diff --git a/90-grant-audio-devices-to-gdm.fdi b/90-grant-audio-devices-to-gdm.fdi
new file mode 100644
index 0000000..a398568
--- /dev/null
+++ b/90-grant-audio-devices-to-gdm.fdi
@@ -0,0 +1,15 @@
+
+
+
+
+
+
+
+ gdm
+
+
+ gdm
+
+
+
+
diff --git a/gdm-2.17.8-a11y-fixes-for-themed-greeter.patch b/gdm-2.17.8-a11y-fixes-for-themed-greeter.patch
new file mode 100644
index 0000000..9496fd2
--- /dev/null
+++ b/gdm-2.17.8-a11y-fixes-for-themed-greeter.patch
@@ -0,0 +1,205 @@
+Index: gui/greeter/greeter_item_ulist.c
+===================================================================
+--- gui/greeter/greeter_item_ulist.c (revision 4626)
++++ gui/greeter/greeter_item_ulist.c (working copy)
+@@ -217,18 +217,41 @@
+ void
+ greeter_item_ulist_select_user (gchar *login)
+ {
+- printf ("%c%c%c%s\n", STX, BEL,
+- GDM_INTERRUPT_SELECT_USER, login);
++ /*printf ("%c%c%c%s\n", STX, BEL,
++ GDM_INTERRUPT_SELECT_USER, login);*/
++ printf ("%c%s\n", STX, login);
+
+ fflush (stdout);
+ }
+
++
++static GTimeVal last_key_press = {0, 0};
++static GTimeVal last_button_press = {0, 0};
++
+ static void
+ user_selected (GtkTreeSelection *selection, gpointer data)
+ {
+ GtkTreeModel *tm = NULL;
+ GtkTreeIter iter = {0};
++ gboolean is_button_press;
++ guint64 button_msec;
++ guint64 key_msec;
+
++ /* HACK: determine whether selection changed because of key or
++ * button press
++ *
++ * The rationale is this: if a face is pressed with the mouse
++ * we should start authenticating that user right away. But if
++ * the user uses keynav in the user list (think accessibility
++ * and blind users) we shouldn't.
++ */
++ button_msec = last_button_press.tv_sec * 1000 + last_button_press.tv_usec / 1000;
++ key_msec = last_key_press.tv_sec * 1000 + last_key_press.tv_usec / 1000;
++ is_button_press = FALSE;
++ if (button_msec > key_msec) {
++ is_button_press = TRUE;
++ }
++
+ if (gtk_tree_selection_get_selected (selection, &tm, &iter)) {
+ char *login;
+
+@@ -236,14 +259,19 @@
+ &login, -1);
+ if (login != NULL) {
+ if (selecting_user && greeter_probably_login_prompt) {
+- gtk_entry_set_text (GTK_ENTRY (pam_entry), login);
++ if (is_button_press) {
++ gtk_entry_set_text (GTK_ENTRY (pam_entry), login);
++ } else {
++ gtk_entry_set_text (GTK_ENTRY (pam_entry), "");
++ }
+ }
+ if (selecting_user) {
+ GreeterItemInfo *pamlabel = greeter_lookup_id ("pam-message");
+ if (pamlabel == NULL) {
+ gdm_common_warning ("Theme broken: must have pam-message label!");
+ }
+- greeter_item_ulist_select_user (login);
++ if (is_button_press)
++ greeter_item_ulist_select_user (login);
+ if (selected_user != NULL)
+ g_free (selected_user);
+ selected_user = g_strdup (login);
+@@ -253,11 +281,28 @@
+ }
+
+ static void
+-browser_change_focus (GtkWidget *widget, GdkEventButton *event, gpointer data)
++row_activated (GtkTreeView *tree_view, GtkTreePath *path, GtkTreeViewColumn *column, gpointer data)
+ {
+- gtk_widget_grab_focus (pam_entry);
++ if (selecting_user && greeter_probably_login_prompt) {
++ greeter_item_ulist_select_user (selected_user);
++ }
+ }
+
++static gboolean
++tv_key_press (GtkWidget *entry, GdkEventKey *event, gpointer data)
++{
++ g_get_current_time (&last_key_press);
++ return FALSE;
++}
++
++
++static gboolean
++tv_button_press (GtkWidget *entry, GdkEventKey *event, gpointer data)
