From debbugs-submit-bounces@debbugs.gnu.org Sun Jan 23 07:58:53 2022
Received: (at submit) by debbugs.gnu.org; 23 Jan 2022 12:58:53 +0000
Received: from localhost ([127.0.0.1]:38798 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1nBcSK-0004Oi-Vr
	for submit@debbugs.gnu.org; Sun, 23 Jan 2022 07:58:53 -0500
Received: from lists.gnu.org ([209.51.188.17]:49620)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <andrew@trop.in>) id 1nBcSJ-0004Oa-JG
 for submit@debbugs.gnu.org; Sun, 23 Jan 2022 07:58:52 -0500
Received: from eggs.gnu.org ([209.51.188.92]:41260)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <andrew@trop.in>) id 1nBcSI-0004cW-S1
 for guix-patches@gnu.org; Sun, 23 Jan 2022 07:58:51 -0500
Received: from [2a00:1450:4864:20::130] (port=43955
 helo=mail-lf1-x130.google.com)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <andrew@trop.in>) id 1nBcS0-0007r0-FD
 for guix-patches@gnu.org; Sun, 23 Jan 2022 07:58:40 -0500
Received: by mail-lf1-x130.google.com with SMTP id u6so12066362lfm.10
 for <guix-patches@gnu.org>; Sun, 23 Jan 2022 04:58:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=trop-in.20210112.gappssmtp.com; s=20210112;
 h=from:to:subject:date:message-id:mime-version;
 bh=SK5aNTWu9RpKykSevqqAaVMFq0kRQ0Fag83cwlf82Qg=;
 b=EPyKgWWXtPOkExSSgDaeRhAOnesu8dEwEY/zKeeGtCVzMnQsA+VULg19W8xzK9oCS6
 b8rztS9/vLAvlTEtVUHuRs0cSRPxihwPHJ24RPr0AOv1m5CUFG2aRZkunrzAg5uzePBx
 ZldsN4Q0obh8YYUPzoWt81O6CbeV1A0ecBjfoYkEItDDxacdBVYHdutufxLmE2MVF6+o
 dQFMdghUO8fyrPZ9yOgt1l6MsP0n1B6mfX5HZ/b1axyDi5maeoCBJMMevriLuZ2O3zWU
 rjhiKkV2LEuHhPfLUaa3DLg1JmcbGHMFn53sqahlU5fcahIgLDF5kQYwpPZZxj3OsnGi
 wrIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:subject:date:message-id:mime-version;
 bh=SK5aNTWu9RpKykSevqqAaVMFq0kRQ0Fag83cwlf82Qg=;
 b=xraQtk51t5U8wMeCuRnD+AW2BVHy3lP5jenyrMj+nb2UDhGDRV3IEnyEZKEA5qRont
 JNK2Jk18EGKWxq5SToeNrx3g/9qhohIFsCgMBkSNel8HNyODbveGtAlfGVX88NInWduO
 OWATFnIXRnugt6/Q2Drr7Yq6UIy3uA5Gx5aDSUZNH2H4ZhzltNSnKBFCtuAQd09k/3n+
 XmREQLEArsP0ksCxcwZ6QaExVQn9Hogn5Oop6J7MzMs3yWTvAgakYv+uG+yfELyDECH2
 B0eYUUReQyBIfp1wXDg44dNM/ZiR5rxa01VEUvSQRYwSncVKoPHel6TWJ6b3kckAqyfd
 c/ng==
X-Gm-Message-State: AOAM533SWkRxtCFBQfUY/B8XrJF7lWuSnEwrm4buqd3l5uUr/pxwz2HR
 XmmEtz668xXtq75XuX6+4JPcUr0WBfa+pQ==
X-Google-Smtp-Source: ABdhPJxzG574nUfe2gv3X0wkjsYiC0RYtw2/uvsys5YGcYGAufosh2WBf4CE1lLUA+fIhy/maA8WBg==
X-Received: by 2002:ac2:5c1b:: with SMTP id r27mr7063576lfp.438.1642942680620; 
 Sun, 23 Jan 2022 04:58:00 -0800 (PST)
Received: from localhost (109-252-135-33.dynamic.spd-mgts.ru. [109.252.135.33])
 by smtp.gmail.com with ESMTPSA id bu4sm858713lfb.6.2022.01.23.04.57.59
 for <guix-patches@gnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 23 Jan 2022 04:57:59 -0800 (PST)
From: Andrew Tropin <andrew@trop.in>
To: guix-patches@gnu.org
Subject: [RFC PATCH] gnu: linux-pam: Change path to unix_chkpwd helper.
Date: Thu, 13 Jan 2022 21:41:58 +0300
Message-ID: <87tudu38yz.fsf@trop.in>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Host-Lookup-Failed: Reverse DNS lookup failed for 2a00:1450:4864:20::130
 (failed)
Received-SPF: none client-ip=2a00:1450:4864:20::130;
 envelope-from=andrew@trop.in; helo=mail-lf1-x130.google.com
X-Spam_score_int: 23
X-Spam_score: 2.3
X-Spam_bar: ++
X-Spam_report: (2.3 / 5.0 requ) BAYES_00=-1.9, DATE_IN_PAST_96_XX=3.405,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, PDS_HP_HELO_NORDNS=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001,
 SPF_NONE=0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -0.2 (/)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.2 (-)

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable


* gnu/packages/patches/change-path-to-unix_chkpwd.patch: New file
* gnu/packages/linux.scm (linux-pam): Add patch.
* gnu/system/pam.scm (pam-root-service-type): Add unix_chkpwd to setuid
binaries.
=2D--
The quote from unix_chkpwd.c:
> * This program is designed to run setuid(root) or with sufficient
> * privilege to read all of the unix password databases. It is designed
> * to provide a mechanism for the current user (defined by this
> * process's uid) to verify their own password.

Without suid bit it will fail in various use cases: for example utilities l=
ike
xlock or swaylock compiled with pam support won't be able to unlock the
screen.  To fix it I added unix_chkpwd binary to list of Guix System's setu=
id
programs and added a patch, which hardcodes /run/setuid-programs/unix_chkpwd
path in pam_unix module source code of linux-pam package.  However, I'm not
sure if it's a proper solution, please share your thoughts and conserns.

 gnu/packages/linux.scm                        |  3 +-
 .../patches/change-path-to-unix_chkpwd.patch  | 54 +++++++++++++++++++
 gnu/system/pam.scm                            |  8 ++-
 3 files changed, 62 insertions(+), 3 deletions(-)
 create mode 100644 gnu/packages/patches/change-path-to-unix_chkpwd.patch

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 7b12cb8ec1..ee0df3c625 100644
=2D-- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -1590,7 +1590,8 @@ (define-public linux-pam
        (sha256
         (base32
          "1z4jayf69qyyxln1gl6ch4qxfd66ib1g42garnrv2d8i1drl0790"))
=2D       (patches (search-patches "linux-pam-no-setfsuid.patch"))))
+       (patches (search-patches "change-path-to-unix_chkpwd.patch"
+                                "linux-pam-no-setfsuid.patch"))))
=20
     (build-system gnu-build-system)
     (native-inputs
diff --git a/gnu/packages/patches/change-path-to-unix_chkpwd.patch b/gnu/pa=
ckages/patches/change-path-to-unix_chkpwd.patch
new file mode 100644
index 0000000000..90a8b639f6
=2D-- /dev/null
+++ b/gnu/packages/patches/change-path-to-unix_chkpwd.patch
@@ -0,0 +1,54 @@
+From f314ab148b488e23a2e48e7222964e46d0d03447 Mon Sep 17 00:00:00 2001
+From: Andrew Tropin <andrew@trop.in>
+Date: Wed, 12 Jan 2022 17:17:42 +0300
+Subject: [PATCH] Change path to unix_chkpwd.
+
+---
+ modules/pam_unix/pam_unix_acct.c | 4 ++--
+ modules/pam_unix/support.c       | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_=
acct.c
+index 8f5ed3e0..2fdec6c7 100644
+--- a/modules/pam_unix/pam_unix_acct.c
++++ b/modules/pam_unix/pam_unix_acct.c
+@@ -122,12 +122,12 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsi=
gned long long ctrl,
+     }
+=20
+     /* exec binary helper */
+-    args[0] =3D CHKPWD_HELPER;
++    args[0] =3D "/run/setuid-programs/unix_chkpwd";
+     args[1] =3D user;
+     args[2] =3D "chkexpiry";
+=20
+     DIAG_PUSH_IGNORE_CAST_QUAL;
+-    execve(CHKPWD_HELPER, (char *const *) args, envp);
++    execve("/run/setuid-programs/unix_chkpwd", (char *const *) args, envp=
);
+     DIAG_POP_IGNORE_CAST_QUAL;
+=20
+     pam_syslog(pamh, LOG_ERR, "helper binary execve failed: %m");
+diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
+index 27ca7127..d02f394e 100644
+--- a/modules/pam_unix/support.c
++++ b/modules/pam_unix/support.c
+@@ -523,7 +523,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh,=
 const char *passwd,
+ 	}
+=20
+ 	/* exec binary helper */
+-	args[0] =3D CHKPWD_HELPER;
++	args[0] =3D "/run/setuid-programs/unix_chkpwd";
+ 	args[1] =3D user;
+ 	if (off(UNIX__NONULL, ctrl)) {	/* this means we've succeeded */
+ 	  args[2]=3D"nullok";
+@@ -532,7 +532,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh,=
 const char *passwd,
+ 	}
+=20
+ 	DIAG_PUSH_IGNORE_CAST_QUAL;
+-	execve(CHKPWD_HELPER, (char *const *) args, envp);
++	execve("/run/setuid-programs/unix_chkpwd", (char *const *) args, envp);
+ 	DIAG_POP_IGNORE_CAST_QUAL;
+=20
+ 	/* should not get here: exit with error */
+--=20
+2.34.0
+
diff --git a/gnu/system/pam.scm b/gnu/system/pam.scm
index 2574e019f1..48cd2ebf2c 100644
=2D-- a/gnu/system/pam.scm
+++ b/gnu/system/pam.scm
@@ -375,8 +375,12 @@ (define (extend-configuration initial extensions)
=20
 (define pam-root-service-type
   (service-type (name 'pam)
=2D                (extensions (list (service-extension etc-service-type
=2D                                                     /etc-entry)))
+                (extensions
+                 (list (service-extension etc-service-type /etc-entry)
+                       (service-extension
+                        setuid-program-service-type
+                        (list (file-like->setuid-program
+                               (file-append linux-pam "/sbin/unix_chkpwd")=
)))))
=20
                 ;; Arguments include <pam-service> as well as procedures.
                 (compose concatenate)
=2D-=20
2.34.0


--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEEKEGaxlA4dEDH6S/6IgjSCVjB3rAFAmHtUNQPHGFuZHJld0B0
cm9wLmluAAoJECII0glYwd6w44gP/Rsgp6txUKnq2IE4hGGjXSYKf0aS8yPr5013
2AT5SSw3cjqadR4Df0+YyNuRr0EPATrqmcYKU6xyggoiRDMR0Ydw21euEmgloziQ
NFB5gdiOFqCYexW2TuFFKCAWnAy3FDbhjrTl5ziU2BeNRoK1rNj+ZbQG8uek+g3g
upXm1++feBAiE/kFFWE4EFaju4HWU7u0nrYtyotqsK/+TYmY5dJIphOUMUlyqHbQ
N2zW/+Utj7tCKtmkStHz2xYF0PrXicp2femV099ViKUV1/3Kjbeo0ejT7701xlZV
EwuLAGrmtLCtZjfy0OZRzqvR15NUl1DwP+Cj12CEWB1IO7KXWLlOKfz313MH53aY
TMil58GupD8t58zCq3o+e48//felGv2NwAgP5NZAToGg4Ww8YbHoSY8Ly1QCfAZ7
qc1iRi+cKtVrXfdDS2hgxAmK0Nd+tnjqoUp1v6pvcwygba9eO2/NLBDriYwoCpwZ
AnauiBOqvUzarOB/lNEVseW9RDbEUuem2sgk+IhdCH7gbndlgJtDBOQnks0+gJqJ
DmQT1Ky/+3+WeEVIr/n8CUJ50HEafQ9sgMmKj73kmMjq6PXnlpd1NJZ1HlFZU7DJ
xuAGu2+SmOqUtcprqFIzKUsd7OMC7jU3OYt6zfys74LOoNmI/xD5QezjGH15jcnO
SyqxgLVA
=SQKf
-----END PGP SIGNATURE-----
--=-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Sun Jan 23 09:08:56 2022
Received: (at 53468) by debbugs.gnu.org; 23 Jan 2022 14:08:56 +0000
Received: from localhost ([127.0.0.1]:38973 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1nBdY7-0007Xd-SA
	for submit@debbugs.gnu.org; Sun, 23 Jan 2022 09:08:56 -0500
Received: from mail-lj1-f175.google.com ([209.85.208.175]:39639)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <andrew@trop.in>) id 1nBdY6-0007XJ-HW
 for 53468@debbugs.gnu.org; Sun, 23 Jan 2022 09:08:55 -0500
Received: by mail-lj1-f175.google.com with SMTP id z26so7425542lji.6
 for <53468@debbugs.gnu.org>; Sun, 23 Jan 2022 06:08:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=trop-in.20210112.gappssmtp.com; s=20210112;
 h=from:to:subject:in-reply-to:references:date:message-id:mime-version;
 bh=CyO1lHSHCnsSEQ7dbL/5Nnp2kLyCYjR0qxlf6hbNWoA=;
 b=ORPIJ+eXnmIw4pi7SEvB0pSP+wqsQh/SoVQzV00fiV1jmyY4kQ1wlIHj51RRx206wM
 ZXHuWS52aFIWOAF/I6rxQ+vPJp2CIIpClGZEBuWsef4IAAPPZuEmf3rYAnk6tW8A00r3
 gsIGc7pLXe4LYYvTJaxJ15Ipdumg/sUT0eodw2EGKJk+KlxgMvLfQ1Yid157+IUjAIXk
 HnjYbs/oiXgfleYHNeThdIGTXrzFLU/okgzEv32Gm0v1QRll19evKTM9FrMTuL1BtjD1
 JdJkeAukxv4Da9z1t0xm0FjSQ1yPUOtSYkksc2p5jzfq/NwjmI6h78l7fnwMHlWxQLEz
 tzDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:subject:in-reply-to:references:date
 :message-id:mime-version;
 bh=CyO1lHSHCnsSEQ7dbL/5Nnp2kLyCYjR0qxlf6hbNWoA=;
 b=8J6DDKSBisT10A5CT+nO00Y6+c695skOT8Gc8rcDi+Kw9xGN3YikKC3RlhnZ9KieqT
 KT4bIwz63B3tZ3yh8VwUgHXM86SWA1GesCDR39eUVAfkxAAuIPJrwTfA1rnMKKcbXvlm
 KKkp6PHj/HR3ZhlYkVFNgxP4vI2FuiCExwJv3IydrYwQWHZJ6jcZEeS8NYLkALWaEJvl
 NEuPr00mi3M189nC1nKV1pqRYHotv1TZsyWteGvktaRWTAs7LpjBGiI6xMiY15Yx2HKz
 +j/ybx3FFUr68BbcRez4QcwdY7u8UWzqufswLnnFRQdZWWEdprUsPye21Yh+gpDVOoE3
 U2WQ==
X-Gm-Message-State: AOAM5336y212jC6gwc56tDWdSJGsGb7tPEh3aHc4mt9jvoSCwiHYaycB
 s1hJBvDGkwsEkjNJKhCo/p8u9lO/GVSe5g==
X-Google-Smtp-Source: ABdhPJzQSroG98ti5I6DmW7SwRZvkxPv0NkVFHu7pcQQGXVH5S/3Lvx0dp34lu4McV18s5Wc0PxkrA==
X-Received: by 2002:a2e:9b8c:: with SMTP id z12mr1953605lji.525.1642946927923; 
 Sun, 23 Jan 2022 06:08:47 -0800 (PST)
Received: from localhost (109-252-135-33.dynamic.spd-mgts.ru. [109.252.135.33])
 by smtp.gmail.com with ESMTPSA id y15sm315141lfk.195.2022.01.23.06.08.47
 for <53468@debbugs.gnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 23 Jan 2022 06:08:47 -0800 (PST)
From: Andrew Tropin <andrew@trop.in>
To: 53468@debbugs.gnu.org
Subject: Re: [RFC PATCH] gnu: linux-pam: Change path to unix_chkpwd helper.
In-Reply-To: <87tudu38yz.fsf@trop.in>
References: <87tudu38yz.fsf@trop.in>
Date: Sun, 23 Jan 2022 17:08:43 +0300
Message-ID: <87sftetuhg.fsf@trop.in>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="==-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 53468
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

