unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
* [bug#53468] [RFC PATCH] gnu: linux-pam: Change path to unix_chkpwd helper.
@ 2022-01-13 18:41 Andrew Tropin
  2022-01-23 14:08 ` Andrew Tropin
  2023-03-03 23:33 ` wolf
  0 siblings, 2 replies; 10+ messages in thread
From: Andrew Tropin @ 2022-01-13 18:41 UTC (permalink / raw)
  To: 53468

[-- Attachment #1: Type: text/plain, Size: 5009 bytes --]


* gnu/packages/patches/change-path-to-unix_chkpwd.patch: New file
* gnu/packages/linux.scm (linux-pam): Add patch.
* gnu/system/pam.scm (pam-root-service-type): Add unix_chkpwd to setuid
binaries.
---
The quote from unix_chkpwd.c:
> * This program is designed to run setuid(root) or with sufficient
> * privilege to read all of the unix password databases. It is designed
> * to provide a mechanism for the current user (defined by this
> * process's uid) to verify their own password.

Without suid bit it will fail in various use cases: for example utilities like
xlock or swaylock compiled with pam support won't be able to unlock the
screen.  To fix it I added unix_chkpwd binary to list of Guix System's setuid
programs and added a patch, which hardcodes /run/setuid-programs/unix_chkpwd
path in pam_unix module source code of linux-pam package.  However, I'm not
sure if it's a proper solution, please share your thoughts and conserns.

 gnu/packages/linux.scm                        |  3 +-
 .../patches/change-path-to-unix_chkpwd.patch  | 54 +++++++++++++++++++
 gnu/system/pam.scm                            |  8 ++-
 3 files changed, 62 insertions(+), 3 deletions(-)
 create mode 100644 gnu/packages/patches/change-path-to-unix_chkpwd.patch

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 7b12cb8ec1..ee0df3c625 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -1590,7 +1590,8 @@ (define-public linux-pam
        (sha256
         (base32
          "1z4jayf69qyyxln1gl6ch4qxfd66ib1g42garnrv2d8i1drl0790"))
-       (patches (search-patches "linux-pam-no-setfsuid.patch"))))
+       (patches (search-patches "change-path-to-unix_chkpwd.patch"
+                                "linux-pam-no-setfsuid.patch"))))
 
     (build-system gnu-build-system)
     (native-inputs
diff --git a/gnu/packages/patches/change-path-to-unix_chkpwd.patch b/gnu/packages/patches/change-path-to-unix_chkpwd.patch
new file mode 100644
index 0000000000..90a8b639f6
--- /dev/null
+++ b/gnu/packages/patches/change-path-to-unix_chkpwd.patch
@@ -0,0 +1,54 @@
+From f314ab148b488e23a2e48e7222964e46d0d03447 Mon Sep 17 00:00:00 2001
+From: Andrew Tropin <andrew@trop.in>
+Date: Wed, 12 Jan 2022 17:17:42 +0300
+Subject: [PATCH] Change path to unix_chkpwd.
+
+---
+ modules/pam_unix/pam_unix_acct.c | 4 ++--
+ modules/pam_unix/support.c       | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
+index 8f5ed3e0..2fdec6c7 100644
+--- a/modules/pam_unix/pam_unix_acct.c
++++ b/modules/pam_unix/pam_unix_acct.c
+@@ -122,12 +122,12 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned long long ctrl,
+     }
+ 
+     /* exec binary helper */
+-    args[0] = CHKPWD_HELPER;
++    args[0] = "/run/setuid-programs/unix_chkpwd";
+     args[1] = user;
+     args[2] = "chkexpiry";
+ 
+     DIAG_PUSH_IGNORE_CAST_QUAL;
+-    execve(CHKPWD_HELPER, (char *const *) args, envp);
++    execve("/run/setuid-programs/unix_chkpwd", (char *const *) args, envp);
+     DIAG_POP_IGNORE_CAST_QUAL;
+ 
+     pam_syslog(pamh, LOG_ERR, "helper binary execve failed: %m");
+diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
+index 27ca7127..d02f394e 100644
+--- a/modules/pam_unix/support.c
++++ b/modules/pam_unix/support.c
+@@ -523,7 +523,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
+ 	}
+ 
+ 	/* exec binary helper */
+-	args[0] = CHKPWD_HELPER;
++	args[0] = "/run/setuid-programs/unix_chkpwd";
+ 	args[1] = user;
+ 	if (off(UNIX__NONULL, ctrl)) {	/* this means we've succeeded */
+ 	  args[2]="nullok";
+@@ -532,7 +532,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
+ 	}
+ 
+ 	DIAG_PUSH_IGNORE_CAST_QUAL;
+-	execve(CHKPWD_HELPER, (char *const *) args, envp);
++	execve("/run/setuid-programs/unix_chkpwd", (char *const *) args, envp);
+ 	DIAG_POP_IGNORE_CAST_QUAL;
+ 
+ 	/* should not get here: exit with error */
+-- 
+2.34.0
+
diff --git a/gnu/system/pam.scm b/gnu/system/pam.scm
index 2574e019f1..48cd2ebf2c 100644
--- a/gnu/system/pam.scm
+++ b/gnu/system/pam.scm
@@ -375,8 +375,12 @@ (define (extend-configuration initial extensions)
 
