From shm at digitalsun.pl Tue Jul 11 12:29:51 2023 From: shm at digitalsun.pl (Mateusz Kocielski) Date: Tue, 11 Jul 2023 10:29:51 +0000 Subject: i3lock - spec file Message-ID: Hi there, I've prepared spec file to build i3lock [1]. This is my first spec file, so please review it carefully. The software requires suid to be able to verify password provided by user. [1] - https://i3wm.org/i3lock/ Thanks, Mateusz -------------- next part -------------- Summary: improved screen locker Name: i3lock Version: 2.14.1 Release: 1 License: BSD Group: Applications Source0: https://i3wm.org/i3lock/%{name}-%{version}.tar.xz # Source0-md5: 33d4bc8256a1566fbac911e405e53fdd URL: https://i3wm.org/i3lock/ BuildRequires: cairo-devel BuildRequires: libev-devel BuildRequires: libxcb-devel BuildRequires: meson >= 0.45.0 BuildRequires: ninja BuildRequires: pam-devel BuildRequires: pkgconfig BuildRequires: xcb-util-devel BuildRequires: xcb-util-image-devel BuildRequires: xcb-util-xrm-devel BuildRequires: xorg-lib-libX11-devel BuildRequires: xorg-lib-libxkbcommon-x11-devel BuildRequires: rpmbuild(macros) >= 1.726 Requires: libxcb Requires: pam Requires: xcb-util Requires: xcb-util-image Requires: xcb-util-xrm Requires: xorg-lib-libxkbcommon-x11 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) %description Minimalist screen locker based on slock. %prep %setup -q %build %meson build %ninja_build -C build %install rm -rf $RPM_BUILD_ROOT %ninja_install -C build %clean rm -rf $RPM_BUILD_ROOT %files %defattr(644,root,root,755) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/i3lock %attr(4755,root,wheel) %{_bindir}/i3lock %{_mandir}/man1/i3lock.1* From shm at digitalsun.pl Tue Jul 11 12:38:37 2023 From: shm at digitalsun.pl (Mateusz Kocielski) Date: Tue, 11 Jul 2023 10:38:37 +0000 Subject: openssh - move ssh-pkcs11-helper to client package Message-ID: Hello, currently ssh-pkcs11-helper(8) is a part of the server package, but it's used by client package utilities, thus it makes more sense to put it there. Attached trivial patch fixes it. Thanks, Mateusz -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Move-ssh-pkcs11-helper-to-client-package.patch Type: text/x-diff Size: 1609 bytes Desc: not available URL: From atler at pld-linux.org Tue Jul 11 13:36:19 2023 From: atler at pld-linux.org (Jan Palus) Date: Tue, 11 Jul 2023 13:36:19 +0200 Subject: i3lock - spec file In-Reply-To: References: Message-ID: Hi, thanks for contributing! Overall looks good. Some comments below. On 11.07.2023 10:29, Mateusz Kocielski wrote: > Hi there, > > I've prepared spec file to build i3lock [1]. This is my first spec file, so > please review it carefully. The software requires suid to be able to verify > password provided by user. > > [1] - https://i3wm.org/i3lock/ > > Thanks, > Mateusz > Summary: improved screen locker Start summary with capital letter unless it starts with a name that goes lower case. > Name: i3lock > Version: 2.14.1 > Release: 1 > License: BSD > Group: Applications > Source0: https://i3wm.org/i3lock/%{name}-%{version}.tar.xz > # Source0-md5: 33d4bc8256a1566fbac911e405e53fdd > URL: https://i3wm.org/i3lock/ > BuildRequires: cairo-devel cairo is required with version at least 1.14.4. > BuildRequires: libev-devel > BuildRequires: libxcb-devel > BuildRequires: meson >= 0.45.0 > BuildRequires: ninja > BuildRequires: pam-devel > BuildRequires: pkgconfig > BuildRequires: xcb-util-devel > BuildRequires: xcb-util-image-devel > BuildRequires: xcb-util-xrm-devel > BuildRequires: xorg-lib-libX11-devel Can't see direct dependency on xorg-lib-libX11-devel. > BuildRequires: xorg-lib-libxkbcommon-x11-devel > BuildRequires: rpmbuild(macros) >= 1.726 Keep it sorted and use tabs instead (run adapter script). > Requires: libxcb > Requires: pam > Requires: xcb-util > Requires: xcb-util-image > Requires: xcb-util-xrm > Requires: xorg-lib-libxkbcommon-x11 No need to give explicit Requires: for libraries linked to main binary unless specific version is required (like in case of cair). > BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) > > %description > Minimalist screen locker based on slock. > > %prep > %setup -q > > %build > %meson build > %ninja_build -C build For additional BuildRequires: check: http://cvs.pld-linux.org/cgi-bin/viewvc.cgi/cvs/PLD-doc/BuildRequires.txt > > %install > rm -rf $RPM_BUILD_ROOT > %ninja_install -C build > > %clean > rm -rf $RPM_BUILD_ROOT > > %files > %defattr(644,root,root,755) LICENSE states it needs to be distributed with binaries so include it in %doc. > %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/i3lock > %attr(4755,root,wheel) %{_bindir}/i3lock That's peculiar -- what screen locker needs suid bit for? Why wheel group? > %{_mandir}/man1/i3lock.1* > _______________________________________________ > pld-devel-en mailing list > pld-devel-en at lists.pld-linux.org > http://lists.pld-linux.org/mailman/listinfo/pld-devel-en From shm at digitalsun.pl Tue Jul 11 17:59:41 2023 From: shm at digitalsun.pl (Mateusz Kocielski) Date: Tue, 11 Jul 2023 15:59:41 +0000 Subject: i3lock - spec file In-Reply-To: References: Message-ID: Dnia Tue, Jul 11, 2023 at 01:36:19PM +0200, Jan Palus napisa?(a): > Hi, > > thanks for contributing! Overall looks good. Some comments below. > Hello, thanks for your helpful comments, below my comments and fixed version of the spec. > > Summary: improved screen locker > > Start summary with capital letter unless it starts with a name that goes > lower case. > It seems that's convention that developers made, so I kept it. Other example is here: https://github.com/pld-linux/i3/blob/master/i3.spec#L1 . OTOH maybe it should be changed in both places. > > Name: i3lock > > Version: 2.14.1 > > Release: 1 > > License: BSD > > Group: Applications > > Source0: https://i3wm.org/i3lock/%{name}-%{version}.tar.xz > > # Source0-md5: 33d4bc8256a1566fbac911e405e53fdd > > URL: https://i3wm.org/i3lock/ > > BuildRequires: cairo-devel > > cairo is required with version at least 1.14.4. Fixed, thanks. > > BuildRequires: libev-devel > > BuildRequires: libxcb-devel > > BuildRequires: meson >= 0.45.0 > > BuildRequires: ninja > > BuildRequires: pam-devel > > BuildRequires: pkgconfig > > BuildRequires: xcb-util-devel > > BuildRequires: xcb-util-image-devel > > BuildRequires: xcb-util-xrm-devel > > BuildRequires: xorg-lib-libX11-devel > > Can't see direct dependency on xorg-lib-libX11-devel. You're right, removed. Did you catch that manually? > > BuildRequires: xorg-lib-libxkbcommon-x11-devel > > BuildRequires: rpmbuild(macros) >= 1.726 > > Keep it sorted and use tabs instead (run adapter script). That's interesting, I ran this script before sending it to the mailing list. I'll investigate it later, for now I fixed it manually. > > Requires: libxcb > > Requires: pam > > Requires: xcb-util > > Requires: xcb-util-image > > Requires: xcb-util-xrm > > Requires: xorg-lib-libxkbcommon-x11 > > No need to give explicit Requires: for libraries linked to main binary > unless specific version is required (like in case of cair). > Makes sense, fixed. > > BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) > > > > %description > > Minimalist screen locker based on slock. > > > > %prep > > %setup -q > > > > %build > > %meson build > > %ninja_build -C build > > For additional BuildRequires: check: > > http://cvs.pld-linux.org/cgi-bin/viewvc.cgi/cvs/PLD-doc/BuildRequires.txt > > > > %install > > rm -rf $RPM_BUILD_ROOT > > %ninja_install -C build > > > > %clean > > rm -rf $RPM_BUILD_ROOT > > > > %files > > %defattr(644,root,root,755) > > LICENSE states it needs to be distributed with binaries so include it