++{
++ g_get_current_time (&last_button_press);
++ return FALSE;
++}
++
+ static void
+ greeter_generate_userlist (GtkWidget *tv)
+ {
+@@ -267,6 +312,12 @@
+ GreeterItemInfo *info;
+ GList *list, *li;
+
++ AtkObject *atk_widget;
++ atk_widget = gtk_widget_get_accessible (tv);
++ if (atk_widget != NULL) {
++ atk_object_set_name (atk_widget, _("Select user to log in"));
++ }
++
+ gdm_greeter_users_init ();
+
+ check_for_displays ();
+@@ -279,11 +330,14 @@
+ g_signal_connect (selection, "changed",
+ G_CALLBACK (user_selected),
+ NULL);
+-
+- g_signal_connect (GTK_TREE_VIEW (tv), "button_release_event",
+- G_CALLBACK (browser_change_focus),
++ g_signal_connect (G_OBJECT (tv), "row-activated",
++ G_CALLBACK (row_activated),
+ NULL);
++ g_signal_connect (G_OBJECT (tv), "key-press-event",
++ G_CALLBACK (tv_key_press), user_list);
++ g_signal_connect (G_OBJECT (tv), "button-press-event",
++ G_CALLBACK (tv_button_press), user_list);
+
+ tm = (GtkTreeModel *)gtk_list_store_new (4,
+ GDK_TYPE_PIXBUF,
+
+Index: gui/greeter/greeter_item_pam.c
+===================================================================
+--- gui/greeter/greeter_item_pam.c (revision 4626)
++++ gui/greeter/greeter_item_pam.c (working copy)
+@@ -184,14 +184,6 @@
+ const char *login_string;
+ GtkWidget *entry = GNOME_CANVAS_WIDGET (entry_info->item)->widget;
+
+- if ((event->keyval == GDK_Tab ||
+- event->keyval == GDK_KP_Tab) &&
+- (event->state & (GDK_CONTROL_MASK|GDK_MOD1_MASK|GDK_SHIFT_MASK)) == 0)
+- {
+- greeter_item_pam_login (GTK_ENTRY (entry), entry_info);
+- return TRUE;
+- }
+-
+ if (gtk_ok_button != NULL)
+ {
+ /*
+@@ -208,6 +200,19 @@
+ return FALSE;
+ }
+
++/* We *never* want to lose focus when we are in the process of
++ * authenticating the user */
++static gboolean
++pam_focus_out_event (GtkWidget *widget,
++ GdkEventFocus *event,
++ gpointer user_data)
++{
++ if (!greeter_probably_login_prompt) {
++ gtk_widget_grab_focus (widget);
++ }
++ return FALSE;
++}
++
+ gboolean
+ greeter_item_pam_setup (void)
+ {
+@@ -238,7 +243,9 @@
+ g_signal_connect (entry, "activate",
+ G_CALLBACK (greeter_item_pam_login), entry_info);
+ g_signal_connect (G_OBJECT (entry), "key_release_event",
+- G_CALLBACK (pam_key_release_event), NULL);
++ G_CALLBACK (pam_key_release_event), NULL);
++ g_signal_connect (G_OBJECT (entry), "focus-out-event",
++ G_CALLBACK (pam_focus_out_event), NULL);
+ }
+
+ return TRUE;
+@@ -260,6 +267,21 @@
+ if (conversation_info)
+ {
+ set_text (conversation_info, message);
++
++ if (entry_info != NULL) {
++ GnomeCanvasWidget *item = GNOME_CANVAS_WIDGET (entry_info->item);
++ if (item != NULL) {
++ GtkWidget *widget = item->widget;
++ if (widget != NULL) {
++ AtkObject *atk_widget;
++ atk_widget = gtk_widget_get_accessible (widget);
++ if (atk_widget != NULL) {
++ atk_object_set_name (atk_widget, message);
++ }
++ }
++ }
++ }
++
+ }
+
+ if (entry_info && entry_info->item &&
+
diff --git a/gdm-2.18.0-change-defaults.patch b/gdm-2.18.0-change-defaults.patch
new file mode 100644
index 0000000..b5171fb
--- /dev/null
+++ b/gdm-2.18.0-change-defaults.patch
@@ -0,0 +1,181 @@
+--- gdm-2.18.0/config/gdm.conf.in.orig 2007-03-11 17:46:16.000000000 -0400
++++ gdm-2.18.0/config/gdm.conf.in 2007-03-13 18:25:12.000000000 -0400
+@@ -66,9 +66,9 @@
+ # should leave this alone.
