authselect-1.2.3-1: rebase to 1.2.3

2021-03-31 13:09:33 +02:00 · 2021-03-31 13:09:33 +02:00 · cefc7d6d5d
commit cefc7d6d5d
parent 54f4d090c5
5 changed files with 8 additions and 117 deletions
--- a/.gitignore
+++ b/.gitignore
@ -13,3 +13,4 @@
 /authselect-1.2.tar.gz
 /authselect-1.2.1.tar.gz
 /authselect-1.2.2.tar.gz
+/authselect-1.2.3.tar.gz
--- a/0001-fingerprint-Retain-error-code-returned-by-pam_fprint.patch
+++ b/0001-fingerprint-Retain-error-code-returned-by-pam_fprint.patch
@ -1,61 +0,0 @@
-From b75a468d38598920833762a7227b06d73be20709 Mon Sep 17 00:00:00 2001
-From: Benjamin Berg <bberg@redhat.com>
-Date: Tue, 9 Mar 2021 14:34:22 +0100
-Subject: [PATCH] fingerprint: Retain error code returned by pam_fprintd.so
-
-pam_fprintd.so will return PAM_AUTHINFO_UNAVAIL in some situations. It
-is important that the fingerprint-auth stack returns this error code, so
-that users (i.e. GDM) can tell the difference between an authentication
-failure vs. an immediate return because no fingers are enrolled.
-
-Fix this by changing sufficient to required (i.e. default=bad rather
-than default=ignore) in order to ensure that the pam_fprintd.so error
-code is returned.
---
- profiles/nis/fingerprint-auth     | 2 +-
- profiles/sssd/fingerprint-auth    | 2 +-
- profiles/winbind/fingerprint-auth | 2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/profiles/nis/fingerprint-auth b/profiles/nis/fingerprint-auth
-index 756993c..f312974 100644
--- a/profiles/nis/fingerprint-auth
-+++ b/profiles/nis/fingerprint-auth
-@@ -1,7 +1,7 @@
- {continue if "with-fingerprint"}
- auth        required                                     pam_env.so
- auth        required                                     pam_faillock.so preauth silent                         {include if "with-faillock"}
-auth        sufficient                                   pam_fprintd.so
-+auth        required                                     pam_fprintd.so
- auth        required                                     pam_faillock.so authfail                               {include if "with-faillock"}
- auth        required                                     pam_deny.so
- 
-diff --git a/profiles/sssd/fingerprint-auth b/profiles/sssd/fingerprint-auth
-index fe3cac7..5ec1673 100644
--- a/profiles/sssd/fingerprint-auth
-+++ b/profiles/sssd/fingerprint-auth
-@@ -2,7 +2,7 @@
- auth        required                                     pam_env.so
- auth        required                                     pam_deny.so # Smartcard authentication is required     {include if "with-smartcard-required"}
- auth        required                                     pam_faillock.so preauth silent                         {include if "with-faillock"}
-auth        sufficient                                   pam_fprintd.so
-+auth        required                                     pam_fprintd.so
- auth        required                                     pam_faillock.so authfail                               {include if "with-faillock"}
- auth        required                                     pam_deny.so
- 
-diff --git a/profiles/winbind/fingerprint-auth b/profiles/winbind/fingerprint-auth
-index c4b8261..07fca0f 100644
--- a/profiles/winbind/fingerprint-auth
-+++ b/profiles/winbind/fingerprint-auth
-@@ -1,7 +1,7 @@
- {continue if "with-fingerprint"}
- auth        required                                     pam_env.so
- auth        required                                     pam_faillock.so preauth silent                         {include if "with-faillock"}
-auth        sufficient                                   pam_fprintd.so
-+auth        required                                     pam_fprintd.so
- auth        required                                     pam_faillock.so authfail                               {include if "with-faillock"}
- auth        required                                     pam_deny.so
- 
-- 
-2.29.2
-
--- a/0001-minimal-add-dconf-settings-to-explicitly-disable-fpr.patch
+++ b/0001-minimal-add-dconf-settings-to-explicitly-disable-fpr.patch
@ -1,49 +0,0 @@
-From 41197d567e0ef15cdd50b9e7658e9a0b205e6683 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Thu, 4 Mar 2021 11:59:37 +0100
-Subject: [PATCH] minimal: add dconf settings to explicitly disable fprint and
- smartcard authentication
-
-Resolves:
-https://github.com/authselect/authselect/issues/237
---
- profiles/Makefile.am         | 2 ++
- profiles/minimal/dconf-db    | 3 +++
- profiles/minimal/dconf-locks | 2 ++
- 3 files changed, 7 insertions(+)
- create mode 100644 profiles/minimal/dconf-db
- create mode 100644 profiles/minimal/dconf-locks
-
-diff --git a/profiles/Makefile.am b/profiles/Makefile.am
-index 5dfab8047fc956babe47180601a0336c0a55d15f..95e27147b2b0a229a76a293884d605484d3fa841 100644
--- a/profiles/Makefile.am
-+++ b/profiles/Makefile.am
-@@ -9,6 +9,8 @@ dist_profile_minimal_DATA = \
-     $(top_srcdir)/profiles/minimal/README \
-     $(top_srcdir)/profiles/minimal/REQUIREMENTS \
-     $(top_srcdir)/profiles/minimal/system-auth \
-+    $(top_srcdir)/profiles/minimal/dconf-db \
-+    $(top_srcdir)/profiles/minimal/dconf-locks \
-     $(NULL)
- 
- profile_nisdir = $(authselect_profile_dir)/nis
-diff --git a/profiles/minimal/dconf-db b/profiles/minimal/dconf-db
-new file mode 100644
-index 0000000000000000000000000000000000000000..a3868b794bdf9d8d6edf8363b15cb918539b8926
--- /dev/null
-+++ b/profiles/minimal/dconf-db
-@@ -0,0 +1,3 @@
-+[org/gnome/login-screen]
-+enable-smartcard-authentication=false
-+enable-fingerprint-authentication=false
-diff --git a/profiles/minimal/dconf-locks b/profiles/minimal/dconf-locks
-new file mode 100644
-index 0000000000000000000000000000000000000000..8a36fa9568344338272786394aece872185d0ab3
--- /dev/null
-+++ b/profiles/minimal/dconf-locks
-@@ -0,0 +1,2 @@
-+/org/gnome/login-screen/enable-smartcard-authentication
-+/org/gnome/login-screen/enable-fingerprint-authentication
-- 
-2.29.2
-
--- a/authselect.spec
+++ b/authselect.spec
@ -2,17 +2,14 @@
 %define _empty_manifest_terminate_build 0

