user/sddm: Fix autologin issue with PAM modules

This corrects an issue where Horizon media may boot to a black screen.

user/sddm: Fix autologin issue with PAM modules
c81cec7a · Anna Wilcox · e89157dc · c81cec7a · c81cec7a
Verified Commit c81cec7a authored 2 years ago by Anna Wilcox
--- a/user/sddm/APKBUILD
+++ b/user/sddm/APKBUILD
@@ -27,6 +27,7 @@ source="https://github.com/sddm/sddm/releases/download/v$pkgver/sddm-$pkgver.tar
 	authed.patch
 	allocate-vt.patch
 	autologin-type.patch
+	autologin-pam.patch
 	session-env.patch
 	qt515.patch
 	sddm.initd
@@ -76,6 +77,7 @@ d47123e097e8ea918ba112332272dbc94a3f06a76dc01080fd80f5f945320e0647d8f84d4232d326
 fea260015dfaf82e97ea2a77d7810e11f85503446ce6450ed9fe3072ce2151bb2ecac56fbc917a47b8ebcaf9fa51c077d4e798c4ef62919e18d1751fd7de92fc  authed.patch
 829397bdb1d5fd6887b7836d503b081a8827346aa775b702d4ea9946d3ff4374446175e462732e52e33e1a53481b99cbe652c44e031c79823d5fbf67e4b48c46  allocate-vt.patch
 378a735946c93dc9fb746cc4d4cf436d728ec0f1fddd3fcac8797ef90acb0d6582e41ac0a91b96d3886695b8664627ef81822f531c67deb12085626206f27136  autologin-type.patch
+327d3f1d35d493cc302096d7047d0159e570c94320df52efe7e4cefeff910b38e322eaba57396e91efed7f9fb2da5ccf19b383cbfbd14537e016c1dfa319bd8e  autologin-pam.patch
 0997ae1ea2f0b44835a397f107d73ae2eb0d492cbf97b3f446c388eebb6ec0b9255b2352a51c9e00ebf846c0fec61998895aba865e06814ee20ab9d526b3f353  session-env.patch
 77d1abe99a8f0c38f9bf2d1ec695d371a46842b7f64c0a53e8f5c34550de5f9fba7ae9b187ba698e6658f03b18c6bd4b975532d9f2cecdb857e42e20413e96a7  qt515.patch
 d603934552bad47edda458d7a4df2310e98bde74bdb3bf8588f5171b2a5d68814192b8dc8f5599b35402f9a747d519d985d4976e7aa50dabed445f99a112594c  sddm.initd"
--- a/user/sddm/autologin-pam.patch
+++ b/user/sddm/autologin-pam.patch
+From a6280bde181c72811ab5dd0eb525f112ac72099f Mon Sep 17 00:00:00 2001
+From: Aleix Pol <aleixpol@kde.org>
+Date: Thu, 24 Jun 2021 17:08:10 +0200
+Subject: [PATCH] pam: Do not use tally2 if faillock is present
+
+From pam 1.4.0 release notes:
+
+Deprecated pam_tally and pam_tally2: these modules are no longer built
+by default and will be removed in the next release, use pam_faillock
+instead.
+https://github.com/linux-pam/linux-pam/releases/tag/v1.4.0
+
+Fixes #1313
+---
+ cmake/FindPAM.cmake                |  1 +
+ services/CMakeLists.txt            |  6 +++++-
+ services/sddm-autologin-tally2.pam | 13 +++++++++++++
+ services/sddm-autologin.pam        |  2 +-
+ 4 files changed, 20 insertions(+), 2 deletions(-)
+ create mode 100755 services/sddm-autologin-tally2.pam
+
+diff --git a/cmake/FindPAM.cmake b/cmake/FindPAM.cmake
+index f209c0b46..a64680bea 100644
+--- a/cmake/FindPAM.cmake
+++ b/cmake/FindPAM.cmake
+@@ -13,6 +13,7 @@ endif (PAM_INCLUDE_DIR AND PAM_LIBRARY)
+ find_path(PAM_INCLUDE_DIR NAMES security/pam_appl.h pam/pam_appl.h)
+ find_library(PAM_LIBRARY pam)
+ find_library(DL_LIBRARY dl)
+find_library(HAVE_PAM_FAILLOCK NAME pam_faillock.so PATH_SUFFIXES security)
+ 
+ if (PAM_INCLUDE_DIR AND PAM_LIBRARY)
+ 	set(PAM_FOUND TRUE)
+diff --git a/services/CMakeLists.txt b/services/CMakeLists.txt
+index fbf760895..6e4fa0f93 100644
+--- a/services/CMakeLists.txt
+++ b/services/CMakeLists.txt
+@@ -10,6 +10,10 @@ else()
+ endif()
+ configure_file("${CMAKE_CURRENT_SOURCE_DIR}/sddm-greeter.pam.in" "${CMAKE_CURRENT_BINARY_DIR}/sddm-greeter.pam")
+ 
+if(HAVE_PAM_FAILLOCK)
+    install(FILES sddm-autologin.pam DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/pam.d RENAME sddm-autologin)
+else()
+    install(FILES sddm-autologin-tally2.pam DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/pam.d RENAME sddm-autologin)
+endif()
+ install(FILES sddm.pam DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/pam.d RENAME sddm)
+-install(FILES sddm-autologin.pam DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/pam.d RENAME sddm-autologin)
+ install(FILES "${CMAKE_CURRENT_BINARY_DIR}/sddm-greeter.pam" DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/pam.d RENAME sddm-greeter)
+diff --git a/services/sddm-autologin-tally2.pam b/services/sddm-autologin-tally2.pam
+new file mode 100755
+index 000000000..99729bc9b
+--- /dev/null
+++ b/services/sddm-autologin-tally2.pam
+@@ -0,0 +1,13 @@
+#%PAM-1.0
+auth        required    pam_env.so
+auth        required    pam_tally2.so file=/var/log/tallylog onerr=succeed
+auth        required    pam_shells.so
+auth        required    pam_nologin.so
+auth        required    pam_permit.so
+-auth       optional    pam_gnome_keyring.so
+-auth       optional    pam_kwallet5.so
+account     include     system-local-login
+password    include     system-local-login
+session     include     system-local-login
+-session    optional    pam_gnome_keyring.so auto_start
+-session    optional    pam_kwallet5.so auto_start
+diff --git a/services/sddm-autologin.pam b/services/sddm-autologin.pam
+index 99729bc9b..b42991e38 100755
+--- a/services/sddm-autologin.pam
+++ b/services/sddm-autologin.pam
+@@ -1,6 +1,6 @@
+ #%PAM-1.0
+ auth        required    pam_env.so
+-auth        required    pam_tally2.so file=/var/log/tallylog onerr=succeed
+auth        required    pam_faillock.so preauth
+ auth        required    pam_shells.so
+ auth        required    pam_nologin.so
+ auth        required    pam_permit.so