+ #Chooser=@libexecdir@/gdmchooser
+
+-# The greeter for local (non-xdmcp) logins. Change gdmlogin to gdmgreeter to
+-# get the new graphical greeter.
+-#Greeter=@libexecdir@/gdmlogin
++# The greeter for local (non-xdmcp) logins. Change gdmgreeter to gdmlogin to
++# get the boring greeter.
++Greeter=@libexecdir@/gdmgreeter
+
+ # The greeter for xdmcp logins, usually you want a less graphically intensive
+ # greeter here so it's better to leave this with gdmlogin
+@@ -78,23 +78,21 @@
+ # This is useful for enabling additional feature support e.g. GNOME
+ # accessibility framework. Only "trusted" modules should be allowed to minimize
+ # security holes
+-#AddGtkModules=false
++AddGtkModules=true
+ # By default, these are the accessibility modules.
+-#GtkModulesList=gail:atk-bridge:@libdir@/gtk-2.0/modules/libdwellmouselistener:@libdir@/gtk-2.0/modules/libkeymouselistener
++GtkModulesList=gail:atk-bridge:@libdir@/gtk-2.0/modules/libdwellmouselistener:@libdir@/gtk-2.0/modules/libkeymouselistener
+
+ # Default path to set. The profile scripts will likely override this value.
+ # This value will be overridden with the value from /etc/default/login if it
+ # contains "ROOT=".
+-#DefaultPath=@GDM_USER_PATH@
++DefaultPath=/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin
+ # Default path for root. The profile scripts will likely override this value.
+ # This value will be overridden with the value from /etc/default/login if it
+ # contains "SUROOT=".
+-#RootPath=/sbin:/usr/sbin:@GDM_USER_PATH@
++RootPath=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin
+
+-# If you are having trouble with using a single server for a long time and want
+-# GDM to kill/restart the server, turn this on. On Solaris, this value is
+-# always true and this configuration setting is ignored.
+-#AlwaysRestartServer=false
++# Whether to restart X server after the user logs out or not.
++AlwaysRestartServer=true
+
+ # User and group used for running GDM GUI applicaitons. By default this is set
+ # to user "gdm" and group "gdm". This user/group should have very limited
+@@ -125,22 +123,21 @@
+ XKeepsCrashing=@gdmconfdir@/XKeepsCrashing
+ # Reboot, Halt and suspend commands, you can add different commands separated
+ # by a semicolon. GDM will use the first one it can find.
+-#RebootCommand=@REBOOT_COMMAND@
+-#HaltCommand=@HALT_COMMAND@
+-#SuspendCommand=@SUSPEND_COMMAND@
++RebootCommand=/sbin/reboot;/sbin/shutdown -r now;/usr/sbin/shutdown -r now;/usr/bin/reboot
++HaltCommand=/sbin/poweroff;/sbin/shutdown -h now;/usr/sbin/shutdown -h now;/usr/bin/poweroff
+ # Probably should not touch the below this is the standard setup.
+ ServAuthDir=@authdir@
+ # This is our standard startup script. A bit different from a normal X
+ # session, but it shares a lot of stuff with that. See the provided default
+ # for more information.
