Re-enable a workaround to fix g-i-s/gnome-keyring (#2005625)

This re-enables a workaround which upstream recently disabled
for security reasons, but which is still currently needed for
gnome-keyring to function properly during gnome-initial-setup.
This should fix several bugs that were all consequences of
gnome-keyring not working correctly:

https://bugzilla.redhat.com/show_bug.cgi?id=2004565
https://bugzilla.redhat.com/show_bug.cgi?id=2005625
https://bugzilla.redhat.com/show_bug.cgi?id=2006314

0001-Re-do-gdbus-Use-DBUS_SESSION_BUS_ADDRESS-if-AT_SECUR.patch

@@ -0,0 +1,61 @@
+From d7dcec0e801fb1b78cc4e77b1a9d3b7998291c68 Mon Sep 17 00:00:00 2001
+From: Adam Williamson <awilliam@redhat.com>
+Date: Tue, 21 Sep 2021 12:09:06 -0700
+Subject: [PATCH] Re-do "gdbus: Use DBUS_SESSION_BUS_ADDRESS if AT_SECURE but
+ not setuid""
+
+This reverts commit 0f9c7ed0219cc182a183ba78245f3b461fd664e6,
+which reverted commit 7aa0580cc559148e0f4646461a42102bd98228b6,
+so we go back to allowing this workaround. gnome-keyring still
+needs it to work correctly during gnome-initial-setup on Fedora,
+and when it doesn't work correctly, there are several major
+consequences:
+
+https://bugzilla.redhat.com/show_bug.cgi?id=2004565
+https://bugzilla.redhat.com/show_bug.cgi?id=2005625
+https://bugzilla.redhat.com/show_bug.cgi?id=2006314
+---
+ gio/gdbusaddress.c | 26 ++++++++++++++++++++++++--
+ 1 file changed, 24 insertions(+), 2 deletions(-)
+
+diff --git a/gio/gdbusaddress.c b/gio/gdbusaddress.c
+index 48c766682..f873be282 100644
+--- a/gio/gdbusaddress.c
++++ b/gio/gdbusaddress.c
+@@ -1343,9 +1343,31 @@ g_dbus_address_get_for_bus_sync (GBusType       bus_type,
+ 
+     case G_BUS_TYPE_SESSION:
+       if (has_elevated_privileges)
+-        ret = NULL;
++        {
++#ifdef G_OS_UNIX
++          if (geteuid () == getuid ())
++            {
++              /* Ideally we shouldn't do this, because setgid and
++               * filesystem capabilities are also elevated privileges
++               * with which we should not be trusting environment variables
++               * from the caller. Unfortunately, there are programs with
++               * elevated privileges that rely on the session bus being
++               * available. We already prevent the really dangerous
++               * transports like autolaunch: and unixexec: when our
++               * privileges are elevated, so this can only make us connect
++               * to the wrong AF_UNIX or TCP socket. */
++              ret = g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS"));
++            }
++          else
++#endif
++            {
++              ret = NULL;
++            }
++        }
+       else
+-        ret = g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS"));
++        {
++          ret = g_strdup (g_getenv ("DBUS_SESSION_BUS_ADDRESS"));
++        }
+ 
+       if (ret == NULL)
+         {
+-- 
+2.32.0
+

glib2.spec

@@ -17,6 +17,17 @@ Patch0: gnutls-hmac.patch
 # Proposed upstream at https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1596
 Patch1: gdesktopappinfo.patch
 
+# Re-enable a workaround which has been disabled upstream for security
+# reasons, but which is still needed or else we have major problems
+# with gnome-keyring during gnome-initial-setup. Not upstreamable, we
+# need a better long-term fix. See:
+# https://gitlab.gnome.org/GNOME/glib/-/issues/2316
+# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2212
+# https://bugzilla.redhat.com/show_bug.cgi?id=2004565
+# https://bugzilla.redhat.com/show_bug.cgi?id=2005625
+# https://bugzilla.redhat.com/show_bug.cgi?id=2006314
+Patch2: 0001-Re-do-gdbus-Use-DBUS_SESSION_BUS_ADDRESS-if-AT_SECUR.patch
+
 BuildRequires: chrpath
 BuildRequires: gcc
 BuildRequires: gcc-c++