diff options
| author | Sergei Trofimovich <slyich@gmail.com> | 2023-11-11 09:36:12 +0000 |
|---|---|---|
| committer | Sergei Trofimovich <slyich@gmail.com> | 2023-11-11 09:54:04 +0000 |
| commit | 60e01874711bcb65a81d21b4647cb160645e3920 (patch) | |
| tree | 38bdcf125c4aa967bef3c097c42509e403df6d8c /pkgs/os-specific/linux/pam | |
| parent | 46679c6a02c7a3b49f2500f72974ade365e561ae (diff) | |
| download | nixpkgs-60e01874711bcb65a81d21b4647cb160645e3920.tar nixpkgs-60e01874711bcb65a81d21b4647cb160645e3920.tar.gz nixpkgs-60e01874711bcb65a81d21b4647cb160645e3920.tar.bz2 nixpkgs-60e01874711bcb65a81d21b4647cb160645e3920.tar.lz nixpkgs-60e01874711bcb65a81d21b4647cb160645e3920.tar.xz nixpkgs-60e01874711bcb65a81d21b4647cb160645e3920.tar.zst nixpkgs-60e01874711bcb65a81d21b4647cb160645e3920.zip | |
pam: fix pam_unix autohentication failures when ran as user
Commit d0c42dfa "pam: bind Linux-PAM locales from pam-specific folder
(upstream patch)" added autoreconfHook269 into one of the postPatch
phases.
This clobbered the change applied by `suid-wrapper-path.patch` as it was
patching Makefile.in.
As a result `nixosTests.sway` test started failing as:
check pass; user unknown
Running `swaylock` on real system exhibited the same result.
As `suid-wrapper-path.patch` is clobbered we were running non-suid
version of `unix_chkpwd`:
/nix/store/...-linux-pam-1.5.2/sbin/unix_chkpwd
instead of SUID-wrapped
/run/wrappers/bin/unix_chkpw
The fix is trivial: move the patch from auto-generated file to
`Makefile.am`.
Discovered-by: Yureka
Diffstat (limited to 'pkgs/os-specific/linux/pam')
| -rw-r--r-- | pkgs/os-specific/linux/pam/default.nix | 3 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/pam/suid-wrapper-path.patch | 6 |
2 files changed, 5 insertions, 4 deletions
diff --git a/pkgs/os-specific/linux/pam/default.nix b/pkgs/os-specific/linux/pam/default.nix index 9a0b2161ce4..a35f40be595 100644 --- a/pkgs/os-specific/linux/pam/default.nix +++ b/pkgs/os-specific/linux/pam/default.nix @@ -29,7 +29,8 @@ stdenv.mkDerivation rec { outputs = [ "out" "doc" "man" /* "modules" */ ]; depsBuildBuild = [ buildPackages.stdenv.cc ]; - # autoreconfHook269 is needed for `bind-locales.patch` above + # autoreconfHook269 is needed for `suid-wrapper-path.patch` and + # `bind-locales.patch` above. # pkg-config-unwrapped is needed for `AC_CHECK_LIB` and `AC_SEARCH_LIBS` nativeBuildInputs = [ flex autoreconfHook269 pkg-config-unwrapped ] ++ lib.optional stdenv.buildPlatform.isDarwin gettext; diff --git a/pkgs/os-specific/linux/pam/suid-wrapper-path.patch b/pkgs/os-specific/linux/pam/suid-wrapper-path.patch index 71533c51a19..a427ccf3881 100644 --- a/pkgs/os-specific/linux/pam/suid-wrapper-path.patch +++ b/pkgs/os-specific/linux/pam/suid-wrapper-path.patch @@ -1,6 +1,6 @@ It needs the SUID version during runtime, and that can't be in /nix/store/** ---- a/modules/pam_unix/Makefile.in -+++ b/modules/pam_unix/Makefile.in -@@ -651 +651 @@ +--- a/modules/pam_unix/Makefile.am ++++ b/modules/pam_unix/Makefile.am +@@ -21 +21 @@ - -DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\" \ + -DCHKPWD_HELPER=\"/run/wrappers/bin/unix_chkpwd\" \ |