commit gnome-keyring for openSUSE:Factory - openSUSE Commits

30 Jun 2017

Hello community,
here is the log from the commit of package gnome-keyring for openSUSE:Factory checked in at 2017-06-30 18:39:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gnome-keyring (Old)
 and      /work/SRC/openSUSE:Factory/.gnome-keyring.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnome-keyring"
Fri Jun 30 18:39:46 2017 rev:125 rq:506735 version:3.20.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/gnome-keyring/gnome-keyring.changes	2016-10-13 11:26:17.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.gnome-keyring.new/gnome-keyring.changes	2017-06-30 18:39:48.771644947 +0200
@@ -1,0 +2,9 @@
+Wed Jun 21 18:46:54 CEST 2017 - hpj@suse.com
+
+- Add gnome-keyring-bsc1039461-pam-man-page.patch (bsc#1039461,
+  bgo#784051), which adds a man page for the PAM module. In order
+  for a new Makefile.in to be generated from the patched
+  Makefile.am, automake was added to BuildRequires, and autoreconf
+  will now be run prior to configure.
+
+-------------------------------------------------------------------
New:
----
  gnome-keyring-bsc1039461-pam-man-page.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gnome-keyring.spec ++++++
--- /var/tmp/diff_new_pack.Zuk8wR/_old	2017-06-30 18:39:49.495543127 +0200
+++ /var/tmp/diff_new_pack.Zuk8wR/_new	2017-06-30 18:39:49.495543127 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package gnome-keyring
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -33,6 +33,9 @@
 Patch3:         gnome-keyring-bsc932232-use-libgcrypt-allocators.patch
 # PATCH-FIX-SLE gnome-keyring-bsc932232-use-non-fips-md5.patch bsc#932232 hpj@suse.com
 Patch4:         gnome-keyring-bsc932232-use-non-fips-md5.patch
+# PATCH-FEATURE-UPSTREAM gnome-keyring-bsc1039461-pam-man-page.patch bsc#1039461 bgo#784051 hpj@suse.com -- Add a man page for the PAM module
+Patch5:         gnome-keyring-bsc1039461-pam-man-page.patch
+BuildRequires:  automake
 BuildRequires:  ca-certificates
 BuildRequires:  desktop-file-utils
 BuildRequires:  fdupes
@@ -75,8 +78,8 @@
%package -n libgck-modules-gnome-keyring
 Summary:        Glib wrapper library for PKCS#11 - Modules
-Group:          System/GUI/GNOME
 # libgck-X-Y has a Provides for gck, just to help us with this Requires
+Group:          System/GUI/GNOME
 Requires:       gck
 # libgp11 used to be the library providing all this. It turns out the
 # modules are, as of 2.91.3, installed in the same place
@@ -123,8 +126,10 @@
 %patch3 -p1
 %patch4 -p1
 %endif
+%patch5 -p1
%build
+autoreconf -f
 %configure\
         --enable-pam \
         --with-pam-dir=/%{_lib}/security
@@ -218,5 +223,6 @@
 %files pam
 %defattr (-, root, root)
 %attr(555,root,root) /%{_lib}/security/*.so
+%{_mandir}/man8/pam_gnome_keyring.8%{?ext_man}
%changelog
++++++ gnome-keyring-bsc1039461-pam-man-page.patch ++++++

