On Sun, Jul 09, 2017 at 05:36:43PM +0100, Kaashif Hymabaccus wrote:
> Hello ports@,
>
> This updates x11/i3lock from some commmit to 2.9.1. All of jasper@'s
> patches were accepted upstream, so there is no need for them.
>
> They did revert an old commit which ended up readding -lpam in the
> Makefile, unconditionally, so we still have to patch that out. I will
> submit a PR upstream and hopefully the next release will be
> patch-free.
>
> OK?
Thanks, I've just applied a similar patch (without unneeded VERSION) and
submitted a patch to upstream for the -lpam bit.
Cheers,
Jasper
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/x11/i3lock/Makefile,v
> retrieving revision 1.1.1.1
> diff -u -p -u -p -r1.1.1.1 Makefile
> --- Makefile 15 Apr 2017 12:53:02 -0000 1.1.1.1
> +++ Makefile 9 Jul 2017 15:17:58 -0000
> @@ -2,11 +2,11 @@
>
> COMMENT = improved screen locker
>
> +VERSION = 2.9.1
> GH_ACCOUNT = i3
> GH_PROJECT = i3lock
> -# XXX: Remove when upgrading
> -GH_COMMIT = 80d4452ec680bcb0e57418f69d44d88ded82047c
> -DISTNAME = i3lock-2.9
> +GH_TAGNAME = ${VERSION}
> +DISTNAME = i3lock-${VERSION}
>
> CATEGORIES = x11
>
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/x11/i3lock/distinfo,v
> retrieving revision 1.2
> diff -u -p -u -p -r1.2 distinfo
> --- distinfo 6 May 2017 15:10:18 -0000 1.2
> +++ distinfo 9 Jul 2017 15:17:58 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (i3lock-2.9-80d4452e.tar.gz) =
> IrR9TeilPaU6myyezcWpbQhB3iQHNGAR+ycutlEBZRE=
> -SIZE (i3lock-2.9-80d4452e.tar.gz) = 23692
> +SHA256 (i3lock-2.9.1.tar.gz) = mY50R3gTvJxti9V6lFVBQA996Ny4mE8U1Lb4pSje7/c=
> +SIZE (i3lock-2.9.1.tar.gz) = 24108
> Index: patches/patch-Makefile
> ===================================================================
> RCS file: /cvs/ports/x11/i3lock/patches/patch-Makefile,v
> retrieving revision 1.1.1.1
> diff -u -p -u -p -r1.1.1.1 patch-Makefile
> --- patches/patch-Makefile 15 Apr 2017 12:53:02 -0000 1.1.1.1
> +++ patches/patch-Makefile 9 Jul 2017 15:17:58 -0000
> @@ -1,29 +1,11 @@
> -$OpenBSD: patch-Makefile,v 1.1.1.1 2017/04/15 12:53:02 jasper Exp $
> -
> -Add bsd_auth(3) support.
> -
> ---- Makefile.orig Sun Mar 26 15:01:23 2017
> -+++ Makefile Fri Apr 14 19:44:10 2017
> -@@ -1,4 +1,5 @@
> - TOPDIR=$(shell pwd)
> -+UNAME=$(shell uname)
> -
> - INSTALL=install
> - PREFIX=/usr
> -@@ -16,9 +17,15 @@ CFLAGS += -Wall
> +$OpenBSD$
> +--- Makefile.orig Sun Jul 9 16:45:41 2017
> ++++ Makefile Sun Jul 9 16:45:53 2017
> +@@ -17,7 +17,6 @@ CFLAGS += -Wall
> CPPFLAGS += -D_GNU_SOURCE
> - CFLAGS += $(shell $(PKG_CONFIG) --cflags cairo xcb-composite xcb-dpms
> xcb-xinerama xcb-atom xcb-image xcb-xkb xkbcommon xkbcommon-x11)
> - LIBS += $(shell $(PKG_CONFIG) --libs cairo xcb-composite xcb-dpms
> xcb-xinerama xcb-atom xcb-image xcb-xkb xkbcommon xkbcommon-x11)
> + CFLAGS += $(shell $(PKG_CONFIG) --cflags cairo xcb-xinerama xcb-atom
> xcb-image xcb-xkb xkbcommon xkbcommon-x11)
> + LIBS += $(shell $(PKG_CONFIG) --libs cairo xcb-xinerama xcb-atom xcb-image
> xcb-xkb xkbcommon xkbcommon-x11)
> -LIBS += -lpam
> LIBS += -lev
> LIBS += -lm
> -+
> -+# OpenBSD lacks PAM, use bsd_auth(3) instead.
