From e41c0c99c8d498cc2f3761eb35d4f5389a6d1798 Mon Sep 17 00:00:00 2001
From: Eric Hameleers <alien@slackware.com>
Date: Mon, 8 Jun 2020 21:30:18 +0200
Subject: Proposed changes for a migration from ConsoleKit2 to elogind

Using elogind will enable a fully working Wayland session for KDE Plasma5.
---
 kde/build/kjots                                    |   2 +-
 kde/build/plasma-workspace                         |   1 +
 kde/build/polkit-kde-framework                     |   1 +
 kde/build/powerdevil                               |   1 +
 kde/build/sddm-qt5                                 |   2 +-
 kde/cmake/sddm-qt5                                 |  16 +-
 kde/doinst.sh/powerdevil                           |   7 +-
 kde/kde.options                                    |   6 +
 kde/modules/plasma                                 |   1 +
 kde/patch/sddm-qt5.patch                           |  27 ++-
 .../sddm_honor-PAM-supplemental-groups-v2.patch    | 183 +++++++++++++++++++++
 ...sddm_revert-honor-PAM-supplemental-groups.patch |  88 ++++++++++
 kde/post-install/plasma-workspace/pam.d/kde        |   3 +-
 .../plasma-workspace/scripts/startkwayland         |   7 +-
 kde/post-install/powerdevil.post-install           |  37 +++--
 .../powerdevil/10-enable-ck2-poweroff.rules        |  12 ++
 .../powerdevil/10-enable-elogind-poweroff.rules    |  12 ++
 .../10-enable-powerdevil-discrete-gpu.rules        |   9 +
 .../powerdevil/10-enable-suspend.rules             |  10 --
 .../powerdevil/10-enable-upower-suspend.rules      |   9 +
 .../powerdevil/30-org.freedesktop.upower.pkla      |   9 -
 ...ktop.consolekit.system.stop-multiple-users.pkla |   8 -
 ...p.consolekit.system.restart-multiple-users.pkla |   7 -
 kde/post-install/sddm-qt5.post-install             |  13 ++
 kde/post-install/sddm-qt5/pam.d/sddm               |   3 +-
 kde/post-install/sddm-qt5/pam.d/sddm-autologin     |   3 +-
 kde/post-install/sddm-qt5/pam.d/sddm-greeter       |   1 +
 27 files changed, 396 insertions(+), 82 deletions(-)
 create mode 100644 kde/build/plasma-workspace
 create mode 100644 kde/build/polkit-kde-framework
 create mode 100644 kde/build/powerdevil
 create mode 100644 kde/patch/sddm-qt5/sddm_honor-PAM-supplemental-groups-v2.patch
 create mode 100644 kde/patch/sddm-qt5/sddm_revert-honor-PAM-supplemental-groups.patch
 create mode 100644 kde/post-install/powerdevil/10-enable-ck2-poweroff.rules
 create mode 100644 kde/post-install/powerdevil/10-enable-elogind-poweroff.rules
 create mode 100644 kde/post-install/powerdevil/10-enable-powerdevil-discrete-gpu.rules
 delete mode 100644 kde/post-install/powerdevil/10-enable-suspend.rules
 create mode 100644 kde/post-install/powerdevil/10-enable-upower-suspend.rules
 delete mode 100644 kde/post-install/powerdevil/30-org.freedesktop.upower.pkla
 delete mode 100644 kde/post-install/powerdevil/40-org.freedesktop.consolekit.system.stop-multiple-users.pkla
 delete mode 100644 kde/post-install/powerdevil/41-org.freedesktop.consolekit.system.restart-multiple-users.pkla

(limited to 'kde')

diff --git a/kde/build/kjots b/kde/build/kjots
index 00750ed..b8626c4 100644
--- a/kde/build/kjots
+++ b/kde/build/kjots
@@ -1 +1 @@
-3
+4
diff --git a/kde/build/plasma-workspace b/kde/build/plasma-workspace
new file mode 100644
index 0000000..0cfbf08
--- /dev/null
+++ b/kde/build/plasma-workspace
@@ -0,0 +1 @@
+2
diff --git a/kde/build/polkit-kde-framework b/kde/build/polkit-kde-framework
new file mode 100644
index 0000000..0cfbf08
--- /dev/null
+++ b/kde/build/polkit-kde-framework
@@ -0,0 +1 @@
+2
diff --git a/kde/build/powerdevil b/kde/build/powerdevil
new file mode 100644
index 0000000..0cfbf08
--- /dev/null
+++ b/kde/build/powerdevil
@@ -0,0 +1 @@
+2
diff --git a/kde/build/sddm-qt5 b/kde/build/sddm-qt5
index b8626c4..7ed6ff8 100644
--- a/kde/build/sddm-qt5
+++ b/kde/build/sddm-qt5
@@ -1 +1 @@
-4
+5
diff --git a/kde/cmake/sddm-qt5 b/kde/cmake/sddm-qt5
index 1265dc5..6f187cb 100644
--- a/kde/cmake/sddm-qt5
+++ b/kde/cmake/sddm-qt5
@@ -1,13 +1,23 @@
 if [ "$SLACKPAM" == "no" ]; then
   DO_SLACKPAM="-DENABLE_PAM:BOOL=OFF"
 else
-  DO_SLACKPAM=""
+  DO_SLACKPAM="-DENABLE_PAM:BOOL=ON"
+fi
+
+if [ "$SLKELOGIND" == "no" ]; then
+  DO_SLKELOGIND=""
+else
+  DO_SLKELOGIND=" \
+    -DNO_SYSTEMD:BOOL=TRUE \
+    -DUSE_ELOGIND:BOOL=TRUE \
+    "
 fi
 