--==-=-=
Content-Type: multipart/mixed; boundary="=-=-="

--=-=-=
Content-Type: text/plain

Attaching a second version of the patch, added missing import and
lambda.


--=-=-=
Content-Type: text/x-patch
Content-Disposition: inline;
 filename=v2-0001-gnu-linux-pam-Change-path-to-unix_chkpwd-helper.patch
Content-Transfer-Encoding: quoted-printable

From=20ad876e5b134072601fa97d82a39b320a269f34a5 Mon Sep 17 00:00:00 2001
From: Andrew Tropin <andrew@trop.in>
Date: Thu, 13 Jan 2022 21:41:58 +0300
Subject: [RFC PATCH v2] gnu: linux-pam: Change path to unix_chkpwd helper.

* gnu/packages/patches/change-path-to-unix_chkpwd.patch: New file
* gnu/packages/linux.scm (linux-pam): Add patch.
* gnu/system/pam.scm (pam-root-service-type): Add unix_chkpwd to setuid
binaries.
=2D--
 gnu/packages/linux.scm                        |  3 +-
 .../patches/change-path-to-unix_chkpwd.patch  | 54 +++++++++++++++++++
 gnu/system/pam.scm                            | 10 +++-
 3 files changed, 64 insertions(+), 3 deletions(-)
 create mode 100644 gnu/packages/patches/change-path-to-unix_chkpwd.patch

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 7b12cb8ec1..ee0df3c625 100644
=2D-- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -1590,7 +1590,8 @@ (define-public linux-pam
        (sha256
         (base32
          "1z4jayf69qyyxln1gl6ch4qxfd66ib1g42garnrv2d8i1drl0790"))
=2D       (patches (search-patches "linux-pam-no-setfsuid.patch"))))
+       (patches (search-patches "change-path-to-unix_chkpwd.patch"
+                                "linux-pam-no-setfsuid.patch"))))
=20
     (build-system gnu-build-system)
     (native-inputs
diff --git a/gnu/packages/patches/change-path-to-unix_chkpwd.patch b/gnu/pa=
ckages/patches/change-path-to-unix_chkpwd.patch
new file mode 100644
index 0000000000..90a8b639f6
=2D-- /dev/null
+++ b/gnu/packages/patches/change-path-to-unix_chkpwd.patch
@@ -0,0 +1,54 @@
+From f314ab148b488e23a2e48e7222964e46d0d03447 Mon Sep 17 00:00:00 2001
+From: Andrew Tropin <andrew@trop.in>
+Date: Wed, 12 Jan 2022 17:17:42 +0300
+Subject: [PATCH] Change path to unix_chkpwd.
+
+---
+ modules/pam_unix/pam_unix_acct.c | 4 ++--
+ modules/pam_unix/support.c       | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_=
acct.c
+index 8f5ed3e0..2fdec6c7 100644
+--- a/modules/pam_unix/pam_unix_acct.c
++++ b/modules/pam_unix/pam_unix_acct.c
+@@ -122,12 +122,12 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsi=
gned long long ctrl,
+     }
+=20
+     /* exec binary helper */
+-    args[0] =3D CHKPWD_HELPER;
++    args[0] =3D "/run/setuid-programs/unix_chkpwd";
+     args[1] =3D user;
+     args[2] =3D "chkexpiry";
+=20
+     DIAG_PUSH_IGNORE_CAST_QUAL;
+-    execve(CHKPWD_HELPER, (char *const *) args, envp);
++    execve("/run/setuid-programs/unix_chkpwd", (char *const *) args, envp=
);
+     DIAG_POP_IGNORE_CAST_QUAL;
+=20
+     pam_syslog(pamh, LOG_ERR, "helper binary execve failed: %m");
+diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
+index 27ca7127..d02f394e 100644
+--- a/modules/pam_unix/support.c
++++ b/modules/pam_unix/support.c
+@@ -523,7 +523,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh,=
 const char *passwd,
+ 	}
+=20
+ 	/* exec binary helper */
+-	args[0] =3D CHKPWD_HELPER;
++	args[0] =3D "/run/setuid-programs/unix_chkpwd";
+ 	args[1] =3D user;
+ 	if (off(UNIX__NONULL, ctrl)) {	/* this means we've succeeded */
+ 	  args[2]=3D"nullok";
+@@ -532,7 +532,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh,=
 const char *passwd,
+ 	}
+=20
+ 	DIAG_PUSH_IGNORE_CAST_QUAL;
+-	execve(CHKPWD_HELPER, (char *const *) args, envp);
++	execve("/run/setuid-programs/unix_chkpwd", (char *const *) args, envp);
+ 	DIAG_POP_IGNORE_CAST_QUAL;
+=20
+ 	/* should not get here: exit with error */
+--=20
+2.34.0
+
diff --git a/gnu/system/pam.scm b/gnu/system/pam.scm
index 2574e019f1..b635681642 100644
=2D-- a/gnu/system/pam.scm
+++ b/gnu/system/pam.scm
@@ -21,6 +21,7 @@ (define-module (gnu system pam)
   #:use-module (guix derivations)
   #:use-module (guix gexp)
   #:use-module (gnu services)
+  #:use-module (gnu system setuid)
   #:use-module (ice-9 match)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-9)
@@ -375,8 +376,13 @@ (define (extend-configuration initial extensions)
=20
 (define pam-root-service-type
   (service-type (name 'pam)
=2D                (extensions (list (service-extension etc-service-type
=2D                                                     /etc-entry)))
+                (extensions
+                 (list (service-extension
+                        setuid-program-service-type
+                        (lambda (_)
+                          (list (file-like->setuid-program
+                                 (file-append linux-pam "/sbin/unix_chkpwd=
")))))
+                       (service-extension etc-service-type /etc-entry)))
=20
                 ;; Arguments include <pam-service> as well as procedures.
                 (compose concatenate)
=2D-=20
2.34.0