diff --git a/pam/Makefile.am b/pam/Makefile.am
index 5c83c00..9b5bcc8 100644
--- a/pam/Makefile.am
+++ b/pam/Makefile.am
@@ -72,3 +72,18 @@ test_pam_CFLAGS = $(pam_CFLAGS)
check_PROGRAMS += $(pam_TESTS)
 TESTS += $(pam_TESTS)
+
+# -----------------------------------------------------------------------------
+# Man page
+
+man_MANS = pam_gnome_keyring.8
+
+if ENABLE_DOC
+
+%.8: pam/%.8.xml
+	@XSLTPROC@ -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
+
+endif
+
+BUILT_EXTRA_DIST = $(man_MANS)
+EXTRA_DIST += pam_gnome_keyring.8.xml
diff --git a/pam/pam_gnome_keyring.8.xml b/pam/pam_gnome_keyring.8.xml
new file mode 100644
index 0000000..d4679a4
--- /dev/null
+++ b/pam/pam_gnome_keyring.8.xml
@@ -0,0 +1,268 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_gnome_keyring">
+
+  <refmeta>
+    <refentrytitle>pam_gnome_keyring</refentrytitle>
+    <manvolnum>8</manvolnum>
+    <refmiscinfo class="sectdesc">Gnome Keyring PAM Module Manual</refmiscinfo>
+  </refmeta>
+
+  <refnamediv id="pam_gnome_keyring-name">
+    <refname>pam_gnome_keyring</refname>
+    <refpurpose>automatic unlocking of Gnome Keyring</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis id="pam_gnome_keyring-cmdsynopsis">
+      <command>pam_gnome_keyring.so</command>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1 id="pam_gnome_keyring-description">
+
+    <title>DESCRIPTION</title>
+
+    <para>
+      The Gnome Keyring service module for PAM provides functionality for three
+      PAM categories: authentication, session management and password
+      management. In terms of module-type parameter, they are auth, session and
+      password. 
+    </para>
+
+    <refsect2 id="pam_gnome_keyring-description-auth">
+
+      <title>Authentication Module</title>
+
+      <para>
+        Gnome Keyring authentication module retrieves password obtained by
+        previous module in PAM stack and stores it for later use. When no
+        password was obtained this module does nothing and returns success. It
+        will never prompt for password by itself. Unless otherwise noted, this
+        module returns success.
+      </para>
+
+      <para>
+        The following options may be passed to authentication module:
+      </para>
+
+      <variablelist>
+        <varlistentry>
+          <term>
+            <option>auto_start</option>
+          </term>
+          <listitem>
+            <para>
+              Gnome Keyring daemon is started if not already running and login
+              keyring unlocked using provided password. If any of this fail,
+              this module returns error. 
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>
+            <option>only_if=service</option>
+          </term>
+          <listitem>
+            <para>
+              Comma separated list of services (eg. gdm,xdm) this module will
+              handle. If a service is not in this list, module returns success
+              without doing anything. 
+            </para>
+          </listitem>
+        </varlistentry>
+      </variablelist>
+
+    </refsect2>
+
+    <refsect2 id="pam_gnome_keyring-description-session">
+
+      <title>Session Management Module</title>
+
+      <para>
+        The Gnome Keyring session management module provides functions to
+        initiate and terminate sessions. If Gnome Keyring daemon is not running
+        or no password was stored by authentication module, this module returns
+        success. Otherwise it will attempt to unlock login keyring. If
+        unlocking fails, this module will return error. When session is
+        terminated and daemon was started in either module, then that daemon
+        will be terminated. 
+      </para>
+
+      <para>
+        The following options may be passed to session management module:
+      </para>
+
+      <variablelist>
+        <varlistentry>
+          <term>
+            <option>auto_start</option>
+          </term>
+          <listitem>
+            <para>
+              Same as in authentication. Please note that either authentication
+              or session management module must have option auto_start for
+              Gnome Keyring daemon to be started. 
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>
+            <option>only_if=service</option>
+          </term>
+          <listitem>
+            <para>
+              List of services to handle.
+            </para>
+          </listitem>
+        </varlistentry>
+      </variablelist>
+
+    </refsect2>
+
+    <refsect2 id="pam_gnome_keyring-description-password">
+
+      <title>Password Management Module</title>
+
+      <para>
+        The Gnome Keyring password module allows changing password for login
+        keyring. If no old password was obtained by previous module in the stack, this
+        module is ignored. On the other hand, when no new password was obtained, this
+        module will prompt for one. Gnome Keyring daemon will be started if not already
+        running and stopped after concluding operation if it was not running before. 
+      </para>
+
+      <para>
+        The following options may be passed to password management module:
+      </para>
+
+      <variablelist>
+        <varlistentry>
+          <term>
+            <option>auto_start</option>
+          </term>
+          <listitem>
+            <para>
+              Keep daemon running even when started by this module.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>
+            <option>only_if=service</option>
+          </term>
+          <listitem>
+            <para>
+              List of services to handle.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>
+            <option>use_authtok</option>
+          </term>
+          <listitem>
+            <para>
+              Do not prompt for new password. If not provided, return error.
+            </para>
+          </listitem>
+        </varlistentry>
+      </variablelist>
+
+    </refsect2>
+  </refsect1>
+
+  <refsect1 id='pam_gnome_keyring-files'>
+
+    <title>FILES</title>
+
+    <variablelist>
+      <varlistentry>
+        <term>
+          $HOME/.local/share/keyrings/login.keyring
+        </term>
+        <listitem>
+          <para>
+            Encrypted login keyring.
+          </para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+
+  </refsect1>
+
+  <refsect1 id='pam_gnome_keyring-examples'>
+
+    <title>EXAMPLES</title>
+
+    <para>
+      The following example of file /etc/pam.d/gdm configures gdm service to
+      use standard UNIX authentication, as well as start and unlock Gnome
+      Keyring. Rest of configuration is inherited from login service
+      configuration.
+    </para>
+
+    <programlisting>
+auth       required     pam_unix.so
+auth       optional     pam_gnome_keyring.so
+account    include      login
+session    include      login
+session    optional     pam_gnome_keyring.so auto_start
+password   include      login
+    </programlisting>
+
+    <para>
+      The following example of file /etc/pam.d/passwd configures passwd program
+      to update keyring password along with user's system password: 
+    </para>
+
+    <programlisting>
+password   required     pam_unix.so
+password   optional     pam_gnome_keyring.so
+    </programlisting>
+
+  </refsect1>
+
+  <refsect1 id='pam_gnome_keyring-notes'>
+    <title>NOTES</title>
+    <para>
+      Gnome Keyring implements its own SSH agent, therefore you should not stack
+      it with pam_ssh for session management.
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_gnome_keyring-see_also'>
+    <title>SEE ALSO</title>
+    <para>
+      <citerefentry>
+	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>auditctl</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>auditd</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_gnome_keyring-author'>
+    <title>AUTHOR</title>
+      <para>
+        pam_gnome_keyring was written by Stef Walter &lt;stef@thewalter.net&gt;
+      </para>
+  </refsect1>
+
+</refentry>

    