From abb115a9057a0ae7acf8c4dd6d9d79423b89a591 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Aug 28 2024 09:38:58 +0000 Subject: Do not use patch to modify systemd-user pam config file We still want the Fedora systemd-user pam config when building with --noprep so let's install the pam config file using a regular source instead of patching the one provided by systemd. --- diff --git a/fedora-use-system-auth-in-pam-systemd-user.patch b/fedora-use-system-auth-in-pam-systemd-user.patch deleted file mode 100644 index df820e2..0000000 --- a/fedora-use-system-auth-in-pam-systemd-user.patch +++ /dev/null @@ -1,31 +0,0 @@ -From c4b803dc60b63a35c977d39610b7872175ec03bd Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 14 Dec 2022 22:24:53 +0100 -Subject: [PATCH] fedora: use system-auth in pam systemd-user - ---- - src/login/systemd-user.in | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in -index 8a3c9e0165..74ef5f2552 100644 ---- a/src/login/systemd-user.in -+++ b/src/login/systemd-user.in -@@ -7,7 +7,7 @@ - -account sufficient pam_systemd_home.so - {% endif %} - account sufficient pam_unix.so no_pass_expiry --account required pam_permit.so -+account include system-auth - - {% if HAVE_SELINUX %} - session required pam_selinux.so close -@@ -20,4 +20,4 @@ session required pam_namespace.so - -session optional pam_systemd_home.so - {% endif %} - session optional pam_umask.so silent --session optional pam_systemd.so -+session include system-auth --- -2.41.0 - diff --git a/systemd-user b/systemd-user new file mode 100644 index 0000000..82dcd32 --- /dev/null +++ b/systemd-user @@ -0,0 +1,14 @@ +# Used by systemd --user instances. + +-account sufficient pam_systemd_home.so +account sufficient pam_unix.so no_pass_expiry +account include system-auth + +session required pam_selinux.so close +session required pam_selinux.so nottys open +session required pam_loginuid.so +session optional pam_keyinit.so force revoke +session required pam_namespace.so +-session optional pam_systemd_home.so +session optional pam_umask.so silent +session include system-auth diff --git a/systemd.spec b/systemd.spec index 0b107ef..456f4f9 100644 --- a/systemd.spec +++ b/systemd.spec @@ -96,6 +96,8 @@ Source24: sysusers.generate-pre.sh Source25: 98-default-mac-none.link +Source26: systemd-user + %if 0 GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip @@ -125,9 +127,6 @@ Patch0491: https://github.com/systemd/systemd/pull/30846.patch # Soft-disable tmpfiles --purge until a good use case comes up. Patch0492: 0001-tmpfiles-make-purge-hard-to-mis-use.patch -# Adjust upstream config to use our shared stack -Patch0499: fedora-use-system-auth-in-pam-systemd-user.patch - %ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 %endif @@ -1011,6 +1010,8 @@ rm %{buildroot}/usr/lib/sysusers.d/basic.conf rm %{buildroot}/etc/ssh/sshd_config.d/20-systemd-userdb.conf mv %{buildroot}/usr/lib/tmpfiles.d/20-systemd-userdb.conf{,.example} +install -m 0644 -t %{buildroot}%{_prefix}/lib/pam.d/ %{SOURCE26} + %find_lang %{name} # Split files in build root into rpms