 mkdir -p build
 cd build
   cmake \
     $DO_SLACKPAM \
+    $DO_SLKELOGIND \
     -DCMAKE_BUILD_TYPE=Release \
     -DCMAKE_C_FLAGS:STRING="$SLKCFLAGS" \
     -DCMAKE_C_FLAGS_RELEASE:STRING="$SLKCFLAGS" \
@@ -15,8 +25,10 @@ cd build
     -DCMAKE_CXX_FLAGS_RELEASE:STRING="$SLKCFLAGS" \
     -DCMAKE_INSTALL_PREFIX=/usr \
     -DLIB_SUFFIX=${LIBDIRSUFFIX} \
+    -DBUILD_MAN_PAGES:BOOL=TRUE \
+    -DDBUS_CONFIG_FILENAME="org.freedesktop.sddm.conf" \
     -DUSE_QT4:BOOL=FALSE \
     -DUSE_QT5:BOOL=TRUE \
-    -DENABLE_JOURNALD:BOOL=OFF \
+    -DENABLE_JOURNALD:BOOL=FALSE \
     ..
 
diff --git a/kde/doinst.sh/powerdevil b/kde/doinst.sh/powerdevil
index 6e92caa..d311aa0 100644
--- a/kde/doinst.sh/powerdevil
+++ b/kde/doinst.sh/powerdevil
@@ -12,8 +12,7 @@ config() {
 }
 
 # Move over the new policy files:
-config etc/polkit-1/rules.d/10-enable-suspend.rules.new
-config etc/polkit-1/localauthority/50-local.d/30-org.freedesktop.upower.pkla.new
-config  etc/polkit-1/localauthority/50-local.d/40-org.freedesktop.consolekit.system.stop-multiple-users.pkla.new
-config etc/polkit-1/localauthority/50-local.d/41-org.freedesktop.consolekit.system.restart-multiple-users.pkla.new
+config etc/polkit-1/rules.d/10-enable-upower-suspend.rules.new
+config etc/polkit-1/rules.d/10-enable-elogind-poweroff.rules.new
+config etc/polkit-1/rules.d/10-enable-powerdevil-discrete-gpu.rules.new 2>/dev/null
 
diff --git a/kde/kde.options b/kde/kde.options
index dc8b8be..f29b953 100644
--- a/kde/kde.options
+++ b/kde/kde.options
@@ -61,3 +61,9 @@ else
   SLACKPAM=${SLACKPAM:-"no"}
 fi
 
+# Choose correct options depending on whether elogind is installed:
+if [ -L /lib${LIBDIRSUFFIX}/libelogind.so.? ]; then
+  SLKELOGIND=${SLKELOGIND:-"yes"}
+else
+  SLKELOGIND=${SLKELOGIND:-"no"}
+fi
diff --git a/kde/modules/plasma b/kde/modules/plasma
index 66cf51c..a329e8f 100644
--- a/kde/modules/plasma
+++ b/kde/modules/plasma
@@ -6,6 +6,7 @@ breeze-gtk
 breeze-grub
 #breeze-plymouth
 kwayland-integration
+kwayland-server
 plasma-integration
 kinfocenter
 libksysguard
diff --git a/kde/patch/sddm-qt5.patch b/kde/patch/sddm-qt5.patch
index d57fb12..5919925 100644
--- a/kde/patch/sddm-qt5.patch
+++ b/kde/patch/sddm-qt5.patch
@@ -1,26 +1,21 @@
-# Add missing consolekit support
-# (brings back the switch_user functionality in KDE):
-cat $CWD/patch/sddm-qt5/sddm_consolekit.diff | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
+if [ "$SLKELOGIND" == "no" ]; then
+  # Add missing consolekit support
+  # (brings back the switch_user functionality in KDE):
+  cat $CWD/patch/sddm-qt5/sddm_consolekit.diff | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
 
