From: corsac <corsac@0c9b3bff-18ee-0310-b944-d1aa2700132f>
Date: Sun, 5 May 2013 11:49:00 +0000 (+0000)
Subject: merge changes from experimental branch
X-Git-Url: http://rtime.felk.cvut.cz/gitweb/sojka/debian/lightdm.git/commitdiff_plain/6c1362623b4d2e32b6f7df7a745b9dc8c942cc2c

merge changes from experimental branch


git-svn-id: svn://anonscm.debian.org/pkg-xfce/goodies/trunk/lightdm@7371 0c9b3bff-18ee-0310-b944-d1aa2700132f
---

diff --git a/debian/changelog b/debian/changelog
index c15fd2b..5c4fd83 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,29 +1,61 @@
-lightdm (1.2.3-1) unstable; urgency=low
+lightdm (1.6.0-2) UNRELEASED; urgency=low
+
+  [ Niv Sardi ]
+  * Build with GIR
 
   [ Yves-Alexis Perez ]
+  * Upload to unstable.
+
+ -- Yves-Alexis Perez <corsac@debian.org>  Wed, 24 Apr 2013 21:53:09 +0200
+
+lightdm (1.6.0-1) experimental; urgency=low
+
   * New upstream release.
-   - correctly set utmp records.                                closes: #648604
-   - fix autologin timeouts.                                    closes: #682473
-  * debian/patches:
-    - 02_default-config updated, use Xorg as default X command. closes: #688756
-    - 01_set-default-path and 04_dont-add-pkglibexecdir-path refreshed.
-  * debian/watch updated to track 1.2 branch.
 
-  [ Daniel Echeverry ]
-  * Upstream changelog is bogus.                                closes: #689870
+ -- Yves-Alexis Perez <corsac@debian.org>  Wed, 17 Apr 2013 22:06:36 +0200
 
- -- Yves-Alexis Perez <corsac@debian.org>  Sat, 02 Feb 2013 11:21:58 +0100
+lightdm (1.5.3-1) experimental; urgency=low
 
-lightdm (1.2.2-4) unstable; urgency=low
+  * New upstream unstable release.
+  * debian/docs: ship NEWS file.                                closes: #689870
+  * debian/watch:
+    - support .xz tarballs.
+  * debian/patches:
+    - 01_set-default-path, 03_quit-plymouth, 04_dont-add-pkglibexecdir-path
+      and 05_debianize-pam-files refreshed.
+  * debian/control:
+    - add build-dep on libgcrypt11-dev.
+  * debian/rules:
+    - disable pie hardening flags for now, it segfaults at startup.
+    - fix gdmflexiserver removal
+    - fix permissions on apparmor profiles.
+  * debian/lightdm.install:
+    - install apparmor profiles.
+
+ -- Yves-Alexis Perez <corsac@debian.org>  Sun, 07 Apr 2013 14:30:05 +0200
+
+lightdm (1.4.0-1) experimental; urgency=low
 
+  * New upstream release.
+  * debian/patches:
+    - 01_set-default-path, 02_default-config and
+      04_dont-add-pkglibexecdir-path refreshed for new release.
+    - 05_debianize-pam-files added, Debianize the lightdm and
+      lightdm-autologin pam config files.
   * debian/control:
     - suggests upower.                                          closes: #679538
     - make lightdm depends on lightdm-gtk-greeter | lightdm-greeter, thanks
       Ralf Jung for the report.                                 closes: #684714
+    - add build-dep on itstool.
   * debian/lightdm.install:
     - stop installing lightdm upstart script since it's broken. closes: #679409
+    - install /u/s/help.* 
+    - install PAM files
+  * debian/rules:
+    - stop installing own PAM files.
+  * debian/*.pam: drop obsolete PAM files.
 
