guix_mirror_bot pushed a commit to branch misc-world-rebuild in repository guix.
commit e62fee341e4ff036fffe504974df508888064f9e Author: Dariqq <[email protected]> AuthorDate: Sun Jul 27 13:55:38 2025 +0000 gnu: linux-pam: Update to 1.7.2. nis/yp is disabled since support got removed in glibc. includedir and libdir are set to the correct value automatically. * gnu/packages/linux.scm (linux-pam): Update to 1.7.2. [source]: Switch to git-fetch. [build-system]: Switch to meson. [arguments]<#:phases>: Remove 'skip-pam-limits phases. <#:configure-flags>: Remove includedir, libdir and disable-nis. Enable pam_lastlog, set docbook-rng, htmldir and vendordir. [native-inputs]: Add gettext-minimal, bison, libxslt, libxml2, docbook-xml, docbook-xsl. [outputs]: Add doc. * gnu/packages/patches/linux-pam-unix_chkpwd.patch: Adjust for meson. Change-Id: Ib75277a77f9042a0a9c07fa7e28f7f68ecfa9c04 Merges: https://codeberg.org/guix/guix/pulls/1652 Signed-off-by: Nguyễn Gia Phong <[email protected]> --- gnu/packages/linux.scm | 71 ++++++++++-------------- gnu/packages/patches/linux-pam-unix_chkpwd.patch | 16 ++++-- 2 files changed, 41 insertions(+), 46 deletions(-) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index e8065c6790..a00c14c03b 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -86,6 +86,7 @@ ;;; Copyright © 2025 Mathieu Laparie <[email protected]> ;;; Copyright © 2025 John Kehayias <[email protected]> ;;; Copyright © 2025 Arjan Adriaanse <[email protected]> +;;; Copyright © 2025 Dariqq <[email protected]> ;;; Copyright © 2026 Justin Veilleux <[email protected]> ;;; Copyright © 2026 Simen Endsjø <[email protected]> ;;; @@ -3036,57 +3037,45 @@ which need to be installed separately.") (define-public linux-pam (package (name "linux-pam") - (version "1.5.2") + (version "1.7.2") (source (origin - (method url-fetch) - (uri (string-append - "https://github.com/linux-pam/linux-pam/releases/download/v"; - version "/Linux-PAM-" version ".tar.xz")) + (method git-fetch) + (uri (git-reference + (url "https://github.com/linux-pam/linux-pam";) + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) (sha256 (base32 - "0kgrsj2scv5mx6w925h9hxf11jnqqs9z8s22aw94b90xm4qp3v74")) + "1z5apric696zsci28c7651spvdll0zrpfm9z574gcjf45mp22gmi")) (patches (search-patches "linux-pam-unix_chkpwd.patch" "linux-pam-no-setfsuid.patch")))) - - (build-system gnu-build-system) + (build-system meson-build-system) + (outputs '("out" "doc")) ;; 0.8 MiB of html (inputs (list libxcrypt)) (native-inputs - (list flex - ;; TODO: optional dependencies - ;; ("cracklib" ,cracklib) - )) + (list gettext-minimal + flex bison + ;; manpages + libxslt + libxml2 + docbook-xml + docbook-xsl)) (arguments (list - ;; Most users, such as `shadow', expect the headers to be under - ;; `security'. - #:configure-flags #~(list (string-append "--includedir=" - (assoc-ref %outputs "out") - "/include/security") - ;; explicit libdir for pkgconfig files - ;; drop with 1.5.3, which fixes - ;; https://github.com/linux-pam/linux-pam/issues/466 - (string-append "--libdir=" - (assoc-ref %outputs "out") - "/lib") - - ;; XXX: <rpc/rpc.h> is missing from glibc when - ;; cross-compiling, so we have to disable NIS - ;; support altogether. - #$@(if (%current-target-system) - #~("--disable-nis") - #~())) - - #:phases (if (target-hurd?) - #~(modify-phases %standard-phases - (add-after 'unpack 'skip-pam-limits - (lambda _ - ;; 'pam_limits.c' uses <sys/prctl.h>, which is - ;; Linux-specific. Skip it on GNU/Hurd. - (substitute* "modules/Makefile.in" - (("pam_limits") ""))))) - #~%standard-phases) - + #:configure-flags + #~(list + ;; lastlog is deprecated since 1.5.3 + "-Dpam_lastlog=enabled" + (string-append "-Dvendordir=" #$output "/share/pam") + (string-append "-Ddocbook-rng=" + #$(let ((docbook-xml (this-package-native-input + "docbook-xml"))) + (file-append docbook-xml + "/xml/docbook/" + (package-version docbook-xml) + "/rng/docbookxi.rng"))) + (string-append "-Dhtmldir=" #$output:doc "/share/doc/" #$name "/html")) ;; XXX: Tests won't run in chroot, presumably because /etc/pam.d ;; isn't available. #:tests? #f)) diff --git a/gnu/packages/patches/linux-pam-unix_chkpwd.patch b/gnu/packages/patches/linux-pam-unix_chkpwd.patch index 0e865ff18c..bf580b3c46 100644 --- a/gnu/packages/patches/linux-pam-unix_chkpwd.patch +++ b/gnu/packages/patches/linux-pam-unix_chkpwd.patch @@ -2,8 +2,14 @@ unix_chkpwd is designed to have a suid bit, but it's not possible to set it for files in the store. This patch tells unix_pam.so to look for unix_chkpwd in setuid program directory on Guix System. ---- a/modules/pam_unix/Makefile.in -+++ b/modules/pam_unix/Makefile.in -@@ -651,1 +651,1 @@ -- -DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\" \ -+ -DCHKPWD_HELPER=\"/run/setuid-programs/unix_chkpwd\" \ +--- a/modules/module-meson.build ++++ b/modules/module-meson.build +@@ -114,7 +114,7 @@ if module == 'pam_unix' + if enable_nis + pam_module_src += ['yppasswd_xdr.c'] + endif +- pam_module_c_args += ['-DCHKPWD_HELPER="@0@"'.format(sbindir / 'unix_chkpwd'), ++ pam_module_c_args += ['-DCHKPWD_HELPER="@0@"'.format('/run/privileged/bin' / 'unix_chkpwd'), + '-DUPDATE_HELPER="@0@"'.format(sbindir / 'unix_update')] + pam_module_deps += [libcrypt, libselinux, libtirpc, libnsl] + endif
