[Pkg-shadow-devel] [shadow] 10/20: Add call to pam_keyinit for login pam service

Balint Reczey rbalint at moszumanska.debian.org
Thu Jan 19 17:59:46 UTC 2017 

This is an automated email from the git hooks/post-receive script.

rbalint pushed a commit to annotated tag debian/1%4.4-2
in repository shadow.

commit 70c472f91db89add2e26e23de261b19d62b27440
Author: Balint Reczey <balint at balintreczey.hu>
Date:   Wed Jan 18 18:46:30 2017 +0100

    Add call to pam_keyinit for login pam service
    
    This module is linux-any only, so copy what openssh has already done and
    remove the call at build time for other architectures.
    
    The call to this module is needed to have proper per-session kernel
    keyring.
    
    Closes: #734671
---
 debian/login.pam | 3 +++
 debian/rules     | 6 ++++++
 2 files changed, 9 insertions(+)

diff --git a/debian/login.pam b/debian/login.pam
index dccad1f..e4a4af2 100644
--- a/debian/login.pam
+++ b/debian/login.pam
@@ -105,6 +105,9 @@ session    optional   pam_motd.so
 # See comments in /etc/login.defs
 session    optional   pam_mail.so standard
 
+# Create a new session keyring.
+session    optional   pam_keyinit.so force revoke
+
 # Standard Un*x account and session
 @include common-account
 @include common-session
diff --git a/debian/rules b/debian/rules
index 59f37d5..3a97937 100755
--- a/debian/rules
+++ b/debian/rules
@@ -46,6 +46,9 @@ ifeq ($(DEB_HOST_ARCH_OS),hurd)
 	# /bin/login is provided by the hurd package.
 	rm -f debian/login/bin/login
 endif
+ifneq ($(DEB_HOST_ARCH_OS),linux)
+	sed -i 's/session    optional   pam_keyinit.so/# Linux only # session    optional   pam_keyinit.so/' debian/login.pam
+endif
 	dh_installpam -p login
 	dh_installpam -p login --name=su
 	install -c -m 444 debian/login.defs debian/login/etc/login.defs
@@ -90,3 +93,6 @@ binary-predeb/passwd::
 	chgrp shadow debian/passwd/usr/bin/expiry
 	chmod g+s debian/passwd/usr/bin/chage
 	chmod g+s debian/passwd/usr/bin/expiry
+
+clean::
+	sed -i 's/# Linux only # //' debian/login.pam

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shadow/shadow.git

More information about the Pkg-shadow-devel mailing list