-# Don't assume that ConsoleKit2 exposes a login1 dbus interface:
-cat $CWD/patch/sddm-qt5/sddm_ck2_revert.patch | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
+  # Don't assume that ConsoleKit2 exposes a login1 dbus interface:
+  cat $CWD/patch/sddm-qt5/sddm_ck2_revert.patch | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
+fi
+
+# Properly honor supplemental groups, https://github.com/sddm/sddm/issues/1159 :
+cat $CWD/patch/sddm-qt5/sddm_revert-honor-PAM-supplemental-groups.patch | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
+cat $CWD/patch/sddm-qt5/sddm_honor-PAM-supplemental-groups-v2.patch | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
 
 # SDDM 0.14 sources $HOME/.xsession which in Slackware will override the
 # session selection you make in SDDM. We fix that unwanted side effect by
 # reverting the change:
 cat $CWD/patch/sddm-qt5/sddm_userxsession.diff | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
 
-# Fix display of user avatars ($HOME/.face.icon file)
-# (fixed in sddm-0.15.0).
-#cat $CWD//patch/sddm-qt5/sddm_avatars.patch | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
-
-# Fix a compilation error on passwd backend:
-#cat $CWD/patch/sddm-qt5/sddm_auth.diff | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
-
-# Fix a compilation error on passwd backend:
-# (fixed in sddm-0.12.0).
-#cat $CWD/patch/sddm-qt5/sddm_qstring.patch | patch -p1 --verbose || { touch ${SLACK_KDE_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
-
 # Add the dutch translation:
 if ! grep -q nl.ts data/translations/CMakeLists.txt ; then
   sed -e '/set(TRANSLATION_FILES/s/TRANSLATION_FILES/&\n    nl.ts/' \
diff --git a/kde/patch/sddm-qt5/sddm_honor-PAM-supplemental-groups-v2.patch b/kde/patch/sddm-qt5/sddm_honor-PAM-supplemental-groups-v2.patch
new file mode 100644
index 0000000..bf3bfd2
--- /dev/null
+++ b/kde/patch/sddm-qt5/sddm_honor-PAM-supplemental-groups-v2.patch
@@ -0,0 +1,183 @@
+From 75e6e00d9e1ecf25e3a9c8332530a1e40d737cdb Mon Sep 17 00:00:00 2001
+From: "J. Konrad Tegtmeier-Rottach" <jktr@0x16.de>
+Date: Thu, 9 May 2019 03:06:48 +0200
+Subject: [PATCH] Honor PAM's supplemental groups (v2) (#834, #1159)
+
+This moves the supplemental group initialization step from
+UserSession.cpp to the Backend system, so that the Pam Backend can
+inject additional supplemental groups via modules like pam_group.so.
+
+pam_setcred(3) assumes that it operates on an already initialized
+supplemental group list. However, PamBackend calls
+pam_setcred(PAM_ESTABLISH_CRED) earlier, at the start
+PamBackend::openSession, so a pam_setcred(PAM_REINITIALIZE_CRED) call
+must be issued to repeat the injection of PAM's supplemental groups.
+---
+ src/helper/Backend.cpp            |  5 +++++
+ src/helper/Backend.h              |  3 +++
+ src/helper/HelperApp.cpp          |  4 ++++
+ src/helper/HelperApp.h            |  1 +
+ src/helper/UserSession.cpp        | 13 ++++++++-----
+ src/helper/backend/PamBackend.cpp | 18 ++++++++++++++++++
+ src/helper/backend/PamBackend.h   |  2 ++
+ 7 files changed, 41 insertions(+), 5 deletions(-)
+
+diff --git a/src/helper/Backend.cpp b/src/helper/Backend.cpp
+index d6bb4d0a..35ae2bdf 100644
+--- a/src/helper/Backend.cpp
++++ b/src/helper/Backend.cpp
+@@ -29,6 +29,7 @@
+ #include <QtCore/QProcessEnvironment>
+ 
+ #include <pwd.h>
++#include <grp.h>
+ 
+ namespace SDDM {
+     Backend::Backend(HelperApp* parent)
+@@ -79,4 +80,8 @@ namespace SDDM {
+     bool Backend::closeSession() {
+         return true;
+     }
++
++    bool Backend::setupSupplementalGroups(struct passwd *pw) {
++        return !initgroups(pw->pw_name, pw->pw_gid);
++    }
+ }
+diff --git a/src/helper/Backend.h b/src/helper/Backend.h
+index b790e001..3caf1592 100644
+--- a/src/helper/Backend.h
++++ b/src/helper/Backend.h
+@@ -22,6 +22,7 @@
+ #define BACKEND_H
+ 
+ #include <QtCore/QObject>
++#include <pwd.h>
+ 
+ namespace SDDM {
+     class HelperApp;
+@@ -38,6 +39,8 @@ namespace SDDM {
+         void setAutologin(bool on = true);
+         void setGreeter(bool on = true);
+ 
++        virtual bool setupSupplementalGroups(struct passwd *pw);
++
+     public slots:
+         virtual bool start(const QString &user = QString()) = 0;
+         virtual bool authenticate() = 0;
+diff --git a/src/helper/HelperApp.cpp b/src/helper/HelperApp.cpp
+index cad93bd8..d0891d75 100644
+--- a/src/helper/HelperApp.cpp
++++ b/src/helper/HelperApp.cpp
+@@ -253,6 +253,10 @@ namespace SDDM {
+         return m_session;
+     }
+ 
++    Backend *HelperApp::backend() {
