.accountsservice.metadata

@@ -1 +1 @@
-bab4f37144196d8ba06195bc72b4a9937c62b9fd SOURCES/accountsservice-0.6.55.tar.xz
+bab4f37144196d8ba06195bc72b4a9937c62b9fd accountsservice-0.6.55.tar.xz

.gitignore

@@ -1 +1 @@
-SOURCES/accountsservice-0.6.55.tar.xz
+/accountsservice-*.tar.xz

0001-lib-don-t-set-loaded-state-until-seat-is-fetched.patch

@@ -0,0 +1,36 @@
+From c7fa612023a163e8b2352e1170c6df3fceb19b27 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode@redhat.com>
+Date: Thu, 19 Jul 2018 13:14:09 -0400
+Subject: [PATCH 1/3] lib: don't set loaded state until seat is fetched
+
+At the moment we set is-loaded on the user-manager
+object as soon as we start fetching the seat, but
+we should waiting until the seat is fetched, so
+that can_switch() will return the correct value
+if the caller waited until the loaded signal
+to use it.
+
+This commit changes the >= to > which I believe
+was the original intention anyway.
+
+https://bugs.freedesktop.org/show_bug.cgi?id=107298
+---
+ src/libaccountsservice/act-user-manager.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libaccountsservice/act-user-manager.c b/src/libaccountsservice/act-user-manager.c
+index 325421b..e7e26b1 100644
+--- a/src/libaccountsservice/act-user-manager.c
++++ b/src/libaccountsservice/act-user-manager.c
+@@ -2382,7 +2382,7 @@ maybe_set_is_loaded (ActUserManager *manager)
+         /* Don't set is_loaded yet unless the seat is already loaded enough
+          * or failed to load.
+          */
+-        if (manager->priv->seat.state >= ACT_USER_MANAGER_SEAT_STATE_GET_ID) {
++        if (manager->priv->seat.state > ACT_USER_MANAGER_SEAT_STATE_GET_ID) {
+                 g_debug ("ActUserManager: Seat loaded, so now setting loaded property");
+         } else if (manager->priv->seat.state == ACT_USER_MANAGER_SEAT_STATE_UNLOADED) {
+                 g_debug ("ActUserManager: Seat wouldn't load, so giving up on it and setting loaded property");
+-- 
+2.19.0
+

