/%{name}
%{_sysconfdir}/logrotate.d/%{name}
%{_bindir}/dm-tool
%{_sbindir}/lightdm
%{_libexecdir}/lightdm-guest-session
%{_datadir}/lightdm/
%{_sbindir}/%{name}
%{_libexecdir}/%{name}-guest-session
%{_datadir}/%{name}/
%{_libdir}/girepository-1.0/LightDM-1.typelib
%{_mandir}/man1/dm-tool.1*
%{_mandir}/man1/lightdm*
%dir %attr(-,lightdm,lightdm) %{_localstatedir}/cache/lightdm/
%{_unitdir}/lightdm.service
%{_datadir}/polkit-1/rules.d/lightdm.rules
%dir %{_datadir}/bash-completion/
%dir %{_datadir}/bash-completion/completions/
%{_mandir}/man1/%{name}*
%{_unitdir}/%{name}.service
%{_datadir}/polkit-1/rules.d/%{name}.rules
%{_datadir}/bash-completion/completions/dm-tool
%{_datadir}/bash-completion/completions/lightdm
%dir %{_datadir}/xgreeters/
# because of systemd
%{_prefix}/lib/tmpfiles.d/lightdm.conf
%ghost %dir %{_localstatedir}/run/lightdm
%{_datadir}/bash-completion/completions/%{name}
%{_prefix}/lib/tmpfiles.d/%{name}.conf
%dir %attr(-,lightdm,lightdm) %{_localstatedir}/lib/lightdm/
%dir %attr(-,lightdm,lightdm) %{_localstatedir}/lib/lightdm-data/
%dir %attr(-,lightdm,lightdm) %{_localstatedir}/log/lightdm/
%post gobject -p /sbin/ldconfig
%postun gobject -p /sbin/ldconfig
%files gobject
%license COPYING.LGPL2 COPYING.LGPL3
%{_libdir}/liblightdm-gobject-1.so.0*
%{_libdir}/lib%{name}-gobject-1.so.0*
%files gobject-devel
%doc %{_datadir}/gtk-doc/html/lightdm-gobject-1/
%{_includedir}/lightdm-gobject-1/
%{_libdir}/liblightdm-gobject-1.so
%{_libdir}/pkgconfig/liblightdm-gobject-1.pc
%doc %{_datadir}/gtk-doc/html/%{name}-gobject-1/
%{_includedir}/%{name}-gobject-1/
%{_libdir}/lib%{name}-gobject-1.so
%{_libdir}/pkgconfig/lib%{name}-gobject-1.pc
%{_datadir}/gir-1.0/LightDM-1.gir
%{_datadir}/vala/vapi/liblightdm-gobject-1.*
%{_datadir}/vala/vapi/lib%{name}-gobject-1.*
%post qt -p /sbin/ldconfig
%postun qt -p /sbin/ldconfig
%files qt
%license COPYING.LGPL2 COPYING.LGPL3
%{_libdir}/liblightdm-qt-3.so.0*
%{_libdir}/lib%{name}-qt-3.so.0*
%files qt-devel
%{_includedir}/lightdm-qt-3/
%{_libdir}/liblightdm-qt-3.so
%{_libdir}/pkgconfig/liblightdm-qt-3.pc
%{_includedir}/%{name}-qt-3/
%{_libdir}/lib%{name}-qt-3.so
%{_libdir}/pkgconfig/lib%{name}-qt-3.pc
%post qt5 -p /sbin/ldconfig
%postun qt5 -p /sbin/ldconfig
%files qt5
%license COPYING.LGPL2 COPYING.LGPL3
%{_libdir}/liblightdm-qt5-3.so.0*
%{_libdir}/lib%{name}-qt5-3.so.0*
%files qt5-devel
%{_includedir}/lightdm-qt5-3/
%{_libdir}/liblightdm-qt5-3.so
%{_libdir}/pkgconfig/liblightdm-qt5-3.pc
%{_includedir}/%{name}-qt5-3/
%{_libdir}/lib%{name}-qt5-3.so
%{_libdir}/pkgconfig/lib%{name}-qt5-3.pc
%changelog
* Tue Sep 05 2017 Björn Esser <besser82@fedoraproject.org> - 1.24.0-1
- lightdm-1.24.0 (rhbz#1488270)
- Disable guest login as system default preset (CVE-2017-8900)
- Modernize spec-file
* Thu Aug 31 2017 Björn Esser <besser82@fedoraproject.org> - 1.22.0-6
- Start lightdm after dbus.service
......
SHA512 (lightdm-1.22.0.tar.xz) = 58be4428465dda66be8ba1cf4718ece40888af810bfd83d8ae059b3f5432ab7053373af2ecdcafd5e1fade77f0194eae7ded7d6c28e9c4be4aef56d9b432f0cc
SHA512 (lightdm-1.24.0.tar.xz) = 30bad8887928f22bf2cc7ce8d7a323637dec669d47d69fb326cfcf1bb5ee9e52c1232cf680af94a25cf90a9de13d9b5ff73307c1dc8829422600d350401555b8
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment