Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 504492 - sys-auth/pambase: move pam_env.so last on the stack, move pam_systemd.so back to system-login (from system-auth)
Summary: sys-auth/pambase: move pam_env.so last on the stack, move pam_systemd.so back...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal enhancement (vote)
Assignee: Mikle Kolyada (RETIRED)
URL:
Whiteboard:
Keywords:
: 592616 (view as bug list)
Depends on:
Blocks: 485470
  Show dependency tree
 
Reported: 2014-03-13 15:15 UTC by Samuli Suominen (RETIRED)
Modified: 2022-08-13 18:30 UTC (History)
6 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
0001-According-to-pam_env-manpage-it-should-be-last-on-th.patch (0001-According-to-pam_env-manpage-it-should-be-last-on-th.patch,2.42 KB, patch)
2014-03-13 15:15 UTC, Samuli Suominen (RETIRED)
Details | Diff
Improved patch, solves some bugs (0001-Add-quiet-parameter-to-pam_mail.so-see-Gentoo-bug-47.patch,3.57 KB, patch)
2014-03-14 13:07 UTC, Samuli Suominen (RETIRED)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Samuli Suominen (RETIRED) gentoo-dev 2014-03-13 15:15:51 UTC
Created attachment 372570 [details, diff]
0001-According-to-pam_env-manpage-it-should-be-last-on-th.patch

the patch puts pam_env.so last on the stack, the ArchLinux commits message was:

"The pam_env manpage says: Since setting of PAM environment variables can have side effects to other modules, this module should be the last one on the stack. Honor that by moving it to the end everywhere. This also makes pam_env much more useful, since you can use ${XDG_RUNTIME_DIR} in pam_env.conf."

their pambase is based on our old version of pambase, but they have since done some improvements to it, and this puts it almost to the same line

merges following commits:

https://projects.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/pambase&id=03746a9aad67c62d396dd9528ef40d14de28c844
and a fix to it:
https://projects.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/pambase&id=d8180a56e3e56221788bbfe778fa2c4d8811f553
Comment 1 Samuli Suominen (RETIRED) gentoo-dev 2014-03-13 15:22:50 UTC
I believe the fix for bug 485470 was incorrect and this was the correct fix, and after merging this, we should again move '-session   optional   pam_systemd.so' second-last line of system-login (before pam_env)

And if you could possibly also comment on this change for pam_mail.so (adding quiet parameter):

https://projects.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/pambase&id=6bcaa2f5f6831ab91bc80f87f036886760e9c973

Discussion about it:

https://bugs.archlinux.org/task/31999

That's it, if we could get all of this done, there is no reason why ArchLinux couldn't merge our latest pambase again
Both get boths improvements, possibly
Comment 2 Samuli Suominen (RETIRED) gentoo-dev 2014-03-13 15:25:10 UTC
This is very experimental, so don't rush things and push anything into git yet, I'd like to test this for a while first too and get peoples comments here
Comment 3 Samuli Suominen (RETIRED) gentoo-dev 2014-03-14 13:07:05 UTC
Created attachment 372644 [details, diff]
Improved patch, solves some bugs

- Adds 'quiet' to pam_mail.so as per bug #473678
- Moves pam_systemd.so back to system-login from system-auth -> systemd-user pam file in sys-apps/systemd should be fixed 's/system-auth/system-login/ bug #485470)
- Moves pam_env.so last in the stack like in pam_env.so manpage says as it can have unexpected results on other modules. Makes use of XDG_RUNTIME_DIR within pam_env.conf easier.
- Puts our pambase in line with ArchLinux's, so they can again merge our latest pambase. Sharing this looks like a good idea. They are using our fourth latest copy currently (there are some packaging differences, but the base is same)
Just saying, even if this wasn't true, all of the changes make sense imho
Comment 4 Michael Palimaka (kensington) gentoo-dev 2014-09-22 16:02:51 UTC
Any news here?
Comment 5 SpanKY gentoo-dev 2015-05-17 05:30:15 UTC
Comment on attachment 372644 [details, diff]
Improved patch, solves some bugs

please don't squash unrelated things into one big fat commit.  each independent change should be an independent commit/patch.
Comment 6 SpanKY gentoo-dev 2015-05-17 05:30:55 UTC
i've moved the pam_mail.so/quiet topic back to bug 473678
Comment 7 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2020-09-10 10:33:41 UTC
*** Bug 592616 has been marked as a duplicate of this bug. ***
Comment 8 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-10-14 18:43:26 UTC
Should be fixed in the latest pambase release.