From ac444049e27aa772e57d38b889ceee46e7331a50 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sat, 15 Nov 2003 15:55:19 +0000 Subject: Implement New World Order for PAM configuration, including /etc/pam.d/common-* from /etc/pam.d/ssh (closes: #212959). Add more commentary to /etc/pam.d/ssh. --- debian/rules | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) (limited to 'debian/rules') diff --git a/debian/rules b/debian/rules index ec594ecb0..0bb40da4e 100755 --- a/debian/rules +++ b/debian/rules @@ -25,6 +25,20 @@ PO2DEBCONF := yes MINDEBCONFVER := 1.2.0 endif +# We need a new libpam-runtime for sane PAM handling +# (http://lists.debian.org/debian-devel-announce-0308/msg00012.html). +# Unfortunately it's hard to detect during the build whether this is +# appropriate, so woody-compatibility is a pain. I've had to punt and go for +# a DEB_BUILD_SSH_WOODY environment variable. We can remove this hack once +# we no longer care about woody. +ifeq ($(DEB_BUILD_SSH_WOODY),) +PAMSUBST := no +PAMDEP := libpam-runtime (>= 0.76-14) +else +PAMSUBST := yes +PAMDEP := libpam-runtime +endif + # Change the version string to include the Debian version SSH_VERSION := $(shell sed -e '/define/!d; s/.*\"\(.*\)\".*/\1/; q' debian/po/output po2debconf debian/templates.master > debian/templates rm -f debian/po/output +endif +ifeq ($(PAMSUBST),yes) + if [ -f debian/ssh.pam.new-style ]; then \ + mv debian/ssh.pam.new-style debian/ssh.pam; \ + fi endif dh_clean @@ -113,6 +132,15 @@ endif nroff RFC.nroff > debian/tmp/usr/share/doc/ssh/RFC gzip -9 debian/tmp/usr/share/doc/ssh/RFC rm -rf debian/tmp/usr/share/doc/ssh/RFC.nroff.gz +ifeq ($(PAMSUBST),yes) + cp -a debian/ssh.pam debian/ssh.pam.new-style + trailer='required pam_unix.so' \ + sed -e "s/@include common-auth/auth $$trailer" \ + -e "s/@include common-account/account $$trailer" \ + -e "s/@include common-session/session $$trailer" \ + -e "s/@include common-password/password $$trailer" \ + debian/ssh.pam.new-style > debian/ssh.pam +endif dh_installpam dh_installchangelogs ChangeLog dh_strip @@ -122,7 +150,8 @@ endif test ! -e debian/tmp/etc/ssh/ssh_prng_cmds \ || echo "/etc/ssh/ssh_prng_cmds" >> debian/tmp/DEBIAN/conffiles dh_shlibdeps - dh_gencontrol -- -V'debconf-depends=debconf (>= $(MINDEBCONFVER))' + dh_gencontrol -- -V'debconf-depends=debconf (>= $(MINDEBCONFVER))' \ + -V'pam-depends=$(PAMDEP)' dh_md5sums dh_builddeb -- cgit v1.2.3 From 77d7af1e3aabb85837eb044e72de46ffca74405c Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 16 Nov 2003 01:14:37 +0000 Subject: Fix code handling /etc/pam.d/ssh backports to woody so that it actually works, and so that it survives repeated runs of 'debian/rules binary'. --- debian/rules | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'debian/rules') diff --git a/debian/rules b/debian/rules index 0bb40da4e..a69463757 100755 --- a/debian/rules +++ b/debian/rules @@ -133,12 +133,15 @@ endif gzip -9 debian/tmp/usr/share/doc/ssh/RFC rm -rf debian/tmp/usr/share/doc/ssh/RFC.nroff.gz ifeq ($(PAMSUBST),yes) + # Clean up if we've done this already, to ensure idempotency. + if [ -f debian/ssh.pam.new-style ]; then \ + mv debian/ssh.pam.new-style debian/ssh.pam; \ + fi cp -a debian/ssh.pam debian/ssh.pam.new-style - trailer='required pam_unix.so' \ - sed -e "s/@include common-auth/auth $$trailer" \ - -e "s/@include common-account/account $$trailer" \ - -e "s/@include common-session/session $$trailer" \ - -e "s/@include common-password/password $$trailer" \ + sed -e "s/@include common-auth/auth required pam_unix.so/" \ + -e "s/@include common-account/account required pam_unix.so/" \ + -e "s/@include common-session/session required pam_unix.so/" \ + -e "s/@include common-password/password required pam_unix.so/" \ debian/ssh.pam.new-style > debian/ssh.pam endif dh_installpam -- cgit v1.2.3