> -+ifeq ($(UNAME),OpenBSD)
> -+ CPPFLAGS += -DUSE_BSDAUTH
> -+else
> -+ LIBS += -lpam
> -+endif
>
> - FILES:=$(wildcard *.c)
> - FILES:=$(FILES:.c=.o)
> Index: patches/patch-i3lock_c
> ===================================================================
> RCS file: patches/patch-i3lock_c
> diff -N patches/patch-i3lock_c
> --- patches/patch-i3lock_c 15 Apr 2017 12:53:02 -0000 1.1.1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,231 +0,0 @@
> -$OpenBSD: patch-i3lock_c,v 1.1.1.1 2017/04/15 12:53:02 jasper Exp $
> -
> -Add bsd_auth(3) support.
> -
> ---- i3lock.c.orig Sun Mar 26 15:01:23 2017
> -+++ i3lock.c Fri Apr 14 19:42:14 2017
> -@@ -18,7 +18,12 @@
> - #include <xcb/xkb.h>
> - #include <err.h>
> - #include <assert.h>
> -+#ifdef USE_BSDAUTH
> -+#include <login_cap.h>
> -+#include <bsd_auth.h>
> -+#else
> - #include <security/pam_appl.h>
> -+#endif
> - #include <getopt.h>
> - #include <string.h>
> - #include <ev.h>
> -@@ -29,6 +34,9 @@
> - #include <cairo.h>
> - #include <cairo/cairo-xcb.h>
> -
> -+#ifdef __OpenBSD__
> -+#include <strings.h> /* explicit_bzero(3) */
> -+#endif
> - #include "i3lock.h"
> - #include "xcb.h"
> - #include "cursors.h"
> -@@ -49,7 +57,9 @@ char color[7] = "ffffff";
> - uint32_t last_resolution[2];
> - xcb_window_t win;
> - static xcb_cursor_t cursor;
> -+#ifndef USE_BSDAUTH
> - static pam_handle_t *pam_handle;
> -+#endif /* !USE_BSDAUTH */
> - int input_position = 0;
> - /* Holds the password you enter (in UTF-8). */
> - static char password[512];
> -@@ -59,11 +69,11 @@ bool unlock_indicator = true;
> - char *modifier_string = NULL;
> - static bool dont_fork = false;
> - struct ev_loop *main_loop;
> --static struct ev_timer *clear_pam_wrong_timeout;
> -+static struct ev_timer *clear_auth_wrong_timeout;
> - static struct ev_timer *clear_indicator_timeout;
> - static struct ev_timer *discard_passwd_timeout;
> - extern unlock_state_t unlock_state;
> --extern pam_state_t pam_state;
> -+extern auth_state_t auth_state;
> - int failed_attempts = 0;
> - bool show_failed_attempts = false;
> - bool retry_verification = false;
> -@@ -158,6 +168,9 @@ static bool load_compose_table(const char *locale) {
> - *
> - */
> - static void clear_password_memory(void) {
> -+#ifdef __OpenBSD__
> -+ explicit_bzero(password, strlen(password));
> -+#else
> - /* A volatile pointer to the password buffer to prevent the compiler
> from
> - * optimizing this out. */
> - volatile char *vpassword = password;
> -@@ -167,6 +180,7 @@ static void clear_password_memory(void) {
> - * compiler from optimizing the calls away, since the value of
> 'beep'
> - * is not known at compile-time. */
> - vpassword[c] = c + (int)beep;
> -+#endif
> - }
> -
> - ev_timer *start_timer(ev_timer *timer_obj, ev_tstamp timeout, ev_callback_t
> callback) {
> -@@ -206,13 +220,13 @@ static void finish_input(void) {
> - }
> -
> - /*
> -- * Resets pam_state to STATE_PAM_IDLE 2 seconds after an unsuccessful
> -+ * Resets auth_state to STATE_AUTH_IDLE 2 seconds after an unsuccessful
> - * authentication event.
