From: "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: 35996@debbugs.gnu.org
Subject: bug#35996: User account password got locked when booting old generation
Date: Mon, 3 Jun 2019 08:03:01 +0200 [thread overview]
Message-ID: <20190603060301.2nu2zqi5j3v3j5ki@pelzflorian.localdomain> (raw)
In-Reply-To: <87o93g9dv5.fsf@gnu.org>
[-- Attachment #1: Type: text/plain, Size: 1297 bytes --]
After I booted to a Guix install USB, chrooted as described on the
Arch wiki and started a Guix daemon, I could reconfigure as before.
There was no need to fiddle with grub-install.
After multiple reconfigures, it happened again, my /etc/shadow has !
again in the password field. My recently changed root password became
empty as well, like 35902. I did not even run sudo concurrently. The
password just got locked.
The /etc from the “populating from /gnu/store/*-etc” messages has no
significant differences either.
On Sat, Jun 01, 2019 at 11:37:51PM +0200, Ludovic Courtès wrote:
> "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> skribis:
> > AccountsService appears to only be usable for reading /etc/shadow, not
> > for writing it, contrary to what the Guix manual claims (??).
>
> That might be a bug.
>
AccountsService obviously can change passwords. No bug here. Sorry.
I was confused.
> > For writing passwords, gnome-control-center does not use
> > AccountsService, it calls /usr/bin/passwd directly in its source code
> > in panels/user-accounts/run-passwd.c.
>
> That’s definitely a bug to fix: it should invoke
> /run/setuid-programs/passwd instead.
>
Find attached two patches that fix GNOME password changing. Both are
required.
Regards,
Florian
[-- Attachment #2: 0001-Add-cracklib-s-password-dictionary-to-cracklib-s-def.patch --]
[-- Type: text/plain, Size: 1373 bytes --]
From 1eb7699d5036062993a080393bfb4a46d2dc1bea Mon Sep 17 00:00:00 2001
From: Florian Pelz <pelzflorian@pelzflorian.de>
Date: Mon, 3 Jun 2019 07:19:20 +0200
Subject: [PATCH 1/2] =?UTF-8?q?Add=20cracklib=E2=80=99s=20password=20dicti?=
=?UTF-8?q?onary=20to=20cracklib=E2=80=99s=20default=20output.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* gnu/packages/password-utils.scm (cracklib): Use `make dict`.
---
gnu/packages/password-utils.scm | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm
index 2b844c9a1c..88f933e43e 100644
--- a/gnu/packages/password-utils.scm
+++ b/gnu/packages/password-utils.scm
@@ -310,6 +310,15 @@ and vice versa.")
(sha256
(base32 "1rimpjsdnmw8f5b7k558cic41p2qy2n2yrlqp5vh7mp4162hk0py"))))
(build-system gnu-build-system)
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ (add-after 'install 'install-dict
+ (lambda* (#:key make-flags #:allow-other-keys)
+ (begin
+ (chmod (string-append "util/cracklib-format") #o755)
+ (apply invoke "make" "dict" make-flags)
+ #t))))))
(synopsis "Password checking library")
(home-page "https://github.com/cracklib/cracklib")
(description
--
2.21.0
[-- Attachment #3: 0002-Make-gnome-control-center-find-passwd-binary.patch --]
[-- Type: text/plain, Size: 1025 bytes --]
From c7c016adc34c591febd0d3630f32dbecdd20ad7c Mon Sep 17 00:00:00 2001
From: Florian Pelz <pelzflorian@pelzflorian.de>
Date: Sun, 2 Jun 2019 20:01:23 +0200
Subject: [PATCH 2/2] Make gnome-control-center find passwd binary.
* gnu/packages/gnome.scm (gnome-control-center): Substitute correct path to
passwd.
---
gnu/packages/gnome.scm | 3 +++
1 file changed, 3 insertions(+)
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 6a2a683f58..2917107d18 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -5879,6 +5879,9 @@ devices using the GNOME desktop.")
(("\"nm-connection-editor")
(string-append "\"" nm-applet
"/bin/nm-connection-editor")))
+ (substitute* '("panels/user-accounts/run-passwd.c")
+ (("/usr/bin/passwd")
+ "/run/setuid-programs/passwd"))
#t))))))
(native-inputs
`(("glib:bin" ,glib "bin") ; for glib-mkenums, etc.
--
2.21.0
next prev parent reply other threads:[~2019-06-03 6:04 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-29 20:45 bug#35996: User account password got locked when booting old generation pelzflorian (Florian Pelz)
2019-05-31 22:05 ` Ludovic Courtès
2019-06-01 5:52 ` pelzflorian (Florian Pelz)
2019-06-01 14:58 ` pelzflorian (Florian Pelz)
2019-06-01 21:37 ` Ludovic Courtès
2019-06-02 7:05 ` pelzflorian (Florian Pelz)
2019-06-02 9:38 ` Ludovic Courtès
2019-06-02 10:21 ` pelzflorian (Florian Pelz)
2019-06-02 16:00 ` Ludovic Courtès
2019-06-03 6:03 ` pelzflorian (Florian Pelz) [this message]
2019-06-03 6:14 ` Gábor Boskovits
2019-06-03 7:18 ` pelzflorian (Florian Pelz)
2019-06-03 15:22 ` Ludovic Courtès
2019-06-03 17:07 ` pelzflorian (Florian Pelz)
2019-06-03 13:22 ` Ludovic Courtès
2019-06-03 14:52 ` pelzflorian (Florian Pelz)
2019-06-04 9:22 ` Ludovic Courtès
2019-06-04 12:17 ` pelzflorian (Florian Pelz)
2019-06-04 14:12 ` pelzflorian (Florian Pelz)
2019-06-04 17:17 ` pelzflorian (Florian Pelz)
2019-06-04 21:21 ` Ludovic Courtès
2019-06-05 6:16 ` pelzflorian (Florian Pelz)
2019-06-05 9:54 ` Ludovic Courtès
2019-06-05 11:06 ` pelzflorian (Florian Pelz)
2019-06-05 21:13 ` Ludovic Courtès
2019-06-06 7:01 ` pelzflorian (Florian Pelz)
2019-06-06 8:04 ` Ludovic Courtès
2019-06-03 16:01 ` Danny Milosavljevic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190603060301.2nu2zqi5j3v3j5ki@pelzflorian.localdomain \
--to=pelzflorian@pelzflorian.de \
--cc=35996@debbugs.gnu.org \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).