Bug#1104505: xrdp: no-change rebuild changes /etc/pam.d/xrdp-sesman
Chris Hofstaedtler
zeha at debian.org
Thu May 1 11:48:43 BST 2025
Source: xrdp
Version: 0.10.1-3
Severity: serious
User: reproducible-builds at lists.alioth.debian.org
Usertag: environment
X-Debbugs-CC: reproducible-builds at lists.alioth.debian.org
Hi,
when doing a no-change binary rebuild of xrdp, the resulting .deb
has a different content for /etc/pam.d/xrdp-sesman:
─ ./etc/pam.d/xrdp-sesman
@@ -1,14 +1,5 @@
#%PAM-1.0
-auth required pam_env.so readenv=1
-auth required pam_env.so readenv=1 envfile=/etc/default/locale
- at include common-auth
--auth optional pam_gnome_keyring.so
--auth optional pam_kwallet5.so
-
- at include common-account
-
- at include common-password
-
- at include common-session
--session optional pam_gnome_keyring.so auto_start
--session optional pam_kwallet5.so auto_start
+auth include common-auth
+account include common-account
+session include common-session
+password include common-password
Reporting as serious, as this makes xrdp binNMU-unsafe.
From what it looks like, xrdp autodetects which OS-specific set of
PAM config it should use, and the detection now uses the "suse" set
instead of the "debian" set.
Best,
Chris
More information about the Reproducible-builds
mailing list