Control: tags -1 confirmed moreinfo On 2021-06-03 13:53:17 +0200, Javier Fernández-Sanguino Peña wrote: > Package: release.debian.org > Severity: normal > User: release.debian....@packages.debian.org > Usertags: unblock > > Please unblock package libpam-chroot > > [ Reason ] > This version includes fixes to build properly the package including: > - Installing the PAM module in the correct location (#980047) > - Supporting cross bulding of source (949080) > - Document that libpam-chroot is not recommended to be used with OpenSSH as it > is difficult to setup and there are better alternatives (527564) > > [ Impact ] > Users cannot use the package as it is as the pam_chroot library is not > installed in the correct location. > > Users trying to follow the instructions in the README file to setup OpenSSH > will end up with a non-working setup. > > If the unblock is not granted this is not, however, a major issue as not many > users use this package and chroot functionalities are, in general, not that > much used anymore as people have in general now moved to containers. > > [ Tests ] > Tested locally in the developer's machine. > > [ Risks ] > Very low risk changes introduced in the package. > > [ Checklist ] > [x] all changes are documented in the d/changelog > [x] I reviewed all changes and I approve them > [x] attach debdiff against the package in testing > > > unblock libpam-chroot/0.9-5
ACK, please moreve the moreinfo tag once the version is available in unstable. Cheers > > > Thank you for your support, > > Javier > diff -u libpam-chroot-0.9/Makefile libpam-chroot-0.9/Makefile > --- libpam-chroot-0.9/Makefile > +++ libpam-chroot-0.9/Makefile > @@ -5,6 +5,8 @@ > CPPFLAGS=-I. > LDFLAGS=-shared > DESTDIR=/ > +LIBDIR=$(DESTDIR)/lib/security > +INSTALL?=install > > OUT=pam_chroot.so > CONF=chroot.conf > @@ -20,3 +22,3 @@ > install: > - install -s -o0 -g0 -m755 $(OUT) $(DESTDIR)/lib/security > + $(INSTALL) -s -o0 -g0 -m755 $(OUT) $(LIBDIR) > install -m640 $(CONF) $(DESTDIR)/etc/security > diff -u libpam-chroot-0.9/debian/README.Debian > libpam-chroot-0.9/debian/README.Debian > --- libpam-chroot-0.9/debian/README.Debian > +++ libpam-chroot-0.9/debian/README.Debian > @@ -73,15 +73,22 @@ > Setting up OpenSSH with libpam-chroot > ------------------------------------- > > +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING > !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! > NOTE: OpenSSH supports, since the 4.9 release, the definition of > chrooted enviroments. For more information see the 'ChrootDirectory' > -directive in sshd_config (5). > +directive in sshd_config (5). > + > +Setting up OpenSSH libpam-chroot is *not* recommended and most likely will > not > +work. The following information is provided for those users that want to > tinker > +with pam-chroot and SSH. > + > +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING > !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! > > > Many systems want to setup a restricted remote access to a system in > which users are confined to their user directories, but are unable to > -"see" the whole system. If you want to develop this using OpenSSH you > -will need to: > +"see" the whole system. If you want to develop this using OpenSSH > +and libpam-chroot you will need to: > > 0) Setup a chroot environment for your users. Make sure that > environment includes the standard tools they will need (like their > @@ -147,7 +154,29 @@ > pam-chroot at all. > > +4) In order for chroots to work with newer OpenSSH versions the chroot > +directory of a user needs to include both the /proc filesystem and > +the /dev/pts > + > + - If /proc is not mounted in the chroot, SSH access will be interrupted > + with the message: > + > + Connection reset by peer > + Connection to <server-ip> closed. > + > + To mount /proc do the following: > + mount -t proc /proc <chroot_directory>/proc > + > + - If /dev/pts is not mounted, the SSH login will freeze after > + authentication with the message: > + > + PTY allocation request failed on channel 0 > + > + To mount /dev do the following: > + mount --rbind /dev <chroot_directory>/dev > + > + > -- > Javier Fernandez-Sanguino <j...@debian.org> > - Wed, 27 Oct 2010 02:01:26 +0200 > + Thu, 03 Jun 2021 13:26:58 +0200 > > > diff -u libpam-chroot-0.9/debian/changelog libpam-chroot-0.9/debian/changelog > --- libpam-chroot-0.9/debian/changelog > +++ libpam-chroot-0.9/debian/changelog > @@ -1,3 +1,19 @@ > +libpam-chroot (0.9-5) unstable; urgency=high > + > + * debian/rules: Install the PAM module in the right location > + (Closes: #980047) > + * Fix FTCBFS: (Closes: #949080, #437385) > + + Let dh_auto_build pass cross tools to make. > + + Make install substitutable. > + + Pass a non-stripping install to make install. > + Thanks Helmut Grohne for the patch > + * debian/README.Debian: discourage users from using this module with > + OpenSSH as this feature is available already in the daemon (see option > + ChrootDirectory) and the setup might not work due to changes in OpenSSH > + (Closes: #527564) > + > + -- Javier Fernandez-Sanguino Pen~a <j...@debian.org> Thu, 03 Jun 2021 > 12:57:43 +0200 > + > libpam-chroot (0.9-4.3) unstable; urgency=medium > > * Non-maintainer upload. > diff -u libpam-chroot-0.9/debian/dirs libpam-chroot-0.9/debian/dirs > --- libpam-chroot-0.9/debian/dirs > +++ libpam-chroot-0.9/debian/dirs > @@ -1,2 +1 @@ > etc/security > -lib/security > diff -u libpam-chroot-0.9/debian/rules libpam-chroot-0.9/debian/rules > --- libpam-chroot-0.9/debian/rules > +++ libpam-chroot-0.9/debian/rules > @@ -8,13 +8,16 @@ > # This is the debhelper compatability version to use. > # export DH_COMPAT=5 > > +DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) > + > + > build: build-arch build-indep > build-arch: build-stamp > build-indep: build-stamp > > build-stamp: > dh_testdir > - $(MAKE) > + dh_auto_build > touch build-stamp > > clean: > @@ -28,9 +31,9 @@ > dh_testdir > dh_testroot > dh_installdirs > - > + mkdir -p $(CURDIR)/debian/libpam-chroot/lib/$(DEB_HOST_MULTIARCH) > # Add here commands to install the package into debian/libpam-chroot > - $(MAKE) install DESTDIR=$(CURDIR)/debian/libpam-chroot > + $(MAKE) install DESTDIR=$(CURDIR)/debian/libpam-chroot > LIBDIR=$(CURDIR)/debian/libpam-chroot/lib/$(DEB_HOST_MULTIARCH) > INSTALL="install --strip-program=true" > > > # Build architecture-independent files here. -- Sebastian Ramacher
signature.asc
Description: PGP signature