rpms/gdm
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import CS gdm-47.0-19.el10

Browse Source
This commit is contained in:
AlmaLinux RelEng Bot 2026-05-19 15:07:41 -04:00
parent 89ddd80a1b
commit d50cc4fe3a
15 changed files with 3336 additions and 264 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

219
0001-Add-headless-session-files.patch
View File

@ -1,219 +0,0 @@
From a8a0d952293337544da4681f0c896052eafd9d0f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Fri, 5 Apr 2024 16:44:07 +0200
Subject: [PATCH] Add headless session files
It consists of a python script for running the session, and a systemd
system service template.
---
data/gnome-headless-session@.service | 6 +
data/meson.build | 4 +
utils/gdm-headless-login-session | 157 +++++++++++++++++++++++++++
utils/meson.build | 5 +
4 files changed, 172 insertions(+)
create mode 100644 data/gnome-headless-session@.service
create mode 100644 utils/gdm-headless-login-session
diff --git a/data/gnome-headless-session@.service b/data/gnome-headless-session@.service
new file mode 100644
index 000000000..269d16288
--- /dev/null
+++ b/data/gnome-headless-session@.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Headless desktop session
+
+[Service]
+ExecStart=/usr/libexec/gdm-headless-login-session --user=%i
+Restart=on-failure
diff --git a/data/meson.build b/data/meson.build
index 2211e98b5..2df07cd32 100644
--- a/data/meson.build
+++ b/data/meson.build
@@ -221,3 +221,7 @@ if get_option('gdm-xsession')
install_dir: gdmconfdir,
)
endif
+
+headless_session_service = install_data('gnome-headless-session@.service',
+ install_dir: systemd_systemunitdir,
+ )
diff --git a/utils/gdm-headless-login-session b/utils/gdm-headless-login-session
new file mode 100644
index 000000000..e108be523
--- /dev/null
+++ b/utils/gdm-headless-login-session
@@ -0,0 +1,157 @@
+#!/usr/bin/env python3
+
+import argparse
+import pam
+import pwd
+import os
+import signal
+import sys
+
+import gi
+gi.require_version('AccountsService', '1.0')
+from gi.repository import AccountsService, GLib
+
+def run_desktop_in_new_session(pam_environment, user, session_desktop, tty_input, tty_output):
+ keyfile = GLib.KeyFile()
+ keyfile.load_from_data_dirs(f'wayland-sessions/{session_desktop}.desktop',
+ GLib.KeyFileFlags.NONE)
+
+ try:
+ can_run_headless = keyfile.get_boolean(GLib.KEY_FILE_DESKTOP_GROUP,
+ 'X-GDM-CanRunHeadless')
+ except GLib.GError:
+ raise Exception(f"Session {session_desktop} can't run headlessly")
+
+ if not can_run_headless:
+ raise Exception(f"Session {session_desktop} can't run headlessly")
+
+ executable = keyfile.get_string(GLib.KEY_FILE_DESKTOP_GROUP,
+ GLib.KEY_FILE_DESKTOP_KEY_TRY_EXEC)
+ if GLib.find_program_in_path(executable) is None:
+ raise Exception(f"Invalid session {session_desktop}")
+
+ command = keyfile.get_string(GLib.KEY_FILE_DESKTOP_GROUP,
+ GLib.KEY_FILE_DESKTOP_KEY_EXEC)
+ [success, args] = GLib.shell_parse_argv(command)
+
+ pam_handle = pam.pam()
+
+ for key, value in pam_environment.items():
+ pam_handle.putenv(f'{key}={value}')
+
+ if not pam_handle.authenticate(user, '', service='gdm-autologin', call_end=False):
+ raise Exception("Authentication failed")
+
+ for key, value in pam_environment.items():
+ pam_handle.putenv(f'{key}={value}')
+
+ if pam_handle.open_session() != pam.PAM_SUCCESS:
+ raise Exception("Failed to open PAM session")
+
+ session_environment = os.environ.copy()
+ session_environment.update(pam_handle.getenvlist())
+
+ user_info = pwd.getpwnam(user)
+ uid = user_info.pw_uid
+ gid = user_info.pw_gid
+
+ old_tty_output = os.fdopen(os.dup(2), 'w')
+
+ pid = os.fork()
+ if pid == 0:
+ try:
+ os.setsid()
+ except OSError as e:
+ print(f"Could not create new pid session: {e}", file=old_tty_output)
+
+ try:
+ os.dup2(tty_input.fileno(), 0)
+ os.dup2(tty_output.fileno(), 1)
+ os.dup2(tty_output.fileno(), 2)
+ except OSError as e:
+ print(f"Could not set up standard i/o: {e}", file=old_tty_output)
+
+ try:
+ os.initgroups(user, gid)
+ os.setgid(gid)
+ os.setuid(uid);
+ except OSError as e:
+ print(f"Could not become user {user} (uid={uid}): {e}", file=old_tty_output)
+
+ try:
+ os.execvpe(args[0], args, session_environment)
+ except OSError as e:
+ print(f"Could not run program \"{' '.join(arguments)}\": {e}", file=old_tty_output)
+ os._exit(1)
+
+
+ def signal_handler(sig, frame):
+ os.kill(pid, sig)
+
+ signal.signal(signal.SIGTERM, signal_handler)
+
+ try:
+ (_, exit_code) = os.waitpid(pid, 0);
+ except KeyboardInterrupt:
+ os.kill(pid, signal.SIGTERM)
+ except OSError as e:
+ print(f"Could not wait for program to finish: {e}", file=old_tty_output)
+
+ if os.WIFEXITED(exit_code):
+ exit_code = os.WEXITSTATUS(exit_code)
+ else:
+ os.kill(os.getpid(), os.WTERMSIG(exit_code))
+ old_tty_output.close()
+
+ if pam_handle.close_session() != pam.PAM_SUCCESS:
+ raise Exception("Failed to close PAM session")
+
+ pam_handle.end()
+
+ return exit_code
+
+def wait_for_user_data(user):
+ main_context = GLib.MainContext.default()
+ while not user.is_loaded():
+ main_context.iteration(True)
+
+def main():
+ parser = argparse.ArgumentParser(description='Run a desktop session in a PAM session as a specified user.')
+ parser.add_argument('--user', help='Username for which to run the session')
+
+ args = parser.parse_args()
+
+ if args.user is None:
+ parser.print_usage()
+ sys.exit(1)
+
+ try:
+ tty_path = '/dev/null'
+
+ tty_input = open(tty_path, 'r')
+ tty_output = open(tty_path, 'w')
+ except OSError as e:
+ raise Exception(f"Error opening /dev/null as tty associated with VT {vt}: {e}")
+
+ user_manager = AccountsService.UserManager().get_default()
+ user = user_manager.get_user(args.user)
+ wait_for_user_data(user)
+ session_desktop = user.get_session()
+ if not session_desktop:
+ session_desktop = 'gnome'
+
+ pam_environment = {}
+ pam_environment['XDG_SESSION_TYPE'] = 'wayland'
+ pam_environment['XDG_SESSION_CLASS'] = 'user'
+ pam_environment['XDG_SESSION_DESKTOP'] = session_desktop
+
+ try:
+ result = run_desktop_in_new_session(pam_environment, args.user, session_desktop, tty_input, tty_output)
+ except Exception as e:
+ raise Exception(f"Error running desktop session \"{session_desktop}\": {e}")
+ tty_input.close()
+ tty_output.close()
+ sys.exit(result)
+
+if __name__ == '__main__':
+ main()
diff --git a/utils/meson.build b/utils/meson.build
index e4141fb13..57dd6519f 100644
--- a/utils/meson.build
+++ b/utils/meson.build
@@ -65,3 +65,8 @@ if distro != 'none'
install_dir: get_option('libexecdir'),
)
endif
+
+gdm_headless_login_session = install_data('gdm-headless-login-session',
+ install_mode: 'rwxr-xr-x',
+ install_dir: get_option('libexecdir'),
+ )
--
2.44.0