--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable



Reconfigured my system with the patch above.

I tested it with the swaylock built with pam support:

=2D-8<---------------cut here---------------start------------->8---
(define-public swaylock
  (package
    (name "swaylock")
    (version "1.6")
    (source
     (origin
       (method git-fetch)
       (uri (git-reference
             (url "https://github.com/swaywm/swaylock")
             (commit "5150d3869cd801cb2badb3c645fa41c01bbfbbbf")))
       (file-name (git-file-name name version))
       (sha256
        (base32 "16n389w5hx8f8dqnhzjgimxmaw648cnnmifazx6zwx2v5vhxa38r"))))
    (build-system meson-build-system)
    (inputs (list cairo gdk-pixbuf libxkbcommon
                  linux-pam
                  wayland))
    (native-inputs (list pango pkg-config scdoc wayland-protocols))
    (home-page "https://github.com/swaywm/sway")
    (synopsis "Screen locking utility for Wayland compositors")
    (description "Swaylock is a screen locking utility for Wayland composit=
ors.")
    (license license:expat)))
=2D-8<---------------cut here---------------end--------------->8---

and following system service:
=2D-8<---------------cut here---------------start------------->8---
(simple-service
 'sway-add-swaylock-pam
 pam-root-service-type
 (list
  (unix-pam-service "swaylock")))
=2D-8<---------------cut here---------------end--------------->8---

I'll make a patch for swaylock separately, when this ticket will be
resolved.

=2D-=20
Best regards,
Andrew Tropin

--=-=-=--

--==-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEEKEGaxlA4dEDH6S/6IgjSCVjB3rAFAmHtYWwPHGFuZHJld0B0
cm9wLmluAAoJECII0glYwd6wFuQP/iHU8//zTDyOGY9XOy6vMhsYfonZD3R4ZzIR
jSu2GM5LFlduzXMarNzMufYjyPyT8ht1xp4HVR6fX8QYtS4x9/I8nmqQjZhN1vFo
HTnyRRu8nDjRUKqjFIsJmT3VnMsck+zQLqCuk98yfMNFjAuYsVuuN9DKuD07TkQ4
W/9ynqb5FuErTaLtfWDWdIygnBcjUR61FpmqgsFKKlpxSwZlPP72fEBW7tGx3pWR
BmzMolDYTF4fCkforyMYtXSy2YS0INooW/4CJCGXCHi4CevRepz0pFmR+Ws1UBAS
+lagCjDynM367THQ6zmfoP5zWwBAe0RTtDiPE3AqwenFiL8FmEum2fnMb4JwGEHb
PsjzRqvtaBZuebAPcvdq1rjHH+Ergu+hVZ4WlwOScfLUwhx0wvdYI1g2VYd1R4XC
faq8oo8cRb0FRiKMNb7W56pyZcD1T0+VzAc6eEx7zF76aAQOH+aaf19B4phGTnGS
aBDaxMGP47BmNA96rGEFcgzN5QBmYTZQnwMF+jBWyeF15xQ23t57QDjD3e6jKGD/
xiP4HGY3dZJPLPuRe5PIKmF0gOv18jg62QqNkoFmW+u6BId/F4huEKC6KB0VO6BP
FWbImLJcUOGcJbMq1OLnOC4cepASVtxySNFYikXkpYZI4OXgecynuZ9nwFEBzYE5
XrNr+TzX
=A/5x
-----END PGP SIGNATURE-----
--==-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Fri Feb 04 06:07:28 2022
Received: (at 53468) by debbugs.gnu.org; 4 Feb 2022 11:07:28 +0000
Received: from localhost ([127.0.0.1]:58878 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1nFwR6-00080q-D2
	for submit@debbugs.gnu.org; Fri, 04 Feb 2022 06:07:28 -0500
Received: from mail-lj1-f172.google.com ([209.85.208.172]:42822)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <andrew@trop.in>) id 1nFwR5-00080e-4a
 for 53468@debbugs.gnu.org; Fri, 04 Feb 2022 06:07:27 -0500
Received: by mail-lj1-f172.google.com with SMTP id a25so7944402lji.9
 for <53468@debbugs.gnu.org>; Fri, 04 Feb 2022 03:07:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=trop-in.20210112.gappssmtp.com; s=20210112;
 h=from:to:subject:in-reply-to:references:date:message-id:mime-version;
 bh=pP2L0wtMjKmpbHByUv3S2M1FE42BEvgAf0KkDrcMpow=;
 b=fM6eIG8lp+ElZCVl76I3XGgHHtbIBahLS/G1oIF6Zq1ZvQEiKhY8a4Hu1aki6FWA0i
 ldCD9Zt0I7Y/VebdaU0wFmJLdyFxj5cHdqqdtiHppXuaQooGDd2lj+G2OT1eSHQHZJVc
 6nIjuOhqjqm3o7nqF/YJl9Kw+PNLzvLQ8kQOKZpjvWDhDwq9orSmf13+mQMbn2GcmNha
 YHElNPIBHMcWO8VmKjshPLEpb03h0IdxW3a9unh9RxmviD8echxemLVVPhDaN9Zh+gti
 n2PW8o/IDJ1ApuyfqnmVEQxcytFEp6/d13JIOv3LulRCVjD2qZJi1Nky7QcVnFnMrCkR
 qQVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:subject:in-reply-to:references:date
 :message-id:mime-version;
 bh=pP2L0wtMjKmpbHByUv3S2M1FE42BEvgAf0KkDrcMpow=;
 b=aakrcg1a05wTDCYUWUBR+W4e7k8EYy53Utyi6ZIEj8zrHEPogv0M64MdJgfSkwB2ow
 W7YzfudxGePfzl1/UdD9IOgM1cPM74fMyLb6KuidAfZeIv1Ln2bGqCCXU/Z4bEF/SOFX
 YZTP/xAhy1woUlRePNasddXK4PkM82XAf94urjIGImxP/E5zbBx8GoEWQ8U5EtRtHmg4
 K+FhnUmqu9bVrcN6OzKPlQOgQi0JR65hSzUqJrHDQE6IADLaqyPHyFQ61dUuQkYT4NEb
 yJvQLagr4QPbL1JrxDWMXslbOvYc3wpsa5UZRekLCHBM/wm7bkLlNL9M55vDu6caWNW4
 8Frg==
X-Gm-Message-State: AOAM530Ty//A5xXEkIojvrBZKRMBGoznkBezobHjKS0EcxKwkCSj6kCh
 iPxoo3v6XaHyk7sR7gFs18i9swyjmk9Iww==
X-Google-Smtp-Source: ABdhPJyjm74GFpqkbtdXPvDV8eKh42egS2CQVeUJ91j6vyly2thJqqE7S2L3b4e2jhmnen8wShBavw==
X-Received: by 2002:a05:651c:160b:: with SMTP id
 f11mr1538905ljq.372.1643972840524; 
 Fri, 04 Feb 2022 03:07:20 -0800 (PST)
Received: from localhost (109-252-135-33.dynamic.spd-mgts.ru. [109.252.135.33])
 by smtp.gmail.com with ESMTPSA id t6sm264389lfp.128.2022.02.04.03.07.19
 for <53468@debbugs.gnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 04 Feb 2022 03:07:19 -0800 (PST)
From: Andrew Tropin <andrew@trop.in>
To: 53468@debbugs.gnu.org
Subject: Re: [RFC PATCH] gnu: linux-pam: Change path to unix_chkpwd helper.
In-Reply-To: <87sftetuhg.fsf@trop.in>
References: <87tudu38yz.fsf@trop.in> <87sftetuhg.fsf@trop.in>
Date: Fri, 04 Feb 2022 14:07:16 +0300
Message-ID: <877daayjob.fsf@trop.in>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 53468
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable


Yesterday I also discovered this thread on NixOS bug tracker:
https://github.com/NixOS/nixpkgs/pull/156974

They apply the same technique and remove dirtier workaround they had
before: https://github.com/NixOS/nixpkgs/pull/153104/files

Also, they patch the makefile template instead of source code, which
maybe a little cleaner solution than the one I proposed above.

=2D-=20
Best regards,
Andrew Tropin

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEEKEGaxlA4dEDH6S/6IgjSCVjB3rAFAmH9COQPHGFuZHJld0B0
cm9wLmluAAoJECII0glYwd6wS1YP/3+g5N5uhzr5eKQ4c8Uc11vFYZJOZHvSxFKz
oAwoxwIqfHPYBfhr9Mi61hrhi5+gxDJzt9BBfxtGdVpfrOYREWwD3l/e7HrkdsMO
L1E+74EAkZ2lqae+tfrwh3+V0n4z58YR8Bk/efNgMe4ZH1NxcbWBUHVbnxNMfokC
Y0OgHpOH7bGvCJyNxF0vZSEbrox16HCQg8P53x9yHXZHTD2SaK2TgcvnVm3lnt6c
NtaGUEB3BsE0Njfiwwlzwg25uIu8bIBBWiNvb6Gjb4XmnodhXSd21/SJhmOSjOhb
QVh+RCbqmMHI7Jnj0DEToBBwqhLVle4uYwVZEeZaZ++6ufTO9odQIQRywgLmxCzD
iJ28QfOI09QP/6W8CS8rmWy3NJIAkYMHey+HkfKV+lQFzT1FOP8Mb8TTdYoMx/5F
nwWDp7EQ+uUQOqaxoadJcg9/4fXua7aVZLoX2WJlqt4AAyWdlZefswZp+h+SIMO4
IV+5q03Blfl6cc8y347BwKYDdOylemSl1T/yCAOBeQSL2ompP9yugnbsHoXIICdU
bwbvU1IoxfaCc+iQ5pZ0Z3zz6Jjbf9LlxUd50tZMdlpkbyGWrePHhVjI/8DIiAQo
/s736nSj3B7mCSGiHyTC4od61bRVsd2TE9A4oqdtPb2x8RXmq2pOabYT1ArVdxTy
uRAf31p0
=QXVK
-----END PGP SIGNATURE-----
--=-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Fri Feb 04 17:10:54 2022
Received: (at 53468) by debbugs.gnu.org; 4 Feb 2022 22:10:54 +0000
Received: from localhost ([127.0.0.1]:33095 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1nG6n4-0006lW-RO
	for submit@debbugs.gnu.org; Fri, 04 Feb 2022 17:10:54 -0500
Received: from hera.aquilenet.fr ([185.233.100.1]:44378)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1nG6n3-0006lJ-PF
 for 53468@debbugs.gnu.org; Fri, 04 Feb 2022 17:10:50 -0500
Received: from localhost (localhost [127.0.0.1])
 by hera.aquilenet.fr (Postfix) with ESMTP id 4E8643D5;
 Fri,  4 Feb 2022 23:10:43 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at aquilenet.fr
Received: from hera.aquilenet.fr ([127.0.0.1])
 by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id wR0TIPqr86VQ; Fri,  4 Feb 2022 23:10:42 +0100 (CET)
Received: from ribbon (91-160-117-201.subs.proxad.net [91.160.117.201])
 by hera.aquilenet.fr (Postfix) with ESMTPSA id 5EBAB2FD;
 Fri,  4 Feb 2022 23:10:42 +0100 (CET)
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
To: Andrew Tropin <andrew@trop.in>
Subject: Re: bug#53468: [RFC PATCH] gnu: linux-pam: Change path to
 unix_chkpwd helper.
References: <87tudu38yz.fsf@trop.in> <87sftetuhg.fsf@trop.in>
Date: Fri, 04 Feb 2022 23:10:41 +0100
In-Reply-To: <87sftetuhg.fsf@trop.in> (Andrew Tropin's message of "Sun, 23 Jan
 2022 17:08:43 +0300")
Message-ID: <877daamgf2.fsf_-_@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spamd-Bar: /
Authentication-Results: hera.aquilenet.fr;
	none
X-Rspamd-Server: hera
X-Rspamd-Queue-Id: 4E8643D5
X-Spamd-Result: default: False [-0.10 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[]; RCPT_COUNT_TWO(0.00)[2];
 FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+];
 RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[];
 MID_RHS_MATCH_FROM(0.00)[]
X-Spam-Score: 1.0 (+)
X-Debbugs-Envelope-To: 53468
Cc: 53468@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.0 (/)

Hi!

Andrew Tropin <andrew@trop.in> skribis:

> From ad876e5b134072601fa97d82a39b320a269f34a5 Mon Sep 17 00:00:00 2001
> From: Andrew Tropin <andrew@trop.in>
> Date: Thu, 13 Jan 2022 21:41:58 +0300
> Subject: [RFC PATCH v2] gnu: linux-pam: Change path to unix_chkpwd helper.
>
> * gnu/packages/patches/change-path-to-unix_chkpwd.patch: New file
> * gnu/packages/linux.scm (linux-pam): Add patch.
> * gnu/system/pam.scm (pam-root-service-type): Add unix_chkpwd to setuid
> binaries.

