diff --git a/.files b/.files
index 13c205e..c515835 100644
Binary files a/.files and b/.files differ
diff --git a/.rev b/.rev
index 53357e9..f86571f 100644
--- a/.rev
+++ b/.rev
@@ -1103,4 +1103,11 @@ By now, it's required for sle-15, so synchronized the updated specfile and chang
Attempt to workaround
https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/102
+
+ 50328125674b70bc179085fc4c4df4e5
+ 0.6.55
+
+ dimstar_suse
+ Revert to 0.6.65 - https://bugzilla.opensuse.org/show_bug.cgi?id=1197610
+
diff --git a/.servicemark b/.servicemark
index ef9b741..28b7eb4 100644
--- a/.servicemark
+++ b/.servicemark
@@ -1 +1 @@
-cee88a4d8b6449aa72798b090c5064f4
+fd26b405e857161d19745e909d8a1e93
diff --git a/ac9b14f1c1bbca413987d0bbfeaad05804107e9a.patch b/ac9b14f1c1bbca413987d0bbfeaad05804107e9a.patch
new file mode 100644
index 0000000..ce74862
--- /dev/null
+++ b/ac9b14f1c1bbca413987d0bbfeaad05804107e9a.patch
@@ -0,0 +1,29 @@
+From ac9b14f1c1bbca413987d0bbfeaad05804107e9a Mon Sep 17 00:00:00 2001
+From: Luca Boccassi
+Date: Sun, 31 Oct 2021 12:29:14 +0000
+Subject: [PATCH] Fix build with meson 0.60
+
+Positional parameters to merge_file() were never allowed and always
+ignored, so just drop it.
+See: https://github.com/mesonbuild/meson/issues/9441
+
+Fixes #97
+---
+ data/meson.build | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/data/meson.build b/data/meson.build
+index 70edf89..9e80299 100644
+--- a/data/meson.build
++++ b/data/meson.build
+@@ -33,7 +33,6 @@ configure_file(
+ policy = act_namespace.to_lower() + '.policy'
+
+ i18n.merge_file(
+- policy,
+ input: policy + '.in',
+ output: policy,
+ po_dir: po_dir,
+--
+GitLab
+
diff --git a/accountsservice-0.6.55.tar.xz b/accountsservice-0.6.55.tar.xz
new file mode 120000
index 0000000..fda42a5
--- /dev/null
+++ b/accountsservice-0.6.55.tar.xz
@@ -0,0 +1 @@
+/ipfs/bafkreih7fmsbtj7anpm4wm277y4ry5ajwsna6ajqxcil2vdjfi4ym2m4tm
\ No newline at end of file
diff --git a/accountsservice-22.04.62.tar.xz b/accountsservice-22.04.62.tar.xz
deleted file mode 120000
index 5af55fa..0000000
--- a/accountsservice-22.04.62.tar.xz
+++ /dev/null
@@ -1 +0,0 @@
-/ipfs/bafkreihi5zvzlkqhh7f5kadxeztw3ylkxkmdopba2rcwbxyzfqffrs33wu
\ No newline at end of file
diff --git a/accountsservice-filter-suse-accounts.patch b/accountsservice-filter-suse-accounts.patch
new file mode 100644
index 0000000..95cf988
--- /dev/null
+++ b/accountsservice-filter-suse-accounts.patch
@@ -0,0 +1,19 @@
+Index: accountsservice-0.6.37/src/user-classify.c
+===================================================================
+--- accountsservice-0.6.37.orig/src/user-classify.c
++++ accountsservice-0.6.37/src/user-classify.c
+@@ -51,7 +51,13 @@ static const char *default_excludes[] =
+ "man",
+ "at",
+ "gdm",
+- "gnome-initial-setup"
++ "gnome-initial-setup",
++ "beagleindex",
++ "fax",
++ "suse-ncc",
++ "mailman",
++ "ldap",
++ "cyrus"
+ };
+
+ static gboolean
diff --git a/accountsservice-fix-gdm-crash.patch b/accountsservice-fix-gdm-crash.patch
new file mode 100644
index 0000000..617d0a5
--- /dev/null
+++ b/accountsservice-fix-gdm-crash.patch
@@ -0,0 +1,56 @@
+From 323707648fdefd11502faf44c2aa41d9b9500078 Mon Sep 17 00:00:00 2001
+From: Iain Lane
+Date: Tue, 28 Apr 2020 16:47:00 +0100
+Subject: [PATCH] act-user-manager: Watch for the daemon going away and coming
+ back
+
+And set is-loaded accordingly. This causes properties to be invalidated
+on the client side and then get re-fetched when the daemon comes back.
