Bug#1056166: systemd-homed: `passwd` fails

Luca Boccassi bluca at debian.org
Mon May 27 15:01:59 BST 2024 

On Mon, 27 May 2024 at 01:38, Sam Hartman <hartmans at debian.org> wrote:
>
> >>>>> "Luca" == Luca Boccassi <bluca at debian.org> writes:
>
>     Luca> Ah thanks for the pointer to the file, I had missed that
>     Luca> somehow in the first reply. I see it now: the pam-config for
>     Luca> unix.so assumes that if something runs before then everything
>     Luca> is done already.  Unfortunately that assumption is wrong. I'll
>     Luca> see if I can just hack it and monkey patch common-password in
>     Luca> the postinst to fix it up for now, as I assume this is some
>     Luca> load-bearing assumption.
>
> I think if you want to play with it and modify common-password, that's
> fine.
>
> I do not think that's appropriate for testing though.
>
> I'm fairly uncomfortable  with a package other than pam touching
> common-password in postinst other than through pam-auth-update.
> It's fairly unlikely to work and likely to cause problems on upgrade.
> I'd be much happier with  (at least for now) simply not auto-configuring
> systemd-home and leaving that to the sysadmin.
> I appreciate that is not what you want to hear, but:
>
> 1) I believe that package a modifying a configuration file of package b
> without cooperation of package b is a clear policy violation.
>
> 2) common-password is a configuration file of pam.
>
> 3) I'd like to understand the situation muchd better and especially why
> you need   to be account-type:primary.
> I suspect we're going to need to have changes to pam-auth-update.

It is a horrible hack, no doubt about that, and will require
reconfigures/reinstalls every now and then - however, it fixes the
problem on install, which is directly solving my problem, as fresh
testing images are broken and I need them working for my
development/test workflows, so I'll still add it. It's an optional
package with no reverse depends, so not really a problem for anybody
who doesn't use it. Once there is a better solution, I will happily
switch over. Thanks for the hints that helped figure this out, it did
not occur to me to look into the other config.

More information about the Pkg-systemd-maintainers mailing list