1937
0001-Introduce-gdm-new-session-tool.patch Normal file
View File

File diff suppressed because it is too large Load Diff

365
0001-Revert-hack-that-quits-plymouth-late.patch Normal file
View File

@ -0,0 +1,365 @@
From 8a91856f4020657adcbba67482daa6db373e8ed6 Mon Sep 17 00:00:00 2001
From: Adrian Vovk <adrianvovk@gmail.com>
Date: Thu, 1 May 2025 15:42:49 -0400
Subject: [PATCH 1/2] Revert hack that quits plymouth late
Reverts 2cbd7ad1f66d0a757c1d2217705436aa1beca76a
Fixes #375
Part-of: <https://gitlab.gnome.org/GNOME/gdm/-/merge_requests/285>
---
daemon/gdm-manager.c | 27 ++++++++-------------------
1 file changed, 8 insertions(+), 19 deletions(-)
diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c
index e455dad36..0913f7a50 100644
--- a/daemon/gdm-manager.c
+++ b/daemon/gdm-manager.c
@@ -175,7 +175,7 @@ plymouth_prepare_for_transition (void)
}
}
-static gboolean
+static void
plymouth_quit_with_transition (void)
{
gboolean res;
@@ -187,8 +187,6 @@ plymouth_quit_with_transition (void)
g_warning ("Could not quit plymouth: %s", error->message);
g_error_free (error);
}
-
- return G_SOURCE_REMOVE;
}
static void
@@ -1506,6 +1504,13 @@ on_display_status_changed (GdmDisplay *display,
if (g_strcmp0 (session_class, "greeter") == 0)
set_up_session (manager, display);
}
+
+#ifdef WITH_PLYMOUTH
+ if (status == GDM_DISPLAY_MANAGED && quit_plymouth) {
+ plymouth_quit_with_transition ();
+ manager->plymouth_is_running = FALSE;
+ }
+#endif
break;
case GDM_DISPLAY_FAILED:
case GDM_DISPLAY_UNMANAGED:
@@ -1892,15 +1897,6 @@ on_user_session_started (GdmSession *session,
{
g_debug ("GdmManager: session started %d", pid);
add_session_record (manager, session, pid, SESSION_RECORD_LOGIN);
-
-#ifdef WITH_PLYMOUTH
- if (g_strcmp0 (service_name, "gdm-autologin") == 0) {
- if (manager->plymouth_is_running) {
- g_timeout_add_seconds (20, (GSourceFunc) plymouth_quit_with_transition, NULL);
- manager->plymouth_is_running = FALSE;
- }
- }
-#endif
}
static void
@@ -2124,13 +2120,6 @@ on_session_client_connected (GdmSession *session,
return;
}
-#ifdef WITH_PLYMOUTH
- if (manager->plymouth_is_running) {
- plymouth_quit_with_transition ();
- manager->plymouth_is_running = FALSE;
- }
-#endif
-
g_object_get (G_OBJECT (display), "allow-timed-login", &allow_timed_login, NULL);
if (!allow_timed_login) {
--
2.51.0
From deeb4b8aba46e37a1f6dcb85252ed713183cb170 Mon Sep 17 00:00:00 2001
From: Adrian Vovk <adrianvovk@gmail.com>
Date: Thu, 1 May 2025 16:13:53 -0400
Subject: [PATCH 2/2] manager: Combine register display with register session
Before we'd always register the display as soon as the session was
started. However, this is too early for Wayland! The compositor might
not have completely initialized its Wayland connection yet, so the
display isn't really open.
The "register display" should happen when the compositor is up and
running. This occurs when it calls RegisterSession, so it makes sense
to combine both.
This helps on terminating plymouthd when the new session has been
started, and also kill background greeters.
Part-of: <https://gitlab.gnome.org/GNOME/gdm/-/merge_requests/285>
---
daemon/gdm-local-display-factory.c | 30 ++++---------------
daemon/gdm-manager.c | 47 ++++++------------------------
daemon/gdm-manager.xml | 3 --
daemon/gdm-wayland-session.c | 31 --------------------
daemon/gdm-x-session.c | 32 --------------------
5 files changed, 15 insertions(+), 128 deletions(-)
diff --git a/daemon/gdm-local-display-factory.c b/daemon/gdm-local-display-factory.c
index 2d4f2c0..63117e1 100644
--- a/daemon/gdm-local-display-factory.c
+++ b/daemon/gdm-local-display-factory.c
@@ -515,25 +515,6 @@ on_finish_waiting_for_seat0_displays_timeout (GdmLocalDisplayFactory *factory)
return G_SOURCE_REMOVE;
}
-static void
-on_session_registered_cb (GObject *gobject,
- GParamSpec *pspec,
- gpointer user_data)
-{
- GdmDisplay *display = GDM_DISPLAY (gobject);
- GdmLocalDisplayFactory *factory = GDM_LOCAL_DISPLAY_FACTORY (user_data);
- gboolean registered;
-
- g_object_get (display, "session-registered", &registered, NULL);
-
- if (!registered)
- return;
-
- g_debug ("GdmLocalDisplayFactory: session registered on display, looking for any background displays to kill");
-
- finish_waiting_displays_on_seat (factory, "seat0");
-}
-
static void
on_display_status_changed (GdmDisplay *display,
GParamSpec *arg1,
@@ -548,6 +529,7 @@ on_display_status_changed (GdmDisplay *display,
char *session_id = NULL;
gboolean is_initial = TRUE;
gboolean is_local = TRUE;
+ gboolean registered = FALSE;
if (!factory->is_started)
@@ -618,11 +600,11 @@ on_display_status_changed (GdmDisplay *display,
break;
case GDM_DISPLAY_MANAGED:
#if defined(ENABLE_USER_DISPLAY_SERVER)
- g_signal_connect_object (display,
- "notify::session-registered",
- G_CALLBACK (on_session_registered_cb),
- factory,
- 0);
+ g_object_get (display, "session-registered", &registered, NULL);
+ if (registered) {
+ g_debug ("GdmLocalDisplayFactory: session registered on display, looking for any background displays to kill");
+ finish_waiting_displays_on_seat (factory, "seat0");
+ }
#endif
break;
case GDM_DISPLAY_WAITING_TO_FINISH:
diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c
index a99e6b5..ff04203 100644
--- a/daemon/gdm-manager.c
+++ b/daemon/gdm-manager.c
@@ -732,7 +732,7 @@ find_user_session_for_display (GdmManager *self,
}
static gboolean
-gdm_manager_handle_register_display (GdmDBusManager *manager,
+gdm_manager_handle_register_session (GdmDBusManager *manager,
GDBusMethodInvocation *invocation,
GVariant *details)
{
@@ -744,15 +744,15 @@ gdm_manager_handle_register_display (GdmDBusManager *manager,
GVariantIter iter;
char *key = NULL;
char *value = NULL;
- char *x11_display_name = NULL;
- char *tty = NULL;
-
- g_debug ("GdmManager: trying to register new display");
+ g_autofree char *x11_display_name = NULL;
+ g_autofree char *tty = NULL;
sender = g_dbus_method_invocation_get_sender (invocation);
connection = g_dbus_method_invocation_get_connection (invocation);
get_display_and_details_for_bus_sender (self, connection, sender, &display, NULL, NULL, &tty, NULL, NULL, NULL, NULL);
+ g_debug ("GdmManager: trying to register new session on display %p", display);
+
if (display == NULL) {
g_dbus_method_invocation_return_error_literal (invocation,
G_DBUS_ERROR,
@@ -792,38 +792,10 @@ gdm_manager_handle_register_display (GdmDBusManager *manager,
}
}
- g_object_set (G_OBJECT (display), "status", GDM_DISPLAY_MANAGED, NULL);
-
- gdm_dbus_manager_complete_register_display (GDM_DBUS_MANAGER (manager),
- invocation);
-
- g_clear_pointer (&x11_display_name, g_free);
- g_clear_pointer (&tty, g_free);
- return TRUE;
-}
-
-static gboolean
-gdm_manager_handle_register_session (GdmDBusManager *manager,
- GDBusMethodInvocation *invocation,
- GVariant *details)
-{
- GdmManager *self = GDM_MANAGER (manager);
- GdmDisplay *display = NULL;
- const char *sender;
- GDBusConnection *connection;
-
- sender = g_dbus_method_invocation_get_sender (invocation);
- connection = g_dbus_method_invocation_get_connection (invocation);
-
- get_display_and_details_for_bus_sender (self, connection, sender, &display,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL);
-
- g_debug ("GdmManager: trying to register new session on display %p", display);
-
- if (display != NULL)
- g_object_set (G_OBJECT (display), "session-registered", TRUE, NULL);
- else
- g_debug ("GdmManager: No display, not registering");
+ g_object_set (G_OBJECT (display),
+ "status", GDM_DISPLAY_MANAGED,
+ "session-registered", TRUE,
+ NULL);
gdm_dbus_manager_complete_register_session (GDM_DBUS_MANAGER (manager),
invocation);
@@ -1242,7 +1214,6 @@ gdm_manager_handle_open_reauthentication_channel (GdmDBusManager *manager
static void
manager_interface_init (GdmDBusManagerIface *interface)
{
- interface->handle_register_display = gdm_manager_handle_register_display;
interface->handle_register_session = gdm_manager_handle_register_session;
interface->handle_open_session = gdm_manager_handle_open_session;
interface->handle_open_reauthentication_channel = gdm_manager_handle_open_reauthentication_channel;
diff --git a/daemon/gdm-manager.xml b/daemon/gdm-manager.xml
index 92ef1d0..aba079a 100644
--- a/daemon/gdm-manager.xml
+++ b/daemon/gdm-manager.xml
@@ -1,9 +1,6 @@
<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
<node name="/org/gnome/DisplayManager/Manager">
<interface name="org.gnome.DisplayManager.Manager">
- <method name="RegisterDisplay">
- <arg name="details" direction="in" type="a{ss}"/>
- </method>
<method name="RegisterSession">
<arg name="details" direction="in" type="a{sv}"/>
</method>
diff --git a/daemon/gdm-wayland-session.c b/daemon/gdm-wayland-session.c
index d0404d2..d4d1edd 100644
--- a/daemon/gdm-wayland-session.c
+++ b/daemon/gdm-wayland-session.c
@@ -404,29 +404,6 @@ wait_on_subprocesses (State *state)
}
}
-static gboolean
-register_display (State *state,
- GCancellable *cancellable)
-{
- GError *error = NULL;
- gboolean registered = FALSE;
- GVariantBuilder details;
-
- g_variant_builder_init (&details, G_VARIANT_TYPE ("a{ss}"));
- g_variant_builder_add (&details, "{ss}", "session-type", "wayland");
-
- registered = gdm_dbus_manager_call_register_display_sync (state->display_manager_proxy,
- g_variant_builder_end (&details),
- cancellable,
- &error);
- if (error != NULL) {
- g_debug ("Could not register display: %s", error->message);
- g_error_free (error);
- }
-
- return registered;
-}
-
static void
init_state (State **state)
{
@@ -584,14 +561,6 @@ main (int argc,
if (!connect_to_display_manager (state))
goto out;
- ret = register_display (state, state->cancellable);
-
- if (!ret) {
- g_printerr ("Unable to register display with display manager\n");
- exit_status = EX_SOFTWARE;
- goto out;
- }
-
if (register_session) {
g_debug ("gdm-wayland-session: Will register session in %d seconds", REGISTER_SESSION_TIMEOUT);
state->register_session_id = g_timeout_add_seconds (REGISTER_SESSION_TIMEOUT,
diff --git a/daemon/gdm-x-session.c b/daemon/gdm-x-session.c
index 0b07ab5..36b3975 100644
--- a/daemon/gdm-x-session.c
+++ b/daemon/gdm-x-session.c
@@ -757,30 +757,6 @@ wait_on_subprocesses (State *state)
}
}
-static gboolean
-register_display (State *state,
- GCancellable *cancellable)
-{
- GError *error = NULL;
- gboolean registered = FALSE;
- GVariantBuilder details;
-
- g_variant_builder_init (&details, G_VARIANT_TYPE ("a{ss}"));
- g_variant_builder_add (&details, "{ss}", "session-type", "x11");
- g_variant_builder_add (&details, "{ss}", "x11-display-name", state->display_name);
-
- registered = gdm_dbus_manager_call_register_display_sync (state->display_manager_proxy,
- g_variant_builder_end (&details),
- cancellable,
- &error);
- if (error != NULL) {
- g_debug ("Could not register display: %s", error->message);
- g_error_free (error);
- }
-
- return registered;
-}
-
static void
init_state (State **state)
{
@@ -953,14 +929,6 @@ main (int argc,
if (!connect_to_display_manager (state))
goto out;
- ret = register_display (state, state->cancellable);
-
- if (!ret) {
- g_printerr ("Unable to register display with display manager\n");
- exit_status = EX_SOFTWARE;
- goto out;
- }
-
ret = spawn_session (state, run_script, state->cancellable);
if (!ret) {
--
2.51.0