0001-main-Allow-cache-files-to-be-marked-immutable.patch

@@ -0,0 +1,195 @@
+From ae9937addf1e6c75c540b3cd033bc2b17ac6cc59 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode@redhat.com>
+Date: Thu, 9 Sep 2021 09:40:49 -0400
+Subject: [PATCH] main: Allow cache files to be marked immutable
+
+At the moment, at start up we unconditionally reset permission of all
+cache files in /var/lib/AccountsService/users.  If the mode of the files
+can't be reset, accountsservice fails to start.
+
+But there's a situation where we should proceed anyway: If the
+mode is already correct, and the file is read-only, there is no reason
+to refuse to proceed.
+
+This commit changes the code to explicitly validate the permissions of
+the file before failing.
+---
+ src/main.c | 29 +++++++++++++++++++++++++----
+ 1 file changed, 25 insertions(+), 4 deletions(-)
+
+diff --git a/src/main.c b/src/main.c
+index 2163fa6..cf88da0 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -16,143 +16,164 @@
+  * along with this program; if not, write to the Free Software
+  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+  *
+  * Written by: Matthias Clasen <mclasen@redhat.com>
+  */
+ 
+ #include "config.h"
+ 
+ #include <stdlib.h>
+ #include <stdarg.h>
+ #include <locale.h>
+ #include <libintl.h>
+ #include <syslog.h>
+ #include <sys/stat.h>
+ #include <errno.h>
+ 
+ #include <glib.h>
+ #include <glib/gi18n.h>
+ #include <glib/gstdio.h>
+ #include <glib-unix.h>
+ 
+ #include "daemon.h"
+ 
+ #define NAME_TO_CLAIM "org.freedesktop.Accounts"
+ 
+ static gboolean
+ ensure_directory (const char  *path,
+                   gint         mode,
+                   GError     **error)
+ {
++        GStatBuf stat_buffer = { 0 };
++
+         if (g_mkdir_with_parents (path, mode) < 0) {
+                 g_set_error (error,
+                              G_FILE_ERROR,
+                              g_file_error_from_errno (errno),
+                              "Failed to create directory %s: %m",
+                              path);
+                 return FALSE;
+         }
+ 
+-        if (g_chmod (path, mode) < 0) {
++        g_chmod (path, mode);
++
++        if (g_stat (path, &stat_buffer) < 0) {
++                g_clear_error (&error);
++
+                 g_set_error (error,
+                              G_FILE_ERROR,
+                              g_file_error_from_errno (errno),
+-                             "Failed to change permissions of directory %s: %m",
++                             "Failed to validate permissions of directory %s: %m",
+                              path);
+                 return FALSE;
+         }
+ 
++        if (stat_buffer.st_mode != mode) {
++                g_set_error (error,
++                             G_FILE_ERROR,
++                             g_file_error_from_errno (errno),
++                             "Directory %s has wrong mode %o; it should be %o",
++                             path, stat_buffer.st_mode, mode);
++                return FALSE;
++        }
++
+         return TRUE;
+ }
+ 
+ static gboolean
+ ensure_file_permissions (const char  *dir_path,
+                          gint         file_mode,
+                          GError     **error)
+ {
+         GDir *dir = NULL;
+         const gchar *filename;
+         gint errsv = 0;
+ 
+         dir = g_dir_open (dir_path, 0, error);
+         if (dir == NULL)
+                 return FALSE;
+ 
+         while ((filename = g_dir_read_name (dir)) != NULL) {
++                GStatBuf stat_buffer = { 0 };
++
+                 gchar *file_path = g_build_filename (dir_path, filename, NULL);
+ 
+                 g_debug ("Changing permission of %s to %04o", file_path, file_mode);
+-                if (g_chmod (file_path, file_mode) < 0)
++                g_chmod (file_path, file_mode);
++
++                if (g_stat (path, &stat_buffer) < 0)
+                         errsv = errno;
+ 
++                if (stat_buffer.st_mode != file_mode)
++                        errsv = EACCESS;
++
+                 g_free (file_path);
+         }
+ 
+         g_dir_close (dir);
+ 
+         /* Report any errors after all chmod()s have been attempted. */
+         if (errsv != 0) {
+                 g_set_error (error,
+                              G_FILE_ERROR,
+                              g_file_error_from_errno (errsv),
+                              "Failed to change permissions of files in directory %s: %m",
+                              dir_path);
+                 return FALSE;
+         }
+ 
+         return TRUE;
+ }
+ 
+ static void
+ on_bus_acquired (GDBusConnection  *connection,
+                  const gchar      *name,
+                  gpointer          user_data)
+ {
+         GMainLoop *loop = user_data;
+         Daemon *daemon;
+         g_autoptr(GError) error = NULL;
+ 
+         if (!ensure_directory (ICONDIR, 0775, &error) ||
+             !ensure_directory (USERDIR, 0700, &error) ||
+             !ensure_file_permissions (USERDIR, 0600, &error)) {
+                 g_printerr ("%s\n", error->message);
+                 g_main_loop_quit (loop);
+                 return;
+         }
+ 
+         daemon = daemon_new ();
+         if (daemon == NULL) {
+                 g_printerr ("Failed to initialize daemon\n");
+                 g_main_loop_quit (loop);
+                 return;
+         }
+-
+         openlog ("accounts-daemon", LOG_PID, LOG_DAEMON);
+         syslog (LOG_INFO, "started daemon version %s", VERSION);
+         closelog ();
+         openlog ("accounts-daemon", 0, LOG_AUTHPRIV);
+ }
+ 
+ static void
+ on_name_lost (GDBusConnection  *connection,
+               const gchar      *name,
+               gpointer          user_data)
+ {
+         GMainLoop *loop = user_data;
+ 
+         g_debug ("got NameLost, exiting");
+         g_main_loop_quit (loop);
+ }
+ 
+ static gboolean debug;
+ 
+ static void
+ on_log_debug (const gchar *log_domain,
+               GLogLevelFlags log_level,
+               const gchar *message,
+               gpointer user_data)
+ {
+         g_autoptr(GString) string = NULL;
+         const gchar *progname;
+         int ret G_GNUC_UNUSED;
+ 
+         string = g_string_new (NULL);
+-- 
+2.31.1
+

