Hi Sam,

thank you for your recent work and upload of pam!

Since it has been more than a month since I filed this bug, I wanted to send a
friendly ping about this bug and ask for a review of the changes.

I'm working on allowing the creation of bootable GNU/Hurd images on Linux and
if this change were applied, packages which use pam-auth-update would
automatically pick up the $DPKG_ROOT setting as the correct default.

If you reject this change, then I would file patches against the packages which
call pam-auth-update in their maintainer scripts (like openssh-server). Any
decision is fine but without a decision my work on this is soft-blocked and I
have to rely on locally patched versions of pam. :)

Thanks!

cheers, josch

On Wed, 20 May 2026 16:24:58 +0200 Johannes Schauer Marin Rodrigues 
<[email protected]> wrote:
> Source: pam
> Version: 1.7.0-5
> Severity: wishlist
> Tags: patch
> X-Debbugs-Cc: [email protected]
> User: [email protected]
> Usertags: dpkg-root-support
> 
> Hello pam maintainers,
> 
> thank you for adding the --root option to pam-auth-update back in the day as
> the fix of Debian bug #983427 or pam [MR6].
> 
> [MR6] https://salsa.debian.org/vorlon/pam/-/merge_requests/6
> 
> According to codesearch.d.n the libpam-runtime postinst maintainer script is
> the only place in Debian which currently passes that option to 
> pam-auth-update.
> I was in the process of adding the --root parameter to the postinst of
> libpam-systemd but instead of adding the --root parameter to every maintainer
> script which uses it, maybe we could do what other Debian-specific scripts
> (e.g.: update-alternatives, update-rc.d, deb-systemd-helper) do and make the
> value of $DPKG_ROOT the default value of the --root option. Doing so makes
> sense for scripts which are
> 
>  * Debian specific ($DPKG_ROOT is not useful for upstream projects which are
>    supposed to work outside Debian)
>  * are predominantly used in maintainer scripts (where dpkg will set
>    $DPKG_ROOT to a non-empty value if it is run with 
> --force-script-chrootless)
> 
> The pam-auth-update program fulfills these conditions, so I propose to change
> the default value of the --root parameter to be $DPKG_ROOT. I prepared a patch
> which implements this in this MR:
> 
> https://salsa.debian.org/vorlon/pam/-/merge_requests/33
> 
> Like last time, this patch was tested as part of our weekly CI setup at
> https://salsa.debian.org/helmutg/dpkg-root-demo/
> 
> What do you think? Do you agree that the value of the $DPKG_ROOT environment
> variable value would be a good default for the --root option? I'm wondering
> whether I should either patch libpam-systemd so that it uses the --root option
> or whether I can leave libpam-systemd untouched and change pam-auth-update
> instead.
> 
> Let me know what you think.
> 
> Thanks!
> 
> cheers, josch
> 
>

Attachment: signature.asc
Description: signature

Reply via email to