Backport some upstream smartcard changes that make it work better with p11-kit

Resolves: #1796190

Rework how subscription-manager plugin is conditionalized so it doens't get built on centos 8 stream.
This commit is contained in:
Ray Strode 2023-07-24 15:16:49 -04:00
parent 0e30bccd4a
commit f2cf3a09ed
21 changed files with 655 additions and 118 deletions

View File

@ -1,7 +1,7 @@
From a1c2685bc6b255f22b6ce4645c001d428cb67907 Mon Sep 17 00:00:00 2001
From b0fb67c05e19a1a8715c1045f02657055d9e2578 Mon Sep 17 00:00:00 2001
From: Marek Kasik <mkasik@redhat.com>
Date: Wed, 22 May 2019 14:56:42 +0200
Subject: [PATCH] smartcard: Cancel cancellable when stopping
Subject: [PATCH 1/4] smartcard: Cancel cancellable when stopping
self->cancellable in GsdSmartcardManager is not cancelled
at gsd_smartcard_manager_stop() and hence some callbacks are
@ -19,13 +19,40 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1688791 and
their duplicates for additional info.
---
plugins/smartcard/gsd-smartcard-manager.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletion(-)
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/plugins/smartcard/gsd-smartcard-manager.c b/plugins/smartcard/gsd-smartcard-manager.c
index 014c17be..da1e0d6d 100644
index 94ffdd90..09ccecc0 100644
--- a/plugins/smartcard/gsd-smartcard-manager.c
+++ b/plugins/smartcard/gsd-smartcard-manager.c
@@ -184,7 +184,7 @@
@@ -157,71 +157,72 @@ unload_nss (GsdSmartcardManager *self)
if (self->priv->nss_context != NULL) {
g_clear_pointer (&self->priv->nss_context,
NSS_ShutdownContext);
g_debug ("NSS database '%s' unloaded", GSD_SMARTCARD_MANAGER_NSS_DB);
} else {
g_debug ("NSS database '%s' already not loaded", GSD_SMARTCARD_MANAGER_NSS_DB);
}
}
typedef struct
{
SECMODModule *driver;
GHashTable *smartcards;
int number_of_consecutive_errors;
} WatchSmartcardsOperation;
static void
on_watch_cancelled (GCancellable *cancellable,
WatchSmartcardsOperation *operation)
{
SECMOD_CancelWait (operation->driver);
}
static gboolean
watch_one_event_from_driver (GsdSmartcardManager *self,
WatchSmartcardsOperation *operation,
GCancellable *cancellable,
GError **error)
{
GsdSmartcardManagerPrivate *priv = self->priv;
@ -34,7 +61,9 @@ index 014c17be..da1e0d6d 100644
CK_SLOT_ID slot_id;
gulong handler_id;
int old_slot_series = -1, slot_series;
@@ -190,7 +190,8 @@ watch_one_event_from_driver (GsdSmartcardManager *self,
handler_id = g_cancellable_connect (cancellable,
G_CALLBACK (on_watch_cancelled),
operation,
NULL);
@ -44,7 +73,61 @@ index 014c17be..da1e0d6d 100644
g_cancellable_disconnect (cancellable, handler_id);
@@ -773,6 +774,8 @@ gsd_smartcard_manager_stop (GsdSmartcardManager *self)
if (g_cancellable_set_error_if_cancelled (cancellable, error)) {
g_warning ("smartcard event function cancelled");
return FALSE;
}
if (card == NULL) {
int error_code;
error_code = PORT_GetError ();
operation->number_of_consecutive_errors++;
if (operation->number_of_consecutive_errors > 10) {
g_warning ("Got %d consecutive smartcard errors, so giving up.",
operation->number_of_consecutive_errors);
g_set_error (error,
GSD_SMARTCARD_MANAGER_ERROR,
GSD_SMARTCARD_MANAGER_ERROR_WITH_NSS,
"encountered unexpected error while "
"waiting for smartcard events (error %x)",
error_code);
return FALSE;
}
g_warning ("Got potentially spurious smartcard event error: %x.", error_code);
g_usleep (0.5 * G_USEC_PER_SEC);
@@ -764,60 +765,62 @@ gsd_smartcard_manager_idle_cb (GsdSmartcardManager *self)
gnome_settings_profile_end (NULL);
priv->start_idle_id = 0;
return FALSE;
}
gboolean
gsd_smartcard_manager_start (GsdSmartcardManager *self,
GError **error)
{
GsdSmartcardManagerPrivate *priv = self->priv;
gnome_settings_profile_start (NULL);
priv->start_idle_id = g_idle_add ((GSourceFunc) gsd_smartcard_manager_idle_cb, self);
g_source_set_name_by_id (priv->start_idle_id, "[gnome-settings-daemon] gsd_smartcard_manager_idle_cb");
gnome_settings_profile_end (NULL);
return TRUE;
}
void
gsd_smartcard_manager_stop (GsdSmartcardManager *self)
{
GsdSmartcardManagerPrivate *priv = self->priv;
g_debug ("Stopping smartcard manager");
@ -53,6 +136,33 @@ index 014c17be..da1e0d6d 100644
unload_nss (self);
g_clear_object (&priv->settings);
--
2.23.0
g_clear_object (&priv->cancellable);
g_clear_object (&priv->session_manager);
g_clear_object (&priv->screen_saver);
}
static void
on_screen_locked (GsdScreenSaver *screen_saver,
GAsyncResult *result,
GsdSmartcardManager *self)
{
gboolean is_locked;
GError *error = NULL;
is_locked = gsd_screen_saver_call_lock_finish (screen_saver, result, &error);
if (!is_locked) {
g_warning ("Couldn't lock screen: %s", error->message);
g_error_free (error);
return;
}
}
static void
lock_screen (GsdSmartcardManager *self)
{
GsdSmartcardManagerPrivate *priv = self->priv;
--
2.39.2