0002-lib-don-t-fail-loading-if-logind-isn-t-working-right.patch

@@ -0,0 +1,45 @@
+From 74fed8d975fd2e2cba644eeb8021393fc81b7151 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode@redhat.com>
+Date: Fri, 10 Aug 2018 15:15:51 -0400
+Subject: [PATCH 3/3] lib: don't fail loading if logind isn't working right
+
+At the moment if logind can fail in two ways when
+asking the session associated with the current pid:
+
+1) ENOENT, the process isn't part of a registered session
+2) ENODATA, the mechanism for checking which session a
+process is registered with isn't working.
+
+If we hit the second case then wefail loading the user manager
+entirely.  This leads to the dbus proxy associated with a user
+from loading and the user getting stuck with defaults like a
+NULL xsession and systemaccount=TRUE
+
+This commit changes the behavior for the second case to be
+like the first. Namely, to accept there's no associated
+session and carry on as best we can.
+---
+ src/libaccountsservice/act-user-manager.c | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+diff --git a/src/libaccountsservice/act-user-manager.c b/src/libaccountsservice/act-user-manager.c
+index e7e26b1..6dc1d15 100644
+--- a/src/libaccountsservice/act-user-manager.c
++++ b/src/libaccountsservice/act-user-manager.c
+@@ -1139,12 +1139,9 @@ _get_current_systemd_session_id (ActUserManager *manager)
+         res = sd_pid_get_session (0, &session_id);
+ 
+         if (res == -ENOENT) {
+-                session_id = NULL;
+-        } else if (res < 0) {
+                 g_debug ("Failed to identify the current session: %s",
+                          strerror (-res));
+-                unload_seat (manager);
+-                return;
++                session_id = NULL;
+         }
+ 
+         manager->priv->seat.session_id = g_strdup (session_id);
+-- 
+2.19.0
+

accountsservice.spec

@@ -2,7 +2,7 @@
 
 Name:           accountsservice
 Version:        0.6.55
-Release:        4%{?dist}
+Release:        10%{?dist}
 Summary:        D-Bus interfaces for querying and manipulating user account information
 License:        GPLv3+
 URL:            https://www.freedesktop.org/wiki/Software/AccountsService/
@@ -67,10 +67,10 @@ files needed to build applications that use accountsservice-libs.
 %meson -Dgtk_doc=true -Dsystemd=true -Duser_heuristics=true
 %meson_build
 
-
 %install
 %meson_install
 
+mkdir -p $RPM_BUILD_ROOT%{_datadir}/accountsservice/interfaces/
 mkdir -p $RPM_BUILD_ROOT%{_datadir}/accountsservice/user-templates $RPM_BUILD_ROOT%{_sysconfdir}/accountsservice/user-templates
 cp $RPM_SOURCE_DIR/user-template $RPM_BUILD_ROOT%{_datadir}/accountsservice/user-templates/standard
 cp $RPM_SOURCE_DIR/user-template $RPM_BUILD_ROOT%{_datadir}/accountsservice/user-templates/administrator
@@ -96,6 +96,8 @@ cp $RPM_SOURCE_DIR/user-template $RPM_BUILD_ROOT%{_datadir}/accountsservice/user
 %dir %{_sysconfdir}/accountsservice
 %{_sysconfdir}/dbus-1/system.d/org.freedesktop.Accounts.conf
 %{_libexecdir}/accounts-daemon
+%dir %{_datadir}/accountsservice/
+%dir %{_datadir}/accountsservice/interfaces/
 %{_datadir}/dbus-1/interfaces/org.freedesktop.Accounts.xml
 %{_datadir}/dbus-1/interfaces/org.freedesktop.Accounts.User.xml
 %{_datadir}/dbus-1/system-services/org.freedesktop.Accounts.service
@@ -122,54 +124,82 @@ cp $RPM_SOURCE_DIR/user-template $RPM_BUILD_ROOT%{_datadir}/accountsservice/user
 %{_datadir}/gtk-doc/html/libaccountsservice/*
 
 %changelog
-* Mon Oct 25 2021 Ray Strode <rstrode@redhat.com> - 0.6.55-4
+* Thu Feb 24 2022 Ray Strode <rstrode@redhat.com> - 0.6.55-10
 - Synchronize permissions and group ownership for icon and users dirs
-  between rpm file manifest and daemon expectations
-  Resolves: #1919300
+  between rpm file manifest and daemon expectations.
+  Resolves: #2057576
 
-* Tue Oct 12 2021 Ray Strode <rstrode@redhat.com> - 0.6.55-3
-- Allow cache files to configure and override system accounts
-  Resolves: #2012331
+* Mon Oct 25 2021 Ray Strode <rstrode@redhat.com> - 0.6.55-9
+- Bring in RHEL-8 patches
+  Resolves: #2014692
 
-* Wed Aug 04 2021 Ray Strode <rstrode@redhat.com> - 0.6.55-2
-- Add support for user templates so user can specify default session
-  Resolves: #1812788
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.6.55-8
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
 
-* Fri Jan 15 2021 Ray Strode <rstrode@redhat.com> - 0.6.55-1
-- Rebase to 0.6.55
-  Resolves: #1846376
+* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 0.6.55-7
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 
-* Sun Dec 15 2019 Ray Strode <rstrode@redhat.com> - 0.6.50-8
-- Don't set HasNoUsers=true if realmd has providers
-  Related: #1750516
+* Mon Jan 25 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.55-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 
-* Mon Jun 17 2019 Ray Strode <rstrode@redhat.com> - 0.6.50-7
-- Don't send change updates for login history changes
-  Resolves: #1713080
+* Fri Sep 04 2020 Bastien Nocera <bnocera@redhat.com> - 0.6.55-5
++ accountsservice-0.6.55-5
+- Own /usr/share/accountsservice
 