 (define pam-root-service-type
   (service-type (name 'pam)
-                (extensions (list (service-extension etc-service-type
-                                                     /etc-entry)))
+                (extensions
+                 (list (service-extension etc-service-type /etc-entry)
+                       (service-extension
+                        setuid-program-service-type
+                        (list (file-like->setuid-program
+                               (file-append linux-pam "/sbin/unix_chkpwd"))))))
 
                 ;; Arguments include <pam-service> as well as procedures.
                 (compose concatenate)
-- 
2.34.0


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 853 bytes --]

^ permalink raw reply related	[flat|nested] 10+ messages in thread

* [bug#53468] [RFC PATCH] gnu: linux-pam: Change path to unix_chkpwd helper.
  2022-01-13 18:41 [bug#53468] [RFC PATCH] gnu: linux-pam: Change path to unix_chkpwd helper Andrew Tropin
@ 2022-01-23 14:08 ` Andrew Tropin
  2022-02-04 11:07   ` Andrew Tropin
  2022-02-04 22:10   ` Ludovic Courtès
  2023-03-03 23:33 ` wolf
  1 sibling, 2 replies; 10+ messages in thread
From: Andrew Tropin @ 2022-01-23 14:08 UTC (permalink / raw)
  To: 53468


[-- Attachment #1.1: Type: text/plain, Size: 75 bytes --]

Attaching a second version of the patch, added missing import and
lambda.


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.2: v2-0001-gnu-linux-pam-Change-path-to-unix_chkpwd-helper.patch --]
[-- Type: text/x-patch, Size: 4801 bytes --]

From ad876e5b134072601fa97d82a39b320a269f34a5 Mon Sep 17 00:00:00 2001
From: Andrew Tropin <andrew@trop.in>
Date: Thu, 13 Jan 2022 21:41:58 +0300
Subject: [RFC PATCH v2] gnu: linux-pam: Change path to unix_chkpwd helper.

* gnu/packages/patches/change-path-to-unix_chkpwd.patch: New file
* gnu/packages/linux.scm (linux-pam): Add patch.
* gnu/system/pam.scm (pam-root-service-type): Add unix_chkpwd to setuid
binaries.
---
 gnu/packages/linux.scm                        |  3 +-
 .../patches/change-path-to-unix_chkpwd.patch  | 54 +++++++++++++++++++
 gnu/system/pam.scm                            | 10 +++-
 3 files changed, 64 insertions(+), 3 deletions(-)
 create mode 100644 gnu/packages/patches/change-path-to-unix_chkpwd.patch

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 7b12cb8ec1..ee0df3c625 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -1590,7 +1590,8 @@ (define-public linux-pam
        (sha256
         (base32
          "1z4jayf69qyyxln1gl6ch4qxfd66ib1g42garnrv2d8i1drl0790"))
-       (patches (search-patches "linux-pam-no-setfsuid.patch"))))
+       (patches (search-patches "change-path-to-unix_chkpwd.patch"
+                                "linux-pam-no-setfsuid.patch"))))
 
     (build-system gnu-build-system)
     (native-inputs
diff --git a/gnu/packages/patches/change-path-to-unix_chkpwd.patch b/gnu/packages/patches/change-path-to-unix_chkpwd.patch
new file mode 100644
index 0000000000..90a8b639f6
--- /dev/null
+++ b/gnu/packages/patches/change-path-to-unix_chkpwd.patch
@@ -0,0 +1,54 @@
+From f314ab148b488e23a2e48e7222964e46d0d03447 Mon Sep 17 00:00:00 2001
+From: Andrew Tropin <andrew@trop.in>
+Date: Wed, 12 Jan 2022 17:17:42 +0300
+Subject: [PATCH] Change path to unix_chkpwd.
+
+---
+ modules/pam_unix/pam_unix_acct.c | 4 ++--
+ modules/pam_unix/support.c       | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
+index 8f5ed3e0..2fdec6c7 100644
+--- a/modules/pam_unix/pam_unix_acct.c
++++ b/modules/pam_unix/pam_unix_acct.c
+@@ -122,12 +122,12 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned long long ctrl,
+     }
+ 
+     /* exec binary helper */
+-    args[0] = CHKPWD_HELPER;
++    args[0] = "/run/setuid-programs/unix_chkpwd";
+     args[1] = user;
+     args[2] = "chkexpiry";
+ 
+     DIAG_PUSH_IGNORE_CAST_QUAL;
+-    execve(CHKPWD_HELPER, (char *const *) args, envp);
++    execve("/run/setuid-programs/unix_chkpwd", (char *const *) args, envp);
+     DIAG_POP_IGNORE_CAST_QUAL;
+ 
+     pam_syslog(pamh, LOG_ERR, "helper binary execve failed: %m");
+diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
+index 27ca7127..d02f394e 100644
+--- a/modules/pam_unix/support.c
++++ b/modules/pam_unix/support.c
+@@ -523,7 +523,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
+ 	}
+ 
+ 	/* exec binary helper */
+-	args[0] = CHKPWD_HELPER;
++	args[0] = "/run/setuid-programs/unix_chkpwd";
+ 	args[1] = user;
+ 	if (off(UNIX__NONULL, ctrl)) {	/* this means we've succeeded */
+ 	  args[2]="nullok";
+@@ -532,7 +532,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
+ 	}
+ 
+ 	DIAG_PUSH_IGNORE_CAST_QUAL;
+-	execve(CHKPWD_HELPER, (char *const *) args, envp);
++	execve("/run/setuid-programs/unix_chkpwd", (char *const *) args, envp);
+ 	DIAG_POP_IGNORE_CAST_QUAL;
+ 
+ 	/* should not get here: exit with error */
+-- 
+2.34.0
+
diff --git a/gnu/system/pam.scm b/gnu/system/pam.scm
index 2574e019f1..b635681642 100644
--- a/gnu/system/pam.scm
+++ b/gnu/system/pam.scm
@@ -21,6 +21,7 @@ (define-module (gnu system pam)
   #:use-module (guix derivations)
   #:use-module (guix gexp)
   #:use-module (gnu services)
+  #:use-module (gnu system setuid)
   #:use-module (ice-9 match)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-9)
@@ -375,8 +376,13 @@ (define (extend-configuration initial extensions)
 
 (define pam-root-service-type
   (service-type (name 'pam)
-                (extensions (list (service-extension etc-service-type
-                                                     /etc-entry)))
+                (extensions
+                 (list (service-extension
+                        setuid-program-service-type
+                        (lambda (_)
+                          (list (file-like->setuid-program
+                                 (file-append linux-pam "/sbin/unix_chkpwd")))))
+                       (service-extension etc-service-type /etc-entry)))
 
                 ;; Arguments include <pam-service> as well as procedures.
                 (compose concatenate)
-- 
2.34.0


[-- Attachment #1.3: Type: text/plain, Size: 1511 bytes --]



Reconfigured my system with the patch above.