> - *
> - */
> - static void clear_pam_wrong(EV_P_ ev_timer *w, int revents) {
> - DEBUG("clearing pam wrong\n");
> -- pam_state = STATE_PAM_IDLE;
> -+ auth_state = STATE_AUTH_IDLE;
> - redraw_screen();
> -
> - /* Clear modifier string. */
> -@@ -222,7 +236,7 @@ static void clear_pam_wrong(EV_P_ ev_timer *w, int rev
> - }
> -
> - /* Now free this timeout. */
> -- STOP_TIMER(clear_pam_wrong_timeout);
> -+ STOP_TIMER(clear_auth_wrong_timeout);
> -
> - /* retry with input done during pam verification */
> - if (retry_verification) {
> -@@ -248,11 +262,24 @@ static void discard_passwd_cb(EV_P_ ev_timer *w, int r
> - }
> -
> - static void input_done(void) {
> -- STOP_TIMER(clear_pam_wrong_timeout);
> -- pam_state = STATE_PAM_VERIFY;
> -+ STOP_TIMER(clear_auth_wrong_timeout);
> -+ auth_state = STATE_AUTH_VERIFY;
> - unlock_state = STATE_STARTED;
> - redraw_screen();
> -
> -+#ifdef USE_BSDAUTH
> -+ struct passwd *pw;
> -+
> -+ if (!(pw = getpwuid(getuid())))
> -+ errx(1, "unknown uid %u.", getuid());
> -+
> -+ if (auth_userokay(pw->pw_name, NULL, NULL, password) != 0) {
> -+ DEBUG("successfully authenticated\n");
> -+ clear_password_memory();
> -+
> -+ exit(0);
> -+ }
> -+#else
> - if (pam_authenticate(pam_handle, 0) == PAM_SUCCESS) {
> - DEBUG("successfully authenticated\n");
> - clear_password_memory();
> -@@ -266,12 +293,13 @@ static void input_done(void) {
> -
> - exit(0);
> - }
> -+#endif
> -
> - if (debug_mode)
> - fprintf(stderr, "Authentication failure\n");
> -
> - /* Get state of Caps and Num lock modifiers, to be displayed in
> -- * STATE_PAM_WRONG state */
> -+ * STATE_AUTH_WRONG state */
> - xkb_mod_index_t idx, num_mods;
> - const char *mod_name;
> -
> -@@ -305,7 +333,7 @@ static void input_done(void) {
> - }
> - }
> -
> -- pam_state = STATE_PAM_WRONG;
> -+ auth_state = STATE_AUTH_WRONG;
> - failed_attempts += 1;
> - clear_input();
> - if (unlock_indicator)
> -@@ -314,7 +342,7 @@ static void input_done(void) {
> - /* Clear this state after 2 seconds (unless the user enters another
> - * password during that time). */
> - ev_now_update(main_loop);
> -- START_TIMER(clear_pam_wrong_timeout, TSTAMP_N_SECS(2), clear_pam_wrong);
> -+ START_TIMER(clear_auth_wrong_timeout, TSTAMP_N_SECS(2),
> clear_pam_wrong);
> -
> - /* Cancel the clear_indicator_timeout, it would hide the unlock
> indicator
> - * too early. */
> -@@ -393,7 +421,7 @@ static void handle_key_press(xcb_key_press_event_t *ev
> - if ((ksym == XKB_KEY_j || ksym == XKB_KEY_m) && !ctrl)
> - break;
> -
> -- if (pam_state == STATE_PAM_WRONG) {
> -+ if (auth_state == STATE_AUTH_WRONG) {
> - retry_verification = true;
> - return;
> - }
> -@@ -601,6 +629,7 @@ void handle_screen_resize(void) {
> - * Callback function for PAM. We only react on password request callbacks.
