From 7da8adf4da322a456bd9ca2cbc1631c46a3063c5 Mon Sep 17 00:00:00 2001
From: classabbyamp <void@placeviolette.net>
Date: Tue, 11 Jul 2023 22:02:49 -0400
Subject: [PATCH 1/3] polkit: patch to support turnstile

---
 srcpkgs/polkit/patches/turnstile.patch | 57 ++++++++++++++++++++++++++
 srcpkgs/polkit/template                |  2 +-
 2 files changed, 58 insertions(+), 1 deletion(-)
 create mode 100644 srcpkgs/polkit/patches/turnstile.patch

diff --git a/srcpkgs/polkit/patches/turnstile.patch b/srcpkgs/polkit/patches/turnstile.patch
new file mode 100644
index 0000000000000..4f56ed130eefd
--- /dev/null
+++ b/srcpkgs/polkit/patches/turnstile.patch
@@ -0,0 +1,57 @@
+commit 8d98aa421b92765695af13c033cf7e80375c03fe
+Author: q66 <q66@chimera-linux.org>
+Date:   Sun Jul 2 15:44:51 2023 +0200
+
+    ensure turnstile-session processes fall back to display check
+    
+    As turnstile session is shared between sessions, let us fall back
+    to the check for whether a graphical session is in place. We need
+    this as our dbus session bus is managed through turnstile. In
+    systemd-using systems there is no problem because user units are
+    not a part of any explicit session (we don't get this luxury
+    because using a session is the only way to make sure our pid is
+    tracked in systemd at all; we need that to be able to resolve
+    PID to UID).
+
+diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
+index b00cdbd..9a3f3c3 100644
+--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
++++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
+@@ -346,7 +346,7 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni
+   PolkitUnixProcess *tmp_process = NULL;
+   PolkitUnixProcess *process = NULL;
+   PolkitSubject *session = NULL;
+-  char *session_id = NULL;
++  char *session_id = NULL, *service_id = NULL;
+   pid_t pid;
+ #if HAVE_SD_UID_GET_DISPLAY
+   uid_t uid;
+@@ -377,8 +377,26 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni
+ 
+   if (sd_pid_get_session (pid, &session_id) >= 0)
+     {
+-      session = polkit_unix_session_new (session_id);
+-      goto out;
++      /* if belonging to turnstile, ignore */
++      if (sd_session_get_service (session_id, &service_id) >= 0)
++        {
++          if (strcmp (service_id, "turnstiled"))
++            {
++              free (service_id);
++              session = polkit_unix_session_new (session_id);
++              goto out;
++            }
++          else
++            {
++              /* turnstile-managed processes are shared */
++              free(service_id);
++            }
++        }
++      else
++        {
++          session = polkit_unix_session_new (session_id);
++          goto out;
++        }
+     }
+ 
+ #if HAVE_SD_UID_GET_DISPLAY
diff --git a/srcpkgs/polkit/template b/srcpkgs/polkit/template
index 84ab7453bb9b6..0435e1ce5976b 100644
--- a/srcpkgs/polkit/template
+++ b/srcpkgs/polkit/template
@@ -1,7 +1,7 @@
 # Template file for 'polkit'
 pkgname=polkit
 version=121
-revision=1
+revision=2
 build_style=meson
 build_helper=gir
 configure_args="$(vopt_bool gir introspection) -Dman=true

From ae9dc69e3eae96195747483e4f486f6b34e5825a Mon Sep 17 00:00:00 2001
From: classabbyamp <void@placeviolette.net>
Date: Sun, 2 Jul 2023 22:04:40 -0400
Subject: [PATCH 2/3] pam-base: add turnstile pam

---
 srcpkgs/pam-base/files/system-login | 1 +
 srcpkgs/pam-base/template           | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/srcpkgs/pam-base/files/system-login b/srcpkgs/pam-base/files/system-login
index 2275deba480d3..72c4638f07d3f 100644
--- a/srcpkgs/pam-base/files/system-login
+++ b/srcpkgs/pam-base/files/system-login
@@ -14,6 +14,7 @@ session    optional   pam_loginuid.so
 session    include    system-auth
 session    optional   pam_motd.so          motd=/etc/motd
 session    optional   pam_mail.so          dir=/var/mail standard quiet
+-session   optional   pam_turnstile.so
 -session   optional   pam_elogind.so
 -session   optional   pam_dumb_runtime_dir.so
 session    required   pam_env.so
diff --git a/srcpkgs/pam-base/template b/srcpkgs/pam-base/template
index 70dfab9fa9965..38bfa74cd8856 100644
--- a/srcpkgs/pam-base/template
+++ b/srcpkgs/pam-base/template
@@ -1,7 +1,7 @@
 # Template file for 'pam-base'
 pkgname=pam-base
 version=0.4
-revision=2
+revision=3
 short_desc="PAM base configuration files"
 maintainer="Érico Nogueira <ericonr@disroot.org>"
 license="Public Domain"