I tested it with the swaylock built with pam support:

--8<---------------cut here---------------start------------->8---
(define-public swaylock
  (package
    (name "swaylock")
    (version "1.6")
    (source
     (origin
       (method git-fetch)
       (uri (git-reference
             (url "https://github.com/swaywm/swaylock")
             (commit "5150d3869cd801cb2badb3c645fa41c01bbfbbbf")))
       (file-name (git-file-name name version))
       (sha256
        (base32 "16n389w5hx8f8dqnhzjgimxmaw648cnnmifazx6zwx2v5vhxa38r"))))
    (build-system meson-build-system)
    (inputs (list cairo gdk-pixbuf libxkbcommon
                  linux-pam
                  wayland))
    (native-inputs (list pango pkg-config scdoc wayland-protocols))
    (home-page "https://github.com/swaywm/sway")
    (synopsis "Screen locking utility for Wayland compositors")
    (description "Swaylock is a screen locking utility for Wayland compositors.")
    (license license:expat)))
--8<---------------cut here---------------end--------------->8---

and following system service:
--8<---------------cut here---------------start------------->8---
(simple-service
 'sway-add-swaylock-pam
 pam-root-service-type
 (list
  (unix-pam-service "swaylock")))
--8<---------------cut here---------------end--------------->8---

I'll make a patch for swaylock separately, when this ticket will be
resolved.

-- 
Best regards,
Andrew Tropin

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 853 bytes --]

^ permalink raw reply related	[flat|nested] 10+ messages in thread

* [bug#53468] [RFC PATCH] gnu: linux-pam: Change path to unix_chkpwd helper.
  2022-01-23 14:08 ` Andrew Tropin
@ 2022-02-04 11:07   ` Andrew Tropin
  2022-02-04 22:10   ` Ludovic Courtès
  1 sibling, 0 replies; 10+ messages in thread
From: Andrew Tropin @ 2022-02-04 11:07 UTC (permalink / raw)
  To: 53468

[-- Attachment #1: Type: text/plain, Size: 416 bytes --]


Yesterday I also discovered this thread on NixOS bug tracker:
https://github.com/NixOS/nixpkgs/pull/156974

They apply the same technique and remove dirtier workaround they had
before: https://github.com/NixOS/nixpkgs/pull/153104/files

Also, they patch the makefile template instead of source code, which
maybe a little cleaner solution than the one I proposed above.

-- 
Best regards,
Andrew Tropin

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 853 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* [bug#53468] [RFC PATCH] gnu: linux-pam: Change path to unix_chkpwd helper.
  2022-01-23 14:08 ` Andrew Tropin
  2022-02-04 11:07   ` Andrew Tropin
@ 2022-02-04 22:10   ` Ludovic Courtès
  2022-02-06  5:16     ` Andrew Tropin
  1 sibling, 1 reply; 10+ messages in thread
From: Ludovic Courtès @ 2022-02-04 22:10 UTC (permalink / raw)
  To: Andrew Tropin; +Cc: 53468

Hi!

Andrew Tropin <andrew@trop.in> skribis:

> From ad876e5b134072601fa97d82a39b320a269f34a5 Mon Sep 17 00:00:00 2001
> From: Andrew Tropin <andrew@trop.in>
> Date: Thu, 13 Jan 2022 21:41:58 +0300
> Subject: [RFC PATCH v2] gnu: linux-pam: Change path to unix_chkpwd helper.
>
> * gnu/packages/patches/change-path-to-unix_chkpwd.patch: New file
> * gnu/packages/linux.scm (linux-pam): Add patch.
> * gnu/system/pam.scm (pam-root-service-type): Add unix_chkpwd to setuid
> binaries.

[...]

> +     DIAG_PUSH_IGNORE_CAST_QUAL;
> +-    execve(CHKPWD_HELPER, (char *const *) args, envp);
> ++    execve("/run/setuid-programs/unix_chkpwd", (char *const *) args, envp);
> +     DIAG_POP_IGNORE_CAST_QUAL;

Looks reasonable to me.  However, could you change the CHKPWD_HELPER
macro definition in the Makefile template, as you suggested, instead of
patching the file?

Thanks!

Ludo’.