View File

@ -1,12 +1,14 @@
From bee6d42503ec9b56f6e10704db02bcedb6a4fdf1 Mon Sep 17 00:00:00 2001
From 13f7bc5958dc4ae7139e195098e5fbee58455f43 Mon Sep 17 00:00:00 2001
From: Richard Hughes <rhughes@redhat.com>
Date: Thu, 20 Aug 2020 11:16:09 -0400
Subject: [PATCH 01/15] subman: Add a new plugin to provide system subscription
Subject: [PATCH 01/16] subman: Add a new plugin to provide system subscription
registration
---
meson.build | 1 +
plugins/meson.build | 1 +
meson.build | 6 +
meson_options.txt | 1 +
plugins/dummy/meson.build | 4 +
plugins/meson.build | 4 +
plugins/subman/README.md | 56 +
plugins/subman/gsd-subman-common.c | 36 +
plugins/subman/gsd-subman-common.h | 40 +
@ -18,7 +20,7 @@ Subject: [PATCH 01/15] subman: Add a new plugin to provide system subscription
...ome.SettingsDaemon.Subscription.desktop.in | 9 +
...ettings-daemon.plugins.subman.policy.in.in | 27 +
...gnome.settings-daemon.plugins.subman.rules | 7 +
13 files changed, 1664 insertions(+)
15 files changed, 1677 insertions(+)
create mode 100644 plugins/subman/README.md
create mode 100644 plugins/subman/gsd-subman-common.c
create mode 100644 plugins/subman/gsd-subman-common.h
@ -32,62 +34,10 @@ Subject: [PATCH 01/15] subman: Add a new plugin to provide system subscription
create mode 100644 plugins/subman/org.gnome.settings-daemon.plugins.subman.rules
diff --git a/meson.build b/meson.build
index 1632ea05..27bf8c4c 100644
index 1632ea05..7a0be003 100644
--- a/meson.build
+++ b/meson.build
@@ -70,60 +70,61 @@ if gsd_buildtype.contains('debug')
]
compiler_flags = cc.get_supported_arguments(test_cflags)
elif gsd_buildtype.contains('release')
common_flags += ['-DG_DISABLE_CAST_CHECKS']
endif
# Workaround for meson's bug
# https://github.com/mesonbuild/meson/pull/1896
if get_option('b_ndebug') == true
common_flags += ['-DG_DISABLE_ASSERT']
endif
add_project_arguments(common_flags + compiler_flags, language: 'c')
glib_dep = dependency('glib-2.0', version: '>= 2.56')
colord_dep = dependency('colord', version: '>= 1.0.2')
geocode_glib_dep = dependency('geocode-glib-1.0', version: '>= 3.10.0')
gio_dep = dependency('gio-2.0', version: '>= 2.53.0')
gio_unix_dep = dependency('gio-unix-2.0')
gnome_desktop_dep = dependency('gnome-desktop-3.0', version: '>= 3.11.1')
gsettings_desktop_dep = dependency('gsettings-desktop-schemas', version: '>= 3.27.90')
gtk_dep = dependency('gtk+-3.0', version: '>= 3.15.3')
gtk_x11_dep = dependency('gtk+-x11-3.0')
gweather_dep = dependency('gweather-3.0', version: '>= 3.9.5')
lcms_dep = dependency('lcms2', version: '>= 2.2')
libcanberra_gtk_dep = dependency('libcanberra-gtk3')
libgeoclue_dep = dependency('libgeoclue-2.0', version: '>= 2.3.1')
libnotify_dep = dependency('libnotify', version: '>= 0.7.3')
libpulse_mainloop_glib_dep = dependency('libpulse-mainloop-glib', version: '>= 2.0')
+jsonglib_dep = dependency('json-glib-1.0', version: '>= 1.1.1')
pango_dep = dependency('pango', version: '>= 1.20.0')
polkit_gobject_dep = dependency('polkit-gobject-1', version: '>= 0.103')
upower_glib_dep = dependency('upower-glib', version: '>= 0.99.0')
x11_dep = dependency('x11')
m_dep = cc.find_library('m')
dl_dep = cc.find_library('dl')
# ALSA integration (default enabled)
enable_alsa = get_option('alsa')
assert(enable_alsa or not host_is_linux, 'ALSA is not optional on Linux platforms')
libgvc = subproject(
'gvc',
default_options: [
'static=true',
'alsa=' + enable_alsa.to_string()
]
)
libgvc_dep = libgvc.get_variable('libgvc_dep')
@@ -121,60 +121,66 @@ libgvc_dep = libgvc.get_variable('libgvc_dep')
# GUdev integration (default enabled)
enable_gudev = get_option('gudev')
if enable_gudev
@ -97,17 +47,129 @@ index 1632ea05..27bf8c4c 100644
if host_is_linux
assert(enable_gudev, 'GUdev is not optional on Linux platforms')
endif
has_timerfd_create = cc.has_function('timerfd_create')
config_h.set10('HAVE_TIMERFD', has_timerfd_create)
# Check for wayland dependencies
enable_wayland = get_option('wayland')
if enable_wayland
assert(enable_gudev, 'GUDev support is required for wayland support.')
wayland_client_dep = dependency('wayland-client')
wayland_gdk_dep = dependency('gdk-wayland-3.0')
endif
config_h.set10('HAVE_WAYLAND', enable_wayland)
# wacom (disabled for s390/s390x and non Linux platforms)
enable_wacom = host_is_linux_not_s390
if enable_wacom
assert(enable_gudev, 'GUDev support is required for wacom support.')
libwacom_dep = dependency('libwacom', version: '>= 0.7')
endif
config_h.set10('HAVE_WACOM', enable_wacom)
+# subscription manager section
+enable_subman = get_option('subscription_manager')
+if enable_subman
+ jsonglib_dep = dependency('json-glib-1.0', version: '>= 1.1.1')
+endif
+
# smartcard section
enable_smartcard = get_option('smartcard')
if enable_smartcard
nss_dep = dependency('nss', version: '>= 3.11.2')
system_nssdb_dir = get_option('nssdb_dir')
if system_nssdb_dir == ''
system_nssdb_dir = join_paths(gsd_sysconfdir, 'pki', 'nssdb')
endif
endif
# CUPS
enable_cups = get_option('cups')
if enable_cups
cups_dep = dependency('cups', version : '>= 1.4', required: false)
assert(cups_dep.found(), 'CUPS 1.4 or newer not found')
# FIXME: 1.6 cflags generate a lot of errors
'''
cups_cflags = []
if cups_dep.version().version_compare('>= 1.6')
cups_cflags += '-D_PPD_DEPRECATED=""'
endif
cups_dep = declare_dependency(
dependencies: cups_dep,
compile_args: cups_cflags
)
'''
endif
diff --git a/meson_options.txt b/meson_options.txt
index 50bd1749..4327e07b 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -1,10 +1,11 @@
option('nssdb_dir', type: 'string', value: '', description: 'Absolute path to the system NSS database directory')
option('udev_dir', type: 'string', value: '', description: 'Absolute path of the udev base directory')
option('alsa', type: 'boolean', value: true, description: 'build with ALSA support (not optional on Linux platforms)')
option('gudev', type: 'boolean', value: true, description: 'build with gudev device support (not optional on Linux platforms)')
option('cups', type: 'boolean', value: true, description: 'build with CUPS support')
option('network_manager', type: 'boolean', value: true, description: 'build with NetworkManager support (not optional on Linux platforms)')
option('rfkill', type: 'boolean', value: true, description: 'build with rfkill support (not optional on Linux platforms)')
+option('subscription_manager', type: 'boolean', value: true, description: 'build with subscription-manager support')
option('smartcard', type: 'boolean', value: true, description: 'build with smartcard support')
option('wayland', type: 'boolean', value: true, description: 'build with Wayland support')
diff --git a/plugins/dummy/meson.build b/plugins/dummy/meson.build
index f563efa6..96105061 100644
--- a/plugins/dummy/meson.build
+++ b/plugins/dummy/meson.build
@@ -1,31 +1,35 @@
desktops = []
+if not enable_subman
+ desktops += ['org.gnome.SettingsDaemon.Subscription']
+endif
+
if not enable_smartcard
desktops += ['org.gnome.SettingsDaemon.Smartcard']
endif
if not enable_cups
desktops += ['org.gnome.SettingsDaemon.PrintNotifications']
endif
if not enable_rfkill
desktops += ['org.gnome.SettingsDaemon.Rfkill']
endif
if not enable_wacom
desktops += ['org.gnome.SettingsDaemon.Wacom']
endif
foreach desktop: desktops
dummy_conf = configuration_data()
dummy_conf.set('libexecdir', gsd_libexecdir)
dummy_conf.set('pluginname', desktop)
configure_file(
input: 'org.gnome.SettingsDaemon.Dummy.desktop.in',
output: desktop + '.desktop',
configuration: dummy_conf,
install: true,
install_dir: gsd_xdg_autostart
)
endforeach
diff --git a/plugins/meson.build b/plugins/meson.build
index 3c4d42ac..4c9caf47 100644
index 3c4d42ac..4fe46b68 100644
--- a/plugins/meson.build
+++ b/plugins/meson.build
@@ -1,35 +1,36 @@
@@ -1,48 +1,52 @@
enabled_plugins = [
['a11y-settings', 'A11ySettings'],
['account', 'Account'],
['clipboard', 'Clipboard'],
['color', 'Color'],
+ ['subman', 'Subscription'],
['datetime', 'Datetime'],
['dummy', ''],
['power', 'Power'],
@ -121,6 +183,10 @@ index 3c4d42ac..4c9caf47 100644
['xsettings', 'XSettings']
]
+if enable_subman
+ enabled_plugins += [['subman', 'Subscription']]
+endif
+
if enable_smartcard
enabled_plugins += [['smartcard', 'Smartcard']]
endif
@ -138,6 +204,19 @@ index 3c4d42ac..4c9caf47 100644
endif
plugins_conf = configuration_data()
plugins_conf.set('libexecdir', gsd_libexecdir)
plugins_deps = [libgsd_dep]
plugins_cflags = ['-DGNOME_SETTINGS_LOCALEDIR="@0@"'.format(gsd_localedir)]
foreach plugin: [['common', '']] + enabled_plugins
plugin_name = plugin[0]
cflags = [
'-DG_LOG_DOMAIN="@0@-plugin"'.format(plugin_name),
'-DPLUGIN_NAME="@0@"'.format(plugin_name),
] + plugins_cflags
diff --git a/plugins/subman/README.md b/plugins/subman/README.md
new file mode 100644
index 00000000..3e1cc3cd
@ -1867,5 +1946,5 @@ index 00000000..1ed3a0ea
+ }
+});
--
2.30.0
2.41.0.rc2

View File

@ -0,0 +1,124 @@
From 65d854c690cad1ccef6544a8c571bbb723ff9be0 Mon Sep 17 00:00:00 2001
From: Jack Massey <jacknmassey@gmail.com>
Date: Tue, 17 Sep 2019 09:39:56 +1000
Subject: [PATCH 2/4] smartcard: Change manager to non-blocking
NSS's SECMOND_WaitForAnyTokenEvent uses the pkcs11 C_WaitForSlotEvent,
and by default NSS will use p11-kit, at least on Fedora and Ubuntu.
p11-kit doesn't support the blocking call for C_WaitForSlotEvent so NSS
falls back to a polling simulation of the C_WaitForSlotEvent. This
causes the LED on the smartcard to blink constantly as the card is
polled.
If we instead use the non-blocking version of the call, which p11-kit
supports, NSS doesn't poll the card. The downside of this is that the
application will wake up every second to check for events even if there
hasn't been any, plus the fact that there could be up to a second delay
between the event and it being picked up by gsd-smartcard. However, NSS
is polling anyway so this is consistent with existing behaviour.
The reason a one second delay was chosen was because this is what was
currently used in NSS. nss/lib/dev/devslot.c:17
/* measured in seconds */
#define NSSSLOT_TOKEN_DELAY_TIME 1
---
plugins/smartcard/gsd-smartcard-manager.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/plugins/smartcard/gsd-smartcard-manager.c b/plugins/smartcard/gsd-smartcard-manager.c
index 09ccecc0..77650643 100644
--- a/plugins/smartcard/gsd-smartcard-manager.c
+++ b/plugins/smartcard/gsd-smartcard-manager.c
@@ -167,75 +167,86 @@ typedef struct
{
SECMODModule *driver;
GHashTable *smartcards;
int number_of_consecutive_errors;
} WatchSmartcardsOperation;
static void
on_watch_cancelled (GCancellable *cancellable,
WatchSmartcardsOperation *operation)
{
SECMOD_CancelWait (operation->driver);
}
static gboolean
watch_one_event_from_driver (GsdSmartcardManager *self,
WatchSmartcardsOperation *operation,
GCancellable *cancellable,
GError **error)
{
GsdSmartcardManagerPrivate *priv = self->priv;
PK11SlotInfo *card = NULL, *old_card;
CK_SLOT_ID slot_id;
gulong handler_id;
int old_slot_series = -1, slot_series;
handler_id = g_cancellable_connect (cancellable,
G_CALLBACK (on_watch_cancelled),
operation,
NULL);
- if (handler_id != 0)
- card = SECMOD_WaitForAnyTokenEvent (operation->driver, 0, PR_SecondsToInterval (1));
+ if (handler_id != 0) {
+ /* Use the non-blocking version of the call as p11-kit, which
+ * is used on both Fedora and Ubuntu, doesn't support the
+ * blocking version of the call.
+ */
+ card = SECMOD_WaitForAnyTokenEvent (operation->driver, CKF_DONT_BLOCK, PR_SecondsToInterval (1));
+ }
g_cancellable_disconnect (cancellable, handler_id);
if (g_cancellable_set_error_if_cancelled (cancellable, error)) {
g_warning ("smartcard event function cancelled");
return FALSE;
}
if (card == NULL) {
int error_code;
error_code = PORT_GetError ();
+ if (error_code == SEC_ERROR_NO_EVENT) {
+ g_usleep (1 * G_USEC_PER_SEC);
+
+ return TRUE;
+ }
+
operation->number_of_consecutive_errors++;
if (operation->number_of_consecutive_errors > 10) {
g_warning ("Got %d consecutive smartcard errors, so giving up.",
operation->number_of_consecutive_errors);
g_set_error (error,
GSD_SMARTCARD_MANAGER_ERROR,
GSD_SMARTCARD_MANAGER_ERROR_WITH_NSS,
"encountered unexpected error while "
"waiting for smartcard events (error %x)",
error_code);
return FALSE;
}
g_warning ("Got potentially spurious smartcard event error: %x.", error_code);
g_usleep (0.5 * G_USEC_PER_SEC);
return TRUE;
}
operation->number_of_consecutive_errors = 0;
slot_id = PK11_GetSlotID (card);
slot_series = PK11_GetSlotSeries (card);
old_card = g_hash_table_lookup (operation->smartcards, GINT_TO_POINTER ((int) slot_id));
/* If there is a different card in the slot now than
* there was before, then we need to emit a removed signal
* for the old card
*/
--
2.39.2

View File

@ -1,7 +1,7 @@
From f723ed1078e050c4d966d40b2aea74970c74279c Mon Sep 17 00:00:00 2001
From 72cb524e415e47764bac0e770c303146a507bd0c Mon Sep 17 00:00:00 2001
From: Kalev Lember <klember@redhat.com>
Date: Thu, 27 Jun 2019 16:12:00 +0200
Subject: [PATCH 02/15] subman: Add InstalledProducts dbus property for g-c-c
Subject: [PATCH 02/16] subman: Add InstalledProducts dbus property for g-c-c
---
plugins/subman/gsd-subscription-manager.c | 135 ++++++++++++++++++++++
@ -764,5 +764,5 @@ index 08b13fa6..a8c18a26 100644
handle_set_property
};
--
2.30.0
2.41.0.rc2