- -- Yves-Alexis Perez <corsac@debian.org>  Thu, 11 Oct 2012 12:44:37 +0200
+ -- Yves-Alexis Perez <corsac@debian.org>  Sun, 07 Oct 2012 09:16:34 +0200
 
 lightdm (1.2.2-3) unstable; urgency=low
 
diff --git a/debian/control b/debian/control
index cfcdf12..a5a9df2 100644
--- a/debian/control
+++ b/debian/control
@@ -8,8 +8,8 @@ Uploaders: Evgeni Golov <evgeni@debian.org>,
 Build-Depends: debhelper (>= 9), intltool, pkg-config, libglib2.0-dev, 
  libdbus-glib-1-dev, libxcb1-dev, libxdmcp-dev, libpam-dev, libxklavier-dev, 
  libgtk-3-dev, libck-connector-dev, gnome-doc-utils, libqt4-dev,
- valac, gobject-introspection, dpkg-dev (>= 1.16.1),
- gtk-doc-tools
+ valac-0.18 | valac, gobject-introspection, dpkg-dev (>= 1.16.1),
+ gtk-doc-tools, itstool, libgcrypt11-dev, libgirepository1.0-dev
 Standards-Version: 3.9.3
 Homepage: https://launchpad.net/lightdm
 Vcs-Svn: svn://svn.debian.org/pkg-xfce/goodies/trunk/lightdm
@@ -72,3 +72,14 @@ Depends: liblightdm-qt-2-0 (= ${binary:Version}), ${shlibs:Depends},
 Description: simple display manager (Qt development files)
  This package contains the development files for lightdm.
  They can be used to build new greeters applications Qt based.
+
+Package: gir1.2-lightdm-1
+Section: libs
+Architecture: any
+Depends: ${misc:Depends},
+         liblightdm-gobject-1-0 (= ${binary:Version})
+Description: Typelib file for liblightdm-1
+ liblightdm provides a library for building LightDM greeters and applications.
+ .
+ This package can be used by other packages using the GIRepository format to
+ generate dynamic bindings for liblightdm.
diff --git a/debian/docs b/debian/docs
new file mode 100644
index 0000000..edc0071
--- /dev/null
+++ b/debian/docs
@@ -0,0 +1 @@
+NEWS
diff --git a/debian/gir1.2-lightdm-1.install b/debian/gir1.2-lightdm-1.install
new file mode 100644
index 0000000..34f2014
--- /dev/null
+++ b/debian/gir1.2-lightdm-1.install
@@ -0,0 +1 @@
+usr/lib/*/girepository-1.0 /usr/lib/
diff --git a/debian/liblightdm-gobject-dev.install b/debian/liblightdm-gobject-dev.install
index 7d05f9b..884bf23 100644
--- a/debian/liblightdm-gobject-dev.install
+++ b/debian/liblightdm-gobject-dev.install
@@ -3,3 +3,4 @@ usr/lib/*/pkgconfig/liblightdm-gobject-*.pc
 usr/lib/*/liblightdm-gobject-*.a
 usr/lib/*/liblightdm-gobject-*.so
 usr/share/gtk-doc
+usr/share/gir-1.0/*.gir
\ No newline at end of file
diff --git a/debian/lightdm.install b/debian/lightdm.install
index 354eacc..9694d5f 100644
--- a/debian/lightdm.install
+++ b/debian/lightdm.install
@@ -2,11 +2,15 @@ usr/bin/dm-tool
 usr/sbin/lightdm
 usr/share/man
 usr/share/locale
+usr/share/help
+etc/apparmor.d/abstractions/lightdm
+etc/apparmor.d/abstractions/lightdm_chromium-browser
 etc/dbus-1
 etc/lightdm/users.conf
 etc/lightdm/lightdm.conf
 etc/lightdm/keys.conf
 etc/apparmor.d/lightdm-guest-session
+etc/pam.d
 debian/lightdm-xsession.desktop /usr/share/xsessions
 usr/lib/*/lightdm/lightdm-set-defaults
 usr/lib/*/lightdm/lightdm-guest-session-wrapper
diff --git a/debian/lightdm.lightdm-autologin.pam b/debian/lightdm.lightdm-autologin.pam
deleted file mode 100644
index bd77ab6..0000000
--- a/debian/lightdm.lightdm-autologin.pam
+++ /dev/null
@@ -1,23 +0,0 @@
-#%PAM-1.0
-auth    requisite       pam_nologin.so
-auth    required        pam_env.so readenv=1
-auth    required        pam_env.so readenv=1 envfile=/etc/default/locale
-#auth    sufficient      pam_thinkfinger.so
-auth    required        pam_permit.so
-@include common-account
-# SELinux needs to be the first session rule. This ensures that any 
-# lingering context has been cleared. Without out this it is possible 
-# that a module could execute code in the wrong domain.
-# When the module is present, "required" would be sufficient (When SELinux
-# is disabled, this returns success.)
-session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
-session required        pam_limits.so
-session required        pam_loginuid.so
-@include common-session
-# SELinux needs to intervene at login time to ensure that the process
-# starts in the proper default security context. Only sessions which are
-# intended to run in the user's context should be run after this.
-session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
-# When the module is present, "required" would be sufficient (When SELinux
-# is disabled, this returns success.)
-@include common-password
diff --git a/debian/lightdm.pam b/debian/lightdm.pam