^ permalink raw reply	[flat|nested] 10+ messages in thread

* [bug#53468] [RFC PATCH] gnu: linux-pam: Change path to unix_chkpwd helper.
  2022-02-04 22:10   ` Ludovic Courtès
@ 2022-02-06  5:16     ` Andrew Tropin
  2022-02-10 22:42       ` bug#53468: " Ludovic Courtès
  0 siblings, 1 reply; 10+ messages in thread
From: Andrew Tropin @ 2022-02-06  5:16 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 53468


[-- Attachment #1.1: Type: text/plain, Size: 986 bytes --]

On 2022-02-04 23:10, Ludovic Courtès wrote:

> Hi!
>
> Andrew Tropin <andrew@trop.in> skribis:
>
>> From ad876e5b134072601fa97d82a39b320a269f34a5 Mon Sep 17 00:00:00 2001
>> From: Andrew Tropin <andrew@trop.in>
>> Date: Thu, 13 Jan 2022 21:41:58 +0300
>> Subject: [RFC PATCH v2] gnu: linux-pam: Change path to unix_chkpwd helper.
>>
>> * gnu/packages/patches/change-path-to-unix_chkpwd.patch: New file
>> * gnu/packages/linux.scm (linux-pam): Add patch.
>> * gnu/system/pam.scm (pam-root-service-type): Add unix_chkpwd to setuid
>> binaries.
>
> [...]
>
>> +     DIAG_PUSH_IGNORE_CAST_QUAL;
>> +-    execve(CHKPWD_HELPER, (char *const *) args, envp);
>> ++    execve("/run/setuid-programs/unix_chkpwd", (char *const *) args, envp);
>> +     DIAG_POP_IGNORE_CAST_QUAL;
>
> Looks reasonable to me.  However, could you change the CHKPWD_HELPER
> macro definition in the Makefile template, as you suggested, instead of
> patching the file?

Sure, done in v3.


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.2: v3-0001-gnu-linux-pam-Change-path-to-unix_chkpwd-helper.patch --]
[-- Type: text/x-patch, Size: 3380 bytes --]

From e96d3f6d82b134829fcb31777e81928c73847dcc Mon Sep 17 00:00:00 2001
From: Andrew Tropin <andrew@trop.in>
Date: Sun, 6 Feb 2022 08:13:49 +0300
Subject: [PATCH v3] gnu: linux-pam: Change path to unix_chkpwd helper.

* gnu/packages/patches/change-path-to-unix_chkpwd.patch: New file.
* gnu/packages/linux.scm (linux-pam): Add patch.
* gnu/system/pam.scm (pam-root-service-type): Add unix_chkpwd to setuid.
---
 gnu/packages/linux.scm                              |  3 ++-
 .../patches/change-path-to-unix_chkpwd.patch        | 13 +++++++++++++
 gnu/system/pam.scm                                  | 10 ++++++++--
 3 files changed, 23 insertions(+), 3 deletions(-)
 create mode 100644 gnu/packages/patches/change-path-to-unix_chkpwd.patch

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 2e2d01c656..bc2927d0b4 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -1625,7 +1625,8 @@ (define-public linux-pam
        (sha256
         (base32
          "1z4jayf69qyyxln1gl6ch4qxfd66ib1g42garnrv2d8i1drl0790"))
-       (patches (search-patches "linux-pam-no-setfsuid.patch"))))
+       (patches (search-patches "change-path-to-unix_chkpwd.patch"
+                                "linux-pam-no-setfsuid.patch"))))
 
     (build-system gnu-build-system)
     (native-inputs
diff --git a/gnu/packages/patches/change-path-to-unix_chkpwd.patch b/gnu/packages/patches/change-path-to-unix_chkpwd.patch
new file mode 100644
index 0000000000..e5c6d2649c
--- /dev/null
+++ b/gnu/packages/patches/change-path-to-unix_chkpwd.patch
@@ -0,0 +1,13 @@
+From: Andrew Tropin <andrew@trop.in>
+Date: Sat, 5 Feb 2022 21:06:42 +0300
+Subject: [PATCH] Change path to unix_chkpwd.
+
+unix_chkpwd is designed to have a suid bit, but it's not possible to set it
+for files in /gnu/store, and this patch tells unix_pam.so to lookup up for
+unix_chkpwd in directory generated by setuid-program system service.
+
+--- a/modules/pam_unix/Makefile.in
++++ b/modules/pam_unix/Makefile.in
+@@ -651,1 +651,1 @@
+-	-DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\" \
++	-DCHKPWD_HELPER=\"/run/setuid-programs/unix_chkpwd\" \
diff --git a/gnu/system/pam.scm b/gnu/system/pam.scm
index 2574e019f1..b635681642 100644
--- a/gnu/system/pam.scm
+++ b/gnu/system/pam.scm
@@ -21,6 +21,7 @@ (define-module (gnu system pam)
   #:use-module (guix derivations)
   #:use-module (guix gexp)
   #:use-module (gnu services)
+  #:use-module (gnu system setuid)
   #:use-module (ice-9 match)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-9)
@@ -375,8 +376,13 @@ (define (extend-configuration initial extensions)
 