+
+https://gitlab.freedesktop.org/accountsservice/accountsservice/issues/55
+---
+ src/libaccountsservice/act-user-manager.c | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/src/libaccountsservice/act-user-manager.c b/src/libaccountsservice/act-user-manager.c
+index 61a8719..a317507 100644
+--- a/src/libaccountsservice/act-user-manager.c
++++ b/src/libaccountsservice/act-user-manager.c
+@@ -2298,6 +2298,23 @@ act_user_manager_queue_load (ActUserManager *manager)
+ }
+ }
+
++static void
++on_name_owner_changed (GObject *object,
++ GParamSpec *pspec,
++ gpointer user_data)
++{
++ ActUserManager *manager = ACT_USER_MANAGER (user_data);
++ GDBusProxy *accounts_proxy = G_DBUS_PROXY (object);
++ g_autofree gchar *owner = NULL;
++
++ g_return_if_fail (ACT_IS_USER_MANAGER (manager));
++ g_return_if_fail (accounts_proxy != NULL);
++
++ owner = g_dbus_proxy_get_name_owner (accounts_proxy);
++
++ set_is_loaded (manager, owner != NULL);
++}
++
+ static gboolean
+ ensure_accounts_proxy (ActUserManager *manager)
+ {
+@@ -2335,6 +2352,10 @@ ensure_accounts_proxy (ActUserManager *manager)
+ "user-deleted",
+ G_CALLBACK (on_user_removed_in_accounts_service),
+ manager);
++ g_signal_connect (priv->accounts_proxy,
++ "notify::g-name-owner",
++ G_CALLBACK (on_name_owner_changed),
++ manager);
+
+ return TRUE;
+ }
+--
+GitLab
+
diff --git a/accountsservice-read-root-user-cache.patch b/accountsservice-read-root-user-cache.patch
new file mode 100644
index 0000000..4f039a7
--- /dev/null
+++ b/accountsservice-read-root-user-cache.patch
@@ -0,0 +1,30 @@
+From d8b779513474ece1f5ec2fc9b7c32afb73e32181 Mon Sep 17 00:00:00 2001
+From: Ray Strode
+Date: Mon, 29 Apr 2019 10:14:12 -0400
+Subject: [PATCH] daemon: ensure cache files for system users are processed
+
+At the moment we skip cache files for system users. That
+doesn't make much sense; if there's a cache file we should
+be using it.
+
+This commit changes the code to read cache files, even for
+system users, and so lets root have a non-default session.
+
+Closes: https://gitlab.freedesktop.org/accountsservice/accountsservice/issues/65
+---
+ src/daemon.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: accountsservice-0.6.55/src/daemon.c
+===================================================================
+--- accountsservice-0.6.55.orig/src/daemon.c 2019-05-30 00:12:49.993056439 +0200
++++ accountsservice-0.6.55/src/daemon.c 2019-05-30 00:12:50.289059484 +0200
+@@ -486,7 +486,7 @@ reload_users (Daemon *daemon)
+ load_entries (daemon, users, TRUE, entry_generator_requested_users);
+
+ /* Now add/update users from other sources, possibly non-local */
+- load_entries (daemon, users, FALSE, entry_generator_cachedir);
++ load_entries (daemon, users, TRUE, entry_generator_cachedir);
+
+ wtmp_helper_update_login_frequencies (users);
+
diff --git a/accountsservice-sysconfig.patch b/accountsservice-sysconfig.patch
index 366e009..acfc934 100644
--- a/accountsservice-sysconfig.patch
+++ b/accountsservice-sysconfig.patch
@@ -4,19 +4,19 @@ Date: Wed Jul 20 16:48:41 2011 +0200
Use autologin configuration from sysconfig (SUSE-ism)
-Index: accountsservice-22.04.62/src/daemon.c
+Index: accountsservice-0.6.55/src/daemon.c
===================================================================
---- accountsservice-22.04.62.orig/src/daemon.c
-+++ accountsservice-22.04.62/src/daemon.c
-@@ -50,6 +50,7 @@
+--- accountsservice-0.6.55.orig/src/daemon.c 2019-04-23 17:16:09.000000000 +0200
++++ accountsservice-0.6.55/src/daemon.c 2019-05-30 00:12:49.993056439 +0200
+@@ -47,6 +47,7 @@
+ #include "wtmp-helper.h"
+ #include "daemon.h"
#include "util.h"
- #include "user.h"
- #include "accounts-user-generated.h"
+#include "gdm-sysconfig.h"
#define PATH_PASSWD "/etc/passwd"
#define PATH_SHADOW "/etc/shadow"
-@@ -581,7 +582,7 @@ reload_autologin_timeout (Daemon *daemon
+@@ -582,7 +583,7 @@ reload_autologin_timeout (Daemon *daemon
priv->autologin_id = 0;
if (!load_autologin (daemon, &name, &enabled, &error)) {
@@ -25,7 +25,7 @@ Index: accountsservice-22.04.62/src/daemon.c
return FALSE;
}
-@@ -1508,6 +1509,43 @@ daemon_local_check_auth (Daemon
+@@ -1474,6 +1475,43 @@ daemon_local_check_auth (Daemon
g_object_unref (subject);
}
@@ -69,7 +69,7 @@ Index: accountsservice-22.04.62/src/daemon.c
gboolean
load_autologin (Daemon *daemon,
gchar **name,
-@@ -1518,6 +1556,8 @@ load_autologin (Daemon *daemon,
+@@ -1484,6 +1522,8 @@ load_autologin (Daemon *daemon,
GError *local_error = NULL;
g_autofree gchar *string = NULL;
@@ -78,19 +78,19 @@ Index: accountsservice-22.04.62/src/daemon.c
keyfile = g_key_file_new ();
if (!g_key_file_load_from_file (keyfile,
PATH_GDM_CUSTOM,
-@@ -1558,6 +1598,8 @@ save_autologin (Daemon *daemon,
+@@ -1523,6 +1563,8 @@ save_autologin (Daemon *daemon,
+ g_autofree gchar *data = NULL;
gboolean result;
- g_autoptr(GError) local_error = NULL;
+ return save_autologin_suse (daemon, name, enabled, error);
+
keyfile = g_key_file_new ();
if (!g_key_file_load_from_file (keyfile,
PATH_GDM_CUSTOM,
-Index: accountsservice-22.04.62/src/gdm-sysconfig.c
+Index: accountsservice-0.6.55/src/gdm-sysconfig.c
===================================================================
---- /dev/null
-+++ accountsservice-22.04.62/src/gdm-sysconfig.c
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ accountsservice-0.6.55/src/gdm-sysconfig.c 2019-05-30 00:12:49.993056439 +0200
@@ -0,0 +1,484 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*-
+ *
@@ -576,10 +576,10 @@ Index: accountsservice-22.04.62/src/gdm-sysconfig.c
+ g_strfreev (lines);
+ return result;
+}
-Index: accountsservice-22.04.62/src/gdm-sysconfig.h
+Index: accountsservice-0.6.55/src/gdm-sysconfig.h
