summaryrefslogtreecommitdiffstats
path: root/data
diff options
context:
space:
mode:
Diffstat (limited to 'data')
-rw-r--r--data/.gitignore2
-rw-r--r--data/61-gdm.rules.in6
-rw-r--r--data/Init.in89
-rwxr-xr-xdata/PostLogin8
-rwxr-xr-xdata/PostSession.in3
-rwxr-xr-xdata/PreSession.in9
-rwxr-xr-xdata/Xsession.in197
-rw-r--r--data/applications/meson.build16
-rw-r--r--data/applications/mime-dummy-handler.desktop6
-rw-r--r--data/applications/mimeapps.list19
-rw-r--r--data/autostart/meson.build12
-rw-r--r--data/autostart/orca-autostart.desktop7
-rw-r--r--data/dconf/.gitignore1
-rw-r--r--data/dconf/defaults/00-upstream-settings51
-rw-r--r--data/dconf/defaults/locks/00-upstream-settings-locks28
-rw-r--r--data/dconf/gdm.in2
-rw-r--r--data/dconf/meson.build25
-rw-r--r--data/gdm.conf-custom.in16
-rw-r--r--data/gdm.conf.in81
-rw-r--r--data/gdm.schemas.in134
-rw-r--r--data/gdm.service.in33
-rw-r--r--data/gnome-login.session.in3
-rw-r--r--data/locale.alias7
-rw-r--r--data/meson.build220
-rw-r--r--data/org.gnome.login-screen.gschema.xml102
-rw-r--r--data/pam-arch/gdm-autologin.pam13
-rw-r--r--data/pam-arch/gdm-fingerprint.pam14
-rw-r--r--data/pam-arch/gdm-launch-environment.pam13
-rw-r--r--data/pam-arch/gdm-password.pam11
-rw-r--r--data/pam-arch/gdm-pin.pam13
-rw-r--r--data/pam-arch/gdm-smartcard.pam14
-rw-r--r--data/pam-exherbo/gdm-autologin.pam14
-rw-r--r--data/pam-exherbo/gdm-fingerprint.pam10
-rw-r--r--data/pam-exherbo/gdm-launch-environment.pam15
-rw-r--r--data/pam-exherbo/gdm-password.pam10
-rw-r--r--data/pam-exherbo/gdm-pin.pam10
-rw-r--r--data/pam-exherbo/gdm-smartcard.pam18
-rw-r--r--data/pam-lfs/gdm-autologin.pam19
-rw-r--r--data/pam-lfs/gdm-fingerprint.pam18
-rw-r--r--data/pam-lfs/gdm-launch-environment.pam17
-rw-r--r--data/pam-lfs/gdm-password.pam17
-rw-r--r--data/pam-lfs/gdm-pin.pam17
-rw-r--r--data/pam-lfs/gdm-smartcard.pam17
-rw-r--r--data/pam-openembedded/gdm-autologin.pam5
-rw-r--r--data/pam-openembedded/gdm-launch-environment.pam5
-rw-r--r--data/pam-openembedded/gdm-password.pam5
-rw-r--r--data/pam-openembedded/gdm-pin.pam7
-rw-r--r--data/pam-redhat/gdm-autologin.pam16
-rw-r--r--data/pam-redhat/gdm-fingerprint.pam16
-rw-r--r--data/pam-redhat/gdm-launch-environment.pam9
-rw-r--r--data/pam-redhat/gdm-password.pam20
-rw-r--r--data/pam-redhat/gdm-pin.pam21
-rw-r--r--data/pam-redhat/gdm-smartcard.pam16
-rw-r--r--data/session.conf.in4
54 files changed, 1461 insertions, 0 deletions
diff --git a/data/.gitignore b/data/.gitignore
new file mode 100644
index 0000000..c95bb39
--- /dev/null
+++ b/data/.gitignore
@@ -0,0 +1,2 @@
+/gdm.service
+/greeter-dconf-defaults
diff --git a/data/61-gdm.rules.in b/data/61-gdm.rules.in
new file mode 100644
index 0000000..984fdd4
--- /dev/null
+++ b/data/61-gdm.rules.in
@@ -0,0 +1,6 @@
+# disable Wayland on Hi1710 chipsets
+ATTR{vendor}=="0x19e5", ATTR{device}=="0x1711", RUN+="@libexecdir@/gdm-disable-wayland"
+# disable Wayland when using the proprietary nvidia driver
+DRIVER=="nvidia", RUN+="@libexecdir@/gdm-disable-wayland"
+# disable Wayland if modesetting is disabled
+IMPORT{cmdline}="nomodeset", RUN+="@libexecdir@/gdm-disable-wayland"
diff --git a/data/Init.in b/data/Init.in
new file mode 100644
index 0000000..ec6fd39
--- /dev/null
+++ b/data/Init.in
@@ -0,0 +1,89 @@
+#!/bin/sh
+# Stolen from the debian kdm setup, aren't I sneaky
+# Plus a lot of fun stuff added
+# -George
+
+PATH="@X_PATH@:$PATH"
+OLD_IFS=$IFS
+
+gdmwhich () {
+ COMMAND="$1"
+ OUTPUT=
+ IFS=:
+ for dir in $PATH
+ do
+ if test -x "$dir/$COMMAND" ; then
+ if test "x$OUTPUT" = "x" ; then
+ OUTPUT="$dir/$COMMAND"
+ fi
+ fi
+ done
+ IFS=$OLD_IFS
+ echo "$OUTPUT"
+}
+
+sysresources=/etc/X11/Xresources
+
+# merge in defaults
+if [ -f "$sysresources" ]; then
+ xrdb -merge "$sysresources"
+fi
+
+sysmodmap=/etc/X11/Xmodmap
+
+XMODMAP=`gdmwhich xmodmap`
+if [ "x$XMODMAP" != "x" ] ; then
+ if [ "x$GDM_PARENT_DISPLAY" = "x" ]; then
+ if [ -f $sysmodmap ]; then
+ $XMODMAP $sysmodmap
+ fi
+ else
+ ( DISPLAY=$GDM_PARENT_DISPLAY XAUTHORITY=$GDM_PARENT_XAUTHORITY $XMODMAP -pke ) | $XMODMAP -
+ fi
+
+ #
+ # Switch Sun's Alt and Meta mod mappings
+ #
+
+ UNAME=`gdmwhich uname`
+ PROCESSOR=`$UNAME -p`
+ if [ "x$PROCESSOR" = "xsparc" ]; then
+ if $XMODMAP | grep mod4 | grep Alt > /dev/null 2>/dev/null
+ then
+ $XMODMAP -e "clear Mod1" \
+ -e "clear Mod4" \
+ -e "add Mod1 = Alt_L" \
+ -e "add Mod1 = Alt_R" \
+ -e "add Mod4 = Meta_L" \
+ -e "add Mod4 = Meta_R"
+ fi
+ fi
+fi
+
+SETXKBMAP=`gdmwhich setxkbmap`
+if [ "x$SETXKBMAP" != "x" ] ; then
+ # FIXME: is this all right? Is this completely on crack?
+ # What this does is move the xkb configuration from the GDM_PARENT_DISPLAY
+ # FIXME: This should be done in code. Or there must be an easier way ...
+ if [ -n "$GDM_PARENT_DISPLAY" ]; then
+ XKBSETUP=`( DISPLAY=$GDM_PARENT_DISPLAY XAUTHORITY=$GDM_PARENT_XAUTHORITY $SETXKBMAP -v )`
+ if [ -n "$XKBSETUP" ]; then
+ XKBKEYMAP=`echo "$XKBSETUP" | grep '^keymap' | awk '{ print $2 }'`
+ XKBTYPES=`echo "$XKBSETUP" | grep '^types' | awk '{ print $2 }'`
+ XKBCOMPAT=`echo "$XKBSETUP" | grep '^compat' | awk '{ print $2 }'`
+ XKBSYMBOLS=`echo "$XKBSETUP" | grep '^symbols' | awk '{ print $2 }'`
+ XKBGEOMETRY=`echo "$XKBSETUP" | grep '^geometry' | awk '{ print $2 }'`
+ if [ -n "$XKBKEYMAP" ]; then
+ $SETXKBMAP -keymap "$XKBKEYMAP"
+ elif [ -n "$XKBTYPES" -a -n "$XKBCOMPAT" -a -n "$XKBSYMBOLS" -a -n "$XKBGEOMETRY" ]; then
+ $SETXKBMAP -types "$XKBTYPES" -compat "$XKBCOMPAT" -symbols "$XKBSYMBOLS" -geometry "$XKBGEOMETRY"
+ elif [ -n "$XKBTYPES" -a -n "$XKBCOMPAT" -a -n "$XKBSYMBOLS" ]; then
+ $SETXKBMAP -types "$XKBTYPES" -compat "$XKBCOMPAT" -symbols "$XKBSYMBOLS"
+ elif [ -n "$XKBSYMBOLS" ]; then
+ $SETXKBMAP -symbols "$XKBSYMBOLS"
+ fi
+ fi
+ fi
+fi
+
+exit 0
diff --git a/data/PostLogin b/data/PostLogin
new file mode 100755
index 0000000..efc6394
--- /dev/null
+++ b/data/PostLogin
@@ -0,0 +1,8 @@
+#!/bin/sh
+#
+# Note: this is a sample and will not be run as is. Change the name of this
+# file to <gdmconfdir>/PostLogin/Default for this script to be run. This
+# script will be run before any setup is run on behalf of the user and is
+# useful if you for example need to do some setup to create a home directory
+# for the user or something like that. $HOME, $LOGIN and such will all be
+# set appropriately and this script is run as root.
diff --git a/data/PostSession.in b/data/PostSession.in
new file mode 100755
index 0000000..c52d3c2
--- /dev/null
+++ b/data/PostSession.in
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exit 0
diff --git a/data/PreSession.in b/data/PreSession.in
new file mode 100755
index 0000000..cfabee7
--- /dev/null
+++ b/data/PreSession.in
@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+# Note that any setup should come before the sessreg command as
+# that must be 'exec'ed for the pid to be correct (sessreg uses the parent
+# pid)
+#
+# Note that output goes into the .xsession-errors file for easy debugging
+#
+PATH="@X_PATH@:$PATH"
diff --git a/data/Xsession.in b/data/Xsession.in
new file mode 100755
index 0000000..9d79558
--- /dev/null
+++ b/data/Xsession.in
@@ -0,0 +1,197 @@
+#!@XSESSION_SHELL@
+#
+# This is SORT OF LIKE an X session, but not quite. You get a command as the
+# first argument (it could be multiple words, so run it with "eval"). As a
+# special case, the command can be:
+# default - Run the appropriate Xclients startup (see the code below)
+# custom - Run ~/.xsession and if that's not available run 'default'
+#
+# (Note that other arguments could also follow, but only the command one is
+# right now relevant and supported)
+#
+# The output is ALREADY redirected to .xsession-errors in GDM. This way
+# .xsession-errors actually gets more output such as if the PreSession script
+# is failing. This also prevents DoS attacks if some app in the users session
+# can be prodded to dump lots of stuff on the stdout/stderr. We wish to be
+# robust don't we? In case you wish to use an existing script for other DM's,
+# you can just not redirect when GDMSESSION is set. GDMSESSION will always
+# be set from gdm.
+#
+# Also note that this is not run as a login shell, this is just executed.
+# This is why we source the profile files below.
+#
+# based on:
+# $XConsortium: Xsession /main/10 1995/12/18 18:21:28 gildea $
+
+command="$@"
+
+# this will go into the .xsession-errors along with all other echo's
+# good for debugging where things went wrong
+echo "$0: Beginning session setup..."
+
+# First read /etc/profile and .profile
+test -f /etc/profile && . /etc/profile
+test -f "$HOME/.profile" && . "$HOME/.profile"
+# Second read /etc/xprofile and .xprofile for X specific setup
+test -f /etc/xprofile && . /etc/xprofile
+test -f "$HOME/.xprofile" && . "$HOME/.xprofile"
+
+# Translation stuff
+if [ -x "@libexecdir@/gdmtranslate" ] ; then
+ gdmtranslate="@libexecdir@/gdmtranslate"
+else
+ gdmtranslate=
+fi
+
+# Note that this should only go to zenity dialogs which always expect utf8
+gettextfunc () {
+ if [ "x$gdmtranslate" != "x" ] ; then
+ "$gdmtranslate" --utf8 "$1"
+ else
+ echo "$1"
+ fi
+}
+
+OLD_IFS=$IFS
+
+gdmwhich () {
+ COMMAND="$1"
+ OUTPUT=
+ IFS=:
+ for dir in $PATH
+ do
+ if test -x "$dir/$COMMAND" ; then
+ if test "x$OUTPUT" = "x" ; then
+ OUTPUT="$dir/$COMMAND"
+ fi
+ fi
+ done
+ IFS=$OLD_IFS
+ echo "$OUTPUT"
+}
+
+zenity=`gdmwhich zenity`
+
+# Note: ~/.xsession-errors is now done in the daemon so that it
+# works for ALL sessions (except ones named 'Failsafe')
+
+# clean up after xbanner
+freetemp=`gdmwhich freetemp`
+if [ -n "$freetemp" ] ; then
+ "$freetemp"
+fi
+
+userresources="$HOME/.Xresources"
+usermodmap="$HOME/.Xmodmap"
+userxkbmap="$HOME/.Xkbmap"
+
+sysresources=/etc/X11/Xresources
+sysmodmap=/etc/X11/Xmodmap
+sysxkbmap=/etc/X11/Xkbmap
+
+rh6sysresources=/etc/X11/xinit/Xresources
+rh6sysmodmap=/etc/X11/xinit/Xmodmap
+
+# merge in defaults
+if [ -f "$rh6sysresources" ]; then
+ xrdb -nocpp -merge "$rh6sysresources"
+fi
+
+if [ -f "$sysresources" ]; then
+ xrdb -nocpp -merge "$sysresources"
+fi
+
+if [ -f "$userresources" ]; then
+ xrdb -nocpp -merge "$userresources"
+fi
+
+# merge in keymaps
+if [ -f "$sysxkbmap" ]; then
+ setxkbmap `cat "$sysxkbmap"`
+ XKB_IN_USE=yes
+fi
+
+if [ -f "$userxkbmap" ]; then
+ setxkbmap `cat "$userxkbmap"`
+ XKB_IN_USE=yes
+fi
+
+#
+# Eeek, this seems like too much magic here
+#
+if [ -z "$XKB_IN_USE" -a ! -L /etc/X11/X ]; then
+ if grep '^exec.*/Xsun' /etc/X11/X > /dev/null 2>&1 && [ -f /etc/X11/XF86Config ]; then
+ xkbsymbols=`sed -n -e 's/^[ ]*XkbSymbols[ ]*"\(.*\)".*$/\1/p' /etc/X11/XF86Config`
+ if [ -n "$xkbsymbols" ]; then
+ setxkbmap -symbols "$xkbsymbols"
+ XKB_IN_USE=yes
+ fi
+ fi
+fi
+
+# xkb and xmodmap don't play nice together
+if [ -z "$XKB_IN_USE" ]; then
+ if [ -f "$rh6sysmodmap" ]; then
+ xmodmap "$rh6sysmodmap"
+ fi
+
+ if [ -f "$sysmodmap" ]; then
+ xmodmap "$sysmodmap"
+ fi
+
+ if [ -f "$usermodmap" ]; then
+ xmodmap "$usermodmap"
+ fi
+fi
+
+unset XKB_IN_USE
+
+xhost +si:localuser:`id -un` || :
+
+# run all system xinitrc shell scripts.
+if [ -d /etc/X11/xinit/xinitrc.d ]; then
+ for i in /etc/X11/xinit/xinitrc.d/* ; do
+ if [ -x "$i" -a ! -d "$i" ]; then
+ . "$i"
+ fi
+ done
+fi
+
+if [ "x$command" = "xdefault" ] ; then
+ if [ -x "$HOME/.Xclients" ]; then
+ command="$HOME/.Xclients"
+ elif [ -x /etc/X11/xinit/Xclients ]; then
+ command="/etc/X11/xinit/Xclients"
+ elif [ -x /etc/X11/Xclients ]; then
+ command="/etc/X11/Xclients"
+ else
+ if [ -n "$zenity" ] ; then
+ disptext=`gettextfunc "System has no Xclients file, so starting a failsafe xterm session. Windows will have focus only if the mouse pointer is above them. To get out of this mode type 'exit' in the window."`
+ "$zenity" --info --text "$disptext"
+ else
+ echo "$0: Cannot find Xclients"
+ fi
+ exec xterm -geometry 80x24+0+0
+ fi
+fi
+
+# add ssh-agent if found
+sshagent="`gdmwhich ssh-agent`"
+if [ -n "$sshagent" ] && [ -x "$sshagent" ] && [ -z "$SSH_AUTH_SOCK" ]; then
+ command="$sshagent -- $command"
+elif [ -z "$sshagent" ] ; then
+ echo "$0: ssh-agent not found!"