++        return m_backend;
++    }
++
+     const QString& HelperApp::user() const {
+         return m_user;
+     }
+diff --git a/src/helper/HelperApp.h b/src/helper/HelperApp.h
+index 3742df12..cb5959a7 100644
+--- a/src/helper/HelperApp.h
++++ b/src/helper/HelperApp.h
+@@ -39,6 +39,7 @@ namespace SDDM {
+         virtual ~HelperApp();
+ 
+         UserSession *session();
++        Backend *backend();
+         const QString &user() const;
+         const QString &cookie() const;
+ 
+diff --git a/src/helper/UserSession.cpp b/src/helper/UserSession.cpp
+index f71fd358..62fd4d70 100644
+--- a/src/helper/UserSession.cpp
++++ b/src/helper/UserSession.cpp
+@@ -19,6 +19,7 @@
+  *
+  */
+ 
++#include "Backend.h"
+ #include "Configuration.h"
+ #include "UserSession.h"
+ #include "HelperApp.h"
+@@ -129,7 +130,8 @@ namespace SDDM {
+ #endif
+ 
+         // switch user
+-        const QByteArray username = qobject_cast<HelperApp*>(parent())->user().toLocal8Bit();
++        HelperApp* app = qobject_cast<HelperApp*>(parent());
++        const QByteArray username = app->user().toLocal8Bit();
+         struct passwd pw;
+         struct passwd *rpw;
+         long bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
+@@ -146,12 +148,13 @@ namespace SDDM {
+                 qCritical() << "getpwnam_r(" << username << ") failed with error: " << strerror(err);
+             exit(Auth::HELPER_OTHER_ERROR);
+         }
+-        if (setgid(pw.pw_gid) != 0) {
+-            qCritical() << "setgid(" << pw.pw_gid << ") failed for user: " << username;
++
++        if (!app->backend()->setupSupplementalGroups(&pw)) {
++            qCritical() << "failed to set up supplemental groups for user: " << username;
+             exit(Auth::HELPER_OTHER_ERROR);
+         }
+-        if (initgroups(pw.pw_name, pw.pw_gid) != 0) {
+-            qCritical() << "initgroups(" << pw.pw_name << ", " << pw.pw_gid << ") failed for user: " << username;
++        if (setgid(pw.pw_gid) != 0) {
++            qCritical() << "setgid(" << pw.pw_gid << ") failed for user: " << username;
+             exit(Auth::HELPER_OTHER_ERROR);
+         }
+         if (setuid(pw.pw_uid) != 0) {
+diff --git a/src/helper/backend/PamBackend.cpp b/src/helper/backend/PamBackend.cpp
+index f86d77d6..cccfa258 100644
+--- a/src/helper/backend/PamBackend.cpp
++++ b/src/helper/backend/PamBackend.cpp
+@@ -289,6 +289,24 @@ namespace SDDM {
+         return QString::fromLocal8Bit((const char*) m_pam->getItem(PAM_USER));
+     }
+ 
++    bool PamBackend::setupSupplementalGroups(struct passwd *pw) {
++        if (!Backend::setupSupplementalGroups(pw))
++            return false;
++
++        // pam_setcred(3) may inject additional groups into the user's
++        // list of supplemental groups, and assumes that the user's
++        // supplemental groups have already been initialized before
++        // its invocation. Since pam_setcred was already called at the
++        // start of openSession, we need to repeat this step here as
++        // the user's groups have only just now been initialized.
++
++        if (!m_pam->setCred(PAM_REINITIALIZE_CRED)) {
++            m_app->error(m_pam->errorString(), Auth::ERROR_AUTHENTICATION);
++            return false;
++        }
++        return true;
++    }
++
+     int PamBackend::converse(int n, const struct pam_message **msg, struct pam_response **resp) {
+         qDebug() << "[PAM] Conversation with" << n << "messages";
+ 
+diff --git a/src/helper/backend/PamBackend.h b/src/helper/backend/PamBackend.h
+index 4c8b4b35..5b079099 100644
+--- a/src/helper/backend/PamBackend.h
++++ b/src/helper/backend/PamBackend.h
+@@ -28,6 +28,7 @@
+ #include <QtCore/QObject>
+ 
+ #include <security/pam_appl.h>
++#include <pwd.h>
+ 
+ namespace SDDM {
+     class PamHandle;
+@@ -61,6 +62,7 @@ namespace SDDM {
+         explicit PamBackend(HelperApp *parent);
+         virtual ~PamBackend();
+         int converse(int n, const struct pam_message **msg, struct pam_response **resp);
++        virtual bool setupSupplementalGroups(struct passwd *pw);
+ 
+     public slots:
+         virtual bool start(const QString &user = QString());
+
diff --git a/kde/patch/sddm-qt5/sddm_revert-honor-PAM-supplemental-groups.patch b/kde/patch/sddm-qt5/sddm_revert-honor-PAM-supplemental-groups.patch
new file mode 100644
index 0000000..2391c80
--- /dev/null
+++ b/kde/patch/sddm-qt5/sddm_revert-honor-PAM-supplemental-groups.patch
@@ -0,0 +1,88 @@
+From d3953e88a94ec25a87d3c5136517b3d1009cb1fd Mon Sep 17 00:00:00 2001
