Your message dated Wed, 04 Jan 2023 21:33:47 +0000
with message-id <[email protected]>
and subject line Bug#1022952: fixed in pam 1.5.2-6
has caused the Debian Bug report #1022952,
regarding pam-auth-update ignores --root for /usr/share/pam-configs
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1022952: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022952
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libpam-runtime
Version: 1.5.2-5
Severity: normal
Tags: patch
Hi,
when creating a chroot with DPKG_ROOT on a system that has
libpam-systemd installed, then the chroot will have "systemd" entries in
/var/lib/pam/seen and /var/lib/pam/session and /etc/pam.d/common-session
even if the chroot itself does not have libpam-systemd installed.
The reason for that is that pam-auth-update ignores the --root setting
for /usr/share/pam-configs because the directory is processed before the
commandline arguments are evaluated. To fix this, the code can be
re-ordered such that first command line arguments get processed (and
$inputdir gets prefixed with $rootdir) and only then $inputdir is
opened.
The attached patch fixes the problem.
Thanks!
cheers, josch
>From 8dffa39cd1fefa91f052121c4ce4e13fac29e233 Mon Sep 17 00:00:00 2001
From: Johannes Schauer Marin Rodrigues <[email protected]>
Date: Fri, 28 Oct 2022 11:58:42 +0200
Subject: [PATCH] pam-auth-update: read config after processing cli arguments
to not ignore --root for $inputdir
---
debian/local/pam-auth-update | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/debian/local/pam-auth-update b/debian/local/pam-auth-update
index 6c374fc1..385855cf 100644
--- a/debian/local/pam-auth-update
+++ b/debian/local/pam-auth-update
@@ -63,16 +63,6 @@ my %md5sums = (
);
my @invalid_modules = ('pam_tally');
-opendir(DIR, $inputdir) || die "could not open config directory: $!";
-while (my $profile = readdir(DIR)) {
- next if ($profile eq '.' || $profile eq '..' || $profile =~ m/~$/ ||
$profile =~ m/^#.+#$/);
- %{$profiles{$profile}} = parse_pam_profile($inputdir . '/' . $profile);
- if (defined $profiles{$profile}{'disabled'} and
$profiles{$profile}{'disabled'}) {
- delete $profiles{$profile};
- }
-}
-closedir DIR;
-
# use a '--force' arg to specify that /etc/pam.d should be overwritten;
# used only on upgrades where the postinst has already determined that the
# checksums match. Module packages other than libpam-runtime itself must
@@ -110,6 +100,16 @@ while ($#ARGV >= 0) {
}
}
+opendir(DIR, $inputdir) || die "could not open config directory: $!";
+while (my $profile = readdir(DIR)) {
+ next if ($profile eq '.' || $profile eq '..' || $profile =~ m/~$/ ||
$profile =~ m/^#.+#$/);
+ %{$profiles{$profile}} = parse_pam_profile($inputdir . '/' . $profile);
+ if (defined $profiles{$profile}{'disabled'} and
$profiles{$profile}{'disabled'}) {
+ delete $profiles{$profile};
+ }
+}
+closedir DIR;
+
$priority = 'medium' if ($package);
x_loadtemplatefile('/var/lib/dpkg/info/libpam-runtime.templates','libpam-runtime');
--
2.37.2
--- End Message ---
--- Begin Message ---
Source: pam
Source-Version: 1.5.2-6
Done: Sam Hartman <[email protected]>
We believe that the bug you reported is fixed in the latest version of
pam, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hartman <[email protected]> (supplier of updated pam package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 03 Jan 2023 13:15:23 -0700
Source: pam
Architecture: source
Version: 1.5.2-6
Distribution: unstable
Urgency: medium
Maintainer: Steve Langasek <[email protected]>
Changed-By: Sam Hartman <[email protected]>
Closes: 460232 1004000 1022952 1024645
Changes:
pam (1.5.2-6) unstable; urgency=medium
.
* Update debian/copyright, Thanks Bastian Germann, Closes: #460232
* When pam-auth-update is called with --root, use
/usr/share/pam-configs from the root not from the host system, Thanks
Johannes Schauer Marin Rodrigues, Closes: #1022952
* Build-depend on libcrypt-dev, Closes: #1024645
* Add pam-auth-udpate --disable, Closes: #1004000
* Add autopkgtests
Checksums-Sha1:
8965f7e5f1ef5453002d92c9b4508a18b7991052 1998 pam_1.5.2-6.dsc
9f9578052a8467782061011c6c6197b6bee69d9e 122320 pam_1.5.2-6.debian.tar.xz
Checksums-Sha256:
2dbff29f5fc189c95b863ffd690795a7313515619ddadc470eab8a50b7555903 1998
pam_1.5.2-6.dsc
97adad0df930ba5ed52b88bef6d494a1b303ca2eb5be9e347479a23e4d9254fc 122320
pam_1.5.2-6.debian.tar.xz
Files:
e054ae6cd6a7cfc3a194c9e7b7f5d692 1998 libs optional pam_1.5.2-6.dsc
f62abdd59a5b1eab7d9c64cf15a68860 122320 libs optional pam_1.5.2-6.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQSj2jRwbAdKzGY/4uAsbEw8qDeGdAUCY7XlGwAKCRAsbEw8qDeG
dM4sAP9YCWE0gkQXi+WnfgrAvuN4Y5YBALqLbUyolZfWNKSycgD/Xt36rP95G7jm
Fk3Z7jmOH5u08dc+S//zP9TFaCD66Qo=
=YfXI
-----END PGP SIGNATURE-----
--- End Message ---
