From 05bb389ca4f3e17966d240bd0ae879f3f8c443fb Mon Sep 17 00:00:00 2001 From: Filipe Brandenburger Date: Jul 15 2018 08:08:07 +0000 Subject: Override systemd-user PAM config in %install and not %prep This makes it possible to build RPMs from a git tree using `rpmbuild --build-in-place --noprep` and have resulting RPMs that will preserve the override of the PAM config file. This needs to commit to HAVE_SELINUX being defined (since there is no longer an m4 step to make that stanza conditional), but that should be acceptable since the %build step calls Meson with -Dselinux=true. Tested: - Chdir into a checkout of github.com/systemd/systemd tree and run: $ rpmbuild -bb --build-in-place --noprep \ --define "gitcommit $(git rev-parse HEAD)" \ --define "_sourcedir $HOME/fedorarpms/systemd" \ ~/fedorarpms/systemd/systemd.spec - Inspect the contents of systemd-user in the generated RPM package: $ rpm2cpio ~/rpmbuild/RPMS/x86_64/systemd-239-3.git99352de.fc29.x86_64.rpm \ | cpio -i --to-stdout --quiet ./etc/pam.d/systemd-user ... account include system-auth ... session include system-auth --- diff --git a/systemd-user b/systemd-user new file mode 100644 index 0000000..2725df9 --- /dev/null +++ b/systemd-user @@ -0,0 +1,10 @@ +# This file is part of systemd. +# +# Used by systemd --user instances. + +account include system-auth + +session required pam_selinux.so close +session required pam_selinux.so nottys open +session required pam_loginuid.so +session include system-auth diff --git a/systemd-user.m4 b/systemd-user.m4 deleted file mode 100644 index f188a8e..0000000 --- a/systemd-user.m4 +++ /dev/null @@ -1,12 +0,0 @@ -# This file is part of systemd. -# -# Used by systemd --user instances. - -account include system-auth - -m4_ifdef(`HAVE_SELINUX', -session required pam_selinux.so close -session required pam_selinux.so nottys open -)m4_dnl -session required pam_loginuid.so -session include system-auth diff --git a/systemd.spec b/systemd.spec index c3dae62..e74f48a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -42,7 +42,7 @@ Source8: systemd-journal-gatewayd.xml Source9: 20-yama-ptrace.conf Source10: systemd-udev-trigger-no-reload.conf Source11: 20-grubby.install -Source12: https://raw.githubusercontent.com/systemd/systemd/1000522a60ceade446773c67031b47a566d4a70d/src/login/systemd-user.m4 +Source12: systemd-user %if 0 GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable @@ -273,9 +273,6 @@ They can be useful to test systemd internals. git am %{patches} %endif -# Restore systemd-user pam config from before "removal of Fedora-specific bits" -cp -p %{SOURCE12} src/login/ - %build %define ntpvendor %(source /etc/os-release; echo ${ID}) %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} @@ -412,6 +409,9 @@ install -Dm0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/yum/protected.d/systemd.co install -Dm0644 -t %{buildroot}/usr/lib/firewalld/services/ %{SOURCE7} %{SOURCE8} +# Restore systemd-user pam config from before "removal of Fedora-specific bits" +install -Dm0644 -t %{buildroot}/etc/pam.d/ %{SOURCE12} + # Install additional docs # https://bugzilla.redhat.com/show_bug.cgi?id=1234951 install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE9} @@ -703,6 +703,9 @@ fi %files tests -f .file-list-tests %changelog +* Sun Jul 15 2018 Filipe Brandenburger +- Override systemd-user PAM config in install and not prep + * Sat Jul 14 2018 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild