diff options
Diffstat (limited to 'kde')
27 files changed, 396 insertions, 82 deletions
diff --git a/kde/build/kjots b/kde/build/kjots index 00750ed..b8626c4 100644 --- a/kde/build/kjots +++ b/kde/build/kjots @@ -1 +1 @@ -3 +4 diff --git a/kde/build/plasma-workspace b/kde/build/plasma-workspace new file mode 100644 index 0000000..0cfbf08 --- /dev/null +++ b/kde/build/plasma-workspace @@ -0,0 +1 @@ +2 diff --git a/kde/build/polkit-kde-framework b/kde/build/polkit-kde-framework new file mode 100644 index 0000000..0cfbf08 --- /dev/null +++ b/kde/build/polkit-kde-framework @@ -0,0 +1 @@ +2 diff --git a/kde/build/powerdevil b/kde/build/powerdevil new file mode 100644 index 0000000..0cfbf08 --- /dev/null +++ b/kde/build/powerdevil @@ -0,0 +1 @@ +2 diff --git a/kde/build/sddm-qt5 b/kde/build/sddm-qt5 index b8626c4..7ed6ff8 100644 --- a/kde/build/sddm-qt5 +++ b/kde/build/sddm-qt5 @@ -1 +1 @@ -4 +5 diff --git a/kde/cmake/sddm-qt5 b/kde/cmake/sddm-qt5 index 1265dc5..6f187cb 100644 --- a/kde/cmake/sddm-qt5 +++ b/kde/cmake/sddm-qt5 @@ -1,13 +1,23 @@ if [ "$SLACKPAM" == "no" ]; then DO_SLACKPAM="-DENABLE_PAM:BOOL=OFF" else - DO_SLACKPAM="" + DO_SLACKPAM="-DENABLE_PAM:BOOL=ON" +fi + +if [ "$SLKELOGIND" == "no" ]; then + DO_SLKELOGIND="" +else + DO_SLKELOGIND=" \ + -DNO_SYSTEMD:BOOL=TRUE \ + -DUSE_ELOGIND:BOOL=TRUE \ + " fi mkdir -p build cd build cmake \ $DO_SLACKPAM \ + $DO_SLKELOGIND \ -DCMAKE_BUILD_TYPE=Release \ -DCMAKE_C_FLAGS:STRING="$SLKCFLAGS" \ -DCMAKE_C_FLAGS_RELEASE:STRING="$SLKCFLAGS" \ @@ -15,8 +25,10 @@ cd build -DCMAKE_CXX_FLAGS_RELEASE:STRING="$SLKCFLAGS" \ -DCMAKE_INSTALL_PREFIX=/usr \ -DLIB_SUFFIX=${LIBDIRSUFFIX} \ + -DBUILD_MAN_PAGES:BOOL=TRUE \ + -DDBUS_CONFIG_FILENAME="org.freedesktop.sddm.conf" \ -DUSE_QT4:BOOL=FALSE \ -DUSE_QT5:BOOL=TRUE \ - -DENABLE_JOURNALD:BOOL=OFF \ + -DENABLE_JOURNALD:BOOL=FALSE \ .. diff --git a/kde/doinst.sh/powerdevil b/kde/doinst.sh/powerdevil index 6e92caa..d311aa0 100644 --- a/kde/doinst.sh/powerdevil +++ b/kde/doinst.sh/powerdevil @@ -12,8 +12,7 @@ config() { } # Move over the new policy files: -config etc/polkit-1/rules.d/10-enable-suspend.rules.new -config etc/polkit-1/localauthority/50-local.d/30-org.freedesktop.upower.pkla.new -config etc/polkit-1/localauthority/50-local.d/40-org.freedesktop.consolekit.system.stop-multiple-users.pkla.new -config etc/polkit-1/localauthority/50-local.d/41-org.freedesktop.consolekit.system.restart-multiple-users.pkla.new +config etc/polkit-1/rules.d/10-enable-upower-suspend.rules.new +config etc/polkit-1/rules.d/10-enable-elogind-poweroff.rules.new +config etc/polkit-1/rules.d/10-enable-powerdevil-discrete-gpu.rules.new 2>/dev/null diff --git a/kde/kde.options b/kde/kde.options index dc8b8be..f29b953 100644 --- a/kde/kde.options +++ b/kde/kde.options @@ -61,3 +61,9 @@ else SLACKPAM=${SLACKPAM:-"no"} fi +# Choose correct options depending on whether elogind is installed: +if [ -L /lib${LIBDIRSUFFIX}/libelogind.so.? ]; then + SLKELOGIND=${SLKELOGIND:-"yes"} +else + SLKELOGIND=${SLKELOGIND:-"no"} +fi diff --git a/kde/modules/plasma b/kde/modules/plasma index 66cf51c..a329e8f 100644 --- a/kde/modules/plasma +++ b/kde/modules/plasma @@ -6,6 +6,7 @@ breeze-gtk breeze-grub #breeze-plymouth kwayland-integration +kwayland-server plasma-integration kinfocenter libksysguard