===================================================================
---- /dev/null
-+++ accountsservice-22.04.62/src/gdm-sysconfig.h
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ accountsservice-0.6.55/src/gdm-sysconfig.h 2019-05-30 00:12:49.993056439 +0200
@@ -0,0 +1,43 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*-
+ *
@@ -624,11 +624,11 @@ Index: accountsservice-22.04.62/src/gdm-sysconfig.h
+G_END_DECLS
+
+#endif /* __GDM_SYSCONFIG_H */
-Index: accountsservice-22.04.62/src/meson.build
+Index: accountsservice-0.6.55/src/meson.build
===================================================================
---- accountsservice-22.04.62.orig/src/meson.build
-+++ accountsservice-22.04.62/src/meson.build
-@@ -48,6 +48,8 @@ libaccounts_generated_dep = declare_depe
+--- accountsservice-0.6.55.orig/src/meson.build 2019-04-23 17:16:09.000000000 +0200
++++ accountsservice-0.6.55/src/meson.build 2019-05-30 00:12:49.993056439 +0200
+@@ -46,6 +46,8 @@ libaccounts_generated_dep = declare_depe
)
sources = files(
diff --git a/accountsservice-too-restrictive.patch b/accountsservice-too-restrictive.patch
deleted file mode 100644
index 62fd04e..0000000
--- a/accountsservice-too-restrictive.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Index: accountsservice-22.04.62/data/accounts-daemon.service.in
-===================================================================
---- accountsservice-22.04.62.orig/data/accounts-daemon.service.in
-+++ accountsservice-22.04.62/data/accounts-daemon.service.in
-@@ -18,7 +18,7 @@ Environment=GVFS_REMOTE_VOLUME_MONITOR_I
- StateDirectory=AccountsService
- StateDirectoryMode=0775
-
--ProtectSystem=strict
-+ProtectSystem=false
- PrivateDevices=true
- ProtectKernelTunables=true
- ProtectKernelModules=true
-@@ -33,7 +33,7 @@ PrivateUsers=false
- RestrictAddressFamilies=AF_UNIX
- SystemCallArchitectures=native
- SystemCallFilter=~@mount
--RestrictNamespaces=true
-+RestrictNamespaces=false
- LockPersonality=true
- MemoryDenyWriteExecute=true
- RestrictRealtime=true
diff --git a/accountsservice-wtmp-io-improvements.patch b/accountsservice-wtmp-io-improvements.patch
new file mode 100644
index 0000000..3db2c97
--- /dev/null
+++ b/accountsservice-wtmp-io-improvements.patch
@@ -0,0 +1,34 @@
+From 64b11314ea71b5e22edf4d968347489c5d5acd01 Mon Sep 17 00:00:00 2001
+From: Ray Strode
+Date: Thu, 9 May 2019 14:58:34 -0400
+Subject: [PATCH] data: don't send change updates for login-history
+
+The login-history property of user objects can be quite large.
+If wtmp is changed frequently, that can lead to memory fragmentation
+in clients.
+
+Furthermore, most clients never check login-history, so it's
+wasted memory and wasted cpu.
+
+This commit disables change notification for that property. If
+a client really needs to get updates, they can manually refresh
+their cache when appropriate.
+---
+ data/org.freedesktop.Accounts.User.xml | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/data/org.freedesktop.Accounts.User.xml b/data/org.freedesktop.Accounts.User.xml
+index 8d3fe1c..3b839a3 100644
+--- a/data/org.freedesktop.Accounts.User.xml
++++ b/data/org.freedesktop.Accounts.User.xml
+@@ -812,6 +812,7 @@
+
+
+
++
+
+
+
+--
+2.16.4
+
diff --git a/accountsservice.changes b/accountsservice.changes
index 2a592fc..791934e 100644
--- a/accountsservice.changes
+++ b/accountsservice.changes
@@ -1,115 +1,4 @@
-------------------------------------------------------------------
-Mon Mar 28 11:34:44 UTC 2022 - Dominique Leuenberger
-
-- Add accountsservice-too-restrictive.patch: weaken upstreams
- policy of accounts-daemon.service to be similar, but still
- stricter, to what we had with harden-accounts-daemon.service.patch.