+From: "J. Konrad Tegtmeier-Rottach" <jktr@0x16.de>
+Date: Wed, 8 May 2019 18:58:53 +0200
+Subject: [PATCH] Revert "Honor PAM's ambient supplemental groups. (#834)"
+
+This reverts commit 1bc813d08b8130e458a6550ec47fb2bfbe6de080, which
+misuses PAM and leads to pulling in all of root's supplemental groups
+during session initialization instead of only adding PAM's extra
+groups. The problem was masked due to the root user not having any
+supplemental groups in some common contexts, like running sddm from a
+systemd unit.
+---
+ src/helper/UserSession.cpp | 57 --------------------------------------
+ 1 file changed, 57 deletions(-)
+
+diff --git a/src/helper/UserSession.cpp b/src/helper/UserSession.cpp
+index b3aec356..f71fd358 100644
+--- a/src/helper/UserSession.cpp
++++ b/src/helper/UserSession.cpp
+@@ -150,67 +150,10 @@ namespace SDDM {
+             qCritical() << "setgid(" << pw.pw_gid << ") failed for user: " << username;
+             exit(Auth::HELPER_OTHER_ERROR);
+         }
+-
+-#ifdef USE_PAM
+-
+-        // fetch ambient groups from PAM's environment;
+-        // these are set by modules such as pam_groups.so
+-        int n_pam_groups = getgroups(0, NULL);
+-        gid_t *pam_groups = NULL;
+-        if (n_pam_groups > 0) {
+-            pam_groups = new gid_t[n_pam_groups];
+-            if ((n_pam_groups = getgroups(n_pam_groups, pam_groups)) == -1) {
+-                qCritical() << "getgroups() failed to fetch supplemental"
+-                            << "PAM groups for user:" << username;
+-                exit(Auth::HELPER_OTHER_ERROR);
+-            }
+-        } else {
+-            n_pam_groups = 0;
+-        }
+-
+-        // fetch session's user's groups
+-        int n_user_groups = 0;
+-        gid_t *user_groups = NULL;
+-        if (-1 == getgrouplist(username.constData(), pw.pw_gid,
+-                               NULL, &n_user_groups)) {
+-            user_groups = new gid_t[n_user_groups];
+-            if ((n_user_groups = getgrouplist(username.constData(),
+-                                              pw.pw_gid, user_groups,
+-                                              &n_user_groups)) == -1 ) {
+-                qCritical() << "getgrouplist(" << username << ", " << pw.pw_gid
+-                            << ") failed";
+-                exit(Auth::HELPER_OTHER_ERROR);
+-            }
+-        }
+-
+-        // set groups to concatenation of PAM's ambient
+-        // groups and the session's user's groups
+-        int n_groups = n_pam_groups + n_user_groups;
+-        if (n_groups > 0) {
+-            gid_t *groups = new gid_t[n_groups];
+-            memcpy(groups, pam_groups, (n_pam_groups * sizeof(gid_t)));
+-            memcpy((groups + n_pam_groups), user_groups,
+-                   (n_user_groups * sizeof(gid_t)));
+-
+-            // setgroups(2) handles duplicate groups
+-            if (setgroups(n_groups, groups) != 0) {
+-                qCritical() << "setgroups() failed for user: " << username;
+-                exit (Auth::HELPER_OTHER_ERROR);
+-            }
+-            delete[] groups;
+-        }
+-        delete[] pam_groups;
+-        delete[] user_groups;
+-
+-#else
+-
+         if (initgroups(pw.pw_name, pw.pw_gid) != 0) {
+             qCritical() << "initgroups(" << pw.pw_name << ", " << pw.pw_gid << ") failed for user: " << username;
+             exit(Auth::HELPER_OTHER_ERROR);
+         }
+-
+-#endif /* USE_PAM */
+-
+         if (setuid(pw.pw_uid) != 0) {
+             qCritical() << "setuid(" << pw.pw_uid << ") failed for user: " << username;
+             exit(Auth::HELPER_OTHER_ERROR);
+
diff --git a/kde/post-install/plasma-workspace/pam.d/kde b/kde/post-install/plasma-workspace/pam.d/kde
index 7acfd90..50e0f53 100644
--- a/kde/post-install/plasma-workspace/pam.d/kde
+++ b/kde/post-install/plasma-workspace/pam.d/kde
@@ -5,5 +5,6 @@ account    include      system-auth
 password   include      system-auth
 session    include      system-auth
 session    required     pam_loginuid.so
-session    optional     pam_ck_connector.so nox11
+-session   optional     pam_ck_connector.so nox11
+-session   optional     pam_elogind.so
 session    include      postlogin
diff --git a/kde/post-install/plasma-workspace/scripts/startkwayland b/kde/post-install/plasma-workspace/scripts/startkwayland
index 7ca8a0a..2d8cf55 100644
--- a/kde/post-install/plasma-workspace/scripts/startkwayland
+++ b/kde/post-install/plasma-workspace/scripts/startkwayland
@@ -1,9 +1,4 @@
 #!/bin/sh
 