> - *
> - */
> -+#ifndef USE_BSDAUTH
> - static int conv_callback(int num_msg, const struct pam_message **msg,
> - struct pam_response **resp, void *appdata_ptr) {
> - if (num_msg == 0)
> -@@ -627,6 +656,7 @@ static int conv_callback(int num_msg, const struct pam
> -
> - return 0;
> - }
> -+#endif /* !USE_BSDAUTH */
> -
> - /*
> - * This callback is only a dummy, see xcb_prepare_cb and xcb_check_cb.
> -@@ -782,8 +812,10 @@ int main(int argc, char *argv[]) {
> - struct passwd *pw;
> - char *username;
> - char *image_path = NULL;
> -+#ifndef USE_BSDAUTH
> - int ret;
> - struct pam_conv conv = {conv_callback, NULL};
> -+#endif /* !USE_BSDAUTH */
> - int curs_choice = CURS_NONE;
> - int o;
> - int optind = 0;
> -@@ -877,17 +909,19 @@ int main(int argc, char *argv[]) {
> - * the unlock indicator upon keypresses. */
> - srand(time(NULL));
> -
> -+#ifndef USE_BSDAUTH
> - /* Initialize PAM */
> - if ((ret = pam_start("i3lock", username, &conv, &pam_handle)) !=
> PAM_SUCCESS)
> - errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret));
> -
> - if ((ret = pam_set_item(pam_handle, PAM_TTY, getenv("DISPLAY"))) !=
> PAM_SUCCESS)
> - errx(EXIT_FAILURE, "PAM: %s", pam_strerror(pam_handle, ret));
> -+#endif /* !USE_BSDAUTH */
> -
> - /* Using mlock() as non-super-user seems only possible in Linux. Users of
> other
> - * operating systems should use encrypted swap/no swap (or remove the ifdef
> and
> - * run i3lock as super-user). */
> --#if defined(__linux__)
> -+#if defined(__linux__) || defined(__OpenBSD__)
> - /* Lock the area where we store the password in memory, we don???t want
> it to
> - * be swapped to disk. Since Linux 2.6.9, this does not require any
> - * privileges, just enough bytes in the RLIMIT_MEMLOCK limit. */
> -@@ -985,7 +1019,7 @@ int main(int argc, char *argv[]) {
> - cursor = create_cursor(conn, screen, win, curs_choice);
> -
> - /* Display the "locking???" message while trying to grab the
> pointer/keyboard. */
> -- pam_state = STATE_PAM_LOCK;
> -+ auth_state = STATE_AUTH_LOCK;
> - grab_pointer_and_keyboard(conn, screen, cursor);
> -
> - pid_t pid = fork();
> -@@ -1012,7 +1046,7 @@ int main(int argc, char *argv[]) {
> - errx(EXIT_FAILURE, "Could not initialize libev. Bad
> LIBEV_FLAGS?\n");
> -
> - /* Explicitly call the screen redraw in case "locking???" message was
> displayed */
> -- pam_state = STATE_PAM_IDLE;
> -+ auth_state = STATE_AUTH_IDLE;
> - redraw_screen();
> -
> - struct ev_io *xcb_watcher = calloc(sizeof(struct ev_io), 1);
> Index: patches/patch-unlock_indicator_c
> ===================================================================
> RCS file: patches/patch-unlock_indicator_c
> diff -N patches/patch-unlock_indicator_c
> --- patches/patch-unlock_indicator_c 15 Apr 2017 12:53:02 -0000 1.1.1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,100 +0,0 @@
> -$OpenBSD: patch-unlock_indicator_c,v 1.1.1.1 2017/04/15 12:53:02 jasper Exp $
> -
> -Add bsd_auth(3) support.