- Attempt to workaround
- https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/102
-
--------------------------------------------------------------------
-Mon Mar 28 07:32:37 UTC 2022 - Dominique Leuenberger
-
-- Drop harden_accounts-daemon.service.patch: Seems to conflict with
- SELinux since version 22.04.62.
-
--------------------------------------------------------------------
-Fri Feb 11 23:35:22 UTC 2022 - Bjørn Lie
-
-- Update to version 22.04.62:
- + act-user-manager:
- - Fix incorrect return types in some finish() functions
- - Fix various refcounting bugs
- - Make a private function static
- - Remove ConsoleKit support
- - Watch for the daemon going away and coming back
- + act-user:
- - Use G_DECLARE_FINAL_TYPE to declare ActUser
- - Use stronger hashing methods in make_crypted() if available.
- + Add .service file to POTFILES.skip
- + Add support to build vala bindings
- + build:
- - Add missing pkg-config Requires.private dependencies
- - Bump minimum version of meson required
- - Expose chosen path_wtmp value as a variable
- + Check GDBusMessage for INTERACTIVE_AUTHORIZATION flag
- + ci:
- - Add test stage, reusing the build one
- - Cleanup the build stage so that we can define dependencies
- just once
- + Conditionalize more use of shadow.h
- + daemon:
- - Allow SystemAccount=false to be set in cache file
- - Don't try to add admin users to non existing groups
- - Ensure cache files for system users are processed
- - Fix error check in save_autologin()
- - Remove duplicate "changed" signal emission
- - Write GDM custom.conf file if it doesn't exist
- + data:
- - Don't send change updates for login-history
- - Tighten up systemd sandboxing of accounts-daemon.service
- + Drop .service file from POTFILES.in
- + Fix build with meson 0.60
- + Fix g-i annotation of act_user_get_password_expiration_policy
- + libaccountsservice: Expand documentation of ActUser:language
- + main:
- - Allow cache files to be marked immutable
- - Don’t print translation header with `--help`
- + meson: Determine project version from date
- + Move D-Bus conf file to $(datadir)/dbus-1/system.d
- + Never delete the root filesystem when removing users
- + NEWS: Drop NEWS file
- + po: delete obsolete po/accounts-service.pot
- + Remove user heuristics
- + Replace empty he.po with an actual translation
- + Stop ignoring autotools generated files
- + tests:
- - Add unit tests for libaccountservice using dbusmock and gir
- bindings
- - Sync tests with upstream python-dbusmock
- + user-classify: Add git to username blacklist
- + user:
- - Don't overwrite entire GECOS field when setting full name
- - Fix double-unref of GDBusMethodInvocation throughout
- - Fix indentation error
- - Introduce user templates for setting default session etc
- - Reject requests to change full name to something including a
- comma
- - Remove user from extra_admin_groups when demoting them from
- admin
- - Translate property x-session property name to match the proxy
- one
- + user-manager: Update users tables on username changes
- + Use timestamps instead of (expiration time and last change
- time)days
- + util:
- - Get uid when needed
- - Split out helper method for getting admin group IDs
- + Updated translations.
-- Drop patches fixed upstream:
- + accountsservice-read-root-user-cache.patch
- + accountsservice-wtmp-io-improvements.patch
- + accountsservice-fix-gdm-crash.patch
- + ac9b14f1c1bbca413987d0bbfeaad05804107e9a.patch
- + accountsservice-fix-gdm-crash.patch
-- Note that accountsservice-fix-gdm-crash.patch was not applied
- upstream, the issue was fixed in a different way. Upstream
- encourages issue reports should the current fix prove to not be
- good enough.
-- Rebase accountsservice-sysconfig.patch and
- harden_accounts-daemon.service.patch
-- Drop accountsservice-filter-suse-accounts.patch: The system users
- we were filtering are not present on any of today as far as I can
- tell, so drop this patch filtering out "common system users" such
- as beagleindex, fax and suse-ncc.
-- Stop passing systemd=true to meson, no longer recognized, nor
- needed.
-- Add pkgconfig(vapigen) BuildRequires: New dependency.
-- Add fdupes BuildRequires and macro, remove duplicates.
