archlinux: restore setup of pam.d/su-l

qubes-gui agent calls su-l instead of initializing its own pam
session such as qrexec.
pam.d/su-l qubes specific configuration must be restored to ensure
that the user login session is properly initialized:
https://github.com/QubesOS/qubes-issues/issues/3185

archlinux/PKGBUILD

@@ -3,7 +3,7 @@
 # shellcheck disable=SC2034
 pkgname=qubes-vm-core
 pkgver=$(cat version)
-pkgrel=12
+pkgrel=13
 epoch=
 pkgdesc="The Qubes core files for installation inside a Qubes VM."
 arch=("x86_64")

archlinux/PKGBUILD-qubes-pacman-options.conf

@@ -1 +1,2 @@
 [options]
+NoUpgrade = etc/pam.d/su-l

archlinux/PKGBUILD.install

@@ -315,6 +315,17 @@ update_finalize() {
 
     /usr/lib/qubes/update-proxy-configs
 
+    # Archlinux specific: Update pam.d configuration for su to enable systemd-login wrapper
+    # This is required as qubes-gui agent calls xinit with su -l user without initializing properly
+    # the user session.
+    # pam_unix.so can also be removed from su configuration
+    # as system-login (which include system-auth) already gives pam_unix.so
+    # with more appropriate parameters (fix the missing nullok parameter)
+    if grep -q pam_unix.so /etc/pam.d/su; then
+        echo "Fixing pam.d"
+	cp /etc/pam.d/qrexec /etc/pam.d/su-l
+    fi
+
     # Archlinux specific: ensure tty1 is enabled
     rm -f /etc/systemd/system/getty.target.wants/getty@tty*.service
     systemctl enable getty\@tty1.service