> -
> ---- unlock_indicator.c.orig Sun Mar 26 15:01:23 2017
> -+++ unlock_indicator.c Fri Apr 14 19:42:14 2017
> -@@ -78,7 +78,7 @@ static xcb_visualtype_t *vistype;
> - /* Maintain the current unlock/PAM state to draw the appropriate unlock
> - * indicator. */
> - unlock_state_t unlock_state;
> --pam_state_t pam_state;
> -+auth_state_t auth_state;
> -
> - /*
> - * Returns the scaling factor of the current screen. E.g., on a 227 DPI
> MacBook
> -@@ -141,7 +141,7 @@ xcb_pixmap_t draw_image(uint32_t *resolution) {
> - }
> -
> - if (unlock_indicator &&
> -- (unlock_state >= STATE_KEY_PRESSED || pam_state > STATE_PAM_IDLE)) {
> -+ (unlock_state >= STATE_KEY_PRESSED || auth_state >
> STATE_AUTH_IDLE)) {
> - cairo_scale(ctx, scaling_factor(), scaling_factor());
> - /* Draw a (centered) circle with transparent background. */
> - cairo_set_line_width(ctx, 10.0);
> -@@ -154,12 +154,12 @@ xcb_pixmap_t draw_image(uint32_t *resolution) {
> -
> - /* Use the appropriate color for the different PAM states
> - * (currently verifying, wrong password, or default) */
> -- switch (pam_state) {
> -- case STATE_PAM_VERIFY:
> -- case STATE_PAM_LOCK:
> -+ switch (auth_state) {
> -+ case STATE_AUTH_VERIFY:
> -+ case STATE_AUTH_LOCK:
> - cairo_set_source_rgba(ctx, 0, 114.0 / 255, 255.0 / 255,
> 0.75);
> - break;
> -- case STATE_PAM_WRONG:
> -+ case STATE_AUTH_WRONG:
> - case STATE_I3LOCK_LOCK_FAILED:
> - cairo_set_source_rgba(ctx, 250.0 / 255, 0, 0, 0.75);
> - break;
> -@@ -169,16 +169,16 @@ xcb_pixmap_t draw_image(uint32_t *resolution) {
> - }
> - cairo_fill_preserve(ctx);
> -
> -- switch (pam_state) {
> -- case STATE_PAM_VERIFY:
> -- case STATE_PAM_LOCK:
> -+ switch (auth_state) {
> -+ case STATE_AUTH_VERIFY:
> -+ case STATE_AUTH_LOCK:
> - cairo_set_source_rgb(ctx, 51.0 / 255, 0, 250.0 / 255);
> - break;
> -- case STATE_PAM_WRONG:
> -+ case STATE_AUTH_WRONG:
> - case STATE_I3LOCK_LOCK_FAILED:
> - cairo_set_source_rgb(ctx, 125.0 / 255, 51.0 / 255, 0);
> - break;
> -- case STATE_PAM_IDLE:
> -+ case STATE_AUTH_IDLE:
> - cairo_set_source_rgb(ctx, 51.0 / 255, 125.0 / 255, 0);
> - break;
> - }
> -@@ -205,14 +205,14 @@ xcb_pixmap_t draw_image(uint32_t *resolution) {
> - cairo_set_source_rgb(ctx, 0, 0, 0);
> - cairo_select_font_face(ctx, "sans-serif", CAIRO_FONT_SLANT_NORMAL,
> CAIRO_FONT_WEIGHT_NORMAL);
> - cairo_set_font_size(ctx, 28.0);
> -- switch (pam_state) {
> -- case STATE_PAM_VERIFY:
> -+ switch (auth_state) {
> -+ case STATE_AUTH_VERIFY:
> - text = "verifying???";
> - break;
> -- case STATE_PAM_LOCK:
> -+ case STATE_AUTH_LOCK:
> - text = "locking???";
> - break;
> -- case STATE_PAM_WRONG:
> -+ case STATE_AUTH_WRONG:
> - text = "wrong!";
> - break;
> - case STATE_I3LOCK_LOCK_FAILED:
> -@@ -245,7 +245,7 @@ xcb_pixmap_t draw_image(uint32_t *resolution) {
> - cairo_close_path(ctx);
> - }
> -
> -- if (pam_state == STATE_PAM_WRONG && (modifier_string != NULL)) {
> -+ if (auth_state == STATE_AUTH_WRONG && (modifier_string != NULL)) {
> - cairo_text_extents_t extents;