-- Add python3-dbusmock and python3-gobject BuildRequires and add a
- check section, run meson_test macro.
-
--------------------------------------------------------------------
Tue Feb 1 09:20:24 UTC 2022 - Bjørn Lie
- Add ac9b14f1c1bbca413987d0bbfeaad05804107e9a.patch: Fix build
diff --git a/accountsservice.spec b/accountsservice.spec
index e8194b2..f131039 100644
--- a/accountsservice.spec
+++ b/accountsservice.spec
@@ -16,8 +16,9 @@
#
+#!BuildIgnore: rpmlint-mini
Name: accountsservice
-Version: 22.04.62
+Version: 0.6.55
Release: 0
Summary: D-Bus Service to Manipulate User Account Information
License: GPL-3.0-or-later
@@ -26,21 +27,28 @@ URL: https://www.freedesktop.org/wiki/Software/AccountsService/
Source0: https://www.freedesktop.org/software/accountsservice/%{name}-%{version}.tar.xz
# WARNING: do not remove/significantly change patch0 without updating the relevant patch in gdm too
-# PATCH-FIX-OPENSUSE accountsservice-sysconfig.patch bnc#688071 vuntz@opensuse.org -- Read/write autologin configuration from sysconfig, like gdm (see gdm-sysconfig-settings.patch)
-Patch1: accountsservice-sysconfig.patch
-# PATCH-FIX-UPSTREAM accountsservice-too-restrictive.patch https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/102 -- Allow NAMESPACE switching until upstream finds the right flag
-Patch2: accountsservice-too-restrictive.patch
+# PATCH-FIX-OPENSUSE accountsservice-sysconfig.patch bnc#688071 vuntz@opensuse.org -- Read/write autologin configuration from sysconfig, like gdm (see gdm-sysconfig-settings.patch) WAS PATCH-FIX-OPENSUSE
+Patch0: accountsservice-sysconfig.patch
+# PATCH-FIX-OPENSUSE accountsservice-filter-suse-accounts.patch vuntz@opensuse.org -- Filter out some system users that are specific to openSUSE
+Patch1: accountsservice-filter-suse-accounts.patch
+# PATCH-FIX-UPSTREAM accountsservice-read-root-user-cache.patch bsc#1114292 glfo#accountsservice/accountsservice#65 xwang@suse.com-- read root user cache file WAS PATCH-FIX-UPSTREAM
+Patch2: accountsservice-read-root-user-cache.patch
+# PATCH-FIX-UPSTREAM accountsservice-wtmp-io-improvements.patch boo#1139487 fezhang@suse.com -- Backports that improve wtmp io performance.
+Patch3: accountsservice-wtmp-io-improvements.patch
+# PATCH-FIX-UPSTREAM accountsservice-fix-gdm-crash.patch glfo#accountsservice/accountsservice#55 antoine.belvire@opensuse.org -- Prevent gdm crash upon service restart when autologin is enabled
+Patch4: accountsservice-fix-gdm-crash.patch
+# PATCH-FIX-OPENSUSE harden_accounts-daemon.service.patch jsegitz@suse.com -- For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+Patch5: harden_accounts-daemon.service.patch
+# PATCH-FIX-UPSTREAM ac9b14f1c1bbca413987d0bbfeaad05804107e9a.patch -- Fix build with meson 0.61.0
+Patch6: https://gitlab.freedesktop.org/accountsservice/accountsservice/-/commit/ac9b14f1c1bbca413987d0bbfeaad05804107e9a.patch
## SLE and Leap only patches start at 1000
# PATCH-FEATURE-SLE as-fate318433-prevent-same-account-multi-logins.patch fate#318433 cxiong@suse.com -- prevent multiple simultaneous login.