165
0001-data-Add-support-for-unified-authentication.patch Normal file
View File

@ -0,0 +1,165 @@
From 68976aadfb6c311196012439d97094c8244cdc49 Mon Sep 17 00:00:00 2001
From: Joan Torres Lopez <joantolo@redhat.com>
Date: Thu, 18 Sep 2025 16:42:37 +0200
Subject: [PATCH 1/3] session: Log JSON request when GDM_DEBUG_JSON_REQUESTS is
set
This is only useful for debugging and testing.
---
daemon/gdm-session.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/daemon/gdm-session.c b/daemon/gdm-session.c
index 388b0d037..9affbc438 100644
--- a/daemon/gdm-session.c
+++ b/daemon/gdm-session.c
@@ -846,8 +846,9 @@ gdm_session_handle_custom_json_request (GdmDBusWorkerManager *worker_manager_in
if (conversation != NULL) {
set_pending_query (conversation, invocation);
- g_debug ("GdmSession: emitting custom JSON request '%s' v%u",
- protocol, version);
+ if (g_getenv ("GDM_DEBUG_JSON_REQUESTS") != NULL)
+ g_message ("GdmSession: emitting custom JSON request '%s' v%u: %s",
+ protocol, version, request);
gdm_dbus_user_verifier_custom_json_emit_request (custom_json_interface,
service_name,
protocol,
--
2.51.1
From bb975dec28884e371a5a54ae524315b8b7a7ea13 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Mon, 22 Jan 2024 09:40:39 -0500
Subject: [PATCH 2/3] data: Add support for unified authentication
At the moment, every authentication mechanism gets its own
separate PAM conversation.
Some PAM modules, like pam_sss, support more than one way
to authenticate the user.
Rather than starting several conversations, one for each
mechanism, this commit adds a new "unified" authentication
setting.
---
data/meson.build | 1 +
data/org.gnome.login-screen.gschema.xml | 30 +++++++++++++++++++++++++
data/pam-redhat/gdm-switchable-auth.pam | 18 +++++++++++++++
3 files changed, 49 insertions(+)
create mode 100644 data/pam-redhat/gdm-switchable-auth.pam
diff --git a/data/meson.build b/data/meson.build
index e82ce7ac1..2cbbf83e4 100644
--- a/data/meson.build
+++ b/data/meson.build
@@ -95,6 +95,7 @@ pam_data_files_map = {
'gdm-fingerprint',
'gdm-smartcard',
'gdm-password',
+ 'gdm-switchable-auth',
],
'openembedded': [
'gdm-autologin',
diff --git a/data/org.gnome.login-screen.gschema.xml b/data/org.gnome.login-screen.gschema.xml
index 5a547e9b8..cf6b03820 100644
--- a/data/org.gnome.login-screen.gschema.xml
+++ b/data/org.gnome.login-screen.gschema.xml
@@ -6,6 +6,36 @@
</enum>
<schema id="org.gnome.login-screen" path="/org/gnome/login-screen/">
+ <key name="enable-switchable-authentication" type="b">
+ <default>true</default>
+ <summary>
+ Whether or not to allow switchable authentication for login
+ </summary>
+ <description>
+ The login screen can optionally allow a single PAM service to provide
+ multiple authentication mechanisms via a GDM PAM.
+ </description>
+ </key>
+ <key name="enable-web-authentication" type="b">
+ <default>true</default>
+ <summary>
+ Whether or not to allow authentication via external web site
+ </summary>
+ <description>
+ The login screen can optionally allow users to authenticate via
+ web login.
+ </description>
+ </key>
+ <key name="enable-passkey-authentication" type="b">
+ <default>true</default>
+ <summary>
+ Whether or not to allow authentication using a passkey
+ </summary>
+ <description>
+ The login screen can optionally allow users who have passkeys to log
+ in using those passkeys.
+ </description>
+ </key>
<key name="enable-fingerprint-authentication" type="b">
<default>true</default>
<summary>
diff --git a/data/pam-redhat/gdm-switchable-auth.pam b/data/pam-redhat/gdm-switchable-auth.pam
new file mode 100644
index 000000000..6648c3cec
--- /dev/null
+++ b/data/pam-redhat/gdm-switchable-auth.pam
@@ -0,0 +1,18 @@
+auth substack switchable-auth
+auth optional pam_gnome_keyring.so
+auth include postlogin
+
+account required pam_nologin.so
+account include switchable-auth
+
+password substack switchable-auth
+-password optional pam_gnome_keyring.so use_authtok
+
+session required pam_selinux.so close
+session required pam_loginuid.so
+session required pam_selinux.so open
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include switchable-auth
+session optional pam_gnome_keyring.so auto_start
+session include postlogin
--
2.51.1
From c18c8201c4d2af24b7aaf2168a3428fea542c733 Mon Sep 17 00:00:00 2001
From: Joan Torres Lopez <joantolo@redhat.com>
Date: Thu, 12 Feb 2026 18:12:01 +0100
Subject: [PATCH 3/3] session: Use g_once for GDM_DEBUG_JSON_REQUESTS environment
variable check
Part-of: <https://gitlab.gnome.org/GNOME/gdm/-/merge_requests/353>
---
daemon/gdm-session.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/daemon/gdm-session.c b/daemon/gdm-session.c
index 5f103eddb..5c04ad1be 100644
--- a/daemon/gdm-session.c
+++ b/daemon/gdm-session.c
@@ -832,7 +832,13 @@ gdm_session_handle_custom_json_request (GdmDBusWorkerManager *worker_manager_in
if (conversation != NULL) {
set_pending_query (conversation, invocation);
- if (g_getenv ("GDM_DEBUG_JSON_REQUESTS") != NULL)
+ static gsize debug_json_requests;
+
+ if (g_once_init_enter (&debug_json_requests))
+ g_once_init_leave (&debug_json_requests,
+ g_getenv ("GDM_DEBUG_JSON_REQUESTS") != NULL ? 1 : 2);
+
+ if (debug_json_requests == 1)
g_message ("GdmSession: emitting custom JSON request '%s' v%u: %s",
protocol, version, request);
gdm_dbus_user_verifier_custom_json_emit_request (custom_json_interface,
--
2.52.0

