From 55bb52de959214602121867d55723cf27d7684a7 Mon Sep 17 00:00:00 2001
From: Eric Hameleers <alien@slackware.com>
Date: Sun, 6 Oct 2019 23:36:02 +0200
Subject: Add support for building Plasma5 on a PAM-ified Slackware

Set the variable SLACKPAM to "yes" in kde/kde.options if you want to
add support for PAM.

These packages will be supplied by a pam-ified Slackware, so they should not
be installed from 'ktown':
deps:ConsoleKit2,cracklib

These packages will react to SLACKPAM variable setting:
plasma:kscreenlocker,plasma-workspace
plasma-extra:sddm-qt5

Uncomment in kde/modules/plasma and compile:
plasma:kwallet-pam
---
 kde/cmake/kscreenlocker                              | 10 +++++++---
 kde/cmake/sddm-qt5                                   |  8 ++++++--
 kde/kde.options                                      |  3 +++
 kde/post-install/plasma-workspace.post-install       | 20 ++++++++++++--------
 kde/post-install/plasma-workspace/pam.d/kde          |  9 +++++++++
 .../plasma-workspace/xinit/xinitrc.plasma            | 18 ++++++++++++------
 kde/post-install/sddm-qt5.post-install               | 12 ++++++++++--
 kde/post-install/sddm-qt5/pam.d/sddm                 | 15 +++++++++++++++
 kde/post-install/sddm-qt5/pam.d/sddm-autologin       | 14 ++++++++++++++
 kde/post-install/sddm-qt5/pam.d/sddm-greeter         | 18 ++++++++++++++++++
 10 files changed, 106 insertions(+), 21 deletions(-)
 create mode 100644 kde/post-install/plasma-workspace/pam.d/kde
 create mode 100644 kde/post-install/sddm-qt5/pam.d/sddm
 create mode 100644 kde/post-install/sddm-qt5/pam.d/sddm-autologin
 create mode 100644 kde/post-install/sddm-qt5/pam.d/sddm-greeter

diff --git a/kde/cmake/kscreenlocker b/kde/cmake/kscreenlocker
index 943d246..7141030 100644
--- a/kde/cmake/kscreenlocker
+++ b/kde/cmake/kscreenlocker
@@ -1,6 +1,13 @@
+if [ "$SLACKPAM" == "no" ]; then
+  DO_SLACKPAM="-DHAVE_SHADOW=TRUE -DPAM_REQUIRED=OFF"
+else
+  DO_SLACKPAM=""
+fi
+
 mkdir build
 cd build
   cmake \
+    $DO_SLACKPAM \
     $KDE_OPT_ARGS \
     -DKDE_PLATFORM_FEATURE_DISABLE_DEPRECATED=TRUE \
     -DCMAKE_C_FLAGS:STRING="$SLKCFLAGS" \
@@ -17,9 +24,6 @@ cd build
     -DQT_PLUGIN_INSTALL_DIR=lib$LIBDIRSUFFIX/qt5/plugins \
     -DQML_INSTALL_DIR=lib$LIBDIRSUFFIX/qt5/qml \
     -DKDE_INSTALL_USE_QT_SYS_PATHS=ON \
-    -DBUILD_TESTING=OFF \
-    -DHAVE_SHADOW=TRUE \
-    -DPAM_REQUIRED=OFF \
     -DQca-qt5_DIR=/usr/lib${LIBDIRSUFFIX}/cmake/Qca \
     ..
 
diff --git a/kde/cmake/sddm-qt5 b/kde/cmake/sddm-qt5
index fe0b89d..1265dc5 100644
--- a/kde/cmake/sddm-qt5
+++ b/kde/cmake/sddm-qt5
@@ -1,8 +1,13 @@
-# Switch the two booleans USE_QT4 and USE_QT5 to build a Qt4 version instead.
+if [ "$SLACKPAM" == "no" ]; then
+  DO_SLACKPAM="-DENABLE_PAM:BOOL=OFF"
+else
+  DO_SLACKPAM=""
+fi
 
 mkdir -p build
 cd build
   cmake \
+    $DO_SLACKPAM \
     -DCMAKE_BUILD_TYPE=Release \
     -DCMAKE_C_FLAGS:STRING="$SLKCFLAGS" \
     -DCMAKE_C_FLAGS_RELEASE:STRING="$SLKCFLAGS" \
@@ -13,6 +18,5 @@ cd build
     -DUSE_QT4:BOOL=FALSE \
     -DUSE_QT5:BOOL=TRUE \
     -DENABLE_JOURNALD:BOOL=OFF \
-    -DENABLE_PAM:BOOL=OFF \
     ..
 