From 55f22813eefc3dfe4cf0e2d7418d0ba737fec3ef Mon Sep 17 00:00:00 2001
From: classabbyamp <void@placeviolette.net>
Date: Wed, 28 Jun 2023 05:10:55 -0400
Subject: [PATCH 3/3] New package: turnstile-0.1.6

---
 srcpkgs/turnstile/files/README.voidlinux      |  41 ++++
 srcpkgs/turnstile/files/dbus.run              |   6 +
 srcpkgs/turnstile/files/turnstiled/run        |   4 +
 .../turnstile/patches/missing-include.patch   |  21 ++
 srcpkgs/turnstile/patches/runit.patch         | 203 ++++++++++++++++++
 srcpkgs/turnstile/template                    |  25 +++
 6 files changed, 300 insertions(+)
 create mode 100644 srcpkgs/turnstile/files/README.voidlinux
 create mode 100755 srcpkgs/turnstile/files/dbus.run
 create mode 100644 srcpkgs/turnstile/files/turnstiled/run
 create mode 100644 srcpkgs/turnstile/patches/missing-include.patch
 create mode 100644 srcpkgs/turnstile/patches/runit.patch
 create mode 100644 srcpkgs/turnstile/template

diff --git a/srcpkgs/turnstile/files/README.voidlinux b/srcpkgs/turnstile/files/README.voidlinux
new file mode 100644
index 0000000000000..dc178c6e2c554
--- /dev/null
+++ b/srcpkgs/turnstile/files/README.voidlinux
@@ -0,0 +1,41 @@
+# User Services
+
+User services can be placed in ~/.config/service/.
+
+To ensure that a subset of services are started before login can proceed,
+these services can be listed in ~/.config/service/turnstile-ready/conf,
+for example:
+
+	core_services="dbus foo"
+
+The turnstile-ready service is created by turnstile on first login.
+
+# D-Bus User Session Bus
+
+If you want to manage the D-Bus user session bus using a turnstile-managed
+runit user service:
+
+	mkdir ~/.config/service/dbus
+	cp /usr/share/examples/turnstile/dbus.run ~/.config/service/dbus/run
+
+For some D-Bus-launched applications (like XDG portals), D-Bus needs to know
+about some environment variables:
+
+	# for Xorg
+	dbus-update-activation-environment DISPLAY XAUTHORITY
+	# for wayland
+	dbus-update-activation-environment WAYLAND_DISPLAY
+
+# Elogind Replacement
+
+Turnstile is not (nor ever will be, according to the developer) a complete
+replacement for elogind, but it can replace several parts, including
+XDG_RUNTIME_DIR management.
+
+If using turnstile with elogind:
+- disable rundir management in /etc/turnstile/turnstiled.conf
+  (manage_rundir = no)
+
+If using turnstile without elogind:
+- install and enable seatd for seat management
+- install and enable acpid for lid switch/button handling
diff --git a/srcpkgs/turnstile/files/dbus.run b/srcpkgs/turnstile/files/dbus.run
new file mode 100755
index 0000000000000..5f3e21cb4656d
--- /dev/null
+++ b/srcpkgs/turnstile/files/dbus.run
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+[ -r ./conf ] && . ./conf
+
+exec chpst -C "$HOME" dbus-daemon --session --nofork --nopidfile \
+	--address="$DBUS_SESSION_BUS_ADDRESS" $OPTS
diff --git a/srcpkgs/turnstile/files/turnstiled/run b/srcpkgs/turnstile/files/turnstiled/run
new file mode 100644
index 0000000000000..aa5d624fda19a
--- /dev/null
+++ b/srcpkgs/turnstile/files/turnstiled/run
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+exec 2>&1
+exec turnstiled
diff --git a/srcpkgs/turnstile/patches/missing-include.patch b/srcpkgs/turnstile/patches/missing-include.patch
new file mode 100644
index 0000000000000..289c7c32c4d2b
--- /dev/null
+++ b/srcpkgs/turnstile/patches/missing-include.patch
@@ -0,0 +1,21 @@
+From 88d5778946f5dd6738d706667e76ec2f937c3ff5 Mon Sep 17 00:00:00 2001
+From: q66 <q66@chimera-linux.org>
+Date: Wed, 12 Jul 2023 04:21:41 +0200
+Subject: [PATCH] add missing include
+
+---
+ src/pam_turnstile.cc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/pam_turnstile.cc b/src/pam_turnstile.cc
+index d0d3ae2..27ee53f 100644
+--- a/src/pam_turnstile.cc
++++ b/src/pam_turnstile.cc
+@@ -14,6 +14,7 @@
+ #include <cstdio>
+ #include <cstdlib>
+ #include <cstring>
++#include <cerrno>