deleted file mode 100644
index 79fcd15..0000000
--- a/debian/lightdm.pam
+++ /dev/null
@@ -1,25 +0,0 @@
-#%PAM-1.0
-auth    requisite       pam_nologin.so
-auth    required        pam_env.so readenv=1
-auth    required        pam_env.so readenv=1 envfile=/etc/default/locale
-#auth    sufficient      pam_thinkfinger.so
-@include common-auth
-auth    optional        pam_gnome_keyring.so
-@include common-account
-# SELinux needs to be the first session rule. This ensures that any 
-# lingering context has been cleared. Without out this it is possible 
-# that a module could execute code in the wrong domain.
-# When the module is present, "required" would be sufficient (When SELinux
-# is disabled, this returns success.)
-session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
-session required        pam_limits.so
-session required        pam_loginuid.so
-@include common-session
-# SELinux needs to intervene at login time to ensure that the process
-# starts in the proper default security context. Only sessions which are
-# intended to run in the user's context should be run after this.
-session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
-# When the module is present, "required" would be sufficient (When SELinux
-# is disabled, this returns success.)
-session optional        pam_gnome_keyring.so auto_start
-@include common-password
diff --git a/debian/patches/01_set-default-path.patch b/debian/patches/01_set-default-path.patch
index b9dd61d..aa0c552 100644
--- a/debian/patches/01_set-default-path.patch
+++ b/debian/patches/01_set-default-path.patch
@@ -18,7 +18,7 @@ Description: Fix default PATH environment variable
      {
 --- a/src/session-child.c
 +++ b/src/session-child.c
-@@ -307,7 +307,10 @@ session_child_run (int argc, char **argv
+@@ -329,7 +329,10 @@ session_child_run (int argc, char **argv
          else
          {
              /* Set POSIX variables */
diff --git a/debian/patches/02_default-config.patch b/debian/patches/02_default-config.patch
index d986f64..da097ab 100644
--- a/debian/patches/02_default-config.patch
+++ b/debian/patches/02_default-config.patch
@@ -12,12 +12,8 @@ Forwarded: not-needed
 === modified file 'data/lightdm.conf'
 --- a/data/lightdm.conf
 +++ b/data/lightdm.conf
-@@ -55,21 +55,21 @@
- # exit-on-failure = True if the daemon should exit if this seat fails
- #
- [SeatDefaults]
--#xserver-command=X
-+xserver-command=Xorg
+@@ -65,19 +65,19 @@
+ #xserver-command=X
  #xserver-layout=
  #xserver-config=
 -#xserver-allow-tcp=false
@@ -31,6 +27,7 @@ Forwarded: not-needed
 +greeter-hide-users=true
  #greeter-allow-guest=true
  #greeter-show-manual-login=false
+ #greeter-show-remote-login=true
  #user-session=default
  #allow-guest=true
  #guest-session=UNIMPLEMENTED
diff --git a/debian/patches/03_quit-plymouth.patch b/debian/patches/03_quit-plymouth.patch
index 2db999c..6a05142 100644
--- a/debian/patches/03_quit-plymouth.patch
+++ b/debian/patches/03_quit-plymouth.patch
@@ -4,11 +4,9 @@ plymouth is quitted from the /etc/init.d/plymouth script, but it'll hang if
 plymouth has been deactivated before, so just quit it for now.
 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632737
 Bug: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/799069
-Index: lightdm-1.0.1/src/xserver-local.c
-===================================================================
---- lightdm-1.0.1.orig/src/xserver-local.c	2011-10-04 10:31:50.000000000 +0200
-+++ lightdm-1.0.1/src/xserver-local.c	2011-10-05 22:15:18.216522949 +0200
-@@ -139,7 +139,7 @@
+--- a/src/xserver-local.c
++++ b/src/xserver-local.c
+@@ -142,7 +142,7 @@ xserver_local_new (void)
              g_debug ("X server %s will replace Plymouth", xserver_get_address (XSERVER (self)));
              self->priv->replacing_plymouth = TRUE;
              self->priv->vt = active_vt;
diff --git a/debian/patches/04_dont-add-pkglibexecdir-path.patch b/debian/patches/04_dont-add-pkglibexecdir-path.patch
index 26738ca..27e98fb 100644
--- a/debian/patches/04_dont-add-pkglibexecdir-path.patch
+++ b/debian/patches/04_dont-add-pkglibexecdir-path.patch
@@ -2,7 +2,7 @@ Author: Yves-Alexis Perez <corsac@debian.org>
 Description: don't add PKGLIBEXEC_DIR to the user PATH
 --- a/src/session-child.c
 +++ b/src/session-child.c
-@@ -457,11 +457,6 @@ session_child_run (int argc, char **argv
+@@ -479,11 +479,6 @@ session_child_run (int argc, char **argv
          g_free (value);
      }
  
diff --git a/debian/patches/05_debianize-pam-files.patch b/debian/patches/05_debianize-pam-files.patch
new file mode 100644
index 0000000..c850819
--- /dev/null
+++ b/debian/patches/05_debianize-pam-files.patch
@@ -0,0 +1,103 @@
+--- a/data/pam/lightdm
++++ b/data/pam/lightdm
+@@ -1,19 +1,35 @@
+ #%PAM-1.0
+ 
+ # Block login if they are globally disabled
+-auth      required pam_nologin.so
++auth      requisite pam_nologin.so
+ 
+ # Load environment from /etc/environment and ~/.pam_environment
+-auth      required pam_env.so
++auth      required pam_env.so envfile=/etc/default/locale
+ 
+-# Use /etc/passwd and /etc/shadow for passwords
+-auth      required pam_unix.so
++@include common-auth
+ 
+-# Check account is active, change password if required
+-account   required pam_unix.so
++auth  optional pam_gnome_keyring.so
+ 
+-# Allow password to be changed
+-password  required pam_unix.so
++@include common-account
+ 
+-# Setup session
+-session   required pam_unix.so
++# SELinux needs to be the first session rule. This ensures that any
++# lingering context has been cleared. Without out this it is possible
++# that a module could execute code in the wrong domain.
++# When the module is present, "required" would be sufficient (When SELinux
++# is disabled, this returns success.)
++session  [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
++
++session  required        pam_limits.so
++session  required        pam_loginuid.so
++@include common-session
++
++# SELinux needs to intervene at login time to ensure that the process
++# starts in the proper default security context. Only sessions which are
++# intended to run in the user's context should be run after this.
++session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
++# When the module is present, "required" would be sufficient (When SELinux
++# is disabled, this returns success.)
++
++session optional        pam_gnome_keyring.so auto_start
++
++@include common-password
+--- a/data/pam/lightdm-autologin
++++ b/data/pam/lightdm-autologin
+@@ -1,19 +1,35 @@
+ #%PAM-1.0
+ 
+ # Block login if they are globally disabled
+-auth      required pam_nologin.so
++auth      requisite pam_nologin.so
+ 
+ # Load environment from /etc/environment and ~/.pam_environment
+-auth      required pam_env.so
++auth      required pam_env.so envfile=/etc/default/locale
+ 
+ # Allow access without authentication
+ auth      required pam_permit.so
+ 
+-# Stop autologin if account requires action
+-account   required pam_unix.so
++@include common-account
++
++# SELinux needs to be the first session rule. This ensures that any
++# lingering context has been cleared. Without out this it is possible
++# that a module could execute code in the wrong domain.
++# When the module is present, "required" would be sufficient (When SELinux
++# is disabled, this returns success.)
++session  [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
++
++session  required        pam_limits.so
++session  required        pam_loginuid.so
++@include common-session
++
++# SELinux needs to intervene at login time to ensure that the process
++# starts in the proper default security context. Only sessions which are
++# intended to run in the user's context should be run after this.
++session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
++# When the module is present, "required" would be sufficient (When SELinux
++# is disabled, this returns success.)
+ 
+ # Can't change password
+ password  required pam_deny.so
+ 
+-# Setup session
+-session   required pam_unix.so
++@include common-password
+--- a/data/pam/lightdm-greeter
++++ b/data/pam/lightdm-greeter
+@@ -1,7 +1,7 @@
+ #%PAM-1.0
+ 
+ # Load environment from /etc/environment and ~/.pam_environment
+-auth      required pam_env.so
++auth      required pam_env.so envfile=/etc/default/locale
+ 
+ # Always let the greeter start without authentication
+ auth      required pam_permit.so
diff --git a/debian/patches/series b/debian/patches/series
index aa801f4..0e780a7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
 02_default-config.patch
 03_quit-plymouth.patch
 04_dont-add-pkglibexecdir-path.patch
+05_debianize-pam-files.patch
diff --git a/debian/rules b/debian/rules
index 628d9d7..8514063 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,12 +1,12 @@
 #!/usr/bin/make -f
 
 export DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed -Wl,-O1
-export DEB_BUILD_MAINT_OPTIONS=hardening=+pie,+bindnow
+#export DEB_BUILD_MAINT_OPTIONS=hardening=+all
 
 DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
 
 override_dh_auto_configure:
-	dh_auto_configure -- --with-greeter-user=lightdm --with-user-session=lightdm-xsession --enable-introspection=no --disable-silent-rules
+	dh_auto_configure -- --with-greeter-user=lightdm --with-user-session=lightdm-xsession --enable-introspection=yes --disable-silent-rules
 
 override_dh_installchangelogs:
 	dh_installchangelogs -- NEWS
@@ -16,13 +16,10 @@ override_dh_installinit:
 
 override_dh_install:
 	find debian/tmp -name '*.la' -delete
-	rm debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/lightdm/gdmflexiserver
+	find debian/tmp/usr/lib/ -name gdmflexiserver -delete
+	find debian/tmp/etc/apparmor.d -type f -exec chmod 0644 '{}' \;
 	dh_install --fail-missing -X etc/init/lightdm.conf
 
-override_dh_installpam:
-		dh_installpam
-		dh_installpam --name=lightdm-autologin
-
 %:
 	dh $@ --parallel
 
diff --git a/debian/watch b/debian/watch
index 0483947..34c199e 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,3 +1,3 @@
 version=3
 https://launchpad.net/lightdm/+download \
-https://launchpad.net/lightdm/1.2/.*/lightdm-(\d\.\d\.\d)\.tar\.(?:gz|bz2)
+https://launchpad.net/lightdm/.*/lightdm-(\d\.\d\.\d)\.tar\.(?:gz|bz2|xz)