+fi
+
+echo "$0: Setup done, will execute: $command"
+
+eval exec $command
+
+echo "$0: Executing $command failed, will run xterm"
+
+if [ -n "$zenity" ] ; then
+ disptext=`gettextfunc "Failed to start the session, so starting a failsafe xterm session. Windows will have focus only if the mouse pointer is above them. To get out of this mode type 'exit' in the window."`
+ "$zenity" --info --text "$disptext"
+fi
+
+exec xterm -geometry 80x24+0+0
diff --git a/data/applications/meson.build b/data/applications/meson.build
new file mode 100644
index 0000000..48a2f09
--- /dev/null
+++ b/data/applications/meson.build
@@ -0,0 +1,16 @@
+desktop_conf = {
+ 'LIBDIR': gdm_prefix / get_option('libdir'),
+ 'LIBEXECDIR': gdm_prefix / get_option('libexecdir'),
+ 'LOCALSTATEDIR': gdm_prefix / get_option('localstatedir'),
+ 'SBINDIR': gdm_prefix / get_option('sbindir'),
+ 'SYSCONFDIR': gdm_prefix / get_option('sysconfdir'),
+}
+
+foreach desktop_file : [ 'mime-dummy-handler.desktop', 'mimeapps.list' ]
+ configure_file(
+ input: desktop_file,
+ output: desktop_file,
+ configuration: desktop_conf,
+ install_dir: get_option('datadir') / 'gdm' / 'greeter' / 'applications',
+ )
+endforeach
diff --git a/data/applications/mime-dummy-handler.desktop b/data/applications/mime-dummy-handler.desktop
new file mode 100644
index 0000000..8f6623e
--- /dev/null
+++ b/data/applications/mime-dummy-handler.desktop
@@ -0,0 +1,6 @@
+[Desktop Entry]
+Type=Application
+Name=Dummy URI Handler
+Exec=true %U
+Terminal=false
+StartupNotify=false
diff --git a/data/applications/mimeapps.list b/data/applications/mimeapps.list
new file mode 100644
index 0000000..db3a144
--- /dev/null
+++ b/data/applications/mimeapps.list
@@ -0,0 +1,19 @@
+[Default Applications]
+x-scheme-handler/file=mime-dummy-handler.desktop
+x-scheme-handler/ftp=mime-dummy-handler.desktop
+x-scheme-handler/ghelp=mime-dummy-handler.desktop
+x-scheme-handler/help=mime-dummy-handler.desktop
+x-scheme-handler/http=mime-dummy-handler.desktop
+x-scheme-handler/https=mime-dummy-handler.desktop
+x-scheme-handler/info=mime-dummy-handler.desktop
+x-scheme-handler/irc=mime-dummy-handler.desktop
+x-scheme-handler/itms=mime-dummy-handler.desktop
+x-scheme-handler/mailto=mime-dummy-handler.desktop
+x-scheme-handler/man=mime-dummy-handler.desktop
+x-scheme-handler/mms=mime-dummy-handler.desktop
+x-scheme-handler/rtp=mime-dummy-handler.desktop
+x-scheme-handler/rtsp=mime-dummy-handler.desktop
+x-scheme-handler/sip=mime-dummy-handler.desktop
+x-scheme-handler/trash=mime-dummy-handler.desktop
+x-scheme-handler/webcal=mime-dummy-handler.desktop
+x-scheme-handler/xmpp=mime-dummy-handler.desktop
diff --git a/data/autostart/meson.build b/data/autostart/meson.build
new file mode 100644
index 0000000..348a6c6
--- /dev/null
+++ b/data/autostart/meson.build
@@ -0,0 +1,12 @@
+autostart_files_conf = {
+ 'LIBEXECDIR': gdm_prefix / get_option('libexecdir'),
+}
+
+foreach autostart_file : [ 'orca-autostart.desktop' ]
+ configure_file(
+ input: autostart_file,
+ output: autostart_file,
+ configuration: autostart_files_conf,
+ install_dir: get_option('datadir') / 'gdm' / 'greeter' / 'autostart',
+ )
+endforeach
diff --git a/data/autostart/orca-autostart.desktop b/data/autostart/orca-autostart.desktop
new file mode 100644
index 0000000..944cfd7
--- /dev/null
+++ b/data/autostart/orca-autostart.desktop
@@ -0,0 +1,7 @@
+[Desktop Entry]
+Type=Application
+Name=Orca screen reader
+Exec=orca --disable main-window,splash-window --enable speech,braille
+NoDisplay=true
+AutostartCondition=GSettings org.gnome.desktop.a11y.applications screen-reader-enabled
+X-GNOME-AutoRestart=true
diff --git a/data/dconf/.gitignore b/data/dconf/.gitignore
new file mode 100644
index 0000000..f0047b3
--- /dev/null
+++ b/data/dconf/.gitignore
@@ -0,0 +1 @@
+/gdm
diff --git a/data/dconf/defaults/00-upstream-settings b/data/dconf/defaults/00-upstream-settings
new file mode 100644
index 0000000..0f41899
--- /dev/null
+++ b/data/dconf/defaults/00-upstream-settings
@@ -0,0 +1,51 @@
+# This file is part of the GDM packaging and should not be changed.
+#
+# Instead create your own file next to it with a higher numbered prefix,
+# and run
+#
+# dconf update
+#
+
+[org/gnome/desktop/session]
+session-name='gnome-login'
+
+[org/gnome/desktop/input-sources]
+show-all-sources=true
+
+[org/gnome/desktop/a11y]
+always-show-universal-access-status=true
+
+[org/gnome/desktop/background]
+show-desktop-icons=false
+
+[org/gnome/desktop/default-applications/terminal]
+exec='true'
+
+[org/gnome/desktop/lockdown]
+disable-application-handlers=true
+disable-command-line=true
+disable-lock-screen=true
+disable-log-out=false
+disable-printing=true
+disable-print-setup=true
+disable-save-to-disk=true
+disable-user-switching=true
+
+[org/gnome/desktop/sound]
+event-sounds=true
+
+[org/gnome/settings-daemon/plugins/media-keys]
+calculator=''
+eject=''
+email=''
+help=''
+home=''
+media=''
+next=''
+pause=''
+play=''
+previous=''
+screensaver=''
+search=''
+stop=''
+www=''
diff --git a/data/dconf/defaults/locks/00-upstream-settings-locks b/data/dconf/defaults/locks/00-upstream-settings-locks
new file mode 100644
index 0000000..9cecec6
--- /dev/null
+++ b/data/dconf/defaults/locks/00-upstream-settings-locks
@@ -0,0 +1,28 @@
+/org/gnome/desktop/a11y/keyboard/enable
+/org/gnome/desktop/background/show-desktop-icons
+/org/gnome/desktop/default-applications/terminal/exec
+/org/gnome/desktop/interface/toolkit-accessibility
+/org/gnome/desktop/lockdown/disable-application-handlers
+/org/gnome/desktop/lockdown/disable-command-line
+/org/gnome/desktop/lockdown/disable-lock-screen
+/org/gnome/desktop/lockdown/disable-log-out
+/org/gnome/desktop/lockdown/disable-printing
+/org/gnome/desktop/lockdown/disable-print-setup
+/org/gnome/desktop/lockdown/disable-save-to-disk
+/org/gnome/desktop/lockdown/disable-user-switching
+/org/gnome/desktop/session/session-name
+/org/gnome/desktop/sound/event-sounds
+/org/gnome/settings-daemon/plugins/media-keys/calculator
+/org/gnome/settings-daemon/plugins/media-keys/eject
+/org/gnome/settings-daemon/plugins/media-keys/email
+/org/gnome/settings-daemon/plugins/media-keys/help
+/org/gnome/settings-daemon/plugins/media-keys/home
+/org/gnome/settings-daemon/plugins/media-keys/media
+/org/gnome/settings-daemon/plugins/media-keys/next
+/org/gnome/settings-daemon/plugins/media-keys/pause
+/org/gnome/settings-daemon/plugins/media-keys/play