diff --git a/kde/kde.options b/kde/kde.options
index ac89033..a1749fb 100644
--- a/kde/kde.options
+++ b/kde/kde.options
@@ -54,3 +54,6 @@ fi
 # Do not use "final build" unless we build an actual release.
 export KDE_OPT_ARGS=" -Wno-dev -DBUILD_TESTING=OFF -DKDE4_BUILD_TESTS=OFF -DSITE=\"slackware.com\" -DKDE_DISTRIBUTION_TEXT=\"volkerdi@slackware.com\" "
 
+# Globally enable PAM yes/no:
+SLACKPAM=${SLACKPAM:-"no"}
+
diff --git a/kde/post-install/plasma-workspace.post-install b/kde/post-install/plasma-workspace.post-install
index 19e5c71..e0dbe78 100644
--- a/kde/post-install/plasma-workspace.post-install
+++ b/kde/post-install/plasma-workspace.post-install
@@ -12,10 +12,6 @@ cat $CWD/post-install/plasma-workspace/scripts/startkwayland \
   > $PKG/usr/bin/startkwayland
 chmod 0755 $PKG/usr/bin/startkwayland
 
-# ck-launch-session is needed for a Wayland session, since we do not have PAM:
-sed -e 's/^Exec=dbus-launch/Exec=ck-launch-session dbus-launch --sh-syntax/' \
-  -i $PKG/usr/share/wayland-sessions/plasmawayland.desktop
-
 # Add a "fail-safe" version of KDE Plasma desktop session.
 # Prefix the name with "z_" because SDDM is braindead:
 mkdir -p $PKG/usr/share/xsessions
@@ -31,8 +27,16 @@ rmdir $PKG/usr/lib$LIBDIRSUFFIX/qt5/plugins/plugins
 mkdir -p $PKG/etc
 mv $PKG//etc/kde/dbus-1 $PKG/etc/
 
-# For shadow, this file needs to be setuid root just like the KDE4 version:
-if [ -f $PKG/usr/lib$LIBDIRSUFFIX/kcheckpass ]; then
-  chmod +s $PKG/usr/lib$LIBDIRSUFFIX/kcheckpass
-fi
+if [ "$SLACKPAM" == "no" ]; then
+  # For shadow, this file needs to be setuid root just like the KDE4 version:
+  if [ -f $PKG/usr/lib$LIBDIRSUFFIX/kcheckpass ]; then
+    chmod +s $PKG/usr/lib$LIBDIRSUFFIX/kcheckpass
+  fi
 
+  # ck-launch-session is needed for a Wayland session, since we do not have PAM:
+  sed -e 's/^Exec=dbus-launch/Exec=ck-launch-session dbus-launch --sh-syntax/' \
+    -i $PKG/usr/share/wayland-sessions/plasmawayland.desktop
+else
+  # Install a PAM file for Plasma5 workspace:
+  install -Dm644 $CWD/post-install/plasma-workspace/pam.d/kde $PKG/etc/pam.d/kde
+fi
diff --git a/kde/post-install/plasma-workspace/pam.d/kde b/kde/post-install/plasma-workspace/pam.d/kde
new file mode 100644
index 0000000..7acfd90
--- /dev/null
+++ b/kde/post-install/plasma-workspace/pam.d/kde
@@ -0,0 +1,9 @@
+#%PAM-1.0
+auth       include      system-auth
+auth       include      postlogin
+account    include      system-auth
+password   include      system-auth
+session    include      system-auth
+session    required     pam_loginuid.so
+session    optional     pam_ck_connector.so nox11
+session    include      postlogin
diff --git a/kde/post-install/plasma-workspace/xinit/xinitrc.plasma b/kde/post-install/plasma-workspace/xinit/xinitrc.plasma
index ff3c8a1..e70c281 100644
--- a/kde/post-install/plasma-workspace/xinit/xinitrc.plasma
+++ b/kde/post-install/plasma-workspace/xinit/xinitrc.plasma
@@ -9,24 +9,30 @@ sysmodmap=/etc/X11/xinit/.Xmodmap
 # merge in defaults and keymaps
 
 if [ -f $sysresources ]; then
-    xrdb -merge $sysresources
+  xrdb -merge $sysresources
 fi
 