29
0001-headless-session-Fix-autostarting-on-boot.patch
View File

@ -1,29 +0,0 @@
From e938a72b8ee65b7db2ad76f63dc3f77713871a82 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Thu, 3 Jul 2025 12:09:40 +0200
Subject: [PATCH] headless-session: Fix autostarting on boot
Make it wanted by graphical.target, and make sure it launches after gdm.
---
data/gnome-headless-session@.service | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/data/gnome-headless-session@.service b/data/gnome-headless-session@.service
index 269d16288..cba7526f8 100644
--- a/data/gnome-headless-session@.service
+++ b/data/gnome-headless-session@.service
@@ -1,6 +1,10 @@
[Unit]
Description=Headless desktop session
+After=multi-user.target rescue.service rescue.target display-manager.service
[Service]
ExecStart=/usr/libexec/gdm-headless-login-session --user=%i
Restart=on-failure
+
+[Install]
+WantedBy=graphical.target
--
2.49.0

53
0001-local-display-factory-look-for-boot_display-sysfs-at.patch Normal file
View File

@ -0,0 +1,53 @@
From 85982d61790dbbf940c12ad6e747bb1ada0b1355 Mon Sep 17 00:00:00 2001
From: ceroma <165659-ceroma@users.noreply.gitlab.gnome.org>
Date: Thu, 18 Dec 2025 06:00:26 +0000
Subject: [PATCH] local-display-factory: look for 'boot_display' sysfs attr
Part-of: <https://gitlab.gnome.org/GNOME/gdm/-/merge_requests/343>
---
daemon/gdm-local-display-factory.c | 23 +++++++++++++++++++++--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/daemon/gdm-local-display-factory.c b/daemon/gdm-local-display-factory.c
index 63117e1..23344fa 100644
--- a/daemon/gdm-local-display-factory.c
+++ b/daemon/gdm-local-display-factory.c
@@ -716,6 +716,7 @@ udev_is_settled (GdmLocalDisplayFactory *factory)
const gchar *id_path = g_udev_device_get_property (device, "ID_PATH");
g_autoptr (GUdevDevice) platform_device = NULL;
g_autoptr (GUdevDevice) pci_device = NULL;
+ g_autoptr (GUdevDevice) drm_device = NULL;
if (g_str_has_prefix (id_path, "platform-simple-framebuffer")) {
node = next_node;
@@ -743,10 +744,28 @@ udev_is_settled (GdmLocalDisplayFactory *factory)
factory->seat0_has_boot_up_graphics = TRUE;
is_settled = TRUE;
break;
- } else {
- g_debug ("GdmLocalDisplayFactory: Found secondary PCI graphics adapter, not proceeding yet.");
}
}
+
+ drm_device = g_udev_device_get_parent_with_subsystem (device, "drm", NULL);
+
+ if (drm_device != NULL) {
+ gboolean boot_display;
+
+ boot_display = g_udev_device_get_sysfs_attr_as_int (drm_device, "boot_display");
+
+ if (boot_display == 1) {
+ g_debug ("GdmLocalDisplayFactory: Found primary PCI graphics adapter, proceeding.");
+ factory->seat0_has_boot_up_graphics = TRUE;
+ is_settled = TRUE;
+ break;
+ }
+ }
+
+ if (pci_device != NULL || drm_device != NULL) {
+ g_debug ("GdmLocalDisplayFactory: Found secondary PCI graphics adapter, not proceeding yet.");
+ }
+
node = next_node;
}

134
0001-manager-Keep-register-display-method.patch Normal file
View File

@ -0,0 +1,134 @@
From 361a0a7d069e7c2bb83f9df8a57fb888ec7826ea Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Thu, 8 Jan 2026 01:00:00 +0100
Subject: [PATCH] manager: Keep register display method
The use of register session combines the old register display and register
session methods. This is the new behaviour.
To keep ABI compatibility, keep the register display method, which
internally calls register session.
---
daemon/gdm-manager.c | 51 +++++++++++++++++++++++++++++++++++++-----
daemon/gdm-manager.xml | 3 +++
2 files changed, 48 insertions(+), 6 deletions(-)
diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c
index ff04203..be6daea 100644
--- a/daemon/gdm-manager.c
+++ b/daemon/gdm-manager.c
@@ -731,6 +731,16 @@ find_user_session_for_display (GdmManager *self,
return NULL;
}
+static gboolean
+display_is_managed_and_registered (GdmDisplay *display)
+{
+ gboolean session_registered = FALSE;
+
+ g_object_get (display, "session-registered", &session_registered, NULL);
+
+ return gdm_display_get_status (display) == GDM_DISPLAY_MANAGED && session_registered;
+}
+
static gboolean
gdm_manager_handle_register_session (GdmDBusManager *manager,
GDBusMethodInvocation *invocation,
@@ -738,6 +748,7 @@ gdm_manager_handle_register_session (GdmDBusManager *manager,
{
GdmManager *self = GDM_MANAGER (manager);
const char *sender;
+ const char *method_name;
GDBusConnection *connection;
GdmDisplay *display = NULL;
GdmSession *session;
@@ -746,9 +757,13 @@ gdm_manager_handle_register_session (GdmDBusManager *manager,
char *value = NULL;
g_autofree char *x11_display_name = NULL;
g_autofree char *tty = NULL;
+ gboolean is_register_display;
sender = g_dbus_method_invocation_get_sender (invocation);
connection = g_dbus_method_invocation_get_connection (invocation);
+ method_name = g_dbus_method_invocation_get_method_name (invocation);
+ is_register_display = g_strcmp0 (method_name, "RegisterDisplay") == 0;
+
get_display_and_details_for_bus_sender (self, connection, sender, &display, NULL, NULL, &tty, NULL, NULL, NULL, NULL);
g_debug ("GdmManager: trying to register new session on display %p", display);
@@ -762,11 +777,32 @@ gdm_manager_handle_register_session (GdmDBusManager *manager,
return TRUE;
}
+ if (display_is_managed_and_registered (display)) {
+ g_debug ("GdmManager: display already managed and session-registered");
+ if (is_register_display)
+ gdm_dbus_manager_complete_register_display (GDM_DBUS_MANAGER (manager), invocation);
+ else
+ gdm_dbus_manager_complete_register_session (GDM_DBUS_MANAGER (manager), invocation);
+
+ return TRUE;
+ }
+
g_variant_iter_init (&iter, details);
- while (g_variant_iter_loop (&iter, "{&s&s}", &key, &value)) {
- if (g_strcmp0 (key, "x11-display-name") == 0) {
- x11_display_name = g_strdup (value);
- break;
+ if (is_register_display) {
+ while (g_variant_iter_loop (&iter, "{&s&s}", &key, &value)) {
+ if (g_strcmp0 (key, "x11-display-name") == 0) {
+ x11_display_name = g_strdup (value);
+ break;
+ }
+ }
+ } else {
+ GVariant *variant_value = NULL;
+ while (g_variant_iter_loop (&iter, "{&sv}", &key, &variant_value)) {
+ if (g_strcmp0 (key, "x11-display-name") == 0 &&
+ g_variant_is_of_type (variant_value, G_VARIANT_TYPE_STRING)) {
+ x11_display_name = g_variant_dup_string (variant_value, NULL);
+ break;
+ }
}
}
@@ -797,8 +833,10 @@ gdm_manager_handle_register_session (GdmDBusManager *manager,
"session-registered", TRUE,
NULL);
- gdm_dbus_manager_complete_register_session (GDM_DBUS_MANAGER (manager),
- invocation);
+ if (is_register_display)
+ gdm_dbus_manager_complete_register_display (GDM_DBUS_MANAGER (manager), invocation);
+ else
+ gdm_dbus_manager_complete_register_session (GDM_DBUS_MANAGER (manager), invocation);
return TRUE;
}
@@ -1214,6 +1252,7 @@ gdm_manager_handle_open_reauthentication_channel (GdmDBusManager *manager
static void
manager_interface_init (GdmDBusManagerIface *interface)
{
+ interface->handle_register_display = gdm_manager_handle_register_session;
interface->handle_register_session = gdm_manager_handle_register_session;
interface->handle_open_session = gdm_manager_handle_open_session;
interface->handle_open_reauthentication_channel = gdm_manager_handle_open_reauthentication_channel;
diff --git a/daemon/gdm-manager.xml b/daemon/gdm-manager.xml
index aba079a..92ef1d0 100644
--- a/daemon/gdm-manager.xml
+++ b/daemon/gdm-manager.xml
@@ -1,6 +1,9 @@
<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
<node name="/org/gnome/DisplayManager/Manager">
<interface name="org.gnome.DisplayManager.Manager">
+ <method name="RegisterDisplay">
+ <arg name="details" direction="in" type="a{ss}"/>
+ </method>
<method name="RegisterSession">
<arg name="details" direction="in" type="a{sv}"/>
</method>
--
2.51.1

