From 5971cdd5bcb9f2061fc87acb8763cbf7070ad8a5 Mon Sep 17 00:00:00 2001
From: Olivier MEDOC <o_medoc@yahoo.fr>
Date: Wed, 25 Oct 2017 14:54:48 +0200
Subject: [PATCH] archlinux: restore setup of pam.d/su-l

qubes-gui agent calls su-l instead of initializing its own pam
session such as qrexec.
pam.d/su-l qubes specific configuration must be restored to ensure
that the user login session is properly initialized:
https://github.com/QubesOS/qubes-issues/issues/3185
---
 archlinux/PKGBUILD                           |  2 +-
 archlinux/PKGBUILD-qubes-pacman-options.conf |  3 ++-
 archlinux/PKGBUILD.install                   | 11 +++++++++++
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/archlinux/PKGBUILD b/archlinux/PKGBUILD
index 67a52ca..6a3dd4e 100644
--- a/archlinux/PKGBUILD
+++ b/archlinux/PKGBUILD
@@ -3,7 +3,7 @@
 # shellcheck disable=SC2034
 pkgname=qubes-vm-core
 pkgver=$(cat version)
-pkgrel=12
+pkgrel=13
 epoch=
 pkgdesc="The Qubes core files for installation inside a Qubes VM."
 arch=("x86_64")
diff --git a/archlinux/PKGBUILD-qubes-pacman-options.conf b/archlinux/PKGBUILD-qubes-pacman-options.conf
index 0b16520..703c472 100644
--- a/archlinux/PKGBUILD-qubes-pacman-options.conf
+++ b/archlinux/PKGBUILD-qubes-pacman-options.conf
@@ -1 +1,2 @@
-[options]
\ No newline at end of file
+[options]
+NoUpgrade = etc/pam.d/su-l
\ No newline at end of file
diff --git a/archlinux/PKGBUILD.install b/archlinux/PKGBUILD.install
index 4e0c899..94a71d5 100644
--- a/archlinux/PKGBUILD.install
+++ b/archlinux/PKGBUILD.install
@@ -315,6 +315,17 @@ update_finalize() {
 
     /usr/lib/qubes/update-proxy-configs
 
+    # Archlinux specific: Update pam.d configuration for su to enable systemd-login wrapper
+    # This is required as qubes-gui agent calls xinit with su -l user without initializing properly
+    # the user session.
+    # pam_unix.so can also be removed from su configuration
+    # as system-login (which include system-auth) already gives pam_unix.so
+    # with more appropriate parameters (fix the missing nullok parameter)
+    if grep -q pam_unix.so /etc/pam.d/su; then
+        echo "Fixing pam.d"
+	cp /etc/pam.d/qrexec /etc/pam.d/su-l
+    fi
+
     # Archlinux specific: ensure tty1 is enabled
     rm -f /etc/systemd/system/getty.target.wants/getty@tty*.service
     systemctl enable getty\@tty1.service