[...]

> +     DIAG_PUSH_IGNORE_CAST_QUAL;
> +-    execve(CHKPWD_HELPER, (char *const *) args, envp);
> ++    execve("/run/setuid-programs/unix_chkpwd", (char *const *) args, en=
vp);
> +     DIAG_POP_IGNORE_CAST_QUAL;

Looks reasonable to me.  However, could you change the CHKPWD_HELPER
macro definition in the Makefile template, as you suggested, instead of
patching the file?

Thanks!

Ludo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Sun Feb 06 00:17:13 2022
Received: (at 53468) by debbugs.gnu.org; 6 Feb 2022 05:17:13 +0000
Received: from localhost ([127.0.0.1]:36181 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1nGZvE-0002Ag-IA
	for submit@debbugs.gnu.org; Sun, 06 Feb 2022 00:17:12 -0500
Received: from mail-lf1-f52.google.com ([209.85.167.52]:39516)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <andrew@trop.in>) id 1nGZv7-0002A3-RV
 for 53468@debbugs.gnu.org; Sun, 06 Feb 2022 00:17:11 -0500
Received: by mail-lf1-f52.google.com with SMTP id b9so20630604lfq.6
 for <53468@debbugs.gnu.org>; Sat, 05 Feb 2022 21:17:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=trop-in.20210112.gappssmtp.com; s=20210112;
 h=from:to:cc:subject:in-reply-to:references:date:message-id
 :mime-version; bh=ulcpM5K5F1c2MEQvcHRaYh3z3LPHnI+ph/OxoPEJVRQ=;
 b=Z6ir9VFt7MBMut261Jq/1b047OFuzgKmUFpDnMqulSujgqvQ14PNuHQSOf2ycUvjG4
 TIQ+x8O0Goq9ZHlvcvWbCdevHbF2h+yHViUmmtZMAKeDyTl0vVJbFv3rjxFMpRI0NQ5X
 1heWyOLagV2TazpjFt4vliBPpLuRjUxifq/a1tJzFLSsNzzjq5td/jKiuxT52QPzY6td
 u8YDXqPyyzB7Z+jcUb6w7pDB7xHjJ8IMGJn2BVkdmYxolqHOX71Mx0WobDa2OPe3H/b7
 /qA+joVIvFs43o33V8c/pLx8/TkEsrMtxF6GseN+DZIw5xvCqzNXWvdIEqSx2MslCtGI
 quEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date
 :message-id:mime-version;
 bh=ulcpM5K5F1c2MEQvcHRaYh3z3LPHnI+ph/OxoPEJVRQ=;
 b=pdSSvDg37N9NReKoOdeS62pj3NJfDlMYKTM+IpWgUSe+Aer3V750WMoI+hGlZKrCBL
 e/vU4ilX25rib+huC/kiVsKhClG001HFSpBzYRTb1chPTCBEbQgaKcgOn9w2JRMFMDmW
 /q2nrSxidKFpP2+FkHi3Br/pAyTTOdTlKBCJYhd9ZdH/XMk1xq3iSKYSMB26I80oqHie
 aeM6hj0keaQfTEhP8wBI8hc3yLMQuMBHQTODo0rUOlHj3OSj8iuay35ChvqjopXHdXYg
 gO7tIgQaJiAHZ5GydKqOspiEyF3gaEwV/S3vxxn0YGya56f3eYjPHViun6ATv6o7vMhA
 Tupw==
X-Gm-Message-State: AOAM531qNDeNFXA6sdo1hasBNUnFLtBxDCbS8kD7cxaGFFIaU4MayhHc
 rv1s0kEN70aZWrGBF53KrHjlbw==
X-Google-Smtp-Source: ABdhPJxmNORqvlBx9BjAXw2nc6oBv6T/yRYdg7nzXNAolxpeQnw/arJAdOMkQUcunmrOPLwQCD7+GA==
X-Received: by 2002:ac2:5190:: with SMTP id u16mr4448829lfi.257.1644124619804; 
 Sat, 05 Feb 2022 21:16:59 -0800 (PST)
Received: from localhost (109-252-135-33.dynamic.spd-mgts.ru. [109.252.135.33])
 by smtp.gmail.com with ESMTPSA id e24sm1029162ljj.131.2022.02.05.21.16.57
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 05 Feb 2022 21:16:57 -0800 (PST)
From: Andrew Tropin <andrew@trop.in>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Subject: Re: bug#53468: [RFC PATCH] gnu: linux-pam: Change path to
 unix_chkpwd helper.
In-Reply-To: <877daamgf2.fsf_-_@gnu.org>
References: <87tudu38yz.fsf@trop.in> <87sftetuhg.fsf@trop.in>
 <877daamgf2.fsf_-_@gnu.org>
Date: Sun, 06 Feb 2022 08:16:54 +0300
Message-ID: <878ruo60c9.fsf@trop.in>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="==-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 53468
Cc: 53468@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

--==-=-=
Content-Type: multipart/mixed; boundary="=-=-="

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 2022-02-04 23:10, Ludovic Court=C3=A8s wrote:

> Hi!
>
> Andrew Tropin <andrew@trop.in> skribis:
>
>> From ad876e5b134072601fa97d82a39b320a269f34a5 Mon Sep 17 00:00:00 2001
>> From: Andrew Tropin <andrew@trop.in>
>> Date: Thu, 13 Jan 2022 21:41:58 +0300
>> Subject: [RFC PATCH v2] gnu: linux-pam: Change path to unix_chkpwd helpe=
r.
>>
>> * gnu/packages/patches/change-path-to-unix_chkpwd.patch: New file
>> * gnu/packages/linux.scm (linux-pam): Add patch.
>> * gnu/system/pam.scm (pam-root-service-type): Add unix_chkpwd to setuid
>> binaries.
>
> [...]
>
>> +     DIAG_PUSH_IGNORE_CAST_QUAL;
>> +-    execve(CHKPWD_HELPER, (char *const *) args, envp);
>> ++    execve("/run/setuid-programs/unix_chkpwd", (char *const *) args, e=
nvp);
>> +     DIAG_POP_IGNORE_CAST_QUAL;
>
> Looks reasonable to me.  However, could you change the CHKPWD_HELPER
> macro definition in the Makefile template, as you suggested, instead of
> patching the file?

Sure, done in v3.


--=-=-=
Content-Type: text/x-patch
Content-Disposition: inline;
 filename=v3-0001-gnu-linux-pam-Change-path-to-unix_chkpwd-helper.patch
Content-Transfer-Encoding: quoted-printable

From=20e96d3f6d82b134829fcb31777e81928c73847dcc Mon Sep 17 00:00:00 2001
From: Andrew Tropin <andrew@trop.in>
Date: Sun, 6 Feb 2022 08:13:49 +0300
Subject: [PATCH v3] gnu: linux-pam: Change path to unix_chkpwd helper.