+ #include <algorithm>
+ 
+ #include <pwd.h>
diff --git a/srcpkgs/turnstile/patches/runit.patch b/srcpkgs/turnstile/patches/runit.patch
new file mode 100644
index 0000000000000..6356f65c5c070
--- /dev/null
+++ b/srcpkgs/turnstile/patches/runit.patch
@@ -0,0 +1,203 @@
+From 370209395d420d54a48a884e81625f9c2c88729d Mon Sep 17 00:00:00 2001
+From: classabbyamp <dev@placeviolette.net>
+Date: Wed, 28 Jun 2023 05:05:25 -0400
+Subject: [PATCH] add runit backend
+
+---
+ backend/meson.build | 16 +++++++++
+ backend/runit       | 86 +++++++++++++++++++++++++++++++++++++++++++++
+ backend/runit.conf  | 13 +++++++
+ meson.build         | 14 +++++---
+ meson_options.txt   | 10 ++++++
+ 5 files changed, 135 insertions(+), 4 deletions(-)
+ create mode 100644 backend/runit
+ create mode 100644 backend/runit.conf
+
+diff --git a/backend/meson.build b/backend/meson.build
+index 681e6a0..e4c63f1 100644
+--- a/backend/meson.build
++++ b/backend/meson.build
+@@ -13,3 +13,19 @@ if have_dinit
+         install_mode: 'rw-r--r--'
+     )
+ endif
++
++# runit backend
++
++if have_runit
++    install_data(
++        'runit',
++        install_dir: join_paths(get_option('libexecdir'), 'turnstile'),
++        install_mode: 'rwxr-xr-x'
++    )
++
++    install_data(
++        'runit.conf',
++        install_dir: join_paths(get_option('sysconfdir'), 'turnstile/backend'),
++        install_mode: 'rw-r--r--'
++    )
++endif
+diff --git a/backend/runit b/backend/runit
+new file mode 100644
+index 0000000..b293b43
+--- /dev/null
++++ b/backend/runit
+@@ -0,0 +1,86 @@
++#!/bin/sh
++#
++# This is the turnstile runit backend. It accepts the action as its first
++# argument, which is either "ready", "run", or "stop". In case of "run", it's
++# invoked directly through /bin/sh as if it was a login shell, and therefore
++# it has acccess to shell profile, and the shebang is functionally useless but
++# should be preserved as a convention. For "ready", it's a regular shell.
++#
++# Arguments for "ready":
++#
++# ready_sv: path to the readiness service
++#
++# Arguments for "run":
++#
++# ready_p:  readiness pipe (fifo). has the path to the ready service written to it.
++# srvdir:   unused
++# confdir:  the path where turnstile's configuration data resides, used
++#           to source the configuration file
++#
++# Arguments for "stop":
++#
++# pid:      the PID of the service manager to stop (gracefully); it should
++#           terminate the services it's running and then stop itself
++#
++# Copyright 2023 classabbyamp <dev@placeviolette.net>
++# License: BSD-2-Clause
++
++case "$1" in
++    run) ;;
++    ready)
++        if [ -z "$2" ] || [ ! -d "$2" ]; then
++            echo "runit: invalid readiness service '$2'" >&2
++            exit 69
++        fi
++        exec sv start "$2" >&2
++        ;;
++    stop)
++        # If runsvdir receives a HUP signal, it sends a TERM signal to each
++        # runsv(8) process it is monitoring and then exits with 111.
++        exec kill -s HUP "$2"
++        ;;
++    *)
++        exit 32
++        ;;
++esac
++
++RUNIT_READY_PIPE="$2"
++RUNIT_CONF="$4/runit.conf"
++
++if [ ! -p "$RUNIT_READY_PIPE" ]; then
++    echo "runit: invalid input argument(s)" >&2
++    exit 69
++fi
++
++if [ -z "$HOME" ] || [ ! -d "$HOME" ]; then
++    echo "runit: invalid home directory" >&2
++    exit 70
++fi
++
++shift $#
++
++# be strict
++set -e
++
++# source the conf
++[ -r "$RUNIT_CONF" ] && . "$RUNIT_CONF"
++
++# set some defaults in case the conf cannot be read or is mangled
++: "${ready_sv:="turnstile-ready"}"
++: "${services_dir:="${HOME}/.config/service"}"
++
++mkdir -p "${services_dir}/${ready_sv}" > /dev/null 2>&1
++
++# this must succeed
++cat << EOF > "${services_dir}/${ready_sv}/run"
++#!/bin/sh
++[ -r ./conf ] && . ./conf
++[ -n "\$core_services" ] && SVDIR=".." sv start \$core_services