+-BaseXsession=@gdmconfdir@/Xsession
++BaseXsession=/etc/X11/xinit/Xsession
+ # This is a directory where .desktop files describing the sessions live. It is
+ # really a PATH style variable since 2.4.4.2 to allow actual interoperability
+ # with KDM. Note that /Sessions is there for backwards
+ # compatibility reasons with 2.4.4.x.
+ #SessionDesktopDir=/etc/X11/sessions/:@dmconfdir@/Sessions/:@datadir@/gdm/BuiltInSessions/:@datadir@/xsessions/
+ # This is the default .desktop session. One of the ones in SessionDesktopDir
+-#DefaultSession=gnome.desktop
++DefaultSession=default.desktop
+ # Better leave this blank and HOME will be used. You can use syntax ~/ below
+ # to indicate home directory of the user. You can also set this to something
+ # like /tmp if you don't want the authorizations to be in home directories.
+@@ -148,11 +145,11 @@
+ # is the home directory the UserAuthFBDir will still be used in case the home
+ # directory is NFS, see security/NeverPlaceCookiesOnNFS to override this
+ # behavior.
+-UserAuthDir=
++UserAuthDir=/tmp
+ # Fallback directory for writing authorization file if user's home directory
+ # is not writable.
+ UserAuthFBDir=/tmp
+-UserAuthFile=.Xauthority
++#UserAuthFile=.Xauthority
+ # The X server to use if we can't figure out what else to run.
+ StandardXServer=@X_SERVER@
+ # The maximum number of flexible X servers to run.
+@@ -173,7 +170,7 @@
+ #DoubleLoginWarning=true
+ # Should a second login always resume the current session and switch VT's on
+ # Linux and FreeBSD systems for console logins
+-#AlwaysLoginCurrentSession=true
++AlwaysLoginCurrentSession=true
+
+ # If true then the last login information is printed to the user before being
+ # prompted for password. While this gives away some info on what users are on
+@@ -297,7 +294,7 @@
+ #GtkRC=@datadir@/themes/Default/gtk-2.0/gtkrc
+
+ # The GTK+ theme to use for the GUI.
+-#GtkTheme=Default
++GtkTheme=Clearlooks
+ # If to allow changing the GTK+ (widget) theme from the greeter. Currently
+ # this only affects the standard greeter as the graphical greeter does not yet
+ # have this ability.
+@@ -318,7 +315,7 @@
+ # themed login (gdmgreeter).
+ #
+ # The standard login has a title bar that the user can move.
+-#TitleBar=true
++TitleBar=false
+ # Don't allow user to move the standard login window. Only makes sense if
+ # TitleBar is on.
+ #LockPosition=false
+@@ -342,7 +339,7 @@
+ # User ID's less than the MinimalUID value will not be included in the face
+ # browser or in the gdmselection list for Automatic/Timed login. They will not
+ # be displayed regardless of the settings for Include and Exclude.
+-#MinimalUID=100
++MinimalUID=500
+ # Users listed in Include will be included in the face browser and in the
+ # gdmsetup selection list for Automatic/Timed login. Users should be separated
+ # by commas.
+@@ -359,7 +356,7 @@
+ # large numbers of users and this feature should not be used in such
+ # environments. The setting of IncludeAll does nothing if Include is set to a
+ # non-empty value.
+-#IncludeAll=false
++IncludeAll=true
+ # If user or user.png exists in this dir it will be used as his picture.
+ #GlobalFaceDir=@datadir@/pixmaps/faces/
+
+@@ -368,7 +365,7 @@
+ # file, although GDM will be able to read a standard locale.alias file as well.
+ #LocaleFile=@gdmlocaledir@/locale.alias
+ # Logo shown in the standard greeter.
+-#Logo=@pixmapdir@/gdm-foot-logo.png
++Logo=
+ # Logo shown on file chooser button in gdmsetup (do not modify this value).
