Re: [PATCH] gnu: Add linux-pam.
Hi, rennes <ren...@openmailbox.org> skribis: > From b4753711aabcefa410b2eb4ced9d25e084bb7658 Mon Sep 17 00:00:00 2001 > From: Rene Saavedra <ren...@openmailbox.org> > Date: Tue, 20 Sep 2016 14:59:20 -0500 > Subject: [PATCH] gnu: Add linux-pam. > > * gnu/packages/linux.scm (linux-pam): Use it. > * gnu/packages/patches/linux-pam-no-setfsuid.patch: New file. > * gnu/local.mk (dist_patch_DATA): Add it. Applied a slightly modified variant as 411264c250cb6a6485851890f0d3ec5fb508dbfa. Thanks! Ludo’.
Re: [PATCH] gnu: Add linux-pam.
Hello, > Then I think we can install the patch (in core-updates), making sure > it > contains a reference to the above ticket. > > Could you send the updated patch? attached the updated patch.From b4753711aabcefa410b2eb4ced9d25e084bb7658 Mon Sep 17 00:00:00 2001 From: Rene Saavedra <ren...@openmailbox.org> Date: Tue, 20 Sep 2016 14:59:20 -0500 Subject: [PATCH] gnu: Add linux-pam. * gnu/packages/linux.scm (linux-pam): Use it. * gnu/packages/patches/linux-pam-no-setfsuid.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 2 + gnu/packages/linux.scm | 7 ++- gnu/packages/patches/linux-pam-no-setfsuid.patch | 75 3 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/linux-pam-no-setfsuid.patch diff --git a/gnu/local.mk b/gnu/local.mk index a756638..f0415f6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -5,6 +5,7 @@ # Copyright © 2013, 2014, 2015, 2016 Mark H Weaver <m...@netris.org> # Copyright © 2016 Chris Marusich <cmmarus...@gmail.com> # Copyright © 2016 Kei Kebreau <k...@openmailbox.org> +# Copyright © 2016 Rene Saavedra <ren...@openmailbox.org> # # This file is part of GNU Guix. # @@ -658,6 +659,7 @@ dist_patch_DATA = \ %D%/packages/patches/libwmf-CVE-2015-4695.patch \ %D%/packages/patches/libwmf-CVE-2015-4696.patch \ %D%/packages/patches/libxslt-generated-ids.patch \ + %D%/packages/patches/linux-pam-no-setfsuid.patch \ %D%/packages/patches/lirc-localstatedir.patch \ %D%/packages/patches/llvm-for-extempore.patch \ %D%/packages/patches/lm-sensors-hwmon-attrs.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 5e9263e..e5dbc42 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -15,6 +15,7 @@ ;;; Copyright © 2016 Ricardo Wurmus <rek...@elephly.net> ;;; Copyright © 2016 David Craven <da...@craven.ch> ;;; Copyright © 2016 John Darrington <j...@gnu.org> +;;; Copyright © 2016 Rene Saavedra <ren...@openmailbox.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -371,7 +372,11 @@ It has been modified to remove all non-free binary blobs.") version ".tar.bz2"))) (sha256 (base32 -"1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl" +"1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl")) + ;; On the Hurd system in the 'build' phase seeks fsuid.h file. + ;; See the patch for details. + (patches (search-patches +"linux-pam-no-setfsuid.patch" (build-system gnu-build-system) (native-inputs `(("flex" ,flex) diff --git a/gnu/packages/patches/linux-pam-no-setfsuid.patch b/gnu/packages/patches/linux-pam-no-setfsuid.patch new file mode 100644 index 000..c14721d --- /dev/null +++ b/gnu/packages/patches/linux-pam-no-setfsuid.patch @@ -0,0 +1,75 @@ +On systems without setfsuid(), use setreuid() instead. + +The patch originates from the Debian project for the Hurd system. +Authors: Steve Langasek <vor...@debian.org> +Upstream status: A ticket was opened to request apply the patch, +ticket: 'https://fedorahosted.org/linux-pam/ticket/64'. + +--- Linux-PAM-1.2.1/libpam/pam_modutil_priv.c 2015-03-24 06:02:32.0 -0600 pam_modutil_priv-mod.c 2016-09-20 13:36:53.150663205 -0500 +@@ -14,7 +14,9 @@ + #include + #include + #include ++#ifdef HAVE_SYS_FSUID_H + #include ++#endif /* HAVE_SYS_FSUID_H */ + + /* + * Two setfsuid() calls in a row are necessary to check +@@ -22,17 +24,55 @@ + */ + static int change_uid(uid_t uid, uid_t *save) + { ++#ifdef HAVE_SYS_FSUID_H + uid_t tmp = setfsuid(uid); + if (save) + *save = tmp; + return (uid_t) setfsuid(uid) == uid ? 0 : -1; ++#else ++ uid_t euid = geteuid(); ++ uid_t ruid = getuid(); ++ if (save) ++ *save = ruid; ++ if (ruid == uid && uid != 0) ++ if (setreuid(euid, uid)) ++ return -1; ++ else { ++ setreuid(0, -1); ++ if (setreuid(-1, uid)) { ++ setreuid(-1, 0); ++ setreuid(0, -1); ++ if (setreuid(-1, uid)) ++return -1; ++ } ++ } ++#endif + } + static int change_gid(gid_t gid, gid_t *save) + { ++#ifdef HAVE_SYS_FSUID_H + gid_t tmp = setfsgid(gid); + if (save) + *save = tmp; + return (gid_t) setfsgid(gid) == gid ? 0 : -1; ++#else ++ gid_t egid = getegid(); ++ gid_t rgid = getgid(); ++ if (save) ++ *save = rgid; ++ if (rgid == gid) ++ if (setregid(egid, gid)) ++ return -1; ++ else { ++ setregid(0, -1); ++ if (setregid(-1, gid)) { ++ setregid(-1, 0); ++ setregid(0, -1); ++ if (setregid(-1, gid)) ++return -1; ++ } ++ } ++#endif + } + + static int cleanup(struct pam_modutil_privs *p) -- 2.6.3
Re: [PATCH] gnu: Add linux-pam.