-* Mon Nov 26 2018 Ray Strode <rstrode@redhat.com> - 0.6.50-6
-- Fix user switching before screen lock
-  Resolves: #1653263
+* Fri Jul 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.55-4
+- Second attempt - Rebuilt for
+  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 
-* Mon Oct 15 2018 Ray Strode <rstrode@redhat.com> - 0.6.50-5
-- Turn off aliasing optimizations until glib codegen is fixed
-  Related: #1628060 1639428
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.55-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 
-* Fri Oct 12 2018 Ray Strode <rstrode@redhat.com> - 0.6.50-4
-  Correct rpmdiff complaints
-  Related: #1628060
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.55-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 
-* Fri Oct 12 2018 Ray Strode <rstrode@redhat.com> - 0.6.50-3
-- Record OS in user data when creating new users
-  Related: #1628060
+* Thu Sep 26 2019 Benjamin Berg <bberg@redhat.com> - 0.6.55-1
+- Update to 0.6.55
+  Resolves: #1755838
 
-* Mon Aug 20 2018 Ray Strode <rstrode@redhat.com> - 0.6.50-2
-- add new api needed for handling upgrades from RHEL 7
-  Related: #1612915 1595825
+* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.54-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 
-* Fri Jul 13 2018 Ray Strode <rstrode@redhat.com> - 0.6.50-1
-- Update to 0.6.50
-  Related: #1597499
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.54-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Jan 21 2019 Alexandru-Sever Horin <alex.sever.h@gmail.com> - 0.6.54-4
+- Add patch from upstream to fix UID detection
+  Resolves: #1646418
+
+* Thu Jan 17 2019 Adam Williamson <awilliam@redhat.com> - 0.6.54-3
+- Explicitly enable systemd support (#1576903) (Elliott Sales de Andrade)
+
+* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 0.6.54-2
+- Rebuilt for libcrypt.so.2 (#1666033)
+
+* Sat Sep 29 2018 Ray Strode <rstrode@redhat.com> - 0.6.54-1
+- Update to 0.6.54
+
+* Thu Sep 27 2018 Ray Strode <rstrode@redhat.com> - 0.6.53-1
+- Update to 0.6.53
+
+* Mon Sep 24 2018 Adam Williamson <awilliam@redhat.com> - 0.6.50-1
+- Update to 0.6.50, plus a couple of backported patches
+  Resolves: #1576903
+
+* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.49-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Thu May 10 2018 Ray Strode <rstrode@redhat.com> - 0.6.49-1
+- Update to 0.6.49 (brown bag release)
+
+* Thu May 10 2018 Ray Strode <rstrode@redhat.com> - 0.6.48-1
+- Update to 0.6.48
+  Resolves: #1575780
+
+* Fri May 04 2018 Ray Strode <rstrode@redhat.com> - 0.6.47-2
+- fix crash on user deletion
+  Resolves: #1573550
 
 * Tue Apr 24 2018 Ray Strode <rstrode@redhat.com> - 0.6.47-1
 - Update to 0.6.47
@@ -303,7 +333,7 @@ cp $RPM_SOURCE_DIR/user-template $RPM_BUILD_ROOT%{_datadir}/accountsservice/user
 - Fixes CVE-2012-2737 - local file disclosure
   Related:  #832532
 
-* Thu May 31 2012 Matthias Clasen <mclasen@redhat.com> 0.6.21-1
+* Thu May 30 2012 Matthias Clasen <mclasen@redhatcom> 0.6.21-1
 - Update to 0.6.21
 
 * Fri May 04 2012 Ray Strode <rstrode@redhat.com> 0.6.20-1
@@ -384,4 +414,4 @@ cp $RPM_SOURCE_DIR/user-template $RPM_BUILD_ROOT%{_datadir}/accountsservice/user
 - Add missing directories to the filelist
 
 * Fri Jan 29 2010 Matthias Clasen <mclasen@redhat.com> 0.4-1
-- Initial packaging, based on work by Richard Hughes
+-

gating.yaml

@@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: desktop-qe.desktop-ci.tier1-gating.functional}

sources

@@ -0,0 +1 @@
+SHA512 (accountsservice-0.6.55.tar.xz) = c12e6a8e80f9b087f97238da4734d2d3a14a7c5cbd870a32a04b00116f176c818c39fb886f6dc72c3e93c136b0c2074ddf8f77e20431fa3bd54f138bea9d262d