| Message ID | 20240726094603.10333-1-danomimanchego123@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [v2,1/1] libpwquality: fix PAM module path | expand |
On Fri, 26 Jul 2024 05:46:03 -0400 Danomi Manchego <danomimanchego123@gmail.com> wrote: > The libpwquality package provides the pam_pwquality PAM module - the > replacement for pam_cracklib that was dropped from linux-pam back in > version 1.5.0. However, it currently installs it to the wrong place, > so passwd and friends fail to find it. This commit sets the security > directory path to /lib/security to match the corresponding setting in > linux-pam.mk. > > Note that libpwquality has *always* installed pam_pwquality in the wrong > place, since version 1.3.0 was added to buildroot in 2017 in commit > 462040443ca943694fc59ec8380c82f8bf9aaddc. However, back then, linux-pam > version 1.3.0 still provided pam_cracklib for advanced password checking. > Linux-pam deprecated pam_cracklib in 1.4.0 but still built it for us when > linux-pam.mk set --enable-cracklib. Linux-PAM deleted pam_cracklib > altogether in 1.5.0, so it was not until our update to linux-pam-1.5.1 > in commit 276f1e0a896698abec85500a86686bf72c79eb91 that pam_cracklib > became unavailable. After that point, pam_pwquality was the only > alternative for PAM-based password checking. > > Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com> > > --- Wow, *that* is an amazing commit log with all the details about the problem. I think we could link to your commit message as a golden example of the level of explanation we would like to have. Thanks a lot for coming up with this v2, which I have of course applied! Best regards, Thomas
>>>>> "Danomi" == Danomi Manchego <danomimanchego123@gmail.com> writes: > The libpwquality package provides the pam_pwquality PAM module - the > replacement for pam_cracklib that was dropped from linux-pam back in > version 1.5.0. However, it currently installs it to the wrong place, > so passwd and friends fail to find it. This commit sets the security > directory path to /lib/security to match the corresponding setting in > linux-pam.mk. > Note that libpwquality has *always* installed pam_pwquality in the wrong > place, since version 1.3.0 was added to buildroot in 2017 in commit > 462040443ca943694fc59ec8380c82f8bf9aaddc. However, back then, linux-pam > version 1.3.0 still provided pam_cracklib for advanced password checking. > Linux-pam deprecated pam_cracklib in 1.4.0 but still built it for us when > linux-pam.mk set --enable-cracklib. Linux-PAM deleted pam_cracklib > altogether in 1.5.0, so it was not until our update to linux-pam-1.5.1 > in commit 276f1e0a896698abec85500a86686bf72c79eb91 that pam_cracklib > became unavailable. After that point, pam_pwquality was the only > alternative for PAM-based password checking. > Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com> > --- > Changes v1 -> v2: > - Add more context to when advanced password checking broke > as suggested by Thomas Petazzoni. Great commit message, thanks! Committed to 2024.02.x and 2024.05.x, thanks.
diff --git a/package/libpwquality/libpwquality.mk b/package/libpwquality/libpwquality.mk index f12e583b2d..ba62cdfb09 100644 --- a/package/libpwquality/libpwquality.mk +++ b/package/libpwquality/libpwquality.mk @@ -23,7 +23,7 @@ LIBPWQUALITY_CONF_OPTS += --disable-python-bindings endif ifeq ($(BR2_PACKAGE_LINUX_PAM),y) -LIBPWQUALITY_CONF_OPTS += --enable-pam +LIBPWQUALITY_CONF_OPTS += --enable-pam --with-securedir=/lib/security LIBPWQUALITY_DEPENDENCIES += linux-pam else LIBPWQUALITY_CONF_OPTS += --disable-pam
The libpwquality package provides the pam_pwquality PAM module - the replacement for pam_cracklib that was dropped from linux-pam back in version 1.5.0. However, it currently installs it to the wrong place, so passwd and friends fail to find it. This commit sets the security directory path to /lib/security to match the corresponding setting in linux-pam.mk. Note that libpwquality has *always* installed pam_pwquality in the wrong place, since version 1.3.0 was added to buildroot in 2017 in commit 462040443ca943694fc59ec8380c82f8bf9aaddc. However, back then, linux-pam version 1.3.0 still provided pam_cracklib for advanced password checking. Linux-pam deprecated pam_cracklib in 1.4.0 but still built it for us when linux-pam.mk set --enable-cracklib. Linux-PAM deleted pam_cracklib altogether in 1.5.0, so it was not until our update to linux-pam-1.5.1 in commit 276f1e0a896698abec85500a86686bf72c79eb91 that pam_cracklib became unavailable. After that point, pam_pwquality was the only alternative for PAM-based password checking. Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com> --- Changes v1 -> v2: - Add more context to when advanced password checking broke as suggested by Thomas Petazzoni. --- package/libpwquality/libpwquality.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)