in > %doc. > Good catch, thanks! Fixed. > > %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/i3lock > > %attr(4755,root,wheel) %{_bindir}/i3lock > > That's peculiar -- what screen locker needs suid bit for? Why wheel > group? Wheel group is taken from my BSD heritage I guess, fixed it. :) It requires PAM for an authentication. > > %{_mandir}/man1/i3lock.1* Thanks, Mateusz -------------- next part -------------- Summary: improved screen locker Name: i3lock Version: 2.14.1 Release: 1 License: BSD Group: Applications Source0: https://i3wm.org/i3lock/%{name}-%{version}.tar.xz # Source0-md5: 33d4bc8256a1566fbac911e405e53fdd URL: https://i3wm.org/i3lock/ BuildRequires: cairo-devel >= 1.14.4 BuildRequires: libev-devel BuildRequires: libxcb-devel BuildRequires: meson >= 0.45.0 BuildRequires: ninja BuildRequires: pam-devel BuildRequires: pkgconfig BuildRequires: rpmbuild(macros) >= 1.726 BuildRequires: xcb-util-devel BuildRequires: xcb-util-image-devel BuildRequires: xcb-util-xrm-devel BuildRequires: xorg-lib-libxkbcommon-x11-devel Requires: cairo >= 1.14.4 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) %description Minimalist screen locker based on slock. %prep %setup -q %build %meson build %ninja_build -C build %install rm -rf $RPM_BUILD_ROOT %ninja_install -C build %clean rm -rf $RPM_BUILD_ROOT %files %defattr(644,root,root,755) %doc LICENSE CHANGELOG %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/i3lock %attr(4755,root,root) %{_bindir}/i3lock %{_mandir}/man1/i3lock.1* From shm at digitalsun.pl Tue Jul 11 22:30:00 2023 From: shm at digitalsun.pl (Mateusz Kocielski) Date: Tue, 11 Jul 2023 20:30:00 +0000 Subject: i3lock - spec file In-Reply-To: References: Message-ID: Dnia Tue, Jul 11, 2023 at 03:59:41PM +0000, Mateusz Kocielski napisa?(a): > > That's peculiar -- what screen locker needs suid bit for? Why wheel > > group? > > Wheel group is taken from my BSD heritage I guess, fixed it. :) It requires > PAM for an authentication. > > > > %{_mandir}/man1/i3lock.1* Hi, those suid privileges were bothering me and I did my homework, it seems that on Linux i3lock can work without them because of the unix_chkpwd(8) utility. On the FreeBSD (which uses OpenPAM) however SUID is necessary [1]. The reason why I couldn't get it work without root privileges was /etc/pam.d/login file which is installed with u-r permission by default. I guess there's no need to keep it that way since PAM configuration rather not contain any secrets. I attached fixed version of the spec file and patch against util-linux to set u+r permissions. Thanks for your suggestions! [1] - https://cgit.freebsd.org/ports/tree/deskutils/i3lock/Makefile?id=924204922ac441410520f46695dd91a87c001ee9#n27 Regards, Mateusz -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-u-r-for-etc-pam.d-configuration-files.patch Type: text/x-diff Size: 1747 bytes Desc: not available URL: -------------- next part -------------- Summary: improved screen locker Name: i3lock Version: 2.14.1 Release: 1 License: BSD Group: Applications Source0: https://i3wm.org/i3lock/%{name}-%{version}.tar.xz # Source0-md5: 33d4bc8256a1566fbac911e405e53fdd URL: https://i3wm.org/i3lock/ BuildRequires: cairo-devel >= 1.14.4 BuildRequires: libev-devel BuildRequires: libxcb-devel BuildRequires: meson >= 0.45.0 BuildRequires: ninja BuildRequires: pam-devel BuildRequires: pkgconfig BuildRequires: rpmbuild(macros) >= 1.726 BuildRequires: xcb-util-devel BuildRequires: xcb-util-image-devel BuildRequires: xcb-util-xrm-devel BuildRequires: xorg-lib-libxkbcommon-x11-devel Requires: cairo >= 1.14.4 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) %description Minimalist screen locker based on slock. %prep %setup -q %build %meson build %ninja_build -C build %install rm -rf $RPM_BUILD_ROOT %ninja_install -C build %clean rm -rf $RPM_BUILD_ROOT %files %defattr(644,root,root,755) %doc LICENSE CHANGELOG %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/i3lock %attr(755,root,root) %{_bindir}/i3lock %{_mandir}/man1/i3lock.1* From atler at pld-linux.org Wed Jul 12 13:22:08 2023 From: atler at pld-linux.org (Jan Palus) Date: Wed, 12 Jul 2023 13:22:08 +0200 Subject: i3lock - spec file In-Reply-To: References: Message-ID: On 11.07.2023 20:30, Mateusz Kocielski wrote: > Dnia Tue, Jul 11, 2023 at 03:59:41PM +0000, Mateusz Kocielski napisa?