pam: fix pam_unix autohentication failures when ran as user

Commit d0c42dfa "pam: bind Linux-PAM locales from pam-specific folder (upstream patch)" added autoreconfHook269 into one of the postPatch phases. This clobbered the change applied by `suid-wrapper-path.patch` as it was patching Makefile.in. As a result `nixosTests.sway` test started failing as: check pass; user unknown Running `swaylock` on real system exhibited the same result. As `suid-wrapper-path.patch` is clobbered we were running non-suid version of `unix_chkpwd`: /nix/store/...-linux-pam-1.5.2/sbin/unix_chkpwd instead of SUID-wrapped /run/wrappers/bin/unix_chkpw The fix is trivial: move the patch from auto-generated file to `Makefile.am`. Discovered-by: Yureka
2023-11-11 09:36:12 +00:00 · 2023-11-11 09:36:12 +00:00 · 60e0187471
commit 60e0187471
parent 46679c6a02
2 changed files with 5 additions and 4 deletions
--- a/pkgs/os-specific/linux/pam/default.nix
+++ b/pkgs/os-specific/linux/pam/default.nix
@ -29,7 +29,8 @@ stdenv.mkDerivation rec {
  outputs = [ "out" "doc" "man" /* "modules" */ ];

  depsBuildBuild = [ buildPackages.stdenv.cc ];
-  # autoreconfHook269 is needed for `bind-locales.patch` above
+  # autoreconfHook269 is needed for `suid-wrapper-path.patch` and
+  # `bind-locales.patch` above.
  # pkg-config-unwrapped is needed for `AC_CHECK_LIB` and `AC_SEARCH_LIBS`
  nativeBuildInputs = [ flex autoreconfHook269 pkg-config-unwrapped ]
    ++ lib.optional stdenv.buildPlatform.isDarwin gettext;
--- a/pkgs/os-specific/linux/pam/suid-wrapper-path.patch
+++ b/pkgs/os-specific/linux/pam/suid-wrapper-path.patch
@ -1,6 +1,6 @@
 It needs the SUID version during runtime, and that can't be in /nix/store/**
--- a/modules/pam_unix/Makefile.in
-+++ b/modules/pam_unix/Makefile.in
-@@ -651 +651 @@
+--- a/modules/pam_unix/Makefile.am
+++ b/modules/pam_unix/Makefile.am
+@@ -21 +21 @@
 -	-DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\" \
 +	-DCHKPWD_HELPER=\"/run/wrappers/bin/unix_chkpwd\" \