 # Start KWin as a Plasma 5 Wayland session
-# Choose correct options depending on whether PAM is installed:
-if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
-  dbus-launch --sh-syntax --exit-with-session /usr/bin/startplasma-wayland
-else
-  ck-launch-session dbus-launch --sh-syntax --exit-with-session /usr/bin/startplasma-wayland
-fi
+dbus-launch --sh-syntax --exit-with-session /usr/bin/startplasma-wayland
diff --git a/kde/post-install/powerdevil.post-install b/kde/post-install/powerdevil.post-install
index 9eb14f2..24a9bc1 100644
--- a/kde/post-install/powerdevil.post-install
+++ b/kde/post-install/powerdevil.post-install
@@ -3,21 +3,28 @@ mkdir -p $PKG/etc
 mv $PKG/etc/kde/dbus-1 $PKG/etc/
 
 mkdir -p $PKG/etc/polkit-1/rules.d
-mkdir -p $PKG/etc/polkit-1/localauthority/50-local.d
-chmod 700 $PKG/etc/polkit-1/localauthority
 
-# Add polkit policy file that brings back suspend/hibernate options:
+# Add upower policy allowing users in the 'power' group
+# to suspend/hibernate the computer:
 install -m 0644 -o root \
-  $CWD/post-install/powerdevil/10-enable-suspend.rules \
-  $PKG/etc/polkit-1/rules.d/10-enable-suspend.rules.new
-install -m 0660 -o root \
-  $CWD/post-install/powerdevil/30-org.freedesktop.upower.pkla \
-  $PKG/etc/polkit-1/localauthority/50-local.d/30-org.freedesktop.upower.pkla.new
-# Add polkit policy files that bring back shutdown/reboot:
-install -m 0660 -o root \
-  $CWD/post-install/powerdevil/40-org.freedesktop.consolekit.system.stop-multiple-users.pkla \
-  $PKG/etc/polkit-1/localauthority/50-local.d/40-org.freedesktop.consolekit.system.stop-multiple-users.pkla.new
-install -m 0660 -o root \
-  $CWD/post-install/powerdevil/41-org.freedesktop.consolekit.system.restart-multiple-users.pkla \
-  $PKG/etc/polkit-1/localauthority/50-local.d/41-org.freedesktop.consolekit.system.restart-multiple-users.pkla.new
+  $CWD/post-install/powerdevil/10-enable-upower-suspend.rules \
+  $PKG/etc/polkit-1/rules.d/10-enable-upower-suspend.rules.new
 