107
0001-manager-Quit-plymouth-when-no-local-display-is-avail.patch Normal file
View File

@ -0,0 +1,107 @@
From d2c0213ba03004c42cb474a543ca91042de570e0 Mon Sep 17 00:00:00 2001
From: Joan Torres Lopez <joantolo@redhat.com>
Date: Tue, 15 Jul 2025 16:19:01 +0200
Subject: [PATCH] manager: Quit plymouth when no local display is available
In this case plymouth is not needed and it needs to quit. This is
necessary to allow reaching graphical.target so that the user can
log in at least at serial console.
---
daemon/gdm-local-display-factory.c | 23 ++++++++++++++++++++++-
daemon/gdm-manager.c | 17 +++++++++++++++++
2 files changed, 39 insertions(+), 1 deletion(-)
diff --git a/daemon/gdm-local-display-factory.c b/daemon/gdm-local-display-factory.c
index 3e77bf85b..e22f95fb8 100644
--- a/daemon/gdm-local-display-factory.c
+++ b/daemon/gdm-local-display-factory.c
@@ -96,6 +96,13 @@ enum {
PROP_0,
};
+enum {
+ GRAPHICS_UNSUPPORTED,
+ LAST_SIGNAL,
+};
+
+static guint signals [LAST_SIGNAL] = { 0 };
+
static void gdm_local_display_factory_class_init (GdmLocalDisplayFactoryClass *klass);
static void gdm_local_display_factory_init (GdmLocalDisplayFactory *factory);
static void gdm_local_display_factory_finalize (GObject *object);
@@ -937,8 +944,11 @@ ensure_display_for_seat (GdmLocalDisplayFactory *factory,
}
}
- if (!seat_supports_graphics)
+ if (!seat_supports_graphics) {
+ if (is_seat0)
+ g_signal_emit (factory, signals[GRAPHICS_UNSUPPORTED], 0);
return;
+ }
g_assert (session_types != NULL);
@@ -1676,6 +1686,17 @@ gdm_local_display_factory_class_init (GdmLocalDisplayFactoryClass *klass)
factory_class->start = gdm_local_display_factory_start;
factory_class->stop = gdm_local_display_factory_stop;
+
+ signals [GRAPHICS_UNSUPPORTED] =
+ g_signal_new ("graphics-unsupported",
+ G_OBJECT_CLASS_TYPE (object_class),
+ G_SIGNAL_RUN_FIRST,
+ 0,
+ NULL,
+ NULL,
+ NULL,
+ G_TYPE_NONE,
+ 0);
}
static void
diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c
index f73bccf61..0df57939b 100644
--- a/daemon/gdm-manager.c
+++ b/daemon/gdm-manager.c
@@ -2619,6 +2619,16 @@ gdm_manager_get_displays (GdmManager *manager,
return TRUE;
}
+static void
+on_graphics_unsupported (GdmLocalDisplayFactory *factory,
+ GdmManager *manager)
+{
+ if (manager->plymouth_is_running) {
+ plymouth_quit_without_transition ();
+ manager->plymouth_is_running = FALSE;
+ }
+}
+
void
gdm_manager_stop (GdmManager *manager)
{
@@ -2628,6 +2638,9 @@ gdm_manager_stop (GdmManager *manager)
if (manager->local_factory != NULL) {
gdm_display_factory_stop (GDM_DISPLAY_FACTORY (manager->local_factory));
+ g_signal_handlers_disconnect_by_func (manager->local_factory,
+ G_CALLBACK (on_graphics_unsupported),
+ manager);
}
#ifdef HAVE_LIBXDMCP
@@ -2655,6 +2668,10 @@ gdm_manager_start (GdmManager *manager)
#endif
if (!manager->xdmcp_enabled || manager->show_local_greeter) {
gdm_display_factory_start (GDM_DISPLAY_FACTORY (manager->local_factory));
+ g_signal_connect (manager->local_factory,
+ "graphics-unsupported",
+ G_CALLBACK (on_graphics_unsupported),
+ manager);
}
/* Accept remote connections */
--
2.50.1

1
0001-meson-Define-missing-HAVE_LIBAUDIT.patch
View File

@ -23,4 +23,3 @@ index 8da5ae878..eaa93a652 100644
--
2.49.0

50
0001-session-Don-t-report-service-unavailable-error-as-fa.patch Normal file
View File

@ -0,0 +1,50 @@
From f04dc0418694b20f789479bfd1d88404fd0c5fde Mon Sep 17 00:00:00 2001
From: Joan Torres Lopez <joantolo@redhat.com>
Date: Fri, 12 Sep 2025 17:24:15 +0200
Subject: [PATCH] session: Don't report service unavailable error as failed
authentication
Service unavailable error happens when authentication is performed
using gdm-fingerprint and fprintd service is terminated
(either manually or from a timeout).
In those cases, failed authentications were being reported, making the login
greeter display something like:
"There were <x> failed login attempts since the last successful login.".
This fixes it.
Part-of: <https://gitlab.gnome.org/GNOME/gdm/-/merge_requests/317>
---
daemon/gdm-session.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/daemon/gdm-session.c b/daemon/gdm-session.c
index ae6840188..46bd1da9d 100644
--- a/daemon/gdm-session.c
+++ b/daemon/gdm-session.c
@@ -259,11 +259,16 @@ on_authenticate_cb (GdmDBusWorker *proxy,
if (worked) {
gdm_session_authorize (self, service_name);
} else {
- g_signal_emit (self,
- signals[AUTHENTICATION_FAILED],
- 0,
- service_name,
- conversation->worker_pid);
+ if (!g_error_matches (error,
+ GDM_SESSION_WORKER_ERROR,
+ GDM_SESSION_WORKER_ERROR_SERVICE_UNAVAILABLE)) {
+ g_signal_emit (self,
+ signals[AUTHENTICATION_FAILED],
+ 0,
+ service_name,
+ conversation->worker_pid);
+ }
+
report_and_stop_conversation (self, service_name, error);
}
}
--
2.52.0

