diff options
| author | Chris Hofstaedtler <zeha@debian.org> | 2024-01-06 12:57:21 +0100 |
|---|---|---|
| committer | Sam Hartman <hartmans@debian.org> | 2024-01-15 15:58:25 -0700 |
| commit | 9f629f45bb64a95958af24ae1a3ebe94530e1cc3 (patch) | |
| tree | 26517ea39694f0e73a888cc25dc68fad52d37c2a | |
| parent | 3a128a9b5db023be2710383a4a7dfe192788d7a3 (diff) | |
Install into /usr/lib,sbin
* Non-maintainer upload.
* Install into /usr/{lib,sbin} instead of /{lib,sbin}. Assumes
usrmerge aliasing symlinks are in place since bookworm to keep
compatibility with PAM modules still installing into /lib.
(DEP17 M2) (Closes: #1060160).
* Update lintian override for setgid binary.
| -rw-r--r-- | debian/changelog | 11 | ||||
| -rw-r--r-- | debian/libpam-modules-bin.install | 14 | ||||
| -rw-r--r-- | debian/libpam-modules-bin.lintian-overrides | 2 | ||||
| -rw-r--r-- | debian/libpam-modules.install | 2 | ||||
| -rw-r--r-- | debian/libpam-modules.lintian-overrides | 14 | ||||
| -rwxr-xr-x | debian/libpam0g-dev.install | 4 | ||||
| -rwxr-xr-x | debian/libpam0g-dev.links | 6 | ||||
| -rw-r--r-- | debian/libpam0g.install | 2 | ||||
| -rw-r--r-- | debian/not-installed | 10 | ||||
| -rwxr-xr-x | debian/rules | 10 |
10 files changed, 44 insertions, 31 deletions
diff --git a/debian/changelog b/debian/changelog index 2a4657b3..498b10e9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,14 @@ +pam (1.5.2-9.2) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Install into /usr/{lib,sbin} instead of /{lib,sbin}. Assumes + usrmerge aliasing symlinks are in place since bookworm to keep + compatibility with PAM modules still installing into /lib. + (DEP17 M2) (Closes: #1060160). + * Update lintian override for setgid binary. + + -- Chris Hofstaedtler <zeha@debian.org> Sat, 06 Jan 2024 12:57:21 +0100 + pam (1.5.2-9.1) unstable; urgency=medium * Non-maintainer upload acked by Sam Hartman. diff --git a/debian/libpam-modules-bin.install b/debian/libpam-modules-bin.install index 2f1c3914..ee73913d 100644 --- a/debian/libpam-modules-bin.install +++ b/debian/libpam-modules-bin.install @@ -1,9 +1,9 @@ -sbin/unix_chkpwd sbin -sbin/unix_update sbin -sbin/mkhomedir_helper sbin -sbin/pam_namespace_helper -sbin/pwhistory_helper -sbin/pam_timestamp_check usr/sbin -sbin/faillock usr/sbin +usr/sbin/unix_chkpwd +usr/sbin/unix_update +usr/sbin/mkhomedir_helper +usr/sbin/pam_namespace_helper +usr/sbin/pwhistory_helper +usr/sbin/pam_timestamp_check +usr/sbin/faillock modules/pam_faillock/faillock.8 usr/share/man/man8 usr/lib/systemd/system/pam_namespace.service diff --git a/debian/libpam-modules-bin.lintian-overrides b/debian/libpam-modules-bin.lintian-overrides index 8c185917..809d87f1 100644 --- a/debian/libpam-modules-bin.lintian-overrides +++ b/debian/libpam-modules-bin.lintian-overrides @@ -1,2 +1,2 @@ # yes, we know it's sgid, that's the whole point... -libpam-modules-bin: setgid-binary *sbin/unix_chkpwd* 2755 root/shadow +libpam-modules-bin: elevated-privileges 2755 root/shadow [usr/sbin/unix_chkpwd] diff --git a/debian/libpam-modules.install b/debian/libpam-modules.install index 5fd57b44..2697bd7d 100644 --- a/debian/libpam-modules.install +++ b/debian/libpam-modules.install @@ -1,3 +1,3 @@ etc/security/* etc/security -lib/*/security/*.so +usr/lib/*/security/*.so debian/pam-configs/mkhomedir usr/share/pam-configs/ diff --git a/debian/libpam-modules.lintian-overrides b/debian/libpam-modules.lintian-overrides index 531ff4de..5e708abd 100644 --- a/debian/libpam-modules.lintian-overrides +++ b/debian/libpam-modules.lintian-overrides @@ -2,13 +2,13 @@ # fortifying. Since we know we have hardening turned on globally, suppress # them. If we ever see this warning again for *other* modules, then we know # there's a real problem. -libpam-modules: hardening-no-fortify-functions *lib/*/security/pam_echo.so* -libpam-modules: hardening-no-fortify-functions *lib/*/security/pam_filter.so* -libpam-modules: hardening-no-fortify-functions *lib/*/security/pam_group.so* -libpam-modules: hardening-no-fortify-functions *lib/*/security/pam_localuser.so* -libpam-modules: hardening-no-fortify-functions *lib/*/security/pam_shells.so* -libpam-modules: hardening-no-fortify-functions *lib/*/security/pam_wheel.so* +libpam-modules: hardening-no-fortify-functions *usr/lib/*/security/pam_echo.so* +libpam-modules: hardening-no-fortify-functions *usr/lib/*/security/pam_filter.so* +libpam-modules: hardening-no-fortify-functions *usr/lib/*/security/pam_group.so* +libpam-modules: hardening-no-fortify-functions *usr/lib/*/security/pam_localuser.so* +libpam-modules: hardening-no-fortify-functions *usr/lib/*/security/pam_shells.so* +libpam-modules: hardening-no-fortify-functions *usr/lib/*/security/pam_wheel.so* # pam_deny.so does not use any symbol from libc. -libpam-modules: shared-lib-without-dependency-information *lib/*/security/pam_deny.so* +libpam-modules: shared-lib-without-dependency-information *usr/lib/*/security/pam_deny.so* # lintian doesn't know what to do with manpages for pam modules libpam-modules: spare-manual-page * diff --git a/debian/libpam0g-dev.install b/debian/libpam0g-dev.install index 0d6f4856..beedb8fd 100755 --- a/debian/libpam0g-dev.install +++ b/debian/libpam0g-dev.install @@ -1,4 +1,4 @@ #!/usr/bin/dh-exec usr/include/security/* -lib/${DEB_HOST_MULTIARCH}/*.a usr/lib/${DEB_HOST_MULTIARCH} -lib/${DEB_HOST_MULTIARCH}/pkgconfig/*.pc usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig +usr/lib/${DEB_HOST_MULTIARCH}/*.a usr/lib/${DEB_HOST_MULTIARCH} +usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/*.pc usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig diff --git a/debian/libpam0g-dev.links b/debian/libpam0g-dev.links index 5cbfd6db..39a7fb78 100755 --- a/debian/libpam0g-dev.links +++ b/debian/libpam0g-dev.links @@ -1,4 +1,4 @@ #!/usr/bin/dh-exec -/lib/${DEB_HOST_MULTIARCH}/libpam.so.0 usr/lib/${DEB_HOST_MULTIARCH}/libpam.so -/lib/${DEB_HOST_MULTIARCH}/libpamc.so.0 usr/lib/${DEB_HOST_MULTIARCH}/libpamc.so -/lib/${DEB_HOST_MULTIARCH}/libpam_misc.so.0 usr/lib/${DEB_HOST_MULTIARCH}/libpam_misc.so +/usr/lib/${DEB_HOST_MULTIARCH}/libpam.so.0 usr/lib/${DEB_HOST_MULTIARCH}/libpam.so +/usr/lib/${DEB_HOST_MULTIARCH}/libpamc.so.0 usr/lib/${DEB_HOST_MULTIARCH}/libpamc.so +/usr/lib/${DEB_HOST_MULTIARCH}/libpam_misc.so.0 usr/lib/${DEB_HOST_MULTIARCH}/libpam_misc.so diff --git a/debian/libpam0g.install b/debian/libpam0g.install index 622f9ef2..3ddde584 100644 --- a/debian/libpam0g.install +++ b/debian/libpam0g.install @@ -1 +1 @@ -lib/*/lib*.so.* +usr/lib/*/lib*.so.* diff --git a/debian/not-installed b/debian/not-installed index bd312af0..6bcd60d7 100644 --- a/debian/not-installed +++ b/debian/not-installed @@ -1,8 +1,8 @@ -lib/*/security/*.a -lib/*/security/*.la -lib/*/*.la -lib/*/*.so +usr/lib/*/security/*.a +usr/lib/*/security/*.la +usr/lib/*/*.la +usr/lib/*/*.so usr/share/man/man8/pam.8 etc/environment # sample filter, do not install -lib/*/security/pam_filter/upperLOWER +usr/lib/*/security/pam_filter/upperLOWER diff --git a/debian/rules b/debian/rules index f4881680..026098f2 100755 --- a/debian/rules +++ b/debian/rules @@ -33,9 +33,11 @@ ifneq (,$(filter stage1,$(DEB_BUILD_PROFILES))) endif override_dh_auto_configure: + # Explicitly set libdir, sbindir to avoid upstream's override logic. dh_auto_configure -- --enable-static --enable-shared \ - --libdir=/lib/$(DEB_HOST_MULTIARCH) \ - --enable-isadir=/lib/security \ + --libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \ + --sbindir=/usr/sbin \ + --enable-isadir=/usr/lib/security \ --with-systemdunitdir=/usr/lib/systemd/system \ --disable-nis \ $(CONFIGURE_OPTS) @@ -72,8 +74,8 @@ override_dh_installman: override_dh_fixperms: dh_fixperms ifneq (,$(findstring libpam-modules, $(shell dh_listpackages))) - chgrp shadow $(d)/libpam-modules-bin/sbin/unix_chkpwd - chmod 02755 $(d)/libpam-modules-bin/sbin/unix_chkpwd + chgrp shadow $(d)/libpam-modules-bin/usr/sbin/unix_chkpwd + chmod 02755 $(d)/libpam-modules-bin/usr/sbin/unix_chkpwd endif override_dh_installchangelogs: |