diff --git a/kde/patch/sddm-qt5.patch b/kde/patch/sddm-qt5.patch index d57fb12..5919925 100644 --- a/kde/patch/sddm-qt5.patch +++ b/kde/patch/sddm-qt5.patch @@ -1,26 +1,21 @@ -# Add missing consolekit support -# (brings back the switch_user functionality in KDE): -cat $CWD/patch/sddm-qt5/sddm_consolekit.diff | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +if [ "$SLKELOGIND" == "no" ]; then + # Add missing consolekit support + # (brings back the switch_user functionality in KDE): + cat $CWD/patch/sddm-qt5/sddm_consolekit.diff | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; } -# Don't assume that ConsoleKit2 exposes a login1 dbus interface: -cat $CWD/patch/sddm-qt5/sddm_ck2_revert.patch | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; } + # Don't assume that ConsoleKit2 exposes a login1 dbus interface: + cat $CWD/patch/sddm-qt5/sddm_ck2_revert.patch | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +fi + +# Properly honor supplemental groups, https://github.com/sddm/sddm/issues/1159 : +cat $CWD/patch/sddm-qt5/sddm_revert-honor-PAM-supplemental-groups.patch | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +cat $CWD/patch/sddm-qt5/sddm_honor-PAM-supplemental-groups-v2.patch | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; } # SDDM 0.14 sources $HOME/.xsession which in Slackware will override the # session selection you make in SDDM. We fix that unwanted side effect by # reverting the change: cat $CWD/patch/sddm-qt5/sddm_userxsession.diff | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; } -# Fix display of user avatars ($HOME/.face.icon file) -# (fixed in sddm-0.15.0). -#cat $CWD//patch/sddm-qt5/sddm_avatars.patch | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; } - -# Fix a compilation error on passwd backend: -#cat $CWD/patch/sddm-qt5/sddm_auth.diff | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; } - -# Fix a compilation error on passwd backend: -# (fixed in sddm-0.12.0). -#cat $CWD/patch/sddm-qt5/sddm_qstring.patch | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; } - # Add the dutch translation: if ! grep -q nl.ts data/translations/CMakeLists.txt ; then sed -e '/set(TRANSLATION_FILES/s/TRANSLATION_FILES/&\n nl.ts/' \ diff --git a/kde/patch/sddm-qt5/sddm_honor-PAM-supplemental-groups-v2.patch b/kde/patch/sddm-qt5/sddm_honor-PAM-supplemental-groups-v2.patch new file mode 100644 index 0000000..bf3bfd2 --- /dev/null +++ b/kde/patch/sddm-qt5/sddm_honor-PAM-supplemental-groups-v2.patch @@ -0,0 +1,183 @@ +From 75e6e00d9e1ecf25e3a9c8332530a1e40d737cdb Mon Sep 17 00:00:00 2001 +From: "J. Konrad Tegtmeier-Rottach" <jktr@0x16.de> +Date: Thu, 9 May 2019 03:06:48 +0200 +Subject: [PATCH] Honor PAM's supplemental groups (v2) (#834, #1159) + +This moves the supplemental group initialization step from +UserSession.cpp to the Backend system, so that the Pam Backend can +inject additional supplemental groups via modules like pam_group.so. + +pam_setcred(3) assumes that it operates on an already initialized +supplemental group list. However, PamBackend calls +pam_setcred(PAM_ESTABLISH_CRED) earlier, at the start +PamBackend::openSession, so a pam_setcred(PAM_REINITIALIZE_CRED) call +must be issued to repeat the injection of PAM's supplemental groups. +--- + src/helper/Backend.cpp | 5 +++++ + src/helper/Backend.h | 3 +++ + src/helper/HelperApp.cpp | 4 ++++ + src/helper/HelperApp.h | 1 + + src/helper/UserSession.cpp | 13 ++++++++----- + src/helper/backend/PamBackend.cpp | 18 ++++++++++++++++++ + src/helper/backend/PamBackend.h | 2 ++ + 7 files changed, 41 insertions(+), 5 deletions(-) + +diff --git a/src/helper/Backend.cpp b/src/helper/Backend.cpp +index d6bb4d0a..35ae2bdf 100644 +--- a/src/helper/Backend.cpp ++++ b/src/helper/Backend.cpp +@@ -29,6 +29,7 @@ + #include <QtCore/QProcessEnvironment> + + #include <pwd.h> ++#include <grp.h> + + namespace SDDM { + Backend::Backend(HelperApp* parent) +@@ -79,4 +80,8 @@ namespace SDDM { + bool Backend::closeSession() { + return true; + } ++ ++ bool Backend::setupSupplementalGroups(struct passwd *pw) { ++ return !initgroups(pw->pw_name, pw->pw_gid); ++ } + } +diff --git a/src/helper/Backend.h b/src/helper/Backend.h +index b790e001..3caf1592 100644 +--- a/src/helper/Backend.h ++++ b/src/helper/Backend.h +@@ -22,6 +22,7 @@ + #define BACKEND_H + + #include <QtCore/QObject> ++#include <pwd.h> + + namespace SDDM { + class HelperApp; +@@ -38,6 +39,8 @@ namespace SDDM { + void setAutologin(bool on = true); + void setGreeter(bool on = true); + ++ virtual bool setupSupplementalGroups(struct passwd *pw); ++ + public slots: + virtual bool start(const QString &user = QString()) = 0; + virtual bool authenticate() = 0; +diff --git a/src/helper/HelperApp.cpp b/src/helper/HelperApp.cpp +index cad93bd8..d0891d75 100644 +--- a/src/helper/HelperApp.cpp ++++ b/src/helper/HelperApp.cpp +@@ -253,6 +253,10 @@ namespace SDDM { + return m_session; + } + ++ Backend *HelperApp::backend() { ++ return m_backend; ++ } ++ + const QString& HelperApp::user() const { + return m_user; + } +diff --git a/src/helper/HelperApp.h b/src/helper/HelperApp.h +index 3742df12..cb5959a7 100644 +--- a/src/helper/HelperApp.h ++++ b/src/helper/HelperApp.h +@@ -39,6 +39,7 @@ namespace SDDM { + virtual ~HelperApp(); + + UserSession *session(); ++ Backend *backend(); + const QString &user() const; + const QString &cookie() const; + +diff --git a/src/helper/UserSession.cpp b/src/helper/UserSession.cpp +index f71fd358..62fd4d70 100644 +--- a/src/helper/UserSession.cpp ++++ b/src/helper/UserSession.cpp +@@ -19,6 +19,7 @@ + * + */ + ++#include "Backend.h" + #include "Configuration.h" + #include "UserSession.h" + #include "HelperApp.h" +@@ -129,7 +130,8 @@ namespace SDDM { + #endif + + // switch user +- const QByteArray username = qobject_cast<HelperApp*>(parent())->user().toLocal8Bit(); ++ HelperApp* app = qobject_cast<HelperApp*>(parent()); ++ const QByteArray username = app->user().toLocal8Bit(); + struct passwd pw; + struct passwd *rpw; + long bufsize = sysconf(_SC_GETPW_R_SIZE_MAX); +@@ -146,12 +148,13 @@ namespace SDDM { + qCritical() << "getpwnam_r(" << username << ") failed with error: " << strerror(err); + exit(Auth::HELPER_OTHER_ERROR); + } +- if (setgid(pw.pw_gid) != 0) { +- qCritical() << "setgid(" << pw.pw_gid << ") failed for user: " << username; ++ ++ if (!app->backend()->setupSupplementalGroups(&pw)) { ++ qCritical() << "failed to set up supplemental groups for user: " << username; + exit(Auth::HELPER_OTHER_ERROR); + } +- if (initgroups(pw.pw_name, pw.pw_gid) != 0) { +- qCritical() << "initgroups(" << pw.pw_name << ", " << pw.pw_gid << ") failed for user: " << username; ++ if (setgid(pw.pw_gid) != 0) { ++ qCritical() << "setgid(" << pw.pw_gid << ") failed for user: " << username; + exit(Auth::HELPER_OTHER_ERROR); + } + if (setuid(pw.pw_uid) != 0) { +diff --git a/src/helper/backend/PamBackend.cpp b/src/helper/backend/PamBackend.cpp +index f86d77d6..cccfa258 100644 +--- a/src/helper/backend/PamBackend.cpp ++++ b/src/helper/backend/PamBackend.cpp +@@ -289,6 +289,24 @@ namespace SDDM { + return QString::fromLocal8Bit((const char*) m_pam->getItem(PAM_USER)); + } + ++ bool PamBackend::setupSupplementalGroups(struct passwd *pw) { ++ if (!Backend::setupSupplementalGroups(pw)) ++ return false; ++ ++ // pam_setcred(3) may inject additional groups into the user's ++ // list of supplemental groups, and assumes that the user's ++ // supplemental groups have already been initialized before ++ // its invocation. Since pam_setcred was already called at the ++ // start of openSession, we need to repeat this step here as ++ // the user's groups have only just now been initialized. ++ ++ if (!m_pam->setCred(PAM_REINITIALIZE_CRED)) { ++ m_app->error(m_pam->errorString(), Auth::ERROR_AUTHENTICATION); ++ return false; ++ } ++ return true; ++ } ++ + int PamBackend::converse(int n, const struct pam_message **msg, struct pam_response **resp) { + qDebug() << "[PAM] Conversation with" << n << "messages"; + +diff --git a/src/helper/backend/PamBackend.h b/src/helper/backend/PamBackend.h +index 4c8b4b35..5b079099 100644 +--- a/src/helper/backend/PamBackend.h ++++ b/src/helper/backend/PamBackend.h +@@ -28,6 +28,7 @@ + #include <QtCore/QObject> + + #include <security/pam_appl.h> ++#include <pwd.h> + + namespace SDDM { + class PamHandle; +@@ -61,6 +62,7 @@ namespace SDDM { + explicit PamBackend(HelperApp *parent); + virtual ~PamBackend(); + int converse(int n, const struct pam_message **msg, struct pam_response **resp); ++ virtual bool setupSupplementalGroups(struct passwd *pw); + + public slots: + virtual bool start(const QString &user = QString()); + diff --git a/kde/patch/sddm-qt5/sddm_revert-honor-PAM-supplemental-groups.patch b/kde/patch/sddm-qt5/sddm_revert-honor-PAM-supplemental-groups.patch new file mode 100644 index 0000000..2391c80 --- /dev/null +++ b/kde/patch/sddm-qt5/sddm_revert-honor-PAM-supplemental-groups.patch @@ -0,0 +1,88 @@ +From d3953e88a94ec25a87d3c5136517b3d1009cb1fd Mon Sep 17 00:00:00 2001 +From: "J. Konrad Tegtmeier-Rottach" <jktr@0x16.de> +Date: Wed, 8 May 2019 18:58:53 +0200 +Subject: [PATCH] Revert "Honor PAM's ambient supplemental groups. (#834)" + +This reverts commit 1bc813d08b8130e458a6550ec47fb2bfbe6de080, which +misuses PAM and leads to pulling in all of root's supplemental groups +during session initialization instead of only adding PAM's extra +groups. The problem was masked due to the root user not having any +supplemental groups in some common contexts, like running sddm from a +systemd unit. +--- + src/helper/UserSession.cpp | 57 -------------------------------------- + 1 file changed, 57 deletions(-) + +diff --git a/src/helper/UserSession.cpp b/src/helper/UserSession.cpp +index b3aec356..f71fd358 100644 +--- a/src/helper/UserSession.cpp ++++ b/src/helper/UserSession.cpp +@@ -150,67 +150,10 @@ namespace SDDM { + qCritical() << "setgid(" << pw.pw_gid << ") failed for user: " << username; + exit(Auth::HELPER_OTHER_ERROR); + } +- +-#ifdef USE_PAM +- +- // fetch ambient groups from PAM's environment; +- // these are set by modules such as pam_groups.so +- int n_pam_groups = getgroups(0, NULL); +- gid_t *pam_groups = NULL; +- if (n_pam_groups > 0) { +- pam_groups = new gid_t[n_pam_groups]; +- if ((n_pam_groups = getgroups(n_pam_groups, pam_groups)) == -1) { +- qCritical() << "getgroups() failed to fetch supplemental" +- << "PAM groups for user:" << username; +- exit(Auth::HELPER_OTHER_ERROR); +- } +- } else { +- n_pam_groups = 0; +- } +- +- // fetch session's user's groups +- int n_user_groups = 0; +- gid_t *user_groups = NULL; +- if (-1 == getgrouplist(username.constData(), pw.pw_gid, +- NULL, &n_user_groups)) { +- user_groups = new gid_t[n_user_groups]; +- if ((n_user_groups = getgrouplist(username.constData(), +- pw.pw_gid, user_groups, +- &n_user_groups)) == -1 ) { +- qCritical() << "getgrouplist(" << username << ", " << pw.pw_gid +- << ") failed"; +- exit(Auth::HELPER_OTHER_ERROR); +- } +- } +- +- // set groups to concatenation of PAM's ambient +- // groups and the session's user's groups +- int n_groups = n_pam_groups + n_user_groups; +- if (n_groups > 0) { +- gid_t *groups = new gid_t[n_groups]; +- memcpy(groups, pam_groups, (n_pam_groups * sizeof(gid_t))); +- memcpy((groups + n_pam_groups), user_groups, +- (n_user_groups * sizeof(gid_t))); +- +- // setgroups(2) handles duplicate groups +- if (setgroups(n_groups, groups) != 0) { +- qCritical() << "setgroups() failed for user: " << username; +- exit (Auth::HELPER_OTHER_ERROR); +- } +- delete[] groups; +- } +- delete[] pam_groups; +- delete[] user_groups; +- +-#else +- + if (initgroups(pw.pw_name, pw.pw_gid) != 0) { + qCritical() << "initgroups(" << pw.pw_name << ", " << pw.pw_gid << ") failed for user: " << username; + exit(Auth::HELPER_OTHER_ERROR); + } +- +-#endif /* USE_PAM */ +- + if (setuid(pw.pw_uid) != 0) { + qCritical() << "setuid(" << pw.pw_uid << ") failed for user: " << username; + exit(Auth::HELPER_OTHER_ERROR); + diff --git a/kde/post-install/plasma-workspace/pam.d/kde b/kde/post-install/plasma-workspace/pam.d/kde index 7acfd90..50e0f53 100644 --- a/kde/post-install/plasma-workspace/pam.d/kde +++ b/kde/post-install/plasma-workspace/pam.d/kde @@ -5,5 +5,6 @@ account include system-auth password include system-auth session include system-auth session required pam_loginuid.so -session optional pam_ck_connector.so nox11 +-session optional pam_ck_connector.so nox11 +-session optional pam_elogind.so session include postlogin diff --git a/kde/post-install/plasma-workspace/scripts/startkwayland b/kde/post-install/plasma-workspace/scripts/startkwayland index 7ca8a0a..2d8cf55 100644 --- a/kde/post-install/plasma-workspace/scripts/startkwayland +++ b/kde/post-install/plasma-workspace/scripts/startkwayland @@ -1,9 +1,4 @@ #!/bin/sh # Start KWin as a Plasma 5 Wayland session -# Choose correct options depending on whether PAM is installed: -if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then - dbus-launch --sh-syntax --exit-with-session /usr/bin/startplasma-wayland -else - ck-launch-session dbus-launch --sh-syntax --exit-with-session /usr/bin/startplasma-wayland -fi +dbus-launch --sh-syntax --exit-with-session /usr/bin/startplasma-wayland diff --git a/kde/post-install/powerdevil.post-install b/kde/post-install/powerdevil.post-install index 9eb14f2..24a9bc1 100644 --- a/kde/post-install/powerdevil.post-install +++ b/kde/post-install/powerdevil.post-install @@ -3,21 +3,28 @@ mkdir -p $PKG/etc mv $PKG/etc/kde/dbus-1 $PKG/etc/ mkdir -p $PKG/etc/polkit-1/rules.d -mkdir -p $PKG/etc/polkit-1/localauthority/50-local.d -chmod 700 $PKG/etc/polkit-1/localauthority -# Add polkit policy file that brings back suspend/hibernate options: +# Add upower policy allowing users in the 'power' group +# to suspend/hibernate the computer: install -m 0644 -o root \ - $CWD/post-install/powerdevil/10-enable-suspend.rules \ - $PKG/etc/polkit-1/rules.d/10-enable-suspend.rules.new -install -m 0660 -o root \ - $CWD/post-install/powerdevil/30-org.freedesktop.upower.pkla \ - $PKG/etc/polkit-1/localauthority/50-local.d/30-org.freedesktop.upower.pkla.new -# Add polkit policy files that bring back shutdown/reboot: -install -m 0660 -o root \ - $CWD/post-install/powerdevil/40-org.freedesktop.consolekit.system.stop-multiple-users.pkla \ - $PKG/etc/polkit-1/localauthority/50-local.d/40-org.freedesktop.consolekit.system.stop-multiple-users.pkla.new -install -m 0660 -o root \ - $CWD/post-install/powerdevil/41-org.freedesktop.consolekit.system.restart-multiple-users.pkla \ - $PKG/etc/polkit-1/localauthority/50-local.d/41-org.freedesktop.consolekit.system.restart-multiple-users.pkla.new + $CWD/post-install/powerdevil/10-enable-upower-suspend.rules \ + $PKG/etc/polkit-1/rules.d/10-enable-upower-suspend.rules.new +if [ "SLKELOGIND" = YES ]; then + # Add login1 policy file that allows users in the 'power' group + # to shutdown/reboot the computer: + install -m 0644 -o root \ + $CWD/post-install/powerdevil/10-enable-elogind-power.rules \ + $PKG/etc/polkit-1/rules.d/10-enable-session-poweroff.rules.new + # Add powerdevil policy file that allows users in the 'power' group + # to check for existence of a discrete gpu: + install -m 0644 -o root \ + $CWD/post-install/powerdevil/10-enable-powerdevil-discrete-gpu.rules \ + $PKG/etc/polkit-1/rules.d/10-enable-powerdevil-discrete-gpu.rules.new +else + # Add ConsoleKit2 policy file that allows users in the 'power' group + # to shutdown/reboot the computer: + install -m 0644 -o root \ + $CWD/post-install/powerdevil/10-enable-ck2-power.rules \ + $PKG/etc/polkit-1/rules.d/10-enable-session-poweroff.rules.new +fi diff --git a/kde/post-install/powerdevil/10-enable-ck2-poweroff.rules b/kde/post-install/powerdevil/10-enable-ck2-poweroff.rules new file mode 100644 index 0000000..2c68027 --- /dev/null +++ b/kde/post-install/powerdevil/10-enable-ck2-poweroff.rules @@ -0,0 +1,12 @@ +polkit.addRule( + function(action, subject) { + if ( (action.id == "org.freedesktop.consolekit.reboot" || + action.id == "org.freedesktop.consolekit.reboot-multiple-sessions" || + action.id == "org.freedesktop.consolekit.power-off" || + action.id == "org.freedesktop.consolekit.power-off-multiple-sessions") + && subject.isInGroup("power") ) { + return polkit.Result.YES; + } + } +); + diff --git a/kde/post-install/powerdevil/10-enable-elogind-poweroff.rules b/kde/post-install/powerdevil/10-enable-elogind-poweroff.rules new file mode 100644 index 0000000..db49920 --- /dev/null +++ b/kde/post-install/powerdevil/10-enable-elogind-poweroff.rules @@ -0,0 +1,12 @@ +polkit.addRule( + function(action, subject) { + if ( (action.id == "org.freedesktop.login1.reboot" || + action.id == "org.freedesktop.login1.reboot-multiple-sessions" || + action.id == "org.freedesktop.login1.power-off" || + action.id == "org.freedesktop.login1.power-off-multiple-sessions") + && subject.isInGroup("power") ) { + return polkit.Result.YES; + } + } +); + diff --git a/kde/post-install/powerdevil/10-enable-powerdevil-discrete-gpu.rules b/kde/post-install/powerdevil/10-enable-powerdevil-discrete-gpu.rules new file mode 100644 index 0000000..f001848 --- /dev/null +++ b/kde/post-install/powerdevil/10-enable-powerdevil-discrete-gpu.rules @@ -0,0 +1,9 @@ +polkit.addRule( + function(action, subject) { + if ( action.id == "org.kde.powerdevil.discretegpuhelper.hasdualgpu" && + subject.isInGroup("power") ) { + return polkit.Result.YES; + } + } +); + diff --git a/kde/post-install/powerdevil/10-enable-suspend.rules b/kde/post-install/powerdevil/10-enable-suspend.rules deleted file mode 100644 index 5ef58ac..0000000 --- a/kde/post-install/powerdevil/10-enable-suspend.rules +++ /dev/null @@ -1,10 +0,0 @@ -polkit.addRule( - function(action, subject) { - if ((action.id == "org.freedesktop.upower.suspend" || - action.id == "org.freedesktop.upower.hibernate") && - subject.isInGroup("power")) - { - return polkit.Result.YES; - } - } -); diff --git a/kde/post-install/powerdevil/10-enable-upower-suspend.rules b/kde/post-install/powerdevil/10-enable-upower-suspend.rules new file mode 100644 index 0000000..4bccfb0 --- /dev/null +++ b/kde/post-install/powerdevil/10-enable-upower-suspend.rules @@ -0,0 +1,9 @@ +polkit.addRule( + function(action, subject) { + if ( (action.id == "org.freedesktop.upower.suspend" || + action.id == "org.freedesktop.upower.hibernate") + && subject.isInGroup("power") ) { + return polkit.Result.YES; + } + } +); diff --git a/kde/post-install/powerdevil/30-org.freedesktop.upower.pkla b/kde/post-install/powerdevil/30-org.freedesktop.upower.pkla deleted file mode 100644 index b3b5dd2..0000000 --- a/kde/post-install/powerdevil/30-org.freedesktop.upower.pkla +++ /dev/null @@ -1,9 +0,0 @@ -# /etc/polkit-1/localauthority/50-local.d/30-org.freedesktop.upower.pkla -# Allow all power users to suspend/hibernate the computer: -[Power Users] -Identity=unix-group:power -Action=org.freedesktop.upower.suspend;org.freedesktop.upower.hibernate -ResultAny=yes -ResultInactive=no -ResultActive=yes - diff --git a/kde/post-install/powerdevil/40-org.freedesktop.consolekit.system.stop-multiple-users.pkla b/kde/post-install/powerdevil/40-org.freedesktop.consolekit.system.stop-multiple-users.pkla deleted file mode 100644 index 1fae73a..0000000 --- a/kde/post-install/powerdevil/40-org.freedesktop.consolekit.system.stop-multiple-users.pkla +++ /dev/null @@ -1,8 +0,0 @@ -# /etc/polkit-1/localauthority/50-local.d/40-org.freedesktop.consolekit.system.stop-multiple-users.pkla -[Allow power users to shutdown] -Identity=unix-group:power -Action=org.freedesktop.consolekit.system.stop-multiple-users;org.freedesktop.consolekit.system.stop -ResultAny=yes -ResultInactive=no -ResultActive=yes - diff --git a/kde/post-install/powerdevil/41-org.freedesktop.consolekit.system.restart-multiple-users.pkla b/kde/post-install/powerdevil/41-org.freedesktop.consolekit.system.restart-multiple-users.pkla deleted file mode 100644 index db17c63..0000000 --- a/kde/post-install/powerdevil/41-org.freedesktop.consolekit.system.restart-multiple-users.pkla +++ /dev/null @@ -1,7 +0,0 @@ -# /etc/polkit-1/localauthority/50-local.d/41-org.freedesktop.consolekit.system.restart-multiple-users.pkla -[Allow power users to restart] -Identity=unix-group:power -Action=org.freedesktop.consolekit.system.restart-multiple-users;org.freedesktop.consolekit.system.restart -ResultAny=yes -ResultInactive=no -ResultActive=yes diff --git a/kde/post-install/sddm-qt5.post-install b/kde/post-install/sddm-qt5.post-install index 006e234..3d168b1 100644 --- a/kde/post-install/sddm-qt5.post-install +++ b/kde/post-install/sddm-qt5.post-install @@ -12,6 +12,19 @@ fi # Remove the sddm.conf file because we will generate our own in doinst.sh: rm -f $PKG/etc/sddm.conf +# Make sure that Plasma and SDDM work on older GPUs, +# by forcing Qt5 to use software GL rendering: +cat <<"EOGL" >> $PKG/usr/share/sddm/scripts/Xsetup + +# Make sure that Plasma and SDDM work on older GPUs, +# by forcing Qt5 to use software GL rendering: +OPENGL_VERSION=$(LANG=C glxinfo |grep '^OpenGL version string: ' |head -n 1 |sed -e 's/^OpenGL version string: \([0-9]\).*$/\1/g') +if [ "$OPENGL_VERSION" -lt 2 ]; then + QT_XCB_FORCE_SOFTWARE_OPENGL=1 + export QT_XCB_FORCE_SOFTWARE_OPENGL +fi +EOGL + # Ensure that user customizations to the session files are not lost: mv $PKG/usr/share/sddm/scripts/Xsession{,.new} mv $PKG/usr/share/sddm/scripts/Xsetup{,.new} diff --git a/kde/post-install/sddm-qt5/pam.d/sddm b/kde/post-install/sddm-qt5/pam.d/sddm index f0b2345..df016a7 100644 --- a/kde/post-install/sddm-qt5/pam.d/sddm +++ b/kde/post-install/sddm-qt5/pam.d/sddm @@ -19,7 +19,8 @@ password substack system-auth session optional pam_keyinit.so force revoke session substack system-auth session required pam_loginuid.so -session optional pam_ck_connector.so nox11 +-session optional pam_ck_connector.so nox11 +-session optional pam_elogind.so -session optional pam_gnome_keyring.so auto_start -session optional pam_kwallet5.so auto_start session include postlogin diff --git a/kde/post-install/sddm-qt5/pam.d/sddm-autologin b/kde/post-install/sddm-qt5/pam.d/sddm-autologin index fd926ef..3602395 100644 --- a/kde/post-install/sddm-qt5/pam.d/sddm-autologin +++ b/kde/post-install/sddm-qt5/pam.d/sddm-autologin @@ -17,7 +17,8 @@ password include system-auth session substack system-auth session required pam_loginuid.so -session optional pam_ck_connector.so nox11 +-session optional pam_ck_connector.so nox11 +-session optional pam_elogind.so -session optional pam_gnome_keyring.so auto_start -session optional pam_kwallet5.so auto_start session include postlogin diff --git a/kde/post-install/sddm-qt5/pam.d/sddm-greeter b/kde/post-install/sddm-qt5/pam.d/sddm-greeter index c7bd8a3..fe30e60 100644 --- a/kde/post-install/sddm-qt5/pam.d/sddm-greeter +++ b/kde/post-install/sddm-qt5/pam.d/sddm-greeter @@ -15,4 +15,5 @@ password required pam_deny.so # Setup session session required pam_unix.so -session optional pam_systemd.so +-session optional pam_ck_connector.so nox11 -session optional pam_elogind.so |