+/org/gnome/settings-daemon/plugins/media-keys/previous
+/org/gnome/settings-daemon/plugins/media-keys/screensaver
+/org/gnome/settings-daemon/plugins/media-keys/search
+/org/gnome/settings-daemon/plugins/media-keys/stop
+/org/gnome/settings-daemon/plugins/media-keys/www
diff --git a/data/dconf/gdm.in b/data/dconf/gdm.in
new file mode 100644
index 0000000..4d8bf17
--- /dev/null
+++ b/data/dconf/gdm.in
@@ -0,0 +1,2 @@
+user-db:user
+file-db:@DATADIR@/@PACKAGE@/greeter-dconf-defaults
diff --git a/data/dconf/meson.build b/data/dconf/meson.build
new file mode 100644
index 0000000..8ce18d6
--- /dev/null
+++ b/data/dconf/meson.build
@@ -0,0 +1,25 @@
+gdm_dconf = configure_file(
+ input: 'gdm.in',
+ output: '@BASENAME@',
+ configuration: {
+ 'DATADIR': gdm_prefix / get_option('datadir'),
+ 'PACKAGE': meson.project_name(),
+ },
+ install_dir: get_option('datadir') / 'dconf' / 'profile',
+)
+
+greeter_dconf_defaults = custom_target('greeter-dconf-defaults',
+ output: 'greeter-dconf-defaults',
+ input: files(
+ 'defaults/00-upstream-settings',
+ 'defaults/locks/00-upstream-settings-locks',
+ ),
+ command: [
+ find_program('dconf'),
+ 'compile',
+ '@OUTPUT@',
+ meson.current_source_dir() / 'defaults',
+ ],
+ install: true,
+ install_dir: get_option('datadir') / meson.project_name(),
+)
diff --git a/data/gdm.conf-custom.in b/data/gdm.conf-custom.in
new file mode 100644
index 0000000..9b63ba9
--- /dev/null
+++ b/data/gdm.conf-custom.in
@@ -0,0 +1,16 @@
+# GDM configuration storage
+
+[daemon]
+# Uncomment the line below to force the login screen to use Xorg
+#WaylandEnable=false
+
+[security]
+
+[xdmcp]
+
+[chooser]
+
+[debug]
+# Uncomment the line below to turn on debugging
+#Enable=true
+
diff --git a/data/gdm.conf.in b/data/gdm.conf.in
new file mode 100644
index 0000000..2d8897d
--- /dev/null
+++ b/data/gdm.conf.in
@@ -0,0 +1,81 @@
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+
+ <!-- Only root can own the service -->
+ <policy user="root">
+ <allow own="org.gnome.DisplayManager"/>
+
+ <allow send_destination="org.gnome.DisplayManager"
+ send_interface="org.gnome.DisplayManager.Manager"/>
+ <allow send_destination="org.gnome.DisplayManager"
+ send_interface="org.gnome.DisplayManager.Display"/>
+ <allow send_destination="org.gnome.DisplayManager"
+ send_interface="org.gnome.DisplayManager.LocalDisplayFactory"/>
+ <allow send_destination="org.gnome.DisplayManager"
+ send_interface="org.gnome.DisplayManager.Settings"/>
+ <allow send_destination="org.gnome.DisplayManager"
+ send_interface="org.freedesktop.DBus.Properties" />
+ <allow send_destination="org.gnome.DisplayManager"
+ send_interface="org.freedesktop.DBus.Introspectable"/>
+
+ </policy>
+
+ <policy context="default">
+ <deny send_destination="org.gnome.DisplayManager"
+ send_interface="org.gnome.DisplayManager.Display"/>
+ <deny send_destination="org.gnome.DisplayManager"
+ send_interface="org.gnome.DisplayManager.LocalDisplayFactory"/>
+ <deny send_destination="org.gnome.DisplayManager"
+ send_interface="org.gnome.DisplayManager.Settings"/>
+ <deny send_destination="org.gnome.DisplayManager"
+ send_interface="org.gnome.DisplayManager.Session"/>
+ <allow send_destination="org.gnome.DisplayManager"
+ send_interface="org.freedesktop.DBus.Introspectable"/>
+ <allow send_destination="org.gnome.DisplayManager"
+ send_interface="org.freedesktop.DBus.ObjectManager"/>
+ <allow send_destination="org.gnome.DisplayManager"
+ send_interface="org.freedesktop.DBus.Properties"/>
+ <allow send_destination="org.gnome.DisplayManager"
+ send_interface="org.gnome.DisplayManager.Manager"/>
+ <allow send_destination="org.gnome.DisplayManager"
+ send_interface="org.gnome.DisplayManager.Display"
+ send_member="GetId"/>
+ <allow send_destination="org.gnome.DisplayManager"
+ send_interface="org.gnome.DisplayManager.Display"
+ send_member="GetRemoteHostname"/>
+ <allow send_destination="org.gnome.DisplayManager"
+ send_interface="org.gnome.DisplayManager.Display"
+ send_member="GetSeatId"/>
+ <allow send_destination="org.gnome.DisplayManager"
+ send_interface="org.gnome.DisplayManager.Display"
+ send_member="GetX11DisplayName"/>
+ <allow send_destination="org.gnome.DisplayManager"
+ send_interface="org.gnome.DisplayManager.Display"
+ send_member="GetX11DisplayNumber"/>
+ <allow send_destination="org.gnome.DisplayManager"
+ send_interface="org.gnome.DisplayManager.Display"
+ send_member="IsLocal"/>
+
+ <allow send_destination="org.gnome.DisplayManager"
+ send_interface="org.gnome.DisplayManager.LocalDisplayFactory"
+ send_member="CreateTransientDisplay"/>
+ </policy>
+
+ <policy user="@GDM_USERNAME@">
+ <allow send_destination="org.gnome.DisplayManager"
+ send_interface="org.gnome.DisplayManager.Manager"/>
+ <allow send_destination="org.gnome.DisplayManager"
+ send_interface="org.gnome.DisplayManager.Display"/>
+ <allow send_destination="org.gnome.DisplayManager"
+ send_interface="org.gnome.DisplayManager.LocalDisplayFactory"/>
+ <allow send_destination="org.gnome.DisplayManager"
+ send_interface="org.gnome.DisplayManager.Settings"/>
+ <allow send_destination="org.gnome.DisplayManager"
+ send_interface="org.freedesktop.DBus.Properties" />
+ <allow send_destination="org.gnome.DisplayManager"
+ send_interface="org.freedesktop.DBus.Introspectable"/>
+ </policy>
+
+</busconfig>
diff --git a/data/gdm.schemas.in b/data/gdm.schemas.in
new file mode 100644
index 0000000..255bff0
--- /dev/null
+++ b/data/gdm.schemas.in
@@ -0,0 +1,134 @@
+<gdmschemafile>
+ <schemalist>
+
+ <schema>
+ <key>chooser/Multicast</key>
+ <signature>b</signature>
+ <default>false</default>
+ </schema>
+ <schema>
+ <key>chooser/MulticastAddr</key>
+ <signature>s</signature>
+ <default>ff02::1</default>
+ </schema>
+
+ <schema>
+ <key>daemon/User</key>
+ <signature>s</signature>
+ <default>@GDM_USERNAME@</default>
+ </schema>
+ <schema>
+ <key>daemon/Group</key>
+ <signature>s</signature>
+ <default>@GDM_GROUPNAME@</default>
+ </schema>
+ <schema>
+ <key>daemon/AutomaticLoginEnable</key>
+ <signature>b</signature>
+ <default>false</default>
+ </schema>
+ <schema>
+ <key>daemon/AutomaticLogin</key>
+ <signature>s</signature>
+ <default></default>
+ </schema>
+ <schema>
+ <key>daemon/TimedLoginEnable</key>
+ <signature>b</signature>
+ <default>false</default>
+ </schema>
+ <schema>
+ <key>daemon/TimedLogin</key>
+ <signature>s</signature>
+ <default></default>
+ </schema>
+ <schema>