+if [ "SLKELOGIND" = YES ]; then
+  # Add login1 policy file that allows users in the 'power' group
+  # to shutdown/reboot the computer:
+  install -m 0644 -o root \
+    $CWD/post-install/powerdevil/10-enable-elogind-power.rules \
+    $PKG/etc/polkit-1/rules.d/10-enable-session-poweroff.rules.new
+  # Add powerdevil policy file that allows users in the 'power' group
+  # to check for existence of a discrete gpu:
+  install -m 0644 -o root \
+    $CWD/post-install/powerdevil/10-enable-powerdevil-discrete-gpu.rules \
+    $PKG/etc/polkit-1/rules.d/10-enable-powerdevil-discrete-gpu.rules.new
+else
+  # Add ConsoleKit2 policy file that allows users in the 'power' group
+  # to shutdown/reboot the computer:
+  install -m 0644 -o root \
+    $CWD/post-install/powerdevil/10-enable-ck2-power.rules \
+    $PKG/etc/polkit-1/rules.d/10-enable-session-poweroff.rules.new
+fi
diff --git a/kde/post-install/powerdevil/10-enable-ck2-poweroff.rules b/kde/post-install/powerdevil/10-enable-ck2-poweroff.rules
new file mode 100644
index 0000000..2c68027
--- /dev/null
+++ b/kde/post-install/powerdevil/10-enable-ck2-poweroff.rules
@@ -0,0 +1,12 @@
+polkit.addRule(
+  function(action, subject) {
+    if ( (action.id == "org.freedesktop.consolekit.reboot" ||
+          action.id == "org.freedesktop.consolekit.reboot-multiple-sessions" ||
+          action.id == "org.freedesktop.consolekit.power-off" ||
+          action.id == "org.freedesktop.consolekit.power-off-multiple-sessions")
+          && subject.isInGroup("power") ) {
+      return polkit.Result.YES;
+    }
+  }
+);
+
diff --git a/kde/post-install/powerdevil/10-enable-elogind-poweroff.rules b/kde/post-install/powerdevil/10-enable-elogind-poweroff.rules
new file mode 100644
index 0000000..db49920
--- /dev/null
+++ b/kde/post-install/powerdevil/10-enable-elogind-poweroff.rules
@@ -0,0 +1,12 @@
+polkit.addRule(
+  function(action, subject) {
+    if ( (action.id == "org.freedesktop.login1.reboot" ||
+          action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
+          action.id == "org.freedesktop.login1.power-off" ||
+          action.id == "org.freedesktop.login1.power-off-multiple-sessions")
+           && subject.isInGroup("power") ) {
+      return polkit.Result.YES;
+    }
+  }
+);
+
diff --git a/kde/post-install/powerdevil/10-enable-powerdevil-discrete-gpu.rules b/kde/post-install/powerdevil/10-enable-powerdevil-discrete-gpu.rules
new file mode 100644
index 0000000..f001848
--- /dev/null
+++ b/kde/post-install/powerdevil/10-enable-powerdevil-discrete-gpu.rules
@@ -0,0 +1,9 @@
+polkit.addRule(
+  function(action, subject) {
+    if ( action.id == "org.kde.powerdevil.discretegpuhelper.hasdualgpu" &&
+        subject.isInGroup("power") ) {
+      return polkit.Result.YES;
+    }
+  }
+);
+
diff --git a/kde/post-install/powerdevil/10-enable-suspend.rules b/kde/post-install/powerdevil/10-enable-suspend.rules
deleted file mode 100644
index 5ef58ac..0000000
--- a/kde/post-install/powerdevil/10-enable-suspend.rules
+++ /dev/null
@@ -1,10 +0,0 @@
-polkit.addRule(
-  function(action, subject) {
-    if ((action.id == "org.freedesktop.upower.suspend" ||
-      action.id == "org.freedesktop.upower.hibernate") &&
-      subject.isInGroup("power"))
-    {
-      return polkit.Result.YES;
-    }
-  }
-);
diff --git a/kde/post-install/powerdevil/10-enable-upower-suspend.rules b/kde/post-install/powerdevil/10-enable-upower-suspend.rules
new file mode 100644
index 0000000..4bccfb0
--- /dev/null
+++ b/kde/post-install/powerdevil/10-enable-upower-suspend.rules
@@ -0,0 +1,9 @@
+polkit.addRule(
+  function(action, subject) {
+    if ( (action.id == "org.freedesktop.upower.suspend" ||
+          action.id == "org.freedesktop.upower.hibernate")
+          && subject.isInGroup("power") ) {
+      return polkit.Result.YES;
+    }
+  }
+);
diff --git a/kde/post-install/powerdevil/30-org.freedesktop.upower.pkla b/kde/post-install/powerdevil/30-org.freedesktop.upower.pkla
deleted file mode 100644
index b3b5dd2..0000000
--- a/kde/post-install/powerdevil/30-org.freedesktop.upower.pkla
+++ /dev/null
@@ -1,9 +0,0 @@
-# /etc/polkit-1/localauthority/50-local.d/30-org.freedesktop.upower.pkla
-# Allow all power users to suspend/hibernate the computer:
-[Power Users]
-Identity=unix-group:power
-Action=org.freedesktop.upower.suspend;org.freedesktop.upower.hibernate
-ResultAny=yes
-ResultInactive=no
-ResultActive=yes
-
diff --git a/kde/post-install/powerdevil/40-org.freedesktop.consolekit.system.stop-multiple-users.pkla b/kde/post-install/powerdevil/40-org.freedesktop.consolekit.system.stop-multiple-users.pkla
deleted file mode 100644
index 1fae73a..0000000
--- a/kde/post-install/powerdevil/40-org.freedesktop.consolekit.system.stop-multiple-users.pkla
+++ /dev/null
@@ -1,8 +0,0 @@
-# /etc/polkit-1/localauthority/50-local.d/40-org.freedesktop.consolekit.system.stop-multiple-users.pkla
-[Allow power users to shutdown]
-Identity=unix-group:power
-Action=org.freedesktop.consolekit.system.stop-multiple-users;org.freedesktop.consolekit.system.stop
-ResultAny=yes
-ResultInactive=no
-ResultActive=yes
-
diff --git a/kde/post-install/powerdevil/41-org.freedesktop.consolekit.system.restart-multiple-users.pkla b/kde/post-install/powerdevil/41-org.freedesktop.consolekit.system.restart-multiple-users.pkla
deleted file mode 100644
index db17c63..0000000
--- a/kde/post-install/powerdevil/41-org.freedesktop.consolekit.system.restart-multiple-users.pkla
+++ /dev/null
@@ -1,7 +0,0 @@
-# /etc/polkit-1/localauthority/50-local.d/41-org.freedesktop.consolekit.system.restart-multiple-users.pkla
-[Allow power users to restart]
-Identity=unix-group:power
-Action=org.freedesktop.consolekit.system.restart-multiple-users;org.freedesktop.consolekit.system.restart
-ResultAny=yes
-ResultInactive=no
-ResultActive=yes
diff --git a/kde/post-install/sddm-qt5.post-install b/kde/post-install/sddm-qt5.post-install
index 006e234..3d168b1 100644
--- a/kde/post-install/sddm-qt5.post-install
+++ b/kde/post-install/sddm-qt5.post-install
@@ -12,6 +12,19 @@ fi
 # Remove the sddm.conf file because we will generate our own in doinst.sh:
 rm -f $PKG/etc/sddm.conf
 
+# Make sure that Plasma and SDDM work on older GPUs,
+# by forcing Qt5 to use software GL rendering:
+cat <<"EOGL" >> $PKG/usr/share/sddm/scripts/Xsetup
+
+# Make sure that Plasma and SDDM work on older GPUs,
+# by forcing Qt5 to use software GL rendering:
+OPENGL_VERSION=$(LANG=C glxinfo |grep '^OpenGL version string: ' |head -n 1 |sed -e 's/^OpenGL version string: \([0-9]\).*$/\1/g')
+if [ "$OPENGL_VERSION" -lt 2 ]; then
+  QT_XCB_FORCE_SOFTWARE_OPENGL=1
+  export QT_XCB_FORCE_SOFTWARE_OPENGL
+fi
+EOGL
+
 # Ensure that user customizations to the session files are not lost:
 mv $PKG/usr/share/sddm/scripts/Xsession{,.new}
 mv $PKG/usr/share/sddm/scripts/Xsetup{,.new}
diff --git a/kde/post-install/sddm-qt5/pam.d/sddm b/kde/post-install/sddm-qt5/pam.d/sddm
index f0b2345..df016a7 100644
--- a/kde/post-install/sddm-qt5/pam.d/sddm
+++ b/kde/post-install/sddm-qt5/pam.d/sddm
@@ -19,7 +19,8 @@ password   substack     system-auth
 session    optional     pam_keyinit.so           force revoke
 session    substack     system-auth
 session    required     pam_loginuid.so
-session    optional     pam_ck_connector.so      nox11
+-session   optional     pam_ck_connector.so      nox11
+-session   optional     pam_elogind.so
 -session   optional     pam_gnome_keyring.so     auto_start
 -session   optional     pam_kwallet5.so          auto_start
 session    include      postlogin
diff --git a/kde/post-install/sddm-qt5/pam.d/sddm-autologin b/kde/post-install/sddm-qt5/pam.d/sddm-autologin
index fd926ef..3602395 100644
--- a/kde/post-install/sddm-qt5/pam.d/sddm-autologin
+++ b/kde/post-install/sddm-qt5/pam.d/sddm-autologin
@@ -17,7 +17,8 @@ password   include      system-auth
 
 session    substack     system-auth
 session    required     pam_loginuid.so
-session    optional     pam_ck_connector.so      nox11
+-session   optional     pam_ck_connector.so      nox11
+-session   optional     pam_elogind.so
 -session   optional     pam_gnome_keyring.so     auto_start
 -session   optional     pam_kwallet5.so          auto_start
 session    include      postlogin
diff --git a/kde/post-install/sddm-qt5/pam.d/sddm-greeter b/kde/post-install/sddm-qt5/pam.d/sddm-greeter
index c7bd8a3..fe30e60 100644
--- a/kde/post-install/sddm-qt5/pam.d/sddm-greeter
+++ b/kde/post-install/sddm-qt5/pam.d/sddm-greeter
@@ -15,4 +15,5 @@ password   required     pam_deny.so
 # Setup session
 session    required     pam_unix.so
 -session   optional     pam_systemd.so
+-session   optional     pam_ck_connector.so      nox11
 -session   optional     pam_elogind.so
-- 
cgit v1.2.3