Hello Ludovic, > What’s the status of this patch? > > If discussion with upstream is underway, we could apply it in > core-udpates. I have not been answered by the team of linux-pam. This is my ticket: https://fedorahosted.org/linux-pam/ticket/64 Thanks
Re: [PATCH] gnu: Add linux-pam.
Hello! ren...@openmailbox.org skribis: > This is a patch for linux-pam, at compile on the Hurd system searches > the file fsuid.h. The patch was taken from the Debian project. > > * This patch is prerequisite for lsh/openssh packages. > * The patch was build and installed on Linux and the Hurd systems. > > Thanks > > From c7ddf09a79ad33d69b5ac8080b6131763e836ae5 Mon Sep 17 00:00:00 2001 > From: Rene Saavedra <ren...@openmailbox.org> > Date: Fri, 26 Aug 2016 23:19:14 -0500 > Subject: [PATCH] gnu: Add linux-pam. > > * gnu/packages/linux.scm (linux-pam): Use it. > * gnu/packages/patches/linux-pam-no-setfsuid.patch: New file. > * gnu/local.mk (dist_patch_DATA): Add it. What’s the status of this patch? If discussion with upstream is underway, we could apply it in core-udpates. Thanks, Ludo’.
Re: [PATCH] gnu: Add linux-pam.
On 2016-08-27 03:00, Ricardo Wurmus wrote: Would you like to try to get the patch accepted upstream by the developers of linux-pam? If I remember correctly, a lot of the patches for Debian Hurd are in need of being sent upstream, so getting the patch accepted would be the best for all involved projects. Apologizes for the delay, I request to pam developers team but I still don't have answer.
Re: [PATCH] gnu: Add linux-pam.
Hello Rene, First of all thank you for helping with the port :-). Now on the patch. > Subject: [PATCH] gnu: Add linux-pam. Maybe we should change the name of the patch to "[PATCH] gnu: Make linux-pam build on non Linux systems." Other than that looks good to me. As Ricardo said check the status of the patch upstream because it will help all projects involved. @Ricardo: If you are okay with it, I will sign it and push it to master (or core-updates?). Thank you again for testing things out, Manolis On 08/27/16 07:47, ren...@openmailbox.org wrote: > This is a patch for linux-pam, at compile on the Hurd system searches > the file fsuid.h. The patch was taken from the Debian project. > > * This patch is prerequisite for lsh/openssh packages. > * The patch was build and installed on Linux and the Hurd systems. > > Thanks
Re: [PATCH] gnu: Add linux-pam.
ren...@openmailbox.org writes: > This is a patch for linux-pam, at compile on the Hurd system searches > the file fsuid.h. The patch was taken from the Debian project. > > * This patch is prerequisite for lsh/openssh packages. > * The patch was build and installed on Linux and the Hurd systems. Thanks for the patch! Would you like to try to get the patch accepted upstream by the developers of linux-pam? If I remember correctly, a lot of the patches for Debian Hurd are in need of being sent upstream, so getting the patch accepted would be the best for all involved projects. @Manolis: What do you think about this? ~~ Ricardo
[PATCH] gnu: Add linux-pam.