(a): > > > That's peculiar -- what screen locker needs suid bit for? Why wheel > > > group? > > > > Wheel group is taken from my BSD heritage I guess, fixed it. :) It requires > > PAM for an authentication. > > > > > > %{_mandir}/man1/i3lock.1* > > Hi, > > those suid privileges were bothering me and I did my homework, it seems that > on Linux i3lock can work without them because of the unix_chkpwd(8) utility. > On the FreeBSD (which uses OpenPAM) however SUID is necessary [1]. The reason > why I couldn't get it work without root privileges was /etc/pam.d/login > file which is installed with u-r permission by default. I guess there's no > need to keep it that way since PAM configuration rather not contain any > secrets. I attached fixed version of the spec file and patch against > util-linux to set u+r permissions. Thanks for your suggestions! Override pam configuration shipped with i3lock with custom one that has: auth include system-auth just like (all?) other screensavers/lockers and it should be fine. Other than this 1. Fix case in Summary: 2. Update required macros according to linked BuildRequires.txt (for %ninja_* macros) 3. Clone empty pld repository for i3lock or just create a local git repo, commit the spec and pam file and attach output of `git format-patch -1` so authorship will be preserved correctly when applying. From shm at digitalsun.pl Wed Jul 12 19:10:27 2023 From: shm at digitalsun.pl (Mateusz Kocielski) Date: Wed, 12 Jul 2023 17:10:27 +0000 Subject: i3lock - spec file In-Reply-To: References: Message-ID: Dnia Wed, Jul 12, 2023 at 01:22:08PM +0200, Jan Palus napisa?(a): > > Override pam configuration shipped with i3lock with custom one that has: > > auth include system-auth > > just like (all?) other screensavers/lockers and it should be fine. > > Other than this > > 1. Fix case in Summary: > 2. Update required macros according to linked BuildRequires.txt (for > %ninja_* macros) > 3. Clone empty pld repository for i3lock or just create a local git > repo, commit the spec and pam file and attach output of > `git format-patch -1` so authorship will be preserved correctly when > applying. All done, thanks for reviewing it! Regards, Mateusz -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Initial-version-of-i3lock-spec.patch Type: text/x-diff Size: 1985 bytes Desc: not available URL: From atler at pld-linux.org Wed Jul 12 19:58:25 2023 From: atler at pld-linux.org (Jan Palus) Date: Wed, 12 Jul 2023 19:58:25 +0200 Subject: i3lock - spec file In-Reply-To: References: Message-ID: On 12.07.2023 17:10, Mateusz Kocielski wrote: > Dnia Wed, Jul 12, 2023 at 01:22:08PM +0200, Jan Palus napisa?(a): > > > > Override pam configuration shipped with i3lock with custom one that has: > > > > auth include system-auth > > > > just like (all?) other screensavers/lockers and it should be fine. > > > > Other than this > > > > 1. Fix case in Summary: > > 2. Update required macros according to linked BuildRequires.txt (for > > %ninja_* macros) > > 3. Clone empty pld repository for i3lock or just create a local git > > repo, commit the spec and pam file and attach output of > > `git format-patch -1` so authorship will be preserved correctly when > > applying. > > All done, thanks for reviewing it! Thanks. Applied and now available in th-test.