+ #ChooserButtonLogo=@pixmapdir@/gdm-foot-logo.png
+ # The standard greeter should shake if a user entered the wrong username or
+@@ -415,8 +412,9 @@
+ # The Standard greeter (gdmlogin) uses BackgroundColor as the background
+ # color, while the themed greeter (gdmgreeter) uses GraphicalThemedColor
+ # as the background color.
+-BackgroundColor=#76848F
+-GraphicalThemedColor=#76848F
++BackgroundColor=#20305a
++GraphicalThemedColor=#000000
++
+ # XDMCP session should only get a color, this is the sanest setting since you
+ # don't want to take up too much bandwidth
+ #BackgroundRemoteOnlyColor=true
+@@ -437,8 +435,8 @@
+ # Show the Failsafe sessions. These are much MUCH nicer (focus for xterm for
+ # example) and more failsafe then those supplied by scripts so distros should
+ # use this rather then just running an xterm from a script.
+-#ShowGnomeFailsafeSession=true
+-#ShowXtermFailsafeSession=true
++ShowGnomeFailsafeSession=false
++ShowXtermFailsafeSession=false
+ # Normally there is a session type called 'Last' that is shown which refers to
+ # the last session the user used. If off, we will be in 'switchdesk' mode
+ # where the session saving stuff is disabled in GDM
+@@ -457,7 +455,7 @@
+ # list then provide a list that is delimited by /: to the GraphicalThemes
+ # key and set GraphicalThemeRand to true. Otherwise use GraphicalTheme
+ # and specify just one theme.
+-#GraphicalTheme=circles
++GraphicalTheme=FedoraFlyingHigh
+ #GraphicalThemes=circles/:happygnome
+ GraphicalThemeDir=@datadir@/gdm/themes/
+ GraphicalThemeRand=false
+@@ -561,7 +559,7 @@
+ # Definition of the standard X server.
+ [server-Standard]
+ name=Standard server
+-command=@X_SERVER@ @X_CONFIG_OPTIONS@ @XEVIE_OPTION@
++command=@X_SERVER@ -br @X_CONFIG_OPTIONS@ @XEVIE_OPTION@
+ flexible=true
+ # Indicates that the X server should be started at a different process
+ # priority. Values can be any integer value accepted by the setpriority C
diff --git a/gdm.spec b/gdm.spec
index 7e1dd4f..9a71a07 100644
--- a/gdm.spec
+++ b/gdm.spec
@@ -25,8 +25,9 @@ Source: http://ftp.gnome.org/pub/gnome/sources/gdm/2.18/gdm-%{version}.tar.bz2
Source1: gdm-pam
Source2: gdm-autologin-pam
Source3: gdmsetup-pam
+Source4: 90-grant-audio-devices-to-gdm.fdi
-Patch1: gdm-2.17.6-change-defaults.patch
+Patch1: gdm-2.18.0-change-defaults.patch
Patch4: gdm-2.13.0.4-update-switchdesk-location.patch
# http://bugzilla.gnome.org/show_bug.cgi?id=301817
@@ -41,7 +42,7 @@ Patch12: gdm-2.17.6-audit-login.patch
# http://bugzilla.gnome.org/show_bug.cgi?id=347798
Patch19: gdm-2.17.7-move-default-message.patch
Patch20: gdm-2.17.7-reset-pam.patch
-Patch21: gdm-2.17.3-security-tokens.patch
+#Patch21: gdm-2.17.3-security-tokens.patch
# http://bugzilla.gnome.org/show_bug.cgi?id=347871
Patch24: gdm-2.16.0-wtmp.patch
@@ -54,10 +55,13 @@ Patch28: gdm-2.17.1-desensitize-entry.patch
# http://bugzilla.gnome.org/show_bug.cgi?id=411427
Patch29: gdm-2.17.7-greeter.patch
-Patch30: gdm-2.17.7-user-list-keynav.patch
-
Patch31: gdm-2.17.8-hide-uninstalled-languages.patch
+# http://bugzilla.gnome.org/show_bug.cgi?id=412576
+Patch32: gdm-2.17.8-a11y-fixes-for-themed-greeter.patch
+
+# http://bugzilla.gnome.org/show_bug.cgi?id=411501
+Patch33: gdm-2.17.7-pass-at-to-session-3.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -74,11 +78,12 @@ Requires: /etc/pam.d/system-auth
Requires: usermode
Requires: /sbin/nologin
Requires: system-logos
-Requires: redhat-artwork >= 5.0.4-1
+Requires: redhat-artwork >= 5.0.11-1
Requires: /usr/share/desktop-menu-patches/gnome-gdmsetup.desktop
Requires: xorg-x11-server-utils
Requires: xorg-x11-xkb-utils
Requires: xorg-x11-xinit
+Requires: hal >= 0.5.9
BuildRequires: scrollkeeper >= 0:%{scrollkeeper_version}
BuildRequires: pango-devel >= 0:%{pango_version}
BuildRequires: gtk2-devel >= 0:%{gtk2_version}
@@ -126,13 +131,14 @@ several different X sessions on your local machine at the same time.