This is a patch for linux-pam, at compile on the Hurd system searches the file fsuid.h. The patch was taken from the Debian project. * This patch is prerequisite for lsh/openssh packages. * The patch was build and installed on Linux and the Hurd systems. ThanksFrom c7ddf09a79ad33d69b5ac8080b6131763e836ae5 Mon Sep 17 00:00:00 2001 From: Rene Saavedra <ren...@openmailbox.org> Date: Fri, 26 Aug 2016 23:19:14 -0500 Subject: [PATCH] gnu: Add linux-pam. * gnu/packages/linux.scm (linux-pam): Use it. * gnu/packages/patches/linux-pam-no-setfsuid.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 2 + gnu/packages/linux.scm | 6 +- gnu/packages/patches/linux-pam-no-setfsuid.patch | 79 3 files changed, 86 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/linux-pam-no-setfsuid.patch diff --git a/gnu/local.mk b/gnu/local.mk index b8c5378..391aa8a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -5,6 +5,7 @@ # Copyright © 2013, 2014, 2015, 2016 Mark H Weaver <m...@netris.org> # Copyright © 2016 Chris Marusich <cmmarus...@gmail.com> # Copyright © 2016 Kei Kebreau <k...@openmailbox.org> +# Copyright © 2016 Rene Saavedra <ren...@openmailbox.org> # # This file is part of GNU Guix. # @@ -644,6 +645,7 @@ dist_patch_DATA = \ %D%/packages/patches/libwmf-CVE-2015-4695.patch \ %D%/packages/patches/libwmf-CVE-2015-4696.patch \ %D%/packages/patches/libxslt-generated-ids.patch \ + %D%/packages/patches/linux-pam-no-setfsuid.patch \ %D%/packages/patches/lirc-localstatedir.patch \ %D%/packages/patches/lm-sensors-hwmon-attrs.patch \ %D%/packages/patches/lua-CVE-2014-5461.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 1fd792d..8d7ff4c 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -14,6 +14,7 @@ ;;; Copyright © 2016 Nicolas Goaziou <m...@nicolasgoaziou.fr> ;;; Copyright © 2016 Ricardo Wurmus <rek...@elephly.net> ;;; Copyright © 2016 David Craven <da...@craven.ch> +;;; Copyright © 2016 Rene Saavedra <ren...@openmailbox.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -390,7 +391,10 @@ It has been modified to remove all non-free binary blobs.") version ".tar.bz2"))) (sha256 (base32 -"1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl" +"1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl")) + ;; On the Hurd system in the 'build' phase seeks fsuid.h file. + (patches (search-patches +"linux-pam-no-setfsuid.patch" (build-system gnu-build-system) (native-inputs `(("flex" ,flex) diff --git a/gnu/packages/patches/linux-pam-no-setfsuid.patch b/gnu/packages/patches/linux-pam-no-setfsuid.patch new file mode 100644 index 000..7940c5a --- /dev/null +++ b/gnu/packages/patches/linux-pam-no-setfsuid.patch @@ -0,0 +1,79 @@ +The patch originates from the Debian project for the Hurd system. + +On systems without setfsuid(), use setreuid() instead. + +Authors: Steve Langasek <vor...@debian.org> + +Upstream status: to be forwarded, now that pam_modutil_{drop,regain}_priv + are implemented + +Index: pam.debian/libpam/pam_modutil_priv.c +=== +--- pam.debian.orig/libpam/pam_modutil_priv.c pam.debian/libpam/pam_modutil_priv.c +@@ -14,7 +14,9 @@ + #include + #include + #include ++#ifdef HAVE_SYS_FSUID_H + #include ++#endif /* HAVE_SYS_FSUID_H */ + + /* + * Two setfsuid() calls in a row are necessary to check +@@ -22,17 +24,55 @@ + */ + static int change_uid(uid_t uid, uid_t *save) + { ++#ifdef HAVE_SYS_FSUID_H + uid_t tmp = setfsuid(uid); + if (save) + *save = tmp; + return (uid_t) setfsuid(uid) == uid ? 0 : -1; ++#else ++ uid_t euid = geteuid(); ++ uid_t ruid = getuid(); ++ if (save) ++ *save = ruid; ++ if (ruid == uid && uid != 0) ++ if (setreuid(euid, uid)) ++ return -1; ++ else { ++ setreuid(0, -1); ++ if (setreuid(-1, uid)) { ++ setreuid(-1, 0); ++ setreuid(0, -1); ++ if (setreuid(-1, uid)) ++return -1; ++ } ++ } ++#endif + } + static int change_gid(gid_t gid, gid_t *save) + { ++#ifdef HAVE_SYS_FSUID_H + gid_t tmp = setfsgid(gid); + if (save) + *save = tmp; + return (gid_t) setfsgid(gid) == gid ? 0 : -1; ++#else ++ gid_t egid = getegid(); ++ gid_t rgid = getgid(); ++ if (save) ++ *save = rgid; ++ if (rgid == gid) ++ if (setregid(egid, gid)) ++ return -1; ++ else { ++ setregid(0, -1); ++ if (setregid(-1, gid)) { ++ setregid(-1, 0); ++ setregid(0, -1); ++ if (setregid(-1, gid)) ++return -1; ++ } ++ } ++#endif + } + + static int cleanup(struct pam_modutil_privs *p) -- 2.6.3