 if [ -f $sysmodmap ]; then
-    xmodmap $sysmodmap
+  xmodmap $sysmodmap
 fi
 
 if [ -f $userresources ]; then
-    xrdb -merge $userresources
+  xrdb -merge $userresources
 fi
 
 if [ -f $usermodmap ]; then
-    xmodmap $usermodmap
+  xmodmap $usermodmap
 fi
 
 # Start the window manager:
+if which startplasma-x11 1>/dev/null 2>/dev/null ; then
+  START_KDE=startplasma-x11
+else
+  START_KDE=startkde
+fi
 if [ -z "$DESKTOP_SESSION" -a -x /usr/bin/ck-launch-session ]; then
-    ck-launch-session dbus-launch --sh-syntax --exit-with-session startkde
+  ck-launch-session dbus-launch --sh-syntax --exit-with-session $START_KDE
 else
-    dbus-launch --sh-syntax --exit-with-session startkde
+  dbus-launch --sh-syntax --exit-with-session $START_KDE
 fi
+
diff --git a/kde/post-install/sddm-qt5.post-install b/kde/post-install/sddm-qt5.post-install
index 1a39fd0..5ce2957 100644
--- a/kde/post-install/sddm-qt5.post-install
+++ b/kde/post-install/sddm-qt5.post-install
@@ -1,5 +1,13 @@
-# Remove PAM related stuff:
-rm -rf $PKG/etc/pam.d
+if [ "$SLACKPAM" == "no" ]; then
+  # Remove PAM related stuff:
+  rm -rf $PKG/etc/pam.d
+else
+  # Replace systemd-centric files with ours:
+  rm -f $PKG/etc/pam.d/sddm*
+  for FILE in sddm sddm-autologin sddm-greeter ; do
+    install -Dm644 $CWD/post-install/sddm-qt5/pam.d/$FILE $PKG/etc/pam.d/$FILE
+  done
+fi
 
 # Remove the sddm.conf file because we will generate our own in doinst.sh:
 rm -f $PKG/etc/sddm.conf
diff --git a/kde/post-install/sddm-qt5/pam.d/sddm b/kde/post-install/sddm-qt5/pam.d/sddm
new file mode 100644
index 0000000..b4d902a
--- /dev/null
+++ b/kde/post-install/sddm-qt5/pam.d/sddm
@@ -0,0 +1,15 @@
+#%PAM-1.0
+
+auth		include		login
+-auth		optional	pam_gnome_keyring.so
+-auth   optional  pam_kwallet5.so
+
+account		include		login
+
+password	include		login
+-password	optional	pam_gnome_keyring.so use_authtok
+
+session		optional	pam_keyinit.so force revoke
+session		include		login
+-session		optional	pam_gnome_keyring.so auto_start
+-session  optional  pam_kwallet5.so auto_start
diff --git a/kde/post-install/sddm-qt5/pam.d/sddm-autologin b/kde/post-install/sddm-qt5/pam.d/sddm-autologin
new file mode 100644
index 0000000..daf6f4b
--- /dev/null
+++ b/kde/post-install/sddm-qt5/pam.d/sddm-autologin
@@ -0,0 +1,14 @@
+#%PAM-1.0
+auth        required    pam_env.so
+auth       include      system-auth
+auth       include      postlogin
+-auth       optional    pam_gnome_keyring.so
+-auth       optional    pam_kwallet5.so
+account    include      system-auth
+password   include      system-auth
+session    include      system-auth
+session    required     pam_loginuid.so
+session    optional     pam_ck_connector.so nox11
+session    include      postlogin
+-session    optional    pam_gnome_keyring.so auto_start
+-session    optional    pam_kwallet5.so auto_start
diff --git a/kde/post-install/sddm-qt5/pam.d/sddm-greeter b/kde/post-install/sddm-qt5/pam.d/sddm-greeter
new file mode 100644
index 0000000..7c77b68
--- /dev/null
+++ b/kde/post-install/sddm-qt5/pam.d/sddm-greeter
@@ -0,0 +1,18 @@
+#%PAM-1.0
+
+# Load environment from /etc/environment and ~/.pam_environment
+auth		required pam_env.so
+
+# Always let the greeter start without authentication
+auth		required pam_permit.so
+
+# No action required for account management
+account		required pam_permit.so
+
+# Can't change password
+password	required pam_deny.so
+
+# Setup session
+session		required pam_unix.so
+session		optional pam_systemd.so
+session		optional pam_elogind.so
-- 
cgit v1.2.3