Package: libpam-runtime Version: 1.5.2-5 Severity: normal Tags: patch Hi,
when creating a chroot with DPKG_ROOT on a system that has libpam-systemd installed, then the chroot will have "systemd" entries in /var/lib/pam/seen and /var/lib/pam/session and /etc/pam.d/common-session even if the chroot itself does not have libpam-systemd installed. The reason for that is that pam-auth-update ignores the --root setting for /usr/share/pam-configs because the directory is processed before the commandline arguments are evaluated. To fix this, the code can be re-ordered such that first command line arguments get processed (and $inputdir gets prefixed with $rootdir) and only then $inputdir is opened. The attached patch fixes the problem. Thanks! cheers, josch
>From 8dffa39cd1fefa91f052121c4ce4e13fac29e233 Mon Sep 17 00:00:00 2001 From: Johannes Schauer Marin Rodrigues <[email protected]> Date: Fri, 28 Oct 2022 11:58:42 +0200 Subject: [PATCH] pam-auth-update: read config after processing cli arguments to not ignore --root for $inputdir --- debian/local/pam-auth-update | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/debian/local/pam-auth-update b/debian/local/pam-auth-update index 6c374fc1..385855cf 100644 --- a/debian/local/pam-auth-update +++ b/debian/local/pam-auth-update @@ -63,16 +63,6 @@ my %md5sums = ( ); my @invalid_modules = ('pam_tally'); -opendir(DIR, $inputdir) || die "could not open config directory: $!"; -while (my $profile = readdir(DIR)) { - next if ($profile eq '.' || $profile eq '..' || $profile =~ m/~$/ || $profile =~ m/^#.+#$/); - %{$profiles{$profile}} = parse_pam_profile($inputdir . '/' . $profile); - if (defined $profiles{$profile}{'disabled'} and $profiles{$profile}{'disabled'}) { - delete $profiles{$profile}; - } -} -closedir DIR; - # use a '--force' arg to specify that /etc/pam.d should be overwritten; # used only on upgrades where the postinst has already determined that the # checksums match. Module packages other than libpam-runtime itself must @@ -110,6 +100,16 @@ while ($#ARGV >= 0) { } } +opendir(DIR, $inputdir) || die "could not open config directory: $!"; +while (my $profile = readdir(DIR)) { + next if ($profile eq '.' || $profile eq '..' || $profile =~ m/~$/ || $profile =~ m/^#.+#$/); + %{$profiles{$profile}} = parse_pam_profile($inputdir . '/' . $profile); + if (defined $profiles{$profile}{'disabled'} and $profiles{$profile}{'disabled'}) { + delete $profiles{$profile}; + } +} +closedir DIR; + $priority = 'medium' if ($package); x_loadtemplatefile('/var/lib/dpkg/info/libpam-runtime.templates','libpam-runtime'); -- 2.37.2