* gnu/packages/patches/change-path-to-unix_chkpwd.patch: New file.
* gnu/packages/linux.scm (linux-pam): Add patch.
* gnu/system/pam.scm (pam-root-service-type): Add unix_chkpwd to setuid.
=2D--
 gnu/packages/linux.scm                              |  3 ++-
 .../patches/change-path-to-unix_chkpwd.patch        | 13 +++++++++++++
 gnu/system/pam.scm                                  | 10 ++++++++--
 3 files changed, 23 insertions(+), 3 deletions(-)
 create mode 100644 gnu/packages/patches/change-path-to-unix_chkpwd.patch

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 2e2d01c656..bc2927d0b4 100644
=2D-- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -1625,7 +1625,8 @@ (define-public linux-pam
        (sha256
         (base32
          "1z4jayf69qyyxln1gl6ch4qxfd66ib1g42garnrv2d8i1drl0790"))
=2D       (patches (search-patches "linux-pam-no-setfsuid.patch"))))
+       (patches (search-patches "change-path-to-unix_chkpwd.patch"
+                                "linux-pam-no-setfsuid.patch"))))
=20
     (build-system gnu-build-system)
     (native-inputs
diff --git a/gnu/packages/patches/change-path-to-unix_chkpwd.patch b/gnu/pa=
ckages/patches/change-path-to-unix_chkpwd.patch
new file mode 100644
index 0000000000..e5c6d2649c
=2D-- /dev/null
+++ b/gnu/packages/patches/change-path-to-unix_chkpwd.patch
@@ -0,0 +1,13 @@
+From: Andrew Tropin <andrew@trop.in>
+Date: Sat, 5 Feb 2022 21:06:42 +0300
+Subject: [PATCH] Change path to unix_chkpwd.
+
+unix_chkpwd is designed to have a suid bit, but it's not possible to set it
+for files in /gnu/store, and this patch tells unix_pam.so to lookup up for
+unix_chkpwd in directory generated by setuid-program system service.
+
+--- a/modules/pam_unix/Makefile.in
++++ b/modules/pam_unix/Makefile.in
+@@ -651,1 +651,1 @@
+-	-DCHKPWD_HELPER=3D\"$(sbindir)/unix_chkpwd\" \
++	-DCHKPWD_HELPER=3D\"/run/setuid-programs/unix_chkpwd\" \
diff --git a/gnu/system/pam.scm b/gnu/system/pam.scm
index 2574e019f1..b635681642 100644
=2D-- a/gnu/system/pam.scm
+++ b/gnu/system/pam.scm
@@ -21,6 +21,7 @@ (define-module (gnu system pam)
   #:use-module (guix derivations)
   #:use-module (guix gexp)
   #:use-module (gnu services)
+  #:use-module (gnu system setuid)
   #:use-module (ice-9 match)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-9)
@@ -375,8 +376,13 @@ (define (extend-configuration initial extensions)
=20
 (define pam-root-service-type
   (service-type (name 'pam)
=2D                (extensions (list (service-extension etc-service-type
=2D                                                     /etc-entry)))
+                (extensions
+                 (list (service-extension
+                        setuid-program-service-type
+                        (lambda (_)
+                          (list (file-like->setuid-program
+                                 (file-append linux-pam "/sbin/unix_chkpwd=
")))))
+                       (service-extension etc-service-type /etc-entry)))
=20
                 ;; Arguments include <pam-service> as well as procedures.
                 (compose concatenate)
=2D-=20
2.34.0


--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable


=2D-=20
Best regards,
Andrew Tropin

--=-=-=--

--==-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEEKEGaxlA4dEDH6S/6IgjSCVjB3rAFAmH/WccPHGFuZHJld0B0
cm9wLmluAAoJECII0glYwd6wRmwQAIfjH18DlBQfHarDxPLXNBBAnRBB6D/HV2v0
0DZ7pZi6kI6EwHSCm3fIXooEzFdBVQWWw77nLu6VSgdY00lFYIr31xUtqX/vfI/b
YnpDPZ3MYBeW2Y1GOo0Zjqdco1J3u7oJdBlpt7U92Zh3KV6jBwQg7i5u8407PMYj
R810YoKU7mO8Cgf8oSSkK4JuN+3btyrXQ947cOSYPhY0gqAf9CPi3hKPTnjbUi83
tGH4UsI8E+bJpZUfhutbsK++faviByjFphz1XgHrzXttBmNp591LvUghVIIt5du4
tyVuWLRA99dQu+8PX1DJMGqFOG/fS2jJrpj5UiYKGNVleAnjV8K7DkjPadMxh4II
cHBDAaFnN7kR+SoJXct7c4wbScibzRqclTCuRe2EXMy3MNOxSSoXQHtnuhbyqUkf
spJSraVEdUF6VfxmeR9SeY4gJpKcd2WsJz3qe0NXE6lFmuZoxpzRLAhl2TcmVZaq
7/iCr+cMSc5Am7mgH6Q0q/PSEkvbfWuryKpCxH0+Tc/yJBibAuyhc/ClM6aWYVdJ
6DqNSMLKpywyeCAFF85DLkcdtEYhGjMXGt3J4yCmi0eDm4HdXj64/ZlTX7X8z5D0
a6wpc3JfT3bHJ81VbbuIEpekDUUZsaJIaLYvymZW+cLKeItGp+KLta29OovPoykI
ewmScXMb
=O9fk
-----END PGP SIGNATURE-----
--==-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Thu Feb 10 17:42:39 2022
Received: (at 53468-done) by debbugs.gnu.org; 10 Feb 2022 22:42:39 +0000
Received: from localhost ([127.0.0.1]:57476 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1nII98-0000Tu-OX
	for submit@debbugs.gnu.org; Thu, 10 Feb 2022 17:42:39 -0500
Received: from hera.aquilenet.fr ([185.233.100.1]:41596)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1nII97-0000Te-54
 for 53468-done@debbugs.gnu.org; Thu, 10 Feb 2022 17:42:37 -0500
Received: from localhost (localhost [127.0.0.1])
 by hera.aquilenet.fr (Postfix) with ESMTP id 6966539F;
 Thu, 10 Feb 2022 23:42:30 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at aquilenet.fr
Received: from hera.aquilenet.fr ([127.0.0.1])
 by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id e6yqR32Wn9cN; Thu, 10 Feb 2022 23:42:29 +0100 (CET)
Received: from ribbon (91-160-117-201.subs.proxad.net [91.160.117.201])
 by hera.aquilenet.fr (Postfix) with ESMTPSA id 683B3171;
 Thu, 10 Feb 2022 23:42:29 +0100 (CET)
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
To: Andrew Tropin <andrew@trop.in>
Subject: Re: bug#53468: [RFC PATCH] gnu: linux-pam: Change path to
 unix_chkpwd helper.
References: <87tudu38yz.fsf@trop.in> <87sftetuhg.fsf@trop.in>
 <877daamgf2.fsf_-_@gnu.org> <878ruo60c9.fsf@trop.in>
Date: Thu, 10 Feb 2022 23:42:29 +0100
In-Reply-To: <878ruo60c9.fsf@trop.in> (Andrew Tropin's message of "Sun, 06 Feb
 2022 08:16:54 +0300")
Message-ID: <8735kq2vje.fsf_-_@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spamd-Bar: /
Authentication-Results: hera.aquilenet.fr;
	none
X-Rspamd-Server: hera
X-Rspamd-Queue-Id: 6966539F
X-Spamd-Result: default: False [-0.10 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[]; RCPT_COUNT_TWO(0.00)[2];
 FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+];
 RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[];
 MID_RHS_MATCH_FROM(0.00)[]
X-Spam-Score: 1.0 (+)
X-Debbugs-Envelope-To: 53468-done
Cc: 53468-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.0 (/)