%patch12 -p1 -b .audit-login
%patch19 -p1 -b .move-default-message
%patch20 -p1 -b .reset-pam
-%patch21 -p1 -b .security-tokens
+#%patch21 -p1 -b .security-tokens
%patch24 -p1 -b .wtmp
%patch25 -p1 -b .indic-langs
%patch28 -p1 -b .desensitize-entry
%patch29 -p0 -b .greeter
-%patch30 -p1 -b .keynav
%patch31 -p1 -b .hide-uninstalled-languages
+%patch32 -p0 -b .a11y-fixes
+%patch33 -p0 -b .pass-ats-to-session
%build
cp -f %{SOURCE1} config/gdm
@@ -215,6 +221,10 @@ desktop-file-install --delete-original \
rm -rf $RPM_BUILD_ROOT%{_localstatedir}/scrollkeeper
+# grant access to alsa and oss devices for the gdm user
+mkdir -p $RPM_BUILD_ROOT%{_datadir}/hal/fdi/policy/20thirdparty
+cp %{SOURCE4} $RPM_BUILD_ROOT%{_datadir}/hal/fdi/policy/20thirdparty
+
%find_lang gdm
%clean
@@ -301,7 +311,7 @@ fi
%dir %{_sysconfdir}/gdm
%{_sysconfdir}/gdm/Xsession
%config(noreplace) %{_sysconfdir}/gdm/custom.conf
-%config %{_sysconfdir}/gdm/securitytokens.conf
+#%config %{_sysconfdir}/gdm/securitytokens.conf
%config %{_sysconfdir}/gdm/XKeepsCrashing
%config %{_sysconfdir}/gdm/locale.alias
%config %{_sysconfdir}/gdm/Init/*
@@ -324,6 +334,7 @@ fi
%{_datadir}/applications
%{_datadir}/gnome/help/gdm
%{_datadir}/omf/gdm
+%{_datadir}/hal/fdi/policy/20thirdparty/90-grant-audio-devices-to-gdm.fdi
%{_libdir}/gtk-2.0/modules/*.so
%{_bindir}/*
%{_libexecdir}/*
@@ -334,8 +345,13 @@ fi
%attr(1770, root, gdm) %dir %{_localstatedir}/gdm
%changelog
-* Tue Mar 13 2007 Matthias Clasen - 1:2.18.0-1
-- Update to 2.18.0
+* Tue Mar 13 2007 David Zeuthen - 1:2.18.0-1
+- Update to upstream release 2.18.0
+- Switch default theme to FedoraFlyingHigh and show /etc/passwd users
+- Fix accessibility in the themed greeter (GNOME #412576)
+- Enable accessible login, make sure gdm can access devices and
+ pass activated AT's to the login session (#229912)
+- Disable smart card login for now as patch doesn't apply anymore
* Fri Mar 9 2007 Ray Strode - 1:2.17.8-3
- hide langauges that aren't displayable from the list (bug 206048)