[Pkg-shadow-devel] [shadow] 10/20: Add call to pam_keyinit for login pam service
Balint Reczey
rbalint at moszumanska.debian.org
Thu Jan 19 17:59:46 UTC 2017
This is an automated email from the git hooks/post-receive script.
rbalint pushed a commit to annotated tag debian/1%4.4-2
in repository shadow.
commit 70c472f91db89add2e26e23de261b19d62b27440
Author: Balint Reczey <balint at balintreczey.hu>
Date: Wed Jan 18 18:46:30 2017 +0100
Add call to pam_keyinit for login pam service
This module is linux-any only, so copy what openssh has already done and
remove the call at build time for other architectures.
The call to this module is needed to have proper per-session kernel
keyring.
Closes: #734671
---
debian/login.pam | 3 +++
debian/rules | 6 ++++++
2 files changed, 9 insertions(+)
diff --git a/debian/login.pam b/debian/login.pam
index dccad1f..e4a4af2 100644
--- a/debian/login.pam
+++ b/debian/login.pam
@@ -105,6 +105,9 @@ session optional pam_motd.so
# See comments in /etc/login.defs
session optional pam_mail.so standard
+# Create a new session keyring.
+session optional pam_keyinit.so force revoke
+
# Standard Un*x account and session
@include common-account
@include common-session
diff --git a/debian/rules b/debian/rules
index 59f37d5..3a97937 100755
--- a/debian/rules
+++ b/debian/rules
@@ -46,6 +46,9 @@ ifeq ($(DEB_HOST_ARCH_OS),hurd)
# /bin/login is provided by the hurd package.
rm -f debian/login/bin/login
endif
+ifneq ($(DEB_HOST_ARCH_OS),linux)
+ sed -i 's/session optional pam_keyinit.so/# Linux only # session optional pam_keyinit.so/' debian/login.pam
+endif
dh_installpam -p login
dh_installpam -p login --name=su
install -c -m 444 debian/login.defs debian/login/etc/login.defs
@@ -90,3 +93,6 @@ binary-predeb/passwd::
chgrp shadow debian/passwd/usr/bin/expiry
chmod g+s debian/passwd/usr/bin/chage
chmod g+s debian/passwd/usr/bin/expiry
+
+clean::
+ sed -i 's/# Linux only # //' debian/login.pam
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shadow/shadow.git
More information about the Pkg-shadow-devel
mailing list