Hi,

Andrew Tropin <andrew@trop.in> skribis:

> From e96d3f6d82b134829fcb31777e81928c73847dcc Mon Sep 17 00:00:00 2001
> From: Andrew Tropin <andrew@trop.in>
> Date: Sun, 6 Feb 2022 08:13:49 +0300
> Subject: [PATCH v3] gnu: linux-pam: Change path to unix_chkpwd helper.
>
> * gnu/packages/patches/change-path-to-unix_chkpwd.patch: New file.
> * gnu/packages/linux.scm (linux-pam): Add patch.
> * gnu/system/pam.scm (pam-root-service-type): Add unix_chkpwd to setuid.

LGTM, minor the patch file name as reported by =E2=80=98guix lint=E2=80=99 =
and missing
=E2=80=98gnu/local.mk=E2=80=99.

However, it looks like my brain wasn=E2=80=99t fully operational when I
previously replied, because:

--8<---------------cut here---------------start------------->8---
$ guix refresh -l linux-pam
Building the following 2418 packages would ensure 6038 dependent
packages are rebuilt: [=E2=80=A6]
--8<---------------cut here---------------end--------------->8---

So I went ahead, fixed up the issues above, and pushed to
=E2=80=98core-updates=E2=80=99.

Thanks!

Ludo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Sat Feb 26 02:12:04 2022
Received: (at 53468-done) by debbugs.gnu.org; 26 Feb 2022 07:12:04 +0000
Received: from localhost ([127.0.0.1]:54167 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1nNrFM-0001mZ-G6
	for submit@debbugs.gnu.org; Sat, 26 Feb 2022 02:12:04 -0500
Received: from mail-lj1-f173.google.com ([209.85.208.173]:42686)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <andrew@trop.in>) id 1nNrFK-0001m3-FB
 for 53468-done@debbugs.gnu.org; Sat, 26 Feb 2022 02:12:03 -0500
Received: by mail-lj1-f173.google.com with SMTP id v28so10228226ljv.9
 for <53468-done@debbugs.gnu.org>; Fri, 25 Feb 2022 23:12:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=trop-in.20210112.gappssmtp.com; s=20210112;
 h=from:to:cc:subject:in-reply-to:references:date:message-id
 :mime-version; bh=qX8prbeb0JtzBaQ/ge2PHAR1q3U0x3kBVf+XXixwS7c=;
 b=z0wmEIjkUwQ6DXqGaVVZkB2Dw488qCQ/+fAfZ1nrzvUmrawCyit2zAJy628tjMEgeL
 0Ke754X7bmk1XvLloan9Nw+ag5vF6fJVs93956jMJaxcbQIITAUckuH8Q6lXVOdk9ZYZ
 Sm/DhBOylJ4Y3LNF9BmSESgnaECAmzm2WyM+5GRaj5Rcy1Tlg/8F/ZHeLNgCdM+QJ11f
 eiBy+fHn+dcgfMN13YdtRMszdf1Jq8xhX9ZGRpjTh2sKHlr93JxRuVolWMsl+B6YXt5Y
 J5hyPc+pf5gJ35cRpoN6bQ7kJL1e3CpK5YApnjnXbyaOJJ8fgon/yTmFqZ2tQw5Go5wO
 ykXA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date
 :message-id:mime-version;
 bh=qX8prbeb0JtzBaQ/ge2PHAR1q3U0x3kBVf+XXixwS7c=;
 b=ndLtknt91A5OCFzFItNAA/kyB9jkArisM92NAbZ1W18KxeaxZ6IMhh7osvzXpWgpHR
 gRwTND8B816IvA0GH0LN8Kdt888GA6HhUQGKytzXRTfNu9qFB2Vw5VBQ+k/7joCkQ639
 bqgNb6IJ0XoDO9hNOGlR8k+si3ERCEkDLYlIuvjZDwRBOF3yeouGWKXfSnTkwfDeU3vq
 xeQwhtEIOUFcxcW8ZZLy5OUe2+0Z3usbCCIFJTrkP4A+RmaLtp7pH1sJzRnD7/FhIAHf
 I78lDEHfB3cQGr0InD5qowlPRTW21Y1/+2bgC8LAMNOrhGiwteVnT7FrEYMyU6zVBYxJ
 QJYg==
X-Gm-Message-State: AOAM5313RC+Cbl5pGoqESnb/dGKkLeva3ybF2h17gnn1P3hTQjndJYkp
 Am4iCcNWGfGCf2WKb0q1uU+EOiSje4hsGA==
X-Google-Smtp-Source: ABdhPJy03NLuEhS54jxjmdh8pkZFlixwUdZROlX+UQUd+0SVqPxyyo/GcMMcZEYRt91KGgOIS/SqPw==
X-Received: by 2002:a2e:a7cb:0:b0:246:4b50:efcd with SMTP id
 x11-20020a2ea7cb000000b002464b50efcdmr7674443ljp.511.1645859516169; 
 Fri, 25 Feb 2022 23:11:56 -0800 (PST)
Received: from localhost (109-252-135-33.dynamic.spd-mgts.ru. [109.252.135.33])
 by smtp.gmail.com with ESMTPSA id
 p3-20020a19f003000000b0044363fb8c52sm386246lfc.247.2022.02.25.23.11.55
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 25 Feb 2022 23:11:55 -0800 (PST)
From: Andrew Tropin <andrew@trop.in>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Subject: Re: bug#53468: [RFC PATCH] gnu: linux-pam: Change path to
 unix_chkpwd helper.
In-Reply-To: <8735kq2vje.fsf_-_@gnu.org>
References: <87tudu38yz.fsf@trop.in> <87sftetuhg.fsf@trop.in>
 <877daamgf2.fsf_-_@gnu.org> <878ruo60c9.fsf@trop.in>
 <8735kq2vje.fsf_-_@gnu.org>
Date: Sat, 26 Feb 2022 10:11:52 +0300
Message-ID: <87o82udruv.fsf@trop.in>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 53468-done
Cc: 53468-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 2022-02-10 23:42, Ludovic Court=C3=A8s wrote:

> Hi,
>
> Andrew Tropin <andrew@trop.in> skribis:
>
>> From e96d3f6d82b134829fcb31777e81928c73847dcc Mon Sep 17 00:00:00 2001
>> From: Andrew Tropin <andrew@trop.in>
>> Date: Sun, 6 Feb 2022 08:13:49 +0300
>> Subject: [PATCH v3] gnu: linux-pam: Change path to unix_chkpