aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--desktop/i3lock/README6
-rw-r--r--desktop/i3lock/i3lock-2.10-no-pam.patch364
-rw-r--r--desktop/i3lock/i3lock.SlackBuild16
-rw-r--r--desktop/i3lock/i3lock.info8
4 files changed, 12 insertions, 382 deletions
diff --git a/desktop/i3lock/README b/desktop/i3lock/README
index 7f1042d03164b..244dbff8ebdba 100644
--- a/desktop/i3lock/README
+++ b/desktop/i3lock/README
@@ -1,7 +1 @@
i3lock is a simple screen locker like slock.
-
-This SlackBuild patches i3lock to not to use PAM, and is as such
-usable in Slackware. For verifying the password it uses shadow
-instead. Because of that, it needs suid permissions, but those
-privileges are dropped as soon as possible. The code for this was
-taken from slock. See the patch and LICENSE-slock.
diff --git a/desktop/i3lock/i3lock-2.10-no-pam.patch b/desktop/i3lock/i3lock-2.10-no-pam.patch
deleted file mode 100644
index 0b119114c595f..0000000000000
--- a/desktop/i3lock/i3lock-2.10-no-pam.patch
+++ /dev/null
@@ -1,364 +0,0 @@
-+++ LICENSE-slock
-@@ -0,0 +1,24 @@
-+MIT/X Consortium License
-+
-+© 2015-2016 Markus Teich <markus.teich@stusta.mhn.de>
-+© 2014 Dimitris Papastamos <sin@2f30.org>
-+© 2006-2014 Anselm R Garbe <anselm@garbe.us>
-+© 2014-2016 Laslo Hunhold <dev@frign.de>
-+
-+Permission is hereby granted, free of charge, to any person obtaining a
-+copy of this software and associated documentation files (the "Software"),
-+to deal in the Software without restriction, including without limitation
-+the rights to use, copy, modify, merge, publish, distribute, sublicense,
-+and/or sell copies of the Software, and to permit persons to whom the
-+Software is furnished to do so, subject to the following conditions:
-+
-+The above copyright notice and this permission notice shall be included in
-+all copies or substantial portions of the Software.
-+
-+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
-+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-+DEALINGS IN THE SOFTWARE.
-+++ Makefile
-@@ -22,7 +22,7 @@
-
- # OpenBSD lacks PAM, use bsd_auth(3) instead.
- ifneq ($(UNAME),OpenBSD)
-- LIBS += -lpam
-+ LIBS += -lcrypt
- endif
-
- FILES:=$(wildcard *.c)
-@@ -50,9 +50,7 @@
-
- install: all
- $(INSTALL) -d $(DESTDIR)$(PREFIX)/bin
-- $(INSTALL) -d $(DESTDIR)$(SYSCONFDIR)/pam.d
- $(INSTALL) -m 755 i3lock $(DESTDIR)$(PREFIX)/bin/i3lock
-- $(INSTALL) -m 644 i3lock.pam $(DESTDIR)$(SYSCONFDIR)/pam.d/i3lock
-
- uninstall:
- rm -f $(DESTDIR)$(PREFIX)/bin/i3lock
-@@ -61,7 +59,7 @@
- [ ! -d i3lock-${VERSION} ] || rm -rf i3lock-${VERSION}
- [ ! -e i3lock-${VERSION}.tar.bz2 ] || rm i3lock-${VERSION}.tar.bz2
- mkdir i3lock-${VERSION}
-- cp *.c *.h i3lock.1 i3lock.pam Makefile LICENSE README.md CHANGELOG i3lock-${VERSION}
-+ cp *.c *.h i3lock.1 Makefile LICENSE README.md CHANGELOG i3lock-${VERSION}
- sed -e 's/^\s*I3LOCK_VERSION:=\(.*\)/I3LOCK_VERSION:=$(shell /bin/echo '${I3LOCK_VERSION}' | sed 's/\\/\\\\/g')/g;s/^VERSION:=\(.*\)/VERSION:=${VERSION}/g' Makefile > i3lock-${VERSION}/Makefile
- tar cfj i3lock-${VERSION}.tar.bz2 i3lock-${VERSION}
- rm -rf i3lock-${VERSION}
-+++ i3lock.1
-@@ -43,8 +43,6 @@
- You can specify either a background color or a PNG image which will be displayed while your screen is locked.
- .IP \[bu]
- You can specify whether i3lock should bell upon a wrong password.
--.IP \[bu]
--i3lock uses PAM and therefore is compatible with LDAP, etc.
-
-
- .SH OPTIONS
-@@ -66,8 +64,7 @@
- .B \-u, \-\-no-unlock-indicator
- Disable the unlock indicator. i3lock will by default show an unlock indicator
- after pressing keys. This will give feedback for every keypress and it will
--show you the current PAM state (whether your password is currently being
--verified or whether it is wrong).
-+show you whether your password is currently being verified or whether it is wrong.
-
- .TP
- .BI \-i\ path \fR,\ \fB\-\-image= path
-@@ -95,7 +92,7 @@
- .TP
- .B \-e, \-\-ignore-empty-password
- When an empty password is provided by the user, do not validate
--it. Without this option, the empty password will be provided to PAM
-+it. Without this option, the empty password will be validated
- and, if invalid, the user will have to wait a few seconds before
- another try. This can be useful if the XF86ScreenSaver key is used to
- put a laptop to sleep and bounce on resume or if you happen to wake up
-+++ i3lock.c
-@@ -21,7 +21,9 @@
- #ifdef __OpenBSD__
- #include <bsd_auth.h>
- #else
--#include <security/pam_appl.h>
-+#include <shadow.h>
-+#include <grp.h>
-+#include <errno.h>
- #endif
- #include <getopt.h>
- #include <string.h>
-@@ -59,7 +61,7 @@
- xcb_window_t win;
- static xcb_cursor_t cursor;
- #ifndef __OpenBSD__
--static pam_handle_t *pam_handle;
-+const char *hash = NULL;
- #endif
- int input_position = 0;
- /* Holds the password you enter (in UTF-8). */
-@@ -93,6 +95,37 @@
- bool ignore_empty_password = false;
- bool skip_repeated_empty_password = false;
-
-+/*
-+ * Shamelessly stolen from slock. See LICENSE-slock.
-+ * This adjusts the process' out of memory score,
-+ * so it isn't killed by the kernel under any circumstances.
-+ */
-+#ifdef __linux__
-+#include <fcntl.h>
-+#include <linux/oom.h>
-+
-+static void
-+dontkillme(void)
-+{
-+ FILE *f;
-+ const char oomfile[] = "/proc/self/oom_score_adj";
-+
-+ if (!(f = fopen(oomfile, "w"))) {
-+ if (errno == ENOENT)
-+ return;
-+ errx(EXIT_FAILURE, "fopen %s: %s", oomfile, strerror(errno));
-+ }
-+ fprintf(f, "%d", OOM_SCORE_ADJ_MIN);
-+ if (fclose(f)) {
-+ if (errno == EACCES)
-+ errx(EXIT_FAILURE, "unable to disable OOM killer. "
-+ "Make sure to suid or sgid i3lock.");
-+ else
-+ errx(EXIT_FAILURE, "fclose %s: %s", oomfile, strerror(errno));
-+ }
-+}
-+#endif
-+
- /* isutf, u8_dec © 2005 Jeff Bezanson, public domain */
- #define isutf(c) (((c)&0xC0) != 0x80)
-
-@@ -285,16 +318,16 @@
- return;
- }
- #else
-- if (pam_authenticate(pam_handle, 0) == PAM_SUCCESS) {
-- DEBUG("successfully authenticated\n");
-- clear_password_memory();
-+ /*
-+ * Shamelessly stolen from slock. See LICENSE-slock.
-+ */
-+ char *inputhash;
-
-- /* PAM credentials should be refreshed, this will for example update any kerberos tickets.
-- * Related to credentials pam_end() needs to be called to cleanup any temporary
-- * credentials like kerberos /tmp/krb5cc_pam_* files which may of been left behind if the
-- * refresh of the credentials failed. */
-- pam_setcred(pam_handle, PAM_REFRESH_CRED);
-- pam_end(pam_handle, PAM_SUCCESS);
-+ if (!(inputhash = crypt(password, hash)))
-+ fprintf(stderr, "crypt: %s", strerror(errno));
-+ else if (!strcmp(inputhash, hash)) {
-+ DEBUG("successfully authenticated");
-+ clear_password_memory();
-
- ev_break(EV_DEFAULT, EVBREAK_ALL);
- return;
-@@ -626,39 +659,6 @@
- redraw_screen();
- }
-
--#ifndef __OpenBSD__
--/*
-- * Callback function for PAM. We only react on password request callbacks.
-- *
-- */
--static int conv_callback(int num_msg, const struct pam_message **msg,
-- struct pam_response **resp, void *appdata_ptr) {
-- if (num_msg == 0)
-- return 1;
--
-- /* PAM expects an array of responses, one for each message */
-- if ((*resp = calloc(num_msg, sizeof(struct pam_response))) == NULL) {
-- perror("calloc");
-- return 1;
-- }
--
-- for (int c = 0; c < num_msg; c++) {
-- if (msg[c]->msg_style != PAM_PROMPT_ECHO_OFF &&
-- msg[c]->msg_style != PAM_PROMPT_ECHO_ON)
-- continue;
--
-- /* return code is currently not used but should be set to zero */
-- resp[c]->resp_retcode = 0;
-- if ((resp[c]->resp = strdup(password)) == NULL) {
-- perror("strdup");
-- return 1;
-- }
-- }
--
-- return 0;
--}
--#endif
--
- /*
- * This callback is only a dummy, see xcb_prepare_cb and xcb_check_cb.
- * See also man libev(3): "ev_prepare" and "ev_check" - customise your event loop
-@@ -766,13 +766,15 @@
- *
- */
- static void raise_loop(xcb_window_t window) {
-- xcb_connection_t *conn;
- xcb_generic_event_t *event;
-- int screens;
-
-- if ((conn = xcb_connect(NULL, &screens)) == NULL ||
-+#ifdef __OpenBSD__
-+ xcb_connection_t *conn;
-+
-+ if ((conn = xcb_connect(NULL, NULL)) == NULL ||
- xcb_connection_has_error(conn))
- errx(EXIT_FAILURE, "Cannot open display\n");
-+#endif
-
- /* We need to know about the window being obscured or getting destroyed. */
- xcb_change_window_attributes(conn, window, XCB_CW_EVENT_MASK,
-@@ -820,8 +822,11 @@
- char *username;
- char *image_path = NULL;
- #ifndef __OpenBSD__
-- int ret;
-- struct pam_conv conv = {conv_callback, NULL};
-+ struct passwd *pwd;
-+ struct group *grp;
-+ uid_t duid;
-+ gid_t dgid;
-+ xcb_connection_t *raise_conn;
- #endif
- int curs_choice = CURS_NONE;
- int o;
-@@ -848,6 +853,65 @@
- if ((username = pw->pw_name) == NULL)
- errx(EXIT_FAILURE, "pw->pw_name is NULL.\n");
-
-+#ifndef __OpenBSD__
-+ /*
-+ * Shamelessly stolen from slock. See LICENSE-slock.
-+ *
-+ * Slock has code to make it run as nobody:nogroup, which has the added
-+ * security that the locker can only be killed by root.
-+ * It causes problems with the xcb_connect in raise_loop, and the main
-+ * xcb_connect, however.
-+ * Because of that, both xcb_connect are ran as root, before dropping the
-+ * privileges to the user, much like is being done with XOpenDisplay
-+ * in slock.
-+ * I'm unsure of any security implications that may have, as it seems to
-+ * run fine, otherwise.
-+ * Please contact me if it's something I _really_ shouldn't do.
-+ */
-+
-+ /* If the nobody:nogroup don't exist, just use the password's user */
-+ duid = pw->pw_uid;
-+ if ((pwd = getpwnam("nobody")))
-+ duid = pwd->pw_uid;
-+ dgid = pw->pw_gid;
-+ if ((grp = getgrnam("nogroup")))
-+ dgid = grp->gr_gid;
-+
-+#ifdef __linux__
-+ dontkillme();
-+#endif
-+
-+ hash = pw->pw_passwd;
-+
-+ if (!strcmp(hash, "x")) {
-+ struct spwd *sp;
-+ if (!(sp = getspnam(pw->pw_name)))
-+ errx(EXIT_FAILURE, "getspnam: cannot retrieve shadow entry. "
-+ "Make sure to suid or sgid i3lock.");
-+ hash = sp->sp_pwdp;
-+ }
-+
-+ errno = 0;
-+ if (!crypt("", hash))
-+ errx(EXIT_FAILURE, "crypt: %s", strerror(errno));
-+
-+ /* Create the necessary connections before dropping privileges */
-+ if ((conn = xcb_connect(NULL, NULL)) == NULL ||
-+ xcb_connection_has_error(conn))
-+ errx(EXIT_FAILURE, "Could not connect to X11, maybe you need to set DISPLAY?");
-+ if ((raise_conn = xcb_connect(NULL, NULL)) == NULL ||
-+ xcb_connection_has_error(raise_conn))
-+ errx(EXIT_FAILURE, "Cannot open display\n");
-+
-+ /* drop privileges */
-+ if (setgroups(0, NULL) < 0)
-+ errx(EXIT_FAILURE, "setgroups: %s", strerror(errno));
-+ if (setgid(dgid) < 0)
-+ errx(EXIT_FAILURE, "setgid: %s", strerror(errno));
-+ if (setuid(duid) < 0)
-+ errx(EXIT_FAILURE, "setuid: %s", strerror(errno));
-+#endif
-+
- char *optstring = "hvnbdc:p:ui:teI:f";
- while ((o = getopt_long(argc, argv, optstring, longopts, &longoptind)) != -1) {
- switch (o) {
-@@ -916,15 +980,6 @@
- * the unlock indicator upon keypresses. */
- srand(time(NULL));
-
--#ifndef __OpenBSD__
-- /* Initialize PAM */
-- if ((ret = pam_start("i3lock", username, &conv, &pam_handle)) != PAM_SUCCESS)
-- errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret));
--
-- if ((ret = pam_set_item(pam_handle, PAM_TTY, getenv("DISPLAY"))) != PAM_SUCCESS)
-- errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret));
--#endif
--
- /* Using mlock() as non-super-user seems only possible in Linux.
- * Users of other operating systems should use encrypted swap/no swap
- * (or remove the ifdef and run i3lock as super-user).
-@@ -938,11 +993,12 @@
- err(EXIT_FAILURE, "Could not lock page in memory, check RLIMIT_MEMLOCK");
- #endif
-
-+#ifdef __OpenBSD__
- /* Double checking that connection is good and operatable with xcb */
-- int screennr;
-- if ((conn = xcb_connect(NULL, &screennr)) == NULL ||
-+ if ((conn = xcb_connect(NULL, NULL)) == NULL ||
- xcb_connection_has_error(conn))
- errx(EXIT_FAILURE, "Could not connect to X11, maybe you need to set DISPLAY?");
-+#endif
-
- if (xkb_x11_setup_xkb_extension(conn,
- XKB_X11_MIN_MAJOR_XKB_VERSION,
-@@ -1056,10 +1112,16 @@
- if (pid == 0) {
- /* Child */
- close(xcb_get_file_descriptor(conn));
-+#ifndef __OpenBSD__
-+ conn = raise_conn;
-+#endif
- maybe_close_sleep_lock_fd();
- raise_loop(win);
- exit(EXIT_SUCCESS);
- }
-+#ifndef __OpenBSD__
-+ close(xcb_get_file_descriptor(raise_conn));
-+#endif
-
- /* Load the keymap again to sync the current modifier state. Since we first
- * loaded the keymap, there might have been changes, but starting from now,
-+++ i3lock.pam
-@@ -1,6 +0,0 @@
--#
--# PAM configuration file for the i3lock screen locker. By default, it includes
--# the 'login' configuration file (see /etc/pam.d/login)
--#
--
--auth include login
diff --git a/desktop/i3lock/i3lock.SlackBuild b/desktop/i3lock/i3lock.SlackBuild
index 6574a0f429739..538f6b5e804fa 100644
--- a/desktop/i3lock/i3lock.SlackBuild
+++ b/desktop/i3lock/i3lock.SlackBuild
@@ -25,7 +25,7 @@
cd $(dirname $0) ; CWD=$(pwd)
PRGNAM=i3lock
-VERSION=${VERSION:-2.10}
+VERSION=${VERSION:-2.13}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
PKGTYPE=${PKGTYPE:-tgz}
@@ -79,9 +79,12 @@ find -L . \
\( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
-o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
-# This patch removes all the PAM-related code,
-# and checks the password against shadow instead.
-patch -p0 -i $CWD/i3lock-2.10-no-pam.patch
+autoreconf --force --install
+./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --disable-sanitizers \
+ --mandir=/usr/man
make install DESTDIR=$PKG
@@ -98,14 +101,11 @@ chmod 4751 $PKG/usr/bin/i3lock
find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
| cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
-# Install the manpage
-install -Dm644 i3lock.1 $PKG/usr/man/man1/i3lock.1
-
find $PKG/usr/man -type f -exec gzip -9 {} \;
for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
-cp -a CHANGELOG LICENSE LICENSE-slock README.md $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a CHANGELOG LICENSE README.md $PKG/usr/doc/$PRGNAM-$VERSION
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
mkdir -p $PKG/install
diff --git a/desktop/i3lock/i3lock.info b/desktop/i3lock/i3lock.info
index 3451213578df5..c74a08c78443d 100644
--- a/desktop/i3lock/i3lock.info
+++ b/desktop/i3lock/i3lock.info
@@ -1,10 +1,10 @@
PRGNAM="i3lock"
-VERSION="2.10"
+VERSION="2.13"
HOMEPAGE="https://i3wm.org/i3lock/"
-DOWNLOAD="https://i3wm.org/i3lock/i3lock-2.10.tar.bz2"
-MD5SUM="a496ec274c2f75bbefaa088c4d18ec85"
+DOWNLOAD="https://i3wm.org/i3lock/i3lock-2.13.tar.bz2"
+MD5SUM="a10993d6cd409d980f78a4a376885f1b"
DOWNLOAD_x86_64=""
MD5SUM_x86_64=""
-REQUIRES="libev"
+REQUIRES="libev xcb-util-xrm"
MAINTAINER="mid-kid"
EMAIL="esteve.varela@gmail.com"