View File

@ -0,0 +1,83 @@
From 5da276e4559d5c3b072a9870db6d78a1fe788339 Mon Sep 17 00:00:00 2001
From: Jack Massey <jacknmassey@gmail.com>
Date: Tue, 17 Sep 2019 09:39:59 +1000
Subject: [PATCH 3/4] smartcard: Change timeout on spurious event error
The 0.5s timeout was probably based on the fact that the
SECMOD_WaitForAnyTokenEvent call was blocking, it doesn't make sense to
have the timeout on the error case less than the timeout on the normal
case.
---
plugins/smartcard/gsd-smartcard-manager.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/plugins/smartcard/gsd-smartcard-manager.c b/plugins/smartcard/gsd-smartcard-manager.c
index 77650643..a29df3e0 100644
--- a/plugins/smartcard/gsd-smartcard-manager.c
+++ b/plugins/smartcard/gsd-smartcard-manager.c
@@ -209,61 +209,61 @@ watch_one_event_from_driver (GsdSmartcardManager *self,
return FALSE;
}
if (card == NULL) {
int error_code;
error_code = PORT_GetError ();
if (error_code == SEC_ERROR_NO_EVENT) {
g_usleep (1 * G_USEC_PER_SEC);
return TRUE;
}
operation->number_of_consecutive_errors++;
if (operation->number_of_consecutive_errors > 10) {
g_warning ("Got %d consecutive smartcard errors, so giving up.",
operation->number_of_consecutive_errors);
g_set_error (error,
GSD_SMARTCARD_MANAGER_ERROR,
GSD_SMARTCARD_MANAGER_ERROR_WITH_NSS,
"encountered unexpected error while "
"waiting for smartcard events (error %x)",
error_code);
return FALSE;
}
g_warning ("Got potentially spurious smartcard event error: %x.", error_code);
- g_usleep (0.5 * G_USEC_PER_SEC);
+ g_usleep (1 * G_USEC_PER_SEC);
return TRUE;
}
operation->number_of_consecutive_errors = 0;
slot_id = PK11_GetSlotID (card);
slot_series = PK11_GetSlotSeries (card);
old_card = g_hash_table_lookup (operation->smartcards, GINT_TO_POINTER ((int) slot_id));
/* If there is a different card in the slot now than
* there was before, then we need to emit a removed signal
* for the old card
*/
if (old_card != NULL) {
old_slot_series = PK11_GetSlotSeries (old_card);
if (old_slot_series != slot_series) {
/* Card registered with slot previously is
* different than this card, so update its
* exported state to track the implicit missed
* removal
*/
gsd_smartcard_service_sync_token (priv->service, old_card, cancellable);
}
g_hash_table_remove (operation->smartcards, GINT_TO_POINTER ((int) slot_id));
}
if (PK11_IsPresent (card)) {
g_debug ("Detected smartcard insertion event in slot %d", (int) slot_id);
--
2.39.2

View File

@ -1,7 +1,7 @@
From 0d88b2133b20957e00b0eeb0c0f48932485cc73d Mon Sep 17 00:00:00 2001
From b95bfe8f944fdc9080a660a35e3cf493b4f10154 Mon Sep 17 00:00:00 2001
From: Kalev Lember <klember@redhat.com>
Date: Fri, 28 Jun 2019 18:10:36 +0200
Subject: [PATCH 03/15] subman: Increase RHSM dbus call timeouts
Subject: [PATCH 03/16] subman: Increase RHSM dbus call timeouts
Increase the dbus timeouts to 5 minutes as the register/unregister calls
seem to routinely take more than a minute.
@ -309,5 +309,5 @@ index 182f7190..af7a82e9 100644
/* auto-attach */
if (!_helper_auto_attach (&error)) {
--
2.30.0
2.41.0.rc2

View File

@ -0,0 +1,94 @@
From 2b0b62d8b04a2c3d6e1d4fccacfd29dd3da2d04c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20H=C3=A4rdeman?= <david@hardeman.nu>
Date: Wed, 12 Apr 2023 22:23:51 +0200
Subject: [PATCH 4/4] smartcard: check for the addition of new smartcard
readers
gsd-smartcard currently checks for the insertion/removal of smartcards
in reader devices which where present at the time gsd-smartcard was
started, but does not account for new smartcard readers appearing
after gsd-smartcard was started.
This patch adds support for checking for the addition of new slots
(i.e. smartcard readers), which is necessary to support devices
like the Yubikey (a "reader" and a smartcard) which may be inserted
after gsd-smartcard was started.
---
plugins/smartcard/gsd-smartcard-manager.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/plugins/smartcard/gsd-smartcard-manager.c b/plugins/smartcard/gsd-smartcard-manager.c
index a29df3e0..fbb9b260 100644
--- a/plugins/smartcard/gsd-smartcard-manager.c
+++ b/plugins/smartcard/gsd-smartcard-manager.c
@@ -188,61 +188,66 @@ watch_one_event_from_driver (GsdSmartcardManager *self,
CK_SLOT_ID slot_id;
gulong handler_id;
int old_slot_series = -1, slot_series;
handler_id = g_cancellable_connect (cancellable,
G_CALLBACK (on_watch_cancelled),
operation,
NULL);
if (handler_id != 0) {
/* Use the non-blocking version of the call as p11-kit, which
* is used on both Fedora and Ubuntu, doesn't support the
* blocking version of the call.
*/
card = SECMOD_WaitForAnyTokenEvent (operation->driver, CKF_DONT_BLOCK, PR_SecondsToInterval (1));
}
g_cancellable_disconnect (cancellable, handler_id);
if (g_cancellable_set_error_if_cancelled (cancellable, error)) {
g_warning ("smartcard event function cancelled");
return FALSE;
}
if (card == NULL) {
int error_code;
error_code = PORT_GetError ();
if (error_code == SEC_ERROR_NO_EVENT) {
- g_usleep (1 * G_USEC_PER_SEC);
+ int old_slot_count = operation->driver->slotCount;
+ SECMOD_UpdateSlotList (operation->driver);
+ if (operation->driver->slotCount != old_slot_count)
+ g_debug ("Slot count change %i -> %i", old_slot_count, operation->driver->slotCount);
+ else
+ g_usleep (1 * G_USEC_PER_SEC);
return TRUE;
}
operation->number_of_consecutive_errors++;
if (operation->number_of_consecutive_errors > 10) {
g_warning ("Got %d consecutive smartcard errors, so giving up.",
operation->number_of_consecutive_errors);
g_set_error (error,
GSD_SMARTCARD_MANAGER_ERROR,
GSD_SMARTCARD_MANAGER_ERROR_WITH_NSS,
"encountered unexpected error while "
"waiting for smartcard events (error %x)",
error_code);
return FALSE;
}
g_warning ("Got potentially spurious smartcard event error: %x.", error_code);
g_usleep (1 * G_USEC_PER_SEC);
return TRUE;
}
operation->number_of_consecutive_errors = 0;
slot_id = PK11_GetSlotID (card);
slot_series = PK11_GetSlotSeries (card);
old_card = g_hash_table_lookup (operation->smartcards, GINT_TO_POINTER ((int) slot_id));
--
2.39.2

View File

@ -1,7 +1,7 @@
From df08a65d86626ff135a12d96cff6f48f3f1864ae Mon Sep 17 00:00:00 2001
From a88c8e3fdf4f74145d4409a6755326c197151e5a Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Thu, 20 Aug 2020 11:20:47 -0400
Subject: [PATCH 04/15] subman: Drop userlang field
Subject: [PATCH 04/16] subman: Drop userlang field
It's currently always erroneously set to empty string.
@ -450,5 +450,5 @@ index a8c18a26..46f051a5 100644
g_debug ("Stopping subscription manager");
_client_unload (manager);
--
2.30.0
2.41.0.rc2

View File

@ -1,7 +1,7 @@
From db73e2211ecc746434d78d23d801c92581fa8824 Mon Sep 17 00:00:00 2001
From a402ecd483fe115dbc063c40c9b13a2298ed7129 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Sun, 24 Jan 2021 15:04:17 -0500
Subject: [PATCH 05/15] subman: Use user locale for registration/subscription
Subject: [PATCH 05/16] subman: Use user locale for registration/subscription
operations
This makes sure that error messages are in the correct locale.
@ -369,5 +369,5 @@ index af7a82e9..f84e91bf 100644
/* wait for rhsmd to notice the new config */
g_usleep (G_USEC_PER_SEC * 5);
--
2.30.0
2.41.0.rc2

View File

@ -1,7 +1,7 @@
From f8ddd2c711cd502c74eb9d45360914fe2e6e1b3f Mon Sep 17 00:00:00 2001
From d1607d9a0bc9ee429d30de1556aa2223e681dd76 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Thu, 20 Aug 2020 13:34:19 -0400
Subject: [PATCH 06/15] subman: Handle subscription-manager giving invalid
Subject: [PATCH 06/16] subman: Handle subscription-manager giving invalid
status better
subscription-manager potentially returns status messages that the
@ -232,5 +232,5 @@ index 46f051a5..e2c16056 100644
g_debug ("Syspurpose.GetSyspurpose JSON: %s", json_txt);
if (!json_parser_load_from_data (json_parser, json_txt, -1, error))
--
2.30.0
2.41.0.rc2

View File

@ -1,7 +1,7 @@
From 477dc8accccab568002bd19caa3fbf898bc05aad Mon Sep 17 00:00:00 2001
From 6f5bead6dee9ecfdd4bb00651780d0b3ba44e154 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Tue, 25 Aug 2020 10:34:03 -0400
Subject: [PATCH 07/15] subman: Force re-subscribe if the admin already
Subject: [PATCH 07/16] subman: Force re-subscribe if the admin already
subscribed
It's possible for an admin to to half-enroll the system with RHN,
@ -256,5 +256,5 @@ index f84e91bf..3931ef2e 100644
if (!_helper_save_config ("server.prefix", prefix, &error)) {
g_printerr ("Failed to save prefix: %s\n", error->message);
--
2.30.0
2.41.0.rc2

View File

@ -1,7 +1,7 @@
From b73800da7f384eea66b6eb67f5f40129f3dfc372 Mon Sep 17 00:00:00 2001
From cbe90a951f28a13b7e3f2a1c85a72a256ff241f7 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Tue, 25 Aug 2020 16:20:42 -0400
Subject: [PATCH 08/15] subman: Don't send secrets through command line
Subject: [PATCH 08/16] subman: Don't send secrets through command line
The command line is introspectable with "ps", and it even gets logged
to syslog, so it's not suitable for passing secrets.
@ -572,5 +572,5 @@ index bfd073b6..e4b4589d 100644
install_dir: gsd_libexecdir
)
--
2.30.0
2.41.0.rc2

View File

@ -1,7 +1,7 @@
From 1255b2b83284d262f6b8c3ceb23d499ddbf77d48 Mon Sep 17 00:00:00 2001
From 49cce282490f15be681367e769cd920176318969 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Thu, 21 Jan 2021 09:52:19 -0500
Subject: [PATCH 09/15] subman: Don't treat failure to attach as fatal
Subject: [PATCH 09/16] subman: Don't treat failure to attach as fatal
Many organizations don't require specific subscriptions to get
updates (called "simple content access"). At the moment,
@ -306,5 +306,5 @@ index edf1e41f..53a4d56b 100644
return EXIT_SUCCESS;
--
2.30.0
2.41.0.rc2

View File

@ -1,7 +1,7 @@
From d53c27802c69773d63d108f57912035fd3caabf9 Mon Sep 17 00:00:00 2001
From 61fc2eed5ae1d0dd922fb4106338a54d7f6731d3 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Sun, 24 Jan 2021 11:24:36 -0500
Subject: [PATCH 10/15] subman: Add new no-installed-products state
Subject: [PATCH 10/16] subman: Add new no-installed-products state
It's possible, though unlikley, the system has
no packages installed from Red Hat supported package sets.
@ -423,5 +423,5 @@ index 0838d490..46f8d35c 100644
{
GObjectClass *object_class = G_OBJECT_CLASS (klass);
--
2.30.0
2.41.0.rc2

View File

@ -1,7 +1,7 @@
From 432850e943d72daedb1d352a0332d3fdee6078e2 Mon Sep 17 00:00:00 2001
From 19afd73e02b2dda3b620c7d018dd4057d8837851 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Sun, 24 Jan 2021 11:26:40 -0500
Subject: [PATCH 11/15] subman: Fix some build warnings
Subject: [PATCH 11/16] subman: Fix some build warnings
---
plugins/subman/gsd-subscription-manager.c | 8 ++++----
@ -142,5 +142,5 @@ index 46f8d35c..1f9ca447 100644
}
if (!_client_subprocess_wait_check (subprocess, error))
--
2.30.0
2.41.0.rc2

View File

@ -1,7 +1,7 @@
From 3bb3b2b09d34deafadd3cfe3355137afab20cb23 Mon Sep 17 00:00:00 2001
From 3c7d01aae041fb3973d035018a3ec6d4de2328af Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Sun, 24 Jan 2021 11:27:42 -0500
Subject: [PATCH 12/15] subman: Add DBus API to subscribe for updates on
Subject: [PATCH 12/16] subman: Add DBus API to subscribe for updates on
already registered system
It's possible an admin may have registered their system without
@ -255,5 +255,5 @@ index 1f9ca447..705f8b11 100644
g_set_error (error, G_DBUS_ERROR, G_DBUS_ERROR_FAILED,
"Failed to get property: %s", property_name);
--
2.30.0
2.41.0.rc2

View File

@ -1,7 +1,7 @@
From d9eb6331efa92cd28a8ba3ccc1665c3744296465 Mon Sep 17 00:00:00 2001
From b966b05321cac8c7765d00d0ae6fa8b645e0f828 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Sun, 24 Jan 2021 11:34:03 -0500
Subject: [PATCH 13/15] subman: Improve subscription status handling
Subject: [PATCH 13/16] subman: Improve subscription status handling
This commit improves how subscription-manager status is
parsed to give more detailed information about subscription
@ -137,5 +137,5 @@ index 705f8b11..6d80bfa9 100644
if (!json_parser_load_from_data (json_parser, json_txt, -1, error))
return FALSE;
--
2.30.0
2.41.0.rc2

View File

@ -1,7 +1,7 @@
From a78b25b9507edb958a46779f2bb808bf678fa4a7 Mon Sep 17 00:00:00 2001
From e5cdbb2aa6f0920343f73818f4f34d13586c72b1 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Sun, 24 Jan 2021 11:55:19 -0500
Subject: [PATCH 14/15] subman: Drop "LAST" from status enum
Subject: [PATCH 14/16] subman: Drop "LAST" from status enum
It's unused, so get rid of it.
---
@ -52,5 +52,5 @@ index f8a3d9f4..88226564 100644
#endif /* __GSD_SUBMAN_COMMON_H */
--
2.30.0
2.41.0.rc2

View File

@ -1,7 +1,7 @@
From 3412be1f63df2a5967ef92c27028368df1646b5c Mon Sep 17 00:00:00 2001
From 969c237371637cb145ed6b0b2809a66d0f989da5 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Sun, 24 Jan 2021 12:41:20 -0500
Subject: [PATCH 15/15] subman: Clean up notification behavior
Subject: [PATCH 15/16] subman: Clean up notification behavior
Notifications were only displayed for some status transitions.
@ -415,5 +415,5 @@ index 6d80bfa9..aaccbbc6 100644
/* registration required */
--
2.30.0
2.41.0.rc2

View File

@ -1,4 +1,4 @@
From ff1278ecdebb5b23c80589a65f053d535a4d4f6a Mon Sep 17 00:00:00 2001
From d38a7f2913b30c5c3954f32cf54068c85cb758b0 Mon Sep 17 00:00:00 2001
From: Kalev Lember <klember@redhat.com>
Date: Fri, 12 Feb 2021 14:51:29 +0100
Subject: [PATCH 16/16] subman: Update POTFILES.in
@ -11,7 +11,31 @@ diff --git a/po/POTFILES.in b/po/POTFILES.in
index 7f17d5b5..9b94dc0f 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -25,6 +25,8 @@ plugins/print-notifications/gsd-printer.c
@@ -1,30 +1,32 @@
# Files with translatable strings.
# Please keep this file in alphabetical order.
data/org.gnome.settings-daemon.peripherals.gschema.xml.in
data/org.gnome.settings-daemon.peripherals.wacom.gschema.xml.in
data/org.gnome.settings-daemon.plugins.color.gschema.xml.in
data/org.gnome.settings-daemon.plugins.gschema.xml.in
data/org.gnome.settings-daemon.plugins.housekeeping.gschema.xml.in
data/org.gnome.settings-daemon.plugins.media-keys.gschema.xml.in
data/org.gnome.settings-daemon.plugins.power.gschema.xml.in
data/org.gnome.settings-daemon.plugins.sharing.gschema.xml.in
data/org.gnome.settings-daemon.plugins.xsettings.gschema.xml.in
plugins/color/gsd-color-calibrate.c
plugins/color/gsd-color-manager.c
plugins/datetime/gsd-datetime-manager.c
plugins/housekeeping/gsd-disk-space.c
plugins/keyboard/gsd-keyboard-manager.c
plugins/media-keys/gsd-media-keys-manager.c
plugins/media-keys/gsd-screenshot-utils.c
plugins/media-keys/shortcuts-list.h
plugins/mouse/gsd-mouse-manager.c
plugins/power/gpm-common.c
plugins/power/gsd-power-manager.c
plugins/power/org.gnome.settings-daemon.plugins.power.policy.in.in
plugins/print-notifications/gsd-printer.c
plugins/print-notifications/gsd-print-notifications-manager.c
plugins/smartcard/gsd-smartcard-manager.c
plugins/smartcard/gsd-smartcard-service.c
@ -21,5 +45,5 @@ index 7f17d5b5..9b94dc0f 100644
plugins/wacom/org.gnome.settings-daemon.plugins.wacom.policy.in.in
plugins/xsettings/gsd-xsettings-manager.c
--
2.29.2
2.41.0.rc2

View File

@ -12,7 +12,7 @@
Name: gnome-settings-daemon
Version: 3.32.0
Release: 19%{?dist}
Release: 20%{?dist}
Summary: The daemon sharing settings from GNOME to GTK+/KDE applications
License: GPLv2+
@ -89,7 +89,11 @@ Patch00002: 0002-account-reshow-the-notification-when-screen-unlocks.patch
Patch00003: 0003-account-display-nag-screen-periodically.patch
Patch00004: 0004-account-don-t-poll-more-frequently-than-notification.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1796190
Patch10001: 0001-smartcard-Cancel-cancellable-when-stopping.patch
Patch10002: 0002-smartcard-Change-manager-to-non-blocking.patch
Patch10003: 0003-smartcard-Change-timeout-on-spurious-event-error.patch
Patch10004: 0004-smartcard-check-for-the-addition-of-new-smartcard-re.patch
Patch20001: 0001-xsettings-Add-an-entry-for-the-overlay-scrolling-set.patch
@ -99,6 +103,7 @@ Patch30001: 0001-media-keys-Mark-screen-cast-as-stopped-if-it-was-sig.patch
Patch40001: 0001-housekeeping-Add-a-GPU-memory-usage-notification.patch
# subscription manager integration
%if %{with subman}
Patch50001: 0001-subman-Add-a-new-plugin-to-provide-system-subscripti.patch
Patch50002: 0002-subman-Add-InstalledProducts-dbus-property-for-g-c-c.patch
Patch50003: 0003-subman-Increase-RHSM-dbus-call-timeouts.patch
@ -115,6 +120,8 @@ Patch50013: 0013-subman-Improve-subscription-status-handling.patch
Patch50014: 0014-subman-Drop-LAST-from-status-enum.patch
Patch50015: 0015-subman-Clean-up-notification-behavior.patch
Patch50016: 0016-subman-Update-POTFILES.in.patch
%endif
# https://bugzilla.redhat.com/show_bug.cgi?id=1876291
Patch50017: 0017-Update-translations.patch
@ -143,7 +150,14 @@ developing applications that use %{name}.
%autosetup -S git
%build
%meson
%meson \
%if %{with subman}
-Dsubscription_manager=true
%else
-Dsubscription_manager=false
%endif
%meson_build
%install
@ -237,11 +251,13 @@ mkdir $RPM_BUILD_ROOT%{_libdir}/gnome-settings-daemon-3.0/gtk-modules
%{_sysconfdir}/xdg/autostart/org.gnome.SettingsDaemon.Sharing.desktop
%{_datadir}/glib-2.0/schemas/org.gnome.settings-daemon.plugins.sharing.gschema.xml
%if %{with subman}
%{_sysconfdir}/xdg/autostart/org.gnome.SettingsDaemon.Subscription.desktop
%{_libexecdir}/gsd-subman
%{_libexecdir}/gsd-subman-helper
%{_datadir}/polkit-1/actions/org.gnome.settings-daemon.plugins.subman.policy
%{_datadir}/polkit-1/rules.d/org.gnome.settings-daemon.plugins.subman.rules
%endif
%{_libdir}/gnome-settings-daemon-3.0/libgsd.so
@ -257,6 +273,13 @@ mkdir $RPM_BUILD_ROOT%{_libdir}/gnome-settings-daemon-3.0/gtk-modules
%{_libdir}/pkgconfig/gnome-settings-daemon.pc
%changelog
* Mon Jul 24 2023 Ray Strode <rstrode@redhat.com> - 3.32.0-20
- Backport some upstream smartcard changes that make it work
better with p11-kit
Resolves: #1796190
- Rework how subscription-manager plugin is conditionalized so
it doens't get built on centos 8 stream
* Fri Feb 17 2023 Felipe Borges <feborges@redhat.com> - 4.32.0-19
- Make power-button-action default to poweroff on servers
- Resolves: #1920829