Hi Sam, thank you for your recent work and upload of pam!
Since it has been more than a month since I filed this bug, I wanted to send a friendly ping about this bug and ask for a review of the changes. I'm working on allowing the creation of bootable GNU/Hurd images on Linux and if this change were applied, packages which use pam-auth-update would automatically pick up the $DPKG_ROOT setting as the correct default. If you reject this change, then I would file patches against the packages which call pam-auth-update in their maintainer scripts (like openssh-server). Any decision is fine but without a decision my work on this is soft-blocked and I have to rely on locally patched versions of pam. :) Thanks! cheers, josch On Wed, 20 May 2026 16:24:58 +0200 Johannes Schauer Marin Rodrigues <[email protected]> wrote: > Source: pam > Version: 1.7.0-5 > Severity: wishlist > Tags: patch > X-Debbugs-Cc: [email protected] > User: [email protected] > Usertags: dpkg-root-support > > Hello pam maintainers, > > thank you for adding the --root option to pam-auth-update back in the day as > the fix of Debian bug #983427 or pam [MR6]. > > [MR6] https://salsa.debian.org/vorlon/pam/-/merge_requests/6 > > According to codesearch.d.n the libpam-runtime postinst maintainer script is > the only place in Debian which currently passes that option to > pam-auth-update. > I was in the process of adding the --root parameter to the postinst of > libpam-systemd but instead of adding the --root parameter to every maintainer > script which uses it, maybe we could do what other Debian-specific scripts > (e.g.: update-alternatives, update-rc.d, deb-systemd-helper) do and make the > value of $DPKG_ROOT the default value of the --root option. Doing so makes > sense for scripts which are > > * Debian specific ($DPKG_ROOT is not useful for upstream projects which are > supposed to work outside Debian) > * are predominantly used in maintainer scripts (where dpkg will set > $DPKG_ROOT to a non-empty value if it is run with > --force-script-chrootless) > > The pam-auth-update program fulfills these conditions, so I propose to change > the default value of the --root parameter to be $DPKG_ROOT. I prepared a patch > which implements this in this MR: > > https://salsa.debian.org/vorlon/pam/-/merge_requests/33 > > Like last time, this patch was tested as part of our weekly CI setup at > https://salsa.debian.org/helmutg/dpkg-root-demo/ > > What do you think? Do you agree that the value of the $DPKG_ROOT environment > variable value would be a good default for the --root option? I'm wondering > whether I should either patch libpam-systemd so that it uses the --root option > or whether I can leave libpam-systemd untouched and change pam-auth-update > instead. > > Let me know what you think. > > Thanks! > > cheers, josch > >
signature.asc
Description: signature