> - double x, y;
> -
> -@@ -334,7 +334,7 @@ xcb_pixmap_t draw_image(uint32_t *resolution) {
> - *
> - */
> - void redraw_screen(void) {
> -- DEBUG("redraw_screen(unlock_state = %d, pam_state = %d)\n",
> unlock_state, pam_state);
> -+ DEBUG("redraw_screen(unlock_state = %d, auth_state = %d)\n",
> unlock_state, auth_state);
> - xcb_pixmap_t bg_pixmap = draw_image(last_resolution);
> - xcb_change_window_attributes(conn, win, XCB_CW_BACK_PIXMAP,
> (uint32_t[1]){bg_pixmap});
> - /* XXX: Possible optimization: Only update the area in the middle of the
> Index: patches/patch-unlock_indicator_h
> ===================================================================
> RCS file: patches/patch-unlock_indicator_h
> diff -N patches/patch-unlock_indicator_h
> --- patches/patch-unlock_indicator_h 15 Apr 2017 12:53:02 -0000 1.1.1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,24 +0,0 @@
> -$OpenBSD: patch-unlock_indicator_h,v 1.1.1.1 2017/04/15 12:53:02 jasper Exp $
> -
> -Add bsd_auth(3) support.
> -
> ---- unlock_indicator.h.orig Sun Mar 26 15:01:23 2017
> -+++ unlock_indicator.h Fri Apr 14 19:42:14 2017
> -@@ -11,12 +11,12 @@ typedef enum {
> - } unlock_state_t;
> -
> - typedef enum {
> -- STATE_PAM_IDLE = 0, /* no PAM interaction at the moment */
> -- STATE_PAM_VERIFY = 1, /* currently verifying the password via
> PAM */
> -- STATE_PAM_LOCK = 2, /* currently locking the screen */
> -- STATE_PAM_WRONG = 3, /* the password was wrong */
> -+ STATE_AUTH_IDLE = 0, /* no authenticator interaction at the
> moment */
> -+ STATE_AUTH_VERIFY = 1, /* currently verifying the password via
> authenticator */
> -+ STATE_AUTH_LOCK = 2, /* currently locking the screen */
> -+ STATE_AUTH_WRONG = 3, /* the password was wrong */
> - STATE_I3LOCK_LOCK_FAILED = 4 /* i3lock failed to load */
> --} pam_state_t;
> -+} auth_state_t;
> -
> - xcb_pixmap_t draw_image(uint32_t* resolution);
> - void redraw_screen(void);
> Index: patches/patch-xcb_c
> ===================================================================
> RCS file: patches/patch-xcb_c
> diff -N patches/patch-xcb_c
> --- patches/patch-xcb_c 15 Apr 2017 12:53:02 -0000 1.1.1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,24 +0,0 @@
> -$OpenBSD: patch-xcb_c,v 1.1.1.1 2017/04/15 12:53:02 jasper Exp $
> -
> -Add bsd_auth(3) support.
> -
> ---- xcb.c.orig Sun Mar 26 15:01:23 2017
> -+++ xcb.c Fri Apr 14 19:42:14 2017
> -@@ -24,7 +24,7 @@
> - #include "cursors.h"
> - #include "unlock_indicator.h"
> -
> --extern pam_state_t pam_state;
> -+extern auth_state_t auth_state;
> -
> - xcb_connection_t *conn;
> - xcb_screen_t *screen;
> -@@ -262,7 +262,7 @@ void grab_pointer_and_keyboard(xcb_connection_t *conn,
> - /* After trying for 10000 times, i3lock will display an error message
> - * for 2 sec prior to terminate. */
> - if (tries <= 0) {
> -- pam_state = STATE_I3LOCK_LOCK_FAILED;
> -+ auth_state = STATE_I3LOCK_LOCK_FAILED;
> - redraw_screen();
> - sleep(1);
> - errx(EXIT_FAILURE, "Cannot grab pointer/keyboard");
>
--
jasper