+ <key>daemon/TimedLoginDelay</key>
+ <signature>i</signature>
+ <default>30</default>
+ </schema>
+ <schema>
+ <key>daemon/InitialSetupEnable</key>
+ <signature>b</signature>
+ <default>true</default>
+ </schema>
+ <schema>
+ <key>daemon/WaylandEnable</key>
+ <signature>b</signature>
+ <default>true</default>
+ </schema>
+ <schema>
+ <key>security/AllowRemoteAutoLogin</key>
+ <signature>b</signature>
+ <default>false</default>
+ </schema>
+
+ <schema>
+ <key>debug/Enable</key>
+ <signature>b</signature>
+ <default>false</default>
+ </schema>
+
+ <schema>
+ <key>security/DisallowTCP</key>
+ <signature>b</signature>
+ <default>true</default>
+ </schema>
+ <schema>
+ <key>xdmcp/Enable</key>
+ <signature>b</signature>
+ <default>false</default>
+ </schema>
+ <schema>
+ <key>xdmcp/ShowLocalGreeter</key>
+ <signature>b</signature>
+ <default>true</default>
+ </schema>
+ <schema>
+ <key>xdmcp/MaxPending</key>
+ <signature>i</signature>
+ <default>4</default>
+ </schema>
+ <schema>
+ <key>xdmcp/MaxSessions</key>
+ <signature>i</signature>
+ <default>16</default>
+ </schema>
+ <schema>
+ <key>xdmcp/MaxWait</key>
+ <signature>i</signature>
+ <default>30</default>
+ </schema>
+ <schema>
+ <key>xdmcp/DisplaysPerHost</key>
+ <signature>i</signature>
+ <default>1</default>
+ </schema>
+ <schema>
+ <key>xdmcp/Port</key>
+ <signature>i</signature>
+ <default>177</default>
+ </schema>
+ <schema>
+ <key>xdmcp/HonorIndirect</key>
+ <signature>b</signature>
+ <default>true</default>
+ </schema>
+ <schema>
+ <key>xdmcp/MaxWaitIndirect</key>
+ <signature>i</signature>
+ <default>30</default>
+ </schema>
+ <schema>
+ <key>xdmcp/PingIntervalSeconds</key>
+ <signature>i</signature>
+ <default>0</default>
+ </schema>
+ <schema>
+ <key>xdmcp/Willing</key>
+ <signature>s</signature>
+ <default>@gdmconfdir@/Xwilling</default>
+ </schema>
+ </schemalist>
+</gdmschemafile>
+
diff --git a/data/gdm.service.in b/data/gdm.service.in
new file mode 100644
index 0000000..17e8a8d
--- /dev/null
+++ b/data/gdm.service.in
@@ -0,0 +1,33 @@
+[Unit]
+Description=GNOME Display Manager
+
+# replaces the getty
+Conflicts=getty@tty${GDM_INITIAL_VT}.service
+After=getty@tty${GDM_INITIAL_VT}.service
+
+# replaces plymouth-quit since it quits plymouth on its own
+Conflicts=${PLYMOUTH_QUIT_SERVICE}
+After=${PLYMOUTH_QUIT_SERVICE}
+
+# Needs all the dependencies of the services it's replacing
+# pulled from getty@.service and ${PLYMOUTH_QUIT_SERVICE}
+# (except for plymouth-quit-wait.service since it waits until
+# plymouth is quit, which we do)
+After=rc-local.service plymouth-start.service systemd-user-sessions.service
+
+# GDM takes responsibility for stopping plymouth, so if it fails
+# for any reason, make sure plymouth still stops
+OnFailure=plymouth-quit.service
+
+[Service]
+ExecStart=${sbindir}/gdm
+KillMode=mixed
+Restart=always
+IgnoreSIGPIPE=no
+BusName=org.gnome.DisplayManager
+EnvironmentFile=-${LANG_CONFIG_FILE}
+ExecReload=/bin/kill -SIGHUP $MAINPID
+KeyringMode=shared
+
+[Install]
+Alias=display-manager.service
diff --git a/data/gnome-login.session.in b/data/gnome-login.session.in
new file mode 100644
index 0000000..6347096
--- /dev/null
+++ b/data/gnome-login.session.in
@@ -0,0 +1,3 @@
+[GNOME Session]
+Name=Display Manager
+RequiredComponents=@gnome_required_components@;
diff --git a/data/locale.alias b/data/locale.alias
new file mode 100644
index 0000000..7cabea6
--- /dev/null
+++ b/data/locale.alias
@@ -0,0 +1,7 @@
+# You could insert none UTF-8 locales likes C, ja_JP.eucJP
+# The format is language label, space and locale name but
+# the language label is no longer used.
+#
+# This file will be removed in the future once gdm setup tool is generated.
+#
+#Unspecified C,POSIX
diff --git a/data/meson.build b/data/meson.build
new file mode 100644
index 0000000..05a2011
--- /dev/null
+++ b/data/meson.build
@@ -0,0 +1,220 @@
+subdir('applications')
+subdir('autostart')
+subdir('dconf')
+
+# XPath configs
+foreach file : [ 'Init', 'PreSession', 'PostSession' ]
+ generated_file = configure_file(
+ input: '@0@.in'.format(file),
+ output: file,
+ configuration: { 'X_PATH': x_path },
+ )
+
+ install_data(generated_file,
+ install_dir: gdmconfdir / file,
+ install_mode: 'rwxr-xr-x',
+ rename: 'Default'
+ )
+endforeach
+
+install_data('PostLogin',
+ rename: 'Default.sample',
+ install_mode: 'rwxr-xr-x',
+ install_dir: gdmconfdir / 'PostLogin',
+)
+
+# gdm.conf
+configure_file(
+ input: 'gdm.conf.in',
+ output: '@BASENAME@',
+ configuration: {
+ 'GDM_USERNAME': get_option('user')
+ },
+ install_dir: dbus_sys_dir,
+)
+configure_file(
+ input: 'gdm.conf-custom.in',
+ output: gdm_custom_conf.split('/')[-1],
+ copy: true,
+ install_mode: 'rw-r--r--',
+ install_dir: run_command(find_program('dirname'), gdm_custom_conf).stdout().strip(),
+)
+
+# GSettings schema
+install_data('org.gnome.login-screen.gschema.xml',
+ install_dir: get_option('datadir') / 'glib-2.0' / 'schemas',
+)
+compiled_gschema = gnome.compile_schemas()
+
+# gdm.schema
+gdm_schema = configure_file(
+ input: 'gdm.schemas.in',
+ output: '@BASENAME@',
+ configuration: {
+ 'GDM_USERNAME': get_option('user'),
+ 'GDM_GROUPNAME': get_option('group'),
+ 'gdmconfdir': gdmconfdir,
+ },
+ install_dir: get_option('datadir') / 'gdm',
+)
+
+install_data('locale.alias',
+ install_dir: get_option('datadir') / 'gdm',
+)
+
+gdm_gnome_shell_component = 'org.gnome.Shell'
+gdm_gnome_session_required_components = [
+ 'org.gnome.SettingsDaemon.A11ySettings',
+ 'org.gnome.SettingsDaemon.Color',
+ 'org.gnome.SettingsDaemon.Datetime',
+ 'org.gnome.SettingsDaemon.Housekeeping',
+ 'org.gnome.SettingsDaemon.Keyboard',
+ 'org.gnome.SettingsDaemon.MediaKeys',
+ 'org.gnome.SettingsDaemon.Power',
+ 'org.gnome.SettingsDaemon.PrintNotifications',
+ 'org.gnome.SettingsDaemon.Rfkill',
+ 'org.gnome.SettingsDaemon.ScreensaverProxy',
+ 'org.gnome.SettingsDaemon.Sharing',
+ 'org.gnome.SettingsDaemon.Smartcard',
+ 'org.gnome.SettingsDaemon.Sound',
+ 'org.gnome.SettingsDaemon.Wacom',
+]
+
+gdm_gnome_user_session_wanted_components = gdm_gnome_session_required_components
+gdm_gnome_user_session_wanted_components += [
+ 'org.gnome.SettingsDaemon.XSettings',
+]
+
+configure_file(
+ input: 'gnome-login.session.in',
+ output: '@BASENAME@',
+ configuration: {
+ 'libexecdir': gdm_prefix / get_option('libexecdir'),
+ 'check_accelerated_dir': check_accelerated_dir,
+ 'gnome_required_components': ';'.join(
+ [ gdm_gnome_shell_component ] + gdm_gnome_session_required_components),
+ },
+ install_dir: get_option('datadir') / 'gnome-session' / 'sessions',
+)
+
+# PAM
+pam_data_files_map = {
+ 'redhat': [
+ 'gdm-autologin',
+ 'gdm-launch-environment',
+ 'gdm-fingerprint',
+ 'gdm-smartcard',
+ 'gdm-password',
+ 'gdm-pin',
+ ],
+ 'openembedded': [
+ 'gdm-autologin',
+ 'gdm-launch-environment',
+ 'gdm-password',
+ 'gdm-pin',
+ ],
+ 'exherbo': [
+ 'gdm-autologin',
+ 'gdm-launch-environment',
+ 'gdm-fingerprint',
+ 'gdm-smartcard',
+ 'gdm-password',
+ 'gdm-pin',
+ ],
+ 'lfs': [
+ 'gdm-autologin',
+ 'gdm-launch-environment',
+ 'gdm-fingerprint',
+ 'gdm-smartcard',
+ 'gdm-password',
+ 'gdm-pin',
+ ],
+ 'arch': [
+ 'gdm-autologin',
+ 'gdm-launch-environment',
+ 'gdm-fingerprint',
+ 'gdm-smartcard',
+ 'gdm-password',
+ 'gdm-pin',
+ ],
+ 'none': [],
+ # We should no longer have 'autodetect' at this point
+}
+
+pam_data_files = pam_data_files_map[default_pam_config]
+pam_prefix = (get_option('pam-prefix') != '')? get_option('pam-prefix') : get_option('sysconfdir')
+foreach _pam_filename : pam_data_files
+ install_data('pam-@0@/@1@.pam'.format(default_pam_config, _pam_filename),
+ rename: _pam_filename,
+ install_dir: pam_prefix / 'pam.d',
+ )
+endforeach
+
+gdm_rules = configure_file(
+ input: '61-gdm.rules.in',
+ output: '@BASENAME@',
+ configuration: {
+ 'libexecdir': gdm_prefix / get_option('libexecdir'),
+ },
+ install_dir: udev_dir,
+)
+
+# DBus service files
+service_config = configuration_data()
+service_config.set('sbindir', gdm_prefix / get_option('sbindir'))
+service_config.set('GDM_INITIAL_VT', get_option('initial-vt'))
+service_config.set('LANG_CONFIG_FILE', lang_config_file)
+if plymouth_dep.found()
+ service_config.set('PLYMOUTH_QUIT_SERVICE', 'plymouth-quit.service')
+else
+ service_config.set('PLYMOUTH_QUIT_SERVICE', '')
+endif
+
+if get_option('systemdsystemunitdir') != ''
+ systemd_systemunitdir = get_option('systemdsystemunitdir')
+else
+ systemd_systemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir')
+endif
+
+if get_option('systemduserunitdir') != ''
+ systemd_userunitdir = get_option('systemduserunitdir')
+else
+ systemd_userunitdir = systemd_dep.get_pkgconfig_variable('systemduserunitdir',
+ define_variable: ['prefix', get_option('prefix')])
+endif
+
+configure_file(
+ input: 'gdm.service.in',
+ output: '@BASENAME@',
+ configuration: service_config,
+ install_dir: systemd_systemunitdir,
+ format: 'cmake'
+)
+
+gdm_gnome_session_wanted_targets = []
+foreach component: gdm_gnome_user_session_wanted_components
+ gdm_gnome_session_wanted_targets += 'Wants=@0@.target'.format(component)
+endforeach
+
+configure_file(
+ input: 'session.conf.in',
+ output: 'session.conf',
+ configuration: {
+ 'requires_component': gdm_gnome_shell_component,
+ 'wants_required_components': '\n'.join(gdm_gnome_session_wanted_targets),
+ },
+ install_dir: systemd_userunitdir / 'gnome-session@gnome-login.target.d',
+)
+
+# XSession
+if get_option('gdm-xsession')
+ configure_file(
+ input: 'Xsession.in',
+ output: '@BASENAME@',
+ configuration: {
+ 'libexecdir': gdm_prefix / get_option('libexecdir'),
+ 'XSESSION_SHELL': get_option('solaris')? '/bin/ksh' : '/bin/sh',
+ },
+ install_dir: gdmconfdir,
+ )
+endif
diff --git a/data/org.gnome.login-screen.gschema.xml b/data/org.gnome.login-screen.gschema.xml
new file mode 100644
index 0000000..7b5c54d
--- /dev/null
+++ b/data/org.gnome.login-screen.gschema.xml
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<schemalist gettext-domain="gdm">
+ <schema id="org.gnome.login-screen" path="/org/gnome/login-screen/">
+ <key name="enable-fingerprint-authentication" type="b">
+ <default>true</default>
+ <summary>
+ Whether or not to allow fingerprint readers for login
+ </summary>
+ <description>
+ The login screen can optionally allow users who have enrolled
+ their fingerprints to log in using those prints.
+ </description>
+ </key>
+ <key name="enable-smartcard-authentication" type="b">
+ <default>true</default>
+ <summary>
+ Whether or not to allow smartcard readers for login
+ </summary>
+ <description>
+ The login screen can optionally allow users who have smartcards
+ to log in using those smartcards.
+ </description>
+ </key>
+ <key name="enable-password-authentication" type="b">
+ <default>true</default>
+ <summary>
+ Whether or not to allow passwords for login
+ </summary>
+ <description>
+ The login screen can be configured to disallow password authentication,
+ forcing the user to use smartcard or fingerprint authentication.
+ </description>
+ </key>
+ <key name="logo" type="s">
+ <default>''</default>
+ <summary>
+ Path to small image at top of user list
+ </summary>
+ <description>
+ The login screen can optionally show a small image to provide site
+ administrators and distributions a way to display branding.
+ </description>
+ </key>
+ <key name="fallback-logo" type="s">
+ <default>''</default>
+ <summary>
+ Path to small image at top of user list
+ </summary>
+ <description>
+ The fallback login screen can optionally show a small image to provide
+ site administrators and distributions a way to display branding.
+ </description>
+ </key>
+ <key name="disable-user-list" type="b">
+ <default>false</default>
+ <summary>
+ Avoid showing user list
+ </summary>
+ <description>
+ The login screen normally shows a list of available users to log in
+ as. This setting can be toggled to disable showing the user list.
+ </description>
+ </key>
+ <key name="banner-message-enable" type="b">
+ <default>false</default>
+ <summary>
+ Enable showing the banner message
+ </summary>
+ <description>
+ Set to true to show the banner message text.
+ </description>
+ </key>
+ <key name="banner-message-text" type="s">
+ <default>''</default>
+ <summary>
+ Banner message text
+ </summary>
+ <description>
+ Text banner message to show in the login window.
+ </description>
+ </key>
+ <key name="disable-restart-buttons" type="b">
+ <default>false</default>
+ <summary>
+ Disable showing the restart buttons
+ </summary>
+ <description>
+ Set to true to disable showing the restart buttons in the login window.
+ </description>
+ </key>
+ <key name="allowed-failures" type="i">
+ <default>3</default>
+ <summary>
+ Number of allowed authentication failures
+ </summary>
+ <description>
+ The number of times a user is allowed to attempt authentication, before
+ giving up and going back to user selection.
+ </description>
+ </key>
+ </schema>
+</schemalist>
diff --git a/data/pam-arch/gdm-autologin.pam b/data/pam-arch/gdm-autologin.pam
new file mode 100644
index 0000000..99b1420
--- /dev/null
+++ b/data/pam-arch/gdm-autologin.pam
@@ -0,0 +1,13 @@
+auth requisite pam_nologin.so
+auth required pam_env.so
+auth optional pam_gdm.so
+auth optional pam_gnome_keyring.so
+auth optional pam_permit.so
+
+account include system-local-login
+
+password include system-local-login
+
+session optional pam_keyinit.so force revoke
+session include system-local-login
+session optional pam_gnome_keyring.so auto_start
diff --git a/data/pam-arch/gdm-fingerprint.pam b/data/pam-arch/gdm-fingerprint.pam
new file mode 100644
index 0000000..a480861
--- /dev/null
+++ b/data/pam-arch/gdm-fingerprint.pam
@@ -0,0 +1,14 @@
+auth required pam_tally.so onerr=succeed file=/var/log/faillog
+auth required pam_shells.so
+auth requisite pam_nologin.so
+auth required pam_env.so
+auth required pam_fprintd.so
+auth optional pam_permit.so
+
+account include system-local-login
+
+password required pam_fprintd.so
+password optional pam_permit.so
+
+session optional pam_keyinit.so force revoke
+session include system-local-login
diff --git a/data/pam-arch/gdm-launch-environment.pam b/data/pam-arch/gdm-launch-environment.pam
new file mode 100644
index 0000000..d59c9cb
--- /dev/null
+++ b/data/pam-arch/gdm-launch-environment.pam
@@ -0,0 +1,13 @@
+auth required pam_env.so
+auth required pam_succeed_if.so audit quiet_success user = gdm
+auth optional pam_permit.so
+
+account required pam_succeed_if.so audit quiet_success user = gdm
+account optional pam_permit.so
+
+password required pam_deny.so
+
+session optional pam_keyinit.so force revoke
+session required pam_succeed_if.so audit quiet_success user = gdm
+session required pam_systemd.so
+session optional pam_permit.so
diff --git a/data/pam-arch/gdm-password.pam b/data/pam-arch/gdm-password.pam
new file mode 100644
index 0000000..8d34794
--- /dev/null
+++ b/data/pam-arch/gdm-password.pam
@@ -0,0 +1,11 @@
+auth include system-local-login
+auth optional pam_gnome_keyring.so
+
+account include system-local-login
+
+password include system-local-login
+password optional pam_gnome_keyring.so use_authtok
+
+session optional pam_keyinit.so force revoke
+session include system-local-login
+session optional pam_gnome_keyring.so auto_start
diff --git a/data/pam-arch/gdm-pin.pam b/data/pam-arch/gdm-pin.pam
new file mode 100644
index 0000000..135e205
--- /dev/null
+++ b/data/pam-arch/gdm-pin.pam
@@ -0,0 +1,13 @@
+auth requisite pam_pin.so
+auth include system-local-login
+auth optional pam_gnome_keyring.so
+
+account include system-local-login
+
+password include system-local-login
+password optional pam_pin.so
+password optional pam_gnome_keyring.so use_authtok
+
+session optional pam_keyinit.so force revoke
+session include system-local-login
+session optional pam_gnome_keyring.so auto_start
diff --git a/data/pam-arch/gdm-smartcard.pam b/data/pam-arch/gdm-smartcard.pam
new file mode 100644
index 0000000..ec6f75d
--- /dev/null
+++ b/data/pam-arch/gdm-smartcard.pam
@@ -0,0 +1,14 @@
+auth required pam_tally.so onerr=succeed file=/var/log/faillog
+auth required pam_shells.so
+auth requisite pam_nologin.so
+auth required pam_env.so
+auth required pam_pkcs11.so wait_for_card card_only
+auth optional pam_permit.so
+
+account include system-local-login
+
+password required pam_pkcs11.so
+password optional pam_permit.so
+
+session optional pam_keyinit.so force revoke
+session include system-local-login
diff --git a/data/pam-exherbo/gdm-autologin.pam b/data/pam-exherbo/gdm-autologin.pam
new file mode 100644
index 0000000..1324f36
--- /dev/null
+++ b/data/pam-exherbo/gdm-autologin.pam
@@ -0,0 +1,14 @@
+# mirrors system-auth / system(-local)-login
+# except for the authentication method, which is:
+# always permit login
+
+auth [success=ok default=1] pam_gdm.so
+-auth optional pam_gnome_keyring.so
+auth sufficient pam_permit.so
+
+account include system-local-login
+
+password include system-local-login
+
+session include system-local-login
+-session optional pam_gnome_keyring.so auto_start
diff --git a/data/pam-exherbo/gdm-fingerprint.pam b/data/pam-exherbo/gdm-fingerprint.pam
new file mode 100644
index 0000000..41639ec
--- /dev/null
+++ b/data/pam-exherbo/gdm-fingerprint.pam
@@ -0,0 +1,10 @@
+account include system-login
+
+auth substack fingerprint-auth
+auth optional pam_gnome_keyring.so
+
+password required pam_deny.so
+
+session substack system-login
+session optional pam_gnome_keyring.so auto_start
+
diff --git a/data/pam-exherbo/gdm-launch-environment.pam b/data/pam-exherbo/gdm-launch-environment.pam
new file mode 100644
index 0000000..51a8e00
--- /dev/null
+++ b/data/pam-exherbo/gdm-launch-environment.pam
@@ -0,0 +1,15 @@
+account required pam_nologin.so
+account required pam_succeed_if.so audit quiet_success user = gdm
+account required pam_permit.so
+
+auth required pam_env.so
+auth required pam_succeed_if.so audit quiet_success user = gdm
+auth required pam_permit.so
+
+password required pam_deny.so
+
+-session optional pam_systemd.so
+session optional pam_keyinit.so force revoke
+session required pam_succeed_if.so audit quiet_success user = gdm
+session required pam_permit.so
+
diff --git a/data/pam-exherbo/gdm-password.pam b/data/pam-exherbo/gdm-password.pam
new file mode 100644
index 0000000..d223f66
--- /dev/null
+++ b/data/pam-exherbo/gdm-password.pam
@@ -0,0 +1,10 @@
+account include system-login
+
+auth substack system-login
+auth optional pam_gnome_keyring.so
+
+password required pam_deny.so
+
+session substack system-login
+session optional pam_gnome_keyring.so auto_start
+
diff --git a/data/pam-exherbo/gdm-pin.pam b/data/pam-exherbo/gdm-pin.pam
new file mode 100644
index 0000000..d62c773
--- /dev/null
+++ b/data/pam-exherbo/gdm-pin.pam
@@ -0,0 +1,10 @@
+account include system-login
+
+auth requisite pam_pin.so
+auth substack system-login
+auth optional pam_gnome_keyring.so
+
+password required pam_deny.so
+
+session substack system-login
+session optional pam_gnome_keyring.so auto_start \ No newline at end of file
diff --git a/data/pam-exherbo/gdm-smartcard.pam b/data/pam-exherbo/gdm-smartcard.pam
new file mode 100644
index 0000000..0623c6e
--- /dev/null
+++ b/data/pam-exherbo/gdm-smartcard.pam
@@ -0,0 +1,18 @@
+# mirrors system-auth / system(-local)-login
+# except for the authentication method, which is:
+# smartcard login
+
+auth required pam_env.so
+auth required pam_tally.so file=/var/log/faillog onerr=succeed
+auth required pam_shells.so
+auth required pam_nologin.so
+auth [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card card_only
+-auth optional pam_gnome_keyring.so
+
+account include system-local-login
+
+password include system-local-login
+
+session include system-local-login
+-session optional pam_gnome_keyring.so auto_start
+
diff --git a/data/pam-lfs/gdm-autologin.pam b/data/pam-lfs/gdm-autologin.pam
new file mode 100644
index 0000000..953d47e
--- /dev/null
+++ b/data/pam-lfs/gdm-autologin.pam
@@ -0,0 +1,19 @@
+# Begin /etc/pam.d/gdm-autologin
+
+auth requisite pam_nologin.so
+auth required pam_env.so
+
+auth required pam_succeed_if.so uid >= 1000 quiet
+auth optional pam_gdm.so
+auth optional pam_gnome_keyring.so
+auth required pam_permit.so
+
+account include system-account
+password include system-password
+
+session optional pam_keyinit.so revoke
+session required pam_limits.so
+session include system-session
+session optional pam_gnome_keyring.so auto_start
+
+# End /etc/pam.d/gdm-autologin
diff --git a/data/pam-lfs/gdm-fingerprint.pam b/data/pam-lfs/gdm-fingerprint.pam
new file mode 100644
index 0000000..f004882
--- /dev/null
+++ b/data/pam-lfs/gdm-fingerprint.pam
@@ -0,0 +1,18 @@
+# Begin /etc/pam.d/gdm-fingerprint
+
+auth requisite pam_nologin.so
+auth required pam_env.so
+
+auth required pam_succeed_if.so uid >= 1000 quiet
+auth required pam_fprintd.so
+auth optional pam_gnome_keyring.so
+
+account include system-account
+password required pam_fprintd.so
+
+session optional pam_keyinit.so revoke
+session required pam_limits.so
+session include system-session
+session optional pam_gnome_keyring.so auto_start
+
+# End /etc/pam.d/gdm-fingerprint
diff --git a/data/pam-lfs/gdm-launch-environment.pam b/data/pam-lfs/gdm-launch-environment.pam
new file mode 100644
index 0000000..174c347
--- /dev/null
+++ b/data/pam-lfs/gdm-launch-environment.pam
@@ -0,0 +1,17 @@
+# Begin /etc/pam.d/gdm-launch-environment
+
+auth required pam_succeed_if.so audit quiet_success user = gdm
+auth required pam_env.so
+auth optional pam_permit.so
+
+account required pam_succeed_if.so audit quiet_success user = gdm
+account include system-account
+
+password required pam_deny.so
+
+session required pam_succeed_if.so audit quiet_success user = gdm
+-session optional pam_systemd.so
+session optional pam_keyinit.so force revoke
+session optional pam_permit.so
+
+# End /etc/pam.d/gdm-launch-environment
diff --git a/data/pam-lfs/gdm-password.pam b/data/pam-lfs/gdm-password.pam
new file mode 100644
index 0000000..9b52a17
--- /dev/null
+++ b/data/pam-lfs/gdm-password.pam
@@ -0,0 +1,17 @@
+# Begin /etc/pam.d/gdm-password
+
+auth requisite pam_nologin.so
+auth required pam_env.so
+
+auth required pam_succeed_if.so uid >= 1000 quiet
+auth include system-auth
+auth optional pam_gnome_keyring.so
+
+account include system-account
+password include system-password
+
+session required pam_limits.so
+session include system-session
+session optional pam_gnome_keyring.so auto_start
+
+# End /etc/pam.d/gdm-password
diff --git a/data/pam-lfs/gdm-pin.pam b/data/pam-lfs/gdm-pin.pam
new file mode 100644
index 0000000..4c955c9
--- /dev/null
+++ b/data/pam-lfs/gdm-pin.pam
@@ -0,0 +1,17 @@
+# Begin /etc/pam.d/gdm-pin
+
+auth requisite pam_nologin.so
+auth required pam_env.so
+
+auth required pam_succeed_if.so uid >= 1000 quiet
+auth required pam_pin.so
+auth optional pam_gnome_keyring.so
+
+account include system-account
+password required pam_pin.so
+
+session required pam_limits.so
+session include system-session
+session optional pam_gnome_keyring.so auto_start
+
+# End /etc/pam.d/gdm-pin
diff --git a/data/pam-lfs/gdm-smartcard.pam b/data/pam-lfs/gdm-smartcard.pam
new file mode 100644
index 0000000..f2c1b64
--- /dev/null
+++ b/data/pam-lfs/gdm-smartcard.pam
@@ -0,0 +1,17 @@
+# Begin /etc/pam.d/gdm-smartcard
+
+auth requisite pam_nologin.so
+auth required pam_env.so
+
+auth required pam_succeed_if.so uid >= 1000 quiet
+auth required pam_pkcs11.so wait_for_card card_only
+auth optional pam_gnome_keyring.so
+
+account include system-account
+password required pam_pkcs11.so
+
+session required pam_limits.so
+session include system-session
+session optional pam_gnome_keyring.so auto_start
+
+# End /etc/pam.d/gdm-smartcard
diff --git a/data/pam-openembedded/gdm-autologin.pam b/data/pam-openembedded/gdm-autologin.pam
new file mode 100644
index 0000000..a9f4354
--- /dev/null
+++ b/data/pam-openembedded/gdm-autologin.pam
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth required pam_permit.so
+account include common-account
+password include common-auth
+session include common-session
diff --git a/data/pam-openembedded/gdm-launch-environment.pam b/data/pam-openembedded/gdm-launch-environment.pam
new file mode 100644
index 0000000..a9f4354
--- /dev/null
+++ b/data/pam-openembedded/gdm-launch-environment.pam
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth required pam_permit.so
+account include common-account
+password include common-auth
+session include common-session
diff --git a/data/pam-openembedded/gdm-password.pam b/data/pam-openembedded/gdm-password.pam
new file mode 100644
index 0000000..758464d
--- /dev/null
+++ b/data/pam-openembedded/gdm-password.pam
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth include common-auth
+account include common-account
+password include common-password
+session include common-session
diff --git a/data/pam-openembedded/gdm-pin.pam b/data/pam-openembedded/gdm-pin.pam
new file mode 100644
index 0000000..c56842b
--- /dev/null
+++ b/data/pam-openembedded/gdm-pin.pam
@@ -0,0 +1,7 @@
+#%PAM-1.0
+auth requisite pam_pin.so
+auth include common-auth
+account include common-account
+password include common-password
+password optional pam_pin.so
+session include common-session
diff --git a/data/pam-redhat/gdm-autologin.pam b/data/pam-redhat/gdm-autologin.pam
new file mode 100644
index 0000000..c31ff27
--- /dev/null
+++ b/data/pam-redhat/gdm-autologin.pam
@@ -0,0 +1,16 @@
+#%PAM-1.0
+auth [success=ok default=1] pam_gdm.so
+-auth optional pam_gnome_keyring.so
+auth sufficient pam_permit.so
+account required pam_nologin.so
+account include system-auth
+password include system-auth
+session required pam_selinux.so close
+session required pam_loginuid.so
+session optional pam_console.so
+session required pam_selinux.so open
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include system-auth
+session optional pam_gnome_keyring.so auto_start
+session include postlogin
diff --git a/data/pam-redhat/gdm-fingerprint.pam b/data/pam-redhat/gdm-fingerprint.pam
new file mode 100644
index 0000000..1483cdf
--- /dev/null
+++ b/data/pam-redhat/gdm-fingerprint.pam
@@ -0,0 +1,16 @@
+auth substack fingerprint-auth
+auth include postlogin
+
+account required pam_nologin.so
+account include fingerprint-auth
+
+password include fingerprint-auth
+
+session required pam_selinux.so close
+session required pam_loginuid.so
+session optional pam_console.so
+session required pam_selinux.so open
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include fingerprint-auth
+session include postlogin
diff --git a/data/pam-redhat/gdm-launch-environment.pam b/data/pam-redhat/gdm-launch-environment.pam
new file mode 100644
index 0000000..2e9ea2b
--- /dev/null
+++ b/data/pam-redhat/gdm-launch-environment.pam
@@ -0,0 +1,9 @@
+#%PAM-1.0
+auth required pam_env.so
+auth required pam_permit.so
+auth include postlogin
+account required pam_permit.so
+password required pam_permit.so
+session optional pam_keyinit.so force revoke
+session include system-auth
+session include postlogin
diff --git a/data/pam-redhat/gdm-password.pam b/data/pam-redhat/gdm-password.pam
new file mode 100644
index 0000000..21c04ec
--- /dev/null
+++ b/data/pam-redhat/gdm-password.pam
@@ -0,0 +1,20 @@
+auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
+auth substack password-auth
+auth optional pam_gnome_keyring.so
+auth include postlogin
+
+account required pam_nologin.so
+account include password-auth
+
+password substack password-auth
+-password optional pam_gnome_keyring.so use_authtok
+
+session required pam_selinux.so close
+session required pam_loginuid.so
+session optional pam_console.so
+session required pam_selinux.so open
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include password-auth
+session optional pam_gnome_keyring.so auto_start
+session include postlogin
diff --git a/data/pam-redhat/gdm-pin.pam b/data/pam-redhat/gdm-pin.pam
new file mode 100644
index 0000000..6ec7707
--- /dev/null
+++ b/data/pam-redhat/gdm-pin.pam
@@ -0,0 +1,21 @@
+auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
+auth requisite pam_pin.so
+auth substack password-auth
+auth optional pam_gnome_keyring.so
+auth include postlogin
+
+account required pam_nologin.so
+account include password-auth
+
+password include password-auth
+password optional pam_pin.so
+
+session required pam_selinux.so close
+session required pam_loginuid.so
+session optional pam_console.so
+session required pam_selinux.so open
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include password-auth
+session optional pam_gnome_keyring.so auto_start
+session include postlogin
diff --git a/data/pam-redhat/gdm-smartcard.pam b/data/pam-redhat/gdm-smartcard.pam
new file mode 100644
index 0000000..5024e52
--- /dev/null
+++ b/data/pam-redhat/gdm-smartcard.pam
@@ -0,0 +1,16 @@
+auth substack smartcard-auth
+auth include postlogin
+
+account required pam_nologin.so
+account include smartcard-auth
+
+password include smartcard-auth
+
+session required pam_selinux.so close
+session required pam_loginuid.so
+session optional pam_console.so
+session required pam_selinux.so open
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include smartcard-auth
+session include postlogin
diff --git a/data/session.conf.in b/data/session.conf.in
new file mode 100644
index 0000000..7bfa365
--- /dev/null
+++ b/data/session.conf.in
@@ -0,0 +1,4 @@
+[Unit]
+@wants_required_components@
+
+Requires=@requires_component@.target