1
0001-session-Fix-memory-leak-on-new-outside-connection.patch
View File

@ -94,4 +94,3 @@ index 33dee7606..08ba39cf6 100644
--
2.49.0

349
0001-session-record-Rework-wtmp-utmp-btmp-fields.patch Normal file
View File

@ -0,0 +1,349 @@
From 161ce350f8acd18ad49ca880667c1f90f2b55d93 Mon Sep 17 00:00:00 2001
From: Adrian Vovk <adrianvovk@gmail.com>
Date: Wed, 12 Nov 2025 14:59:03 -0500
Subject: [PATCH] session-record: Rework wtmp/utmp/btmp fields
This reworks the logic we use when setting the various fields in the
wtmp/utmp/btmp records.
Previously, we'd set the hostname to "[<remote IP>]:<X11 display>" in
the X11 case and to "login screen" on Wayland. We'd also set the "line"
(which is supposed to contain the TTY) to the TTY on X11 but the seat ID
on Wayland. And finally we simply wouldn't write these records for
remote Wayland sessions.
Now: the hostname is always just a remote IP address for remote
sessions, and the string "local" for local sessions. The "line" is also
consistently set to the TTY, or the seat ID if no TTY is available, or
the string "headless" if no seat is set and the session is headless.
Also Wayland remote sessions are supported properly now.
This also happens to get rid of this code's dependency on X11: we no
longer consider the X11 display name
Co-authored-by: Joan Torres Lopez <joantolo@redhat.com>
---
daemon/gdm-manager.c | 47 ++++----------
daemon/gdm-session-record.c | 122 ++++++++++++++----------------------
daemon/gdm-session-record.h | 13 ++--
3 files changed, 64 insertions(+), 118 deletions(-)
diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c
index d1654dd33..67f5a7919 100644
--- a/daemon/gdm-manager.c
+++ b/daemon/gdm-manager.c
@@ -642,68 +642,46 @@ add_session_record (GdmManager *manager,
SessionRecord record)
{
const char *username;
- char *display_name, *hostname, *display_device, *display_seat_id;
- gboolean recorded = FALSE;
- display_name = NULL;
- username = NULL;
- hostname = NULL;
- display_device = NULL;
- display_seat_id = NULL;
+ g_autofree char *hostname = NULL;
+ g_autofree char *display_device = NULL;
+ g_autofree char *display_seat_id = NULL;
username = gdm_session_get_username (session);
-
- if (username == NULL) {
- goto out;
- }
+ if (username == NULL)
+ return FALSE;
g_object_get (G_OBJECT (session),
- "display-name", &display_name,
"display-hostname", &hostname,
"display-device", &display_device,
"display-seat-id", &display_seat_id,
NULL);
- if (display_name == NULL && display_device == NULL) {
- if (display_seat_id == NULL)
- goto out;
-
- display_name = g_strdup ("login screen");
- display_device = g_strdup (display_seat_id);
- }
-
switch (record) {
case SESSION_RECORD_LOGIN:
gdm_session_record_login (pid,
username,
hostname,
- display_name,
- display_device);
+ display_device,
+ display_seat_id);
break;
case SESSION_RECORD_LOGOUT:
gdm_session_record_logout (pid,
username,
hostname,
- display_name,
- display_device);
+ display_device,
+ display_seat_id);
break;
case SESSION_RECORD_FAILED:
gdm_session_record_failed (pid,
username,
hostname,
- display_name,
- display_device);
+ display_device,
+ display_seat_id);
break;
}
- recorded = TRUE;
-out:
- g_free (display_name);
- g_free (hostname);
- g_free (display_device);
- g_free (display_seat_id);
-
- return recorded;
+ return FALSE;
}
static GdmSession *
@@ -1867,7 +1845,6 @@ on_user_session_started (GdmSession *session,
GdmManager *manager)
{
g_debug ("GdmManager: session started %d", pid);
- add_session_record (manager, session, pid, SESSION_RECORD_LOGIN);
}
static void
diff --git a/daemon/gdm-session-record.c b/daemon/gdm-session-record.c
index f913dee37..6f9e91bfa 100644
--- a/daemon/gdm-session-record.c
+++ b/daemon/gdm-session-record.c
@@ -111,78 +111,52 @@ record_set_pid (UTMP *u,
static void
record_set_host (UTMP *u,
- const char *x11_display_name,
- const char *host_name)
+ const char *remote_host)
{
- g_autofree char *hostname = NULL;
-
+ const char *hostname;
#if defined(HAVE_UT_UT_HOST)
- /*
- * Set ut_host to hostname:$DISPLAY if remote, otherwise set
- * to $DISPLAY
- */
- if (host_name != NULL
- && x11_display_name != NULL
- && g_str_has_prefix (x11_display_name, ":")) {
- hostname = g_strdup_printf ("%s%s", host_name, x11_display_name);
- } else {
- hostname = g_strdup (x11_display_name);
- }
-
- if (hostname != NULL) {
- memccpy (u->ut_host, hostname, '\0', sizeof (u->ut_host));
- g_debug ("using ut_host %.*s", (int) sizeof (u->ut_host), u->ut_host);
+ if (remote_host != NULL)
+ hostname = remote_host;
+ else
+ hostname = "local";
+ memccpy (u->ut_host, hostname, '\0', sizeof (u->ut_host));
+ g_debug ("using ut_host %.*s", (int) sizeof (u->ut_host), u->ut_host);
#ifdef HAVE_UT_UT_SYSLEN
- u->ut_syslen = MIN (strlen (hostname), sizeof (u->ut_host));
+ u->ut_syslen = MIN (strlen (hostname), sizeof (u->ut_host));
#endif
- }
#endif
}
static void
record_set_line (UTMP *u,
- const char *display_device,
- const char *x11_display_name)
+ const char *tty,
+ const char *seat_id)
{
- /*
- * Set ut_line to the device name associated with this display
- * but remove the "/dev/" prefix if there is one. Otherwise, if it
- * seems like the display device is a seat id, just use it wholesale.
- * If there's no device at all, but $DISPLAY is set, just fall back to
- * using that.
- */
- if (display_device != NULL && g_str_has_prefix (display_device, "/dev/")) {
- memccpy (u->ut_line,
- display_device + strlen ("/dev/"),
- '\0',
- sizeof (u->ut_line));
- } else if (display_device != NULL && g_str_has_prefix (display_device, "seat")) {
- memccpy (u->ut_line,
- display_device,
- '\0',
- sizeof (u->ut_line));
- } else if (x11_display_name != NULL) {
- memccpy (u->ut_line,
- x11_display_name,
- '\0',
- sizeof (u->ut_line));
- }
-
+ const char *line;
+
+ if (tty != NULL) {
+ if (g_str_has_prefix (tty, "/dev/"))
+ line = tty + strlen("/dev/");
+ else
+ line = tty;
+ } else if (seat_id != NULL)
+ line = seat_id;
+ else
+ line = "headless";
+
+ memccpy (u->ut_line, line, '\0', sizeof (u->ut_line));
g_debug ("using ut_line %.*s", (int) sizeof (u->ut_line), u->ut_line);
}
void
-gdm_session_record_login (GPid session_pid,
- const char *user_name,
- const char *host_name,
- const char *x11_display_name,
- const char *display_device)
+gdm_session_record_login (GPid session_pid,
+ const char *user_name,
+ const char *host_name,
+ const char *tty,
+ const char *seat_id)
{
UTMP session_record = { 0 };
- if (x11_display_name == NULL)
- x11_display_name = display_device;
-
record_set_username (&session_record, user_name);
g_debug ("Writing login record");
@@ -194,8 +168,8 @@ gdm_session_record_login (GPid session_pid,
record_set_timestamp (&session_record);
record_set_pid (&session_record, session_pid);
- record_set_host (&session_record, x11_display_name, host_name);
- record_set_line (&session_record, display_device, x11_display_name);
+ record_set_host (&session_record, host_name);
+ record_set_line (&session_record, tty, seat_id);
/* Handle wtmp */
g_debug ("Writing wtmp session record to " GDM_NEW_SESSION_RECORDS_FILE);
@@ -223,16 +197,15 @@ gdm_session_record_login (GPid session_pid,
}
void
-gdm_session_record_logout (GPid session_pid,
- const char *user_name,
- const char *host_name,
- const char *x11_display_name,
- const char *display_device)
+gdm_session_record_logout (GPid session_pid,
+ const char *user_name,
+ const char *host_name,
+ const char *tty,
+ const char *seat_id)
{
UTMP session_record = { 0 };
- if (x11_display_name == NULL)
- x11_display_name = display_device;
+ record_set_username (&session_record, user_name);
g_debug ("Writing logout record");
@@ -243,8 +216,8 @@ gdm_session_record_logout (GPid session_pid,
record_set_timestamp (&session_record);
record_set_pid (&session_record, session_pid);
- record_set_host (&session_record, x11_display_name, host_name);
- record_set_line (&session_record, display_device, x11_display_name);
+ record_set_host (&session_record, host_name);
+ record_set_line (&session_record, tty, seat_id);
/* Handle wtmp */
g_debug ("Writing wtmp logout record to " GDM_NEW_SESSION_RECORDS_FILE);
@@ -268,17 +241,14 @@ gdm_session_record_logout (GPid session_pid,
}
void
-gdm_session_record_failed (GPid session_pid,
- const char *user_name,
- const char *host_name,
- const char *x11_display_name,
- const char *display_device)
+gdm_session_record_failed (GPid session_pid,
+ const char *user_name,
+ const char *host_name,
+ const char *tty,
+ const char *seat_id)
{
UTMP session_record = { 0 };
- if (x11_display_name == NULL)
- x11_display_name = display_device;
-
record_set_username (&session_record, user_name);
g_debug ("Writing failed session attempt record");
@@ -290,8 +260,8 @@ gdm_session_record_failed (GPid session_pid,
record_set_timestamp (&session_record);
record_set_pid (&session_record, session_pid);
- record_set_host (&session_record, x11_display_name, host_name);
- record_set_line (&session_record, display_device, x11_display_name);
+ record_set_host (&session_record, host_name);
+ record_set_line (&session_record, tty, seat_id);
#if defined(HAVE_UPDWTMPX) || defined(HAVE_UPDWTMP)
/* Handle btmp */
diff --git a/daemon/gdm-session-record.h b/daemon/gdm-session-record.h
index 3c53268fa..bbe323aa0 100644
--- a/daemon/gdm-session-record.h
+++ b/daemon/gdm-session-record.h
@@ -29,21 +29,20 @@ void
gdm_session_record_login (GPid session_pid,
const char *user_name,
const char *host_name,
- const char *x11_display_name,
- const char *display_device);
+ const char *tty,
+ const char *seat_id);
void
gdm_session_record_logout (GPid session_pid,
const char *user_name,
const char *host_name,
- const char *x11_display_name,
- const char *display_device);
+ const char *tty,
+ const char *seat_id);
void
gdm_session_record_failed (GPid session_pid,
const char *user_name,
const char *host_name,
- const char *x11_display_name,
- const char *display_device);
-
+ const char *tty,
+ const char *seat_id);
G_END_DECLS
--
2.51.0

