pam: fix pam_unix autohentication failures when ran as user
Commit d0c42dfa
"pam: bind Linux-PAM locales from pam-specific folder
(upstream patch)" added autoreconfHook269 into one of the postPatch
phases.
This clobbered the change applied by `suid-wrapper-path.patch` as it was
patching Makefile.in.
As a result `nixosTests.sway` test started failing as:
check pass; user unknown
Running `swaylock` on real system exhibited the same result.
As `suid-wrapper-path.patch` is clobbered we were running non-suid
version of `unix_chkpwd`:
/nix/store/...-linux-pam-1.5.2/sbin/unix_chkpwd
instead of SUID-wrapped
/run/wrappers/bin/unix_chkpw
The fix is trivial: move the patch from auto-generated file to
`Makefile.am`.
Discovered-by: Yureka
This commit is contained in:
parent
46679c6a02
commit
60e0187471
|
@ -29,7 +29,8 @@ stdenv.mkDerivation rec {
|
|||
outputs = [ "out" "doc" "man" /* "modules" */ ];
|
||||
|
||||
depsBuildBuild = [ buildPackages.stdenv.cc ];
|
||||
# autoreconfHook269 is needed for `bind-locales.patch` above
|
||||
# autoreconfHook269 is needed for `suid-wrapper-path.patch` and
|
||||
# `bind-locales.patch` above.
|
||||
# pkg-config-unwrapped is needed for `AC_CHECK_LIB` and `AC_SEARCH_LIBS`
|
||||
nativeBuildInputs = [ flex autoreconfHook269 pkg-config-unwrapped ]
|
||||
++ lib.optional stdenv.buildPlatform.isDarwin gettext;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
It needs the SUID version during runtime, and that can't be in /nix/store/**
|
||||
--- a/modules/pam_unix/Makefile.in
|
||||
+++ b/modules/pam_unix/Makefile.in
|
||||
@@ -651 +651 @@
|
||||
--- a/modules/pam_unix/Makefile.am
|
||||
+++ b/modules/pam_unix/Makefile.am
|
||||
@@ -21 +21 @@
|
||||
- -DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\" \
|
||||
+ -DCHKPWD_HELPER=\"/run/wrappers/bin/unix_chkpwd\" \
|
||||
|
|
Loading…
Reference in New Issue
Block a user