Patch1000: as-fate318433-prevent-same-account-multi-logins.patch
-BuildRequires: fdupes
BuildRequires: gtk-doc
BuildRequires: meson
BuildRequires: pkgconfig
-BuildRequires: python3-dbusmock
-BuildRequires: python3-gobject
BuildRequires: pkgconfig(dbus-1)
BuildRequires: pkgconfig(gio-2.0) >= 2.37.3
BuildRequires: pkgconfig(gio-unix-2.0)
@@ -49,7 +57,6 @@ BuildRequires: pkgconfig(gobject-introspection-1.0)
BuildRequires: pkgconfig(libsystemd) >= 186
BuildRequires: pkgconfig(polkit-gobject-1)
BuildRequires: pkgconfig(systemd)
-BuildRequires: pkgconfig(vapigen)
%{?systemd_ordering}
%description
@@ -96,8 +103,13 @@ querying and manipulating user account information.
%prep
%setup -q
+%patch0 -p1
%patch1 -p1
%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
# SLE and Leap patches start at 1000
%if 0%{?sle_version}
@@ -106,18 +118,15 @@ querying and manipulating user account information.
%build
%meson \
- -D introspection=true \
- -D gtk_doc=true \
+ -Dsystemd=true \
+ -Dintrospection=true \
+ -Dgtk_doc=true \
%{nil}
%meson_build
%install
%meson_install
%find_lang accounts-service
-%fdupes %{buildroot}%{_datadir}/accountsservice/user-templates
-
-%check
-%meson_test
%pre
%service_add_pre accounts-daemon.service
@@ -136,10 +145,10 @@ querying and manipulating user account information.
%files
%license COPYING
-%doc README.md
+%doc NEWS README.md
%{_unitdir}/accounts-daemon.service
+%{_sysconfdir}/dbus-1/system.d/org.freedesktop.Accounts.conf
%{_libexecdir}/accounts-daemon
-%{_datadir}/dbus-1/system.d/org.freedesktop.Accounts.conf
%{_datadir}/dbus-1/interfaces/org.freedesktop.Accounts.xml
%{_datadir}/dbus-1/interfaces/org.freedesktop.Accounts.User.xml
%{_datadir}/dbus-1/system-services/org.freedesktop.Accounts.service
@@ -148,10 +157,6 @@ querying and manipulating user account information.
%dir %{_localstatedir}/lib/AccountsService
%dir %{_localstatedir}/lib/AccountsService/users
%dir %{_localstatedir}/lib/AccountsService/icons
-%dir %{_datadir}/accountsservice
-%dir %{_datadir}/accountsservice/user-templates
-%{_datadir}/accountsservice/user-templates/administrator
-%{_datadir}/accountsservice/user-templates/standard
%files -n libaccountsservice0
%{_libdir}/*.so.0*
@@ -166,9 +171,6 @@ querying and manipulating user account information.
%{_libdir}/pkgconfig/accountsservice.pc
%{_includedir}/accountsservice-1.0/
%{_datadir}/gir-1.0/AccountsService-1.0.gir
-%dir %{_datadir}/vala/vapi
-%{_datadir}/vala/vapi/accountsservice.deps
-%{_datadir}/vala/vapi/accountsservice.vapi
%files lang -f accounts-service.lang
diff --git a/harden_accounts-daemon.service.patch b/harden_accounts-daemon.service.patch
new file mode 100644
index 0000000..2e8d8c3
--- /dev/null
+++ b/harden_accounts-daemon.service.patch
@@ -0,0 +1,20 @@
+Index: accountsservice-0.6.55/data/accounts-daemon.service.in
+===================================================================
+--- accountsservice-0.6.55.orig/data/accounts-daemon.service.in
++++ accountsservice-0.6.55/data/accounts-daemon.service.in
+@@ -8,6 +8,15 @@ After=nss-user-lookup.target
+ Wants=nss-user-lookup.target
+
+ [Service]
++# added automatically, for details please see
++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
++PrivateDevices=true
++ProtectHostname=true
++ProtectClock=true
++ProtectKernelTunables=true
++ProtectKernelModules=true
++ProtectKernelLogs=true
++ProtectControlGroups=true
+ Type=dbus
+ BusName=org.freedesktop.Accounts
+ ExecStart=@libexecdir@/accounts-daemon