93
0002-data-Drop-X11-fallback-rules.patch Normal file
View File

@ -0,0 +1,93 @@
From 91608626f360638c0dbffa1dbad58c426c8fc733 Mon Sep 17 00:00:00 2001
From: Neal Gompa <ngompa@fedoraproject.org>
Date: Mon, 8 Jul 2024 20:35:28 -0400
Subject: [PATCH 2/2] data: Drop X11 fallback rules
We expect Wayland to work on all conceivable configurations.
---
data/61-gdm.rules.in | 60 --------------------------------------------
1 file changed, 60 deletions(-)
diff --git a/data/61-gdm.rules.in b/data/61-gdm.rules.in
index 354277bfe..eb9eedbf5 100644
--- a/data/61-gdm.rules.in
+++ b/data/61-gdm.rules.in
@@ -10,22 +10,8 @@ ATTR{vendor}=="0x1b36", ATTR{device}=="0x0100", RUN+="/usr/bin/touch /run/udev/g
# vga
ATTR{vendor}=="0x1234", ATTR{device}=="0x1111", RUN+="/usr/bin/touch /run/udev/gdm-machine-has-virtual-gpu", ENV{GDM_MACHINE_HAS_VIRTUAL_GPU}="1", GOTO="gdm_pci_device_end"
-# disable Wayland on Hi1710 chipsets
-ATTR{vendor}=="0x19e5", ATTR{device}=="0x1711", GOTO="gdm_disable_wayland"
-
LABEL="gdm_pci_device_end"
-# disable Wayland if modesetting is disabled
-KERNEL!="card[0-9]*", GOTO="gdm_nomodeset_end"
-KERNEL=="card[0-9]-*", GOTO="gdm_nomodeset_end"
-SUBSYSTEM!="drm", GOTO="gdm_nomodeset_end"
-# but keep it enabled for simple framebuffer drivers
-DRIVERS=="simple-framebuffer", GOTO="gdm_nomodeset_end"
-IMPORT{parent}="GDM_MACHINE_HAS_VIRTUAL_GPU"
-ENV{GDM_MACHINE_HAS_VIRTUAL_GPU}!="1", RUN+="/usr/bin/touch /run/udev/gdm-machine-has-hardware-gpu"
-IMPORT{cmdline}="nomodeset", GOTO="gdm_disable_wayland"
-LABEL="gdm_nomodeset_end"
-
# The vendor nvidia driver has multiple modules that need to be loaded before GDM can make an
# informed choice on which way to proceed, so force GDM to wait until NVidia's modules are
# loaded before starting up.
@@ -41,17 +27,6 @@ IMPORT{program}="/bin/sh -c \"sed -e 's/: /=/g' -e 's/\([^[:upper:]]\)\([[:upper
# If it is, there's no need to check for the suspend/resume services
ENV{NVIDIA_ENABLE_S0IX_POWER_MANAGEMENT}=="1", GOTO="gdm_nvidia_suspend_end"
-# Check if suspend/resume services necessary for working wayland support is available
-TEST{0711}!="/usr/bin/nvidia-sleep.sh", GOTO="gdm_disable_wayland"
-TEST{0711}!="/usr/lib/systemd/system-sleep/nvidia", GOTO="gdm_disable_wayland"
-
-ENV{NVIDIA_PRESERVE_VIDEO_MEMORY_ALLOCATIONS}!="1", GOTO="gdm_disable_wayland"
-IMPORT{program}="/bin/sh -c 'echo NVIDIA_HIBERNATE=`systemctl is-enabled nvidia-hibernate`'"
-ENV{NVIDIA_HIBERNATE}!="enabled", GOTO="gdm_disable_wayland"
-IMPORT{program}="/bin/sh -c 'echo NVIDIA_RESUME=`systemctl is-enabled nvidia-resume`'"
-ENV{NVIDIA_RESUME}!="enabled", GOTO="gdm_disable_wayland"
-IMPORT{program}="/bin/sh -c 'echo NVIDIA_SUSPEND=`systemctl is-enabled nvidia-suspend`'"
-ENV{NVIDIA_SUSPEND}!="enabled", GOTO="gdm_disable_wayland"
LABEL="gdm_nvidia_suspend_end"
LABEL="gdm_nvidia_end"
@@ -64,35 +39,3 @@ IMPORT{program}="/bin/sh -c \"echo GDM_NUMBER_OF_GRAPHICS_CARDS=`ls -1d /sys/cla
ENV{GDM_NUMBER_OF_GRAPHICS_CARDS}=="1", RUN+="/usr/bin/rm -f /run/udev/gdm-machine-has-hybrid-graphics"
ENV{GDM_NUMBER_OF_GRAPHICS_CARDS}!="1", RUN+="/usr/bin/touch /run/udev/gdm-machine-has-hybrid-graphics"
LABEL="gdm_hybrid_graphics_check_end"
-
-# Disable wayland in situation where we're in a guest with a virtual gpu and host passthrough gpu
-#LABEL="gdm_virt_passthrough_check"
-TEST!="/run/udev/gdm-machine-has-hybrid-graphics", GOTO="gdm_virt_passthrough_check_end"
-TEST!="/run/udev/gdm-machine-has-virtual-gpu", GOTO="gdm_virt_passthrough_check_end"
-TEST!="/run/udev/gdm-machine-has-hardware-gpu", GOTO="gdm_virt_passthrough_check_end"
-GOTO="gdm_disable_wayland"
-LABEL="gdm_virt_passthrough_check_end"
-
-# Disable wayland when there are multiple virtual gpus
-#LABEL="gdm_virt_multi_gpu_check"
-TEST!="/run/udev/gdm-machine-has-hybrid-graphics", GOTO="gdm_virt_multi_gpu_check_end"
-TEST!="/run/udev/gdm-machine-has-virtual-gpu", GOTO="gdm_virt_multi_gpu_check_end"
-TEST=="/run/udev/gdm-machine-has-hardware-gpu", GOTO="gdm_virt_multi_gpu_check_end"
-LABEL="gdm_virt_multi_gpu_check_end"
-
-# Disable wayland when nvidia modeset is disabled
-KERNEL!="nvidia_drm", GOTO="gdm_nvidia_drm_end"
-SUBSYSTEM!="module", GOTO="gdm_nvidia_drm_end"
-ACTION!="add", GOTO="gdm_nvidia_drm_end"
-# disable wayland if nvidia-drm modeset is not enabled
-ATTR{parameters/modeset}!="Y", GOTO="gdm_disable_wayland"
-LABEL="gdm_nvidia_drm_end"
-
-GOTO="gdm_end"
-
-LABEL="gdm_disable_wayland"
-RUN+="@libexecdir@/gdm-runtime-config set daemon WaylandEnable false"
-GOTO="gdm_end"
-
-LABEL="gdm_end"
-
---
2.45.2