 Name:           authselect
-Version:        1.2.2
-Release:        4%{?dist}
+Version:        1.2.3
+Release:        1%{?dist}
 Summary:        Configures authentication and identity sources from supported profiles
 URL:            https://github.com/authselect/authselect

 License:        GPLv3+
 Source0:        %{url}/archive/%{version}/%{name}-%{version}.tar.gz

-Patch0001: 0001-minimal-add-dconf-settings-to-explicitly-disable-fpr.patch
-Patch0002: 0001-fingerprint-Retain-error-code-returned-by-pam_fprint.patch
-
 %global makedir %{_builddir}/%{name}-%{version}

 BuildRequires:  autoconf
@ -295,6 +292,9 @@ exit 0
 exit 0

 %changelog
+* Wed Mar 31 2021 Pavel Březina <pbrezina@redhat.com> - 1.2.3-1
+- Rebase to 1.2.3
+
 * Tue Mar 09 2021 Benjamin Berg <bberg@redhat.com> - 1.2.2-4
 - Add patch to make fingerprint-auth return non-failing pam_fprintd.so errors
  Resolves: #1935331
@ -405,7 +405,7 @@ exit 0
 * Tue Feb 20 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.3-2
 - Properly own all appropriate directories
 - Remove unneeded %%defattr
- Remove deprecated Group tag 
+- Remove deprecated Group tag
 - Make Obsoletes versioned
 - Remove unneeded ldconfig scriptlets

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (authselect-1.2.2.tar.gz) = 3d75eba6ba1771a71a9c60d817064c9cd46bf03515b75a855ac15aed28c7b2b851e33aff3ebbc8092fcb07a9d86607ebe0199208b1be9839b5bddeba68020faf
+SHA512 (authselect-1.2.3.tar.gz) = bdcc1b119f482fa00bc5fc8e39074b1c5fe2d3099d3d2318751f2aba11e79c2613b0c24704799c36811b148111be1452602691b764254356c6d81bfee1b2c167