 (define pam-root-service-type
   (service-type (name 'pam)
-                (extensions (list (service-extension etc-service-type
-                                                     /etc-entry)))
+                (extensions
+                 (list (service-extension
+                        setuid-program-service-type
+                        (lambda (_)
+                          (list (file-like->setuid-program
+                                 (file-append linux-pam "/sbin/unix_chkpwd")))))
+                       (service-extension etc-service-type /etc-entry)))
 
                 ;; Arguments include <pam-service> as well as procedures.
                 (compose concatenate)
-- 
2.34.0


[-- Attachment #1.3: Type: text/plain, Size: 37 bytes --]


-- 
Best regards,
Andrew Tropin

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 853 bytes --]

^ permalink raw reply related	[flat|nested] 10+ messages in thread

* bug#53468: [RFC PATCH] gnu: linux-pam: Change path to unix_chkpwd helper.
  2022-02-06  5:16     ` Andrew Tropin
@ 2022-02-10 22:42       ` Ludovic Courtès
  2022-02-26  7:11         ` [bug#53468] " Andrew Tropin
  0 siblings, 1 reply; 10+ messages in thread
From: Ludovic Courtès @ 2022-02-10 22:42 UTC (permalink / raw)
  To: Andrew Tropin; +Cc: 53468-done

Hi,

Andrew Tropin <andrew@trop.in> skribis:

> From e96d3f6d82b134829fcb31777e81928c73847dcc Mon Sep 17 00:00:00 2001
> From: Andrew Tropin <andrew@trop.in>
> Date: Sun, 6 Feb 2022 08:13:49 +0300
> Subject: [PATCH v3] gnu: linux-pam: Change path to unix_chkpwd helper.
>
> * gnu/packages/patches/change-path-to-unix_chkpwd.patch: New file.
> * gnu/packages/linux.scm (linux-pam): Add patch.
> * gnu/system/pam.scm (pam-root-service-type): Add unix_chkpwd to setuid.

LGTM, minor the patch file name as reported by ‘guix lint’ and missing
‘gnu/local.mk’.

However, it looks like my brain wasn’t fully operational when I
previously replied, because:

--8<---------------cut here---------------start------------->8---
$ guix refresh -l linux-pam
Building the following 2418 packages would ensure 6038 dependent
packages are rebuilt: […]
--8<---------------cut here---------------end--------------->8---

So I went ahead, fixed up the issues above, and pushed to
‘core-updates’.

Thanks!

Ludo’.




^ permalink raw reply	[flat|nested] 10+ messages in thread

* [bug#53468] [RFC PATCH] gnu: linux-pam: Change path to unix_chkpwd helper.
  2022-02-10 22:42       ` bug#53468: " Ludovic Courtès
@ 2022-02-26  7:11         ` Andrew Tropin
  2022-02-27 22:03           ` Ludovic Courtès
  0 siblings, 1 reply; 10+ messages in thread
From: Andrew Tropin @ 2022-02-26  7:11 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 53468-done

[-- Attachment #1: Type: text/plain, Size: 1228 bytes --]

On 2022-02-10 23:42, Ludovic Courtès wrote:

> Hi,
>
> Andrew Tropin <andrew@trop.in> skribis:
>
>> From e96d3f6d82b134829fcb31777e81928c73847dcc Mon Sep 17 00:00:00 2001
>> From: Andrew Tropin <andrew@trop.in>
>> Date: Sun, 6 Feb 2022 08:13:49 +0300
>> Subject: [PATCH v3] gnu: linux-pam: Change path to unix_chkpwd helper.
>>
>> * gnu/packages/patches/change-path-to-unix_chkpwd.patch: New file.
>> * gnu/packages/linux.scm (linux-pam): Add patch.
>> * gnu/system/pam.scm (pam-root-service-type): Add unix_chkpwd to setuid.
>
> LGTM, minor the patch file name as reported by ‘guix lint’ and missing
> ‘gnu/local.mk’.
>
> However, it looks like my brain wasn’t fully operational when I
> previously replied, because:
>
> --8<---------------cut here---------------start------------->8---
> $ guix refresh -l linux-pam
> Building the following 2418 packages would ensure 6038 dependent
> packages are rebuilt: […]
> --8<---------------cut here---------------end--------------->8---
>
> So I went ahead, fixed up the issues above, and pushed to
> ‘core-updates’.

Thank you very much!)

When is the next core-update to master merge scheduled?

-- 
Best regards,
Andrew Tropin

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 853 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* [bug#53468] [RFC PATCH] gnu: linux-pam: Change path to unix_chkpwd helper.
  2022-02-26  7:11         ` [bug#53468] " Andrew Tropin
@ 2022-02-27 22:03           ` Ludovic Courtès
  0 siblings, 0 replies; 10+ messages in thread
From: Ludovic Courtès @ 2022-02-27 22:03 UTC (permalink / raw)
  To: Andrew Tropin; +Cc: 53468-done

Hi,

Andrew Tropin <andrew@trop.in> skribis:

> When is the next core-update to master merge scheduled?

It’s not scheduled, but it’s likely several months from now…  maybe less
if motivated people help drive the effort.  :-)

Ludo’.




^ permalink raw reply	[flat|nested] 10+ messages in thread

* [bug#53468] [RFC PATCH] gnu: linux-pam: Change path to unix_chkpwd helper.
  2022-01-13 18:41 [bug#53468] [RFC PATCH] gnu: linux-pam: Change path to unix_chkpwd helper Andrew Tropin
  2022-01-23 14:08 ` Andrew Tropin
@ 2023-03-03 23:33 ` wolf
  2023-03-07 17:57   ` Leo Famulari
  1 sibling, 1 reply; 10+ messages in thread
From: wolf @ 2023-03-03 23:33 UTC (permalink / raw)
  To: 53468

[-- Attachment #1: Type: text/plain, Size: 564 bytes --]

Hello,

I would like to ask when this could be available on master? It seems it was
added into core-updates more then a year ago. As far as I understand this is the
only blocker preventing me from using xscreensaver. Last update under the bug
is:

> It’s not scheduled, but it’s likely several months from now…

So I would like to ask if there is any update on this. No pressure, just asking.

Thanks and have a nice day,

W.

-- 
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* [bug#53468] [RFC PATCH] gnu: linux-pam: Change path to unix_chkpwd helper.
  2023-03-03 23:33 ` wolf
@ 2023-03-07 17:57   ` Leo Famulari
  0 siblings, 0 replies; 10+ messages in thread
From: Leo Famulari @ 2023-03-07 17:57 UTC (permalink / raw)
  To: wolf; +Cc: 53468

[-- Attachment #1: Type: text/plain, Size: 334 bytes --]

On Sat, Mar 04, 2023 at 12:33:56AM +0100, wolf wrote:
> So I would like to ask if there is any update on this. No pressure, just asking.

The core-updates branch is now actively being prepared for the merge
into master. It's probably still at least one month away, if not several
months. Unfortunately we can't predict the timeframe.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2023-03-07 17:58 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-01-13 18:41 [bug#53468] [RFC PATCH] gnu: linux-pam: Change path to unix_chkpwd helper Andrew Tropin
2022-01-23 14:08 ` Andrew Tropin
2022-02-04 11:07   ` Andrew Tropin
2022-02-04 22:10   ` Ludovic Courtès
2022-02-06  5:16     ` Andrew Tropin
2022-02-10 22:42       ` bug#53468: " Ludovic Courtès
2022-02-26  7:11         ` [bug#53468] " Andrew Tropin
2022-02-27 22:03           ` Ludovic Courtès
2023-03-03 23:33 ` wolf
2023-03-07 17:57   ` Leo Famulari

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).