95
gdm.spec
View File

@ -2,7 +2,7 @@
## (rpmautospec version 0.6.5)
## RPMAUTOSPEC: autorelease, autochangelog
%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
release_number = 7;
release_number = 19;
base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
print(release_number + base_release_number - 1);
}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
@ -33,19 +33,49 @@ Source6: gdm.sysusers
# Downstream patches
Patch: 0001-Honor-initial-setup-being-disabled-by-distro-install.patch
Patch: 0001-data-add-system-dconf-databases-to-gdm-profile.patch
Patch: 0001-Add-headless-session-files.patch
Patch: 0001-schema-Add-banner-message-path-and-source-settings.patch
Patch: 0002-data-Drop-X11-fallback-rules.patch
# RHEL-5703
# https://gitlab.gnome.org/GNOME/gdm/-/merge_requests/298
Patch: 0001-session-Fix-memory-leak-on-new-outside-connection.patch
# RHEL-4104
# https://gitlab.gnome.org/GNOME/gdm/-/merge_requests/272
Patch: 0001-schema-Add-banner-message-path-and-source-settings.patch
# RHEL-1846
# https://gitlab.gnome.org/GNOME/gdm/-/merge_requests/284
Patch: 0001-meson-Define-missing-HAVE_LIBAUDIT.patch
# RHEL-69319
Patch: 0001-headless-session-Fix-autostarting-on-boot.patch
# RHEL-5703
# https://gitlab.gnome.org/GNOME/gdm/-/merge_requests/298
Patch: 0001-session-Fix-memory-leak-on-new-outside-connection.patch
# RHEL-62663
# https://gitlab.gnome.org/GNOME/gdm/-/merge_requests/303
Patch: 0001-manager-Quit-plymouth-when-no-local-display-is-avail.patch
# RHEL-126603
# https://gitlab.gnome.org/GNOME/gdm/-/merge_requests/288
Patch: 0001-Introduce-gdm-new-session-tool.patch
# RHEL-86140
# https://gitlab.gnome.org/GNOME/gdm/-/merge_requests/285
Patch: 0001-Revert-hack-that-quits-plymouth-late.patch
Patch: 0001-manager-Keep-register-display-method.patch
# RHEL-4147
# https://gitlab.gnome.org/GNOME/gdm/-/merge_requests/335
Patch: 0001-session-record-Rework-wtmp-utmp-btmp-fields.patch
# RHEL-14524
# Passwordless work
# https://gitlab.gnome.org/GNOME/gdm/-/merge_requests/330
Patch: 0001-data-Add-support-for-unified-authentication.patch
# RHEL-86485
# https://gitlab.gnome.org/GNOME/gdm/-/merge_requests/317
Patch: 0001-session-Don-t-report-service-unavailable-error-as-fa.patch
# RHEL-168869
# https://gitlab.gnome.org/GNOME/gdm/-/merge_requests/343
Patch: 0001-local-display-factory-look-for-boot_display-sysfs-at.patch
BuildRequires: dconf
BuildRequires: desktop-file-utils
@ -258,7 +288,7 @@ fi
%{_libexecdir}/gdm-runtime-config
%{_libexecdir}/gdm-session-worker
%{_libexecdir}/gdm-wayland-session
%{_libexecdir}/gdm-headless-login-session
%{_libexecdir}/gdm-new-session
%{_sbindir}/gdm
%{_bindir}/gdmflexiserver
%{_bindir}/gdm-config
@ -274,6 +304,8 @@ fi
%{_datadir}/gdm/locale.alias
%{_datadir}/gdm/gdb-cmd
%{_datadir}/gnome-session/sessions/gnome-login.session
%{_datadir}/polkit-1/rules.d/20-gdm.rules
%{_datadir}/polkit-1/actions/org.gnome.displaymanager.policy
%{_libdir}/girepository-1.0/Gdm-1.0.typelib
%{_libdir}/security/pam_gdm.so
%{_libdir}/libgdm*.so*
@ -285,6 +317,7 @@ fi
%attr(0600, gdm, gdm) %{_localstatedir}/lib/gdm/.config/pulse/default.pa
%attr(0711, root, gdm) %dir /run/gdm
%config %{_sysconfdir}/pam.d/gdm-smartcard
%config %{_sysconfdir}/pam.d/gdm-switchable-auth
%config %{_sysconfdir}/pam.d/gdm-fingerprint
%{_sysconfdir}/pam.d/gdm-launch-environment
%{_unitdir}/gdm.service
@ -313,14 +346,50 @@ fi
%changelog
## START: Generated by rpmautospec
* Wed Jul 16 2025 Jonas Ådahl <jadahl@redhat.com> - 1:47.0-7
* Thu Apr 23 2026 Joan Torres Lopez <joantolo@redhat.com> - 1:47.0-19
- Check for "boot_vga" when creating the display
* Tue Feb 17 2026 Joan Torres Lopez <joantolo@redhat.com> - 1:47.0-18
- Fix reporting false failed authentication
* Tue Feb 17 2026 Joan Torres Lopez <joantolo@redhat.com> - 1:47.0-17
- Update debug_json_requests with extra optimization
* Mon Jan 19 2026 Joan Torres Lopez <joantolo@redhat.com> - 1:47.0-16
- Backport GDM passwordless feature
* Mon Jan 19 2026 Joan Torres Lopez <joantolo@redhat.com> - 1:47.0-15
- Keep register display method
* Mon Dec 22 2025 Joan Torres Lopez <joantolo@redhat.com> - 1:47.0-14
- Fix recording wtmp/utmp/btmp
* Mon Dec 22 2025 Joan Torres Lopez <joantolo@redhat.com> - 1:47.0-13
- Improve plymouth handling
* Wed Nov 05 2025 Joan Torres Lopez <joantolo@redhat.com> - 1:47.0-12
- Add starting headless sessions with C tool
* Thu Aug 21 2025 Joan Torres Lopez <joantolo@redhat.com> - 1:47.0-11
- Quit plymouth when no local display is available
* Wed Jul 16 2025 Jonas Ådahl <jadahl@redhat.com> - 1:47.0-10
- Fix launching headless service on boot
* Tue May 06 2025 Joan Torres <joantolo@redhat.com> - 1:47.0-6
* Thu Jun 19 2025 Joan Torres López <joantolo@redhat.com> - 1:47.0-9
- Fix leak on new connections
* Tue May 06 2025 Joan Torres <joantolo@redhat.com> - 1:47.0-8
- meson: Define missing HAVE_LIBAUDIT
* Thu Jun 19 2025 Joan Torres López <joantolo@redhat.com> - 1:47.0-5
- Fix leak on new connections
* Tue May 06 2025 Joan Torres <joantolo@redhat.com> - 1:47.0-7
- Specify downstream and upstream patches
* Tue May 06 2025 Joan Torres <joantolo@redhat.com> - 1:47.0-6
- Remove unused patches
* Tue May 06 2025 Joan Torres <joantolo@redhat.com> - 1:47.0-5
- Add and update removed by mistake patch
* Wed Feb 05 2025 Florian Müllner <fmuellner@redhat.com> - 1:47.0-4
- schema: Add banner-message-path and -source settings

2
sources
View File

@ -1 +1 @@
5578b2839ec78ef0b155a6ef6b82384495ef0f3ceb49f4bc7c656bf9dafa95b260148c7fc9b8295b71d4a2d33f6fe6c4a47485cd9eba5c0929f0492ba06e0893 gdm-47.0.tar.xz
SHA512 (gdm-47.0.tar.xz) = 5578b2839ec78ef0b155a6ef6b82384495ef0f3ceb49f4bc7c656bf9dafa95b260148c7fc9b8295b71d4a2d33f6fe6c4a47485cd9eba5c0929f0492ba06e0893