++[ -p "$RUNIT_READY_PIPE" ] && printf "${services_dir}/${ready_sv}" > "$RUNIT_READY_PIPE"
++exec pause
++EOF
++chmod +x "${services_dir}/${ready_sv}/run"
++
++exec env DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(id -u)/bus" \
++    runsvdir -P "$services_dir" \
++    'log: ...........................................................................................................................................................................................................................................................................................................................................................................................................'
+diff --git a/backend/runit.conf b/backend/runit.conf
+new file mode 100644
+index 0000000..7b258c9
+--- /dev/null
++++ b/backend/runit.conf
+@@ -0,0 +1,13 @@
++# This is the configuration file for turnstile's runit backend.
++#
++# It follows the POSIX shell syntax (being sourced into a script).
++# The complete launch environment available to dinit can be used.
++#
++# It is a low-level configuration file. In most cases, it should
++# not be modified by the user.
++
++# the name of the service that turnstile will check for login readiness
++ready_sv="turnstile-ready"
++
++# the directory user service files are read from.
++services_dir="${HOME}/.config/service"
+diff --git a/meson.build b/meson.build
+index e25ba83..dec58f8 100644
+--- a/meson.build
++++ b/meson.build
+@@ -23,6 +23,7 @@ scdoc_dep = dependency(
+ )
+ 
+ have_dinit = get_option('dinit').enabled()
++have_runit = get_option('runit').enabled()
+ 
+ conf_data = configuration_data()
+ conf_data.set_quoted('RUN_PATH', get_option('rundir'))
+@@ -101,10 +102,15 @@ install_data(
+ )
+ 
+ # decide the default backend
+-if have_dinit
+-    default_backend = 'dinit'
+-else
+-    default_backend = 'none'
++default_backend = get_option('default_backend')
++if default_backend == ''
++    if have_dinit
++        default_backend = 'dinit'
++    elif have_runit
++        default_backend = 'runit'
++    else
++        default_backend = 'none'
++    endif
+ endif
+ 
+ uconf_data = configuration_data()
+diff --git a/meson_options.txt b/meson_options.txt
+index 9b03995..4325042 100644
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -3,6 +3,16 @@ option('dinit',
+     description: 'Whether to install Dinit-related backend and data'
+ )
+ 
++option('runit',
++    type: 'feature', value: 'disabled',
++    description: 'Whether to install runit-related backend and data'
++)
++
++option('default_backend',
++    type: 'string', value: '',
++    description: 'Override the default backend'
++)
++
+ option('rundir',
+     type: 'string', value: '/run',
+     description: 'Where the base directory will be located'
diff --git a/srcpkgs/turnstile/template b/srcpkgs/turnstile/template
new file mode 100644
index 0000000000000..8552684015b48
--- /dev/null
+++ b/srcpkgs/turnstile/template
@@ -0,0 +1,25 @@
+# Template file for 'turnstile'
+pkgname=turnstile
+version=0.1.6
+revision=1
+build_style=meson
+configure_args="-Ddinit=disabled -Drunit=enabled -Ddefault_backend=runit
+ -Dmanage_rundir=true"
+hostmakedepends="pkg-config scdoc"
+makedepends="pam-devel"
+short_desc="Independent session/login tracker and user service manager"
+maintainer="classabbyamp <void@placeviolette.net>"
+license="BSD-2-Clause"
+homepage="https://github.com/chimera-linux/turnstile"
+distfiles="https://github.com/chimera-linux/turnstile/archive/refs/tags/v${version}.tar.gz"
+# _commit="a0b40dc430e365a96de65afd6ce237b58c7c3a07"
+# distfiles="https://github.com/chimera-linux/turnstile/archive/${_commit}.tar.gz"
+checksum=ea1b87ad153e97ecda698526eec1cbc9fee1cd2b134c43b449f35d9cec0a61bc
+conf_files="/etc/turnstile/turnstiled.conf"
+
+post_install() {
+	vsv turnstiled
+	vsconf "${FILESDIR}/dbus.run"
+	vdoc "${FILESDIR}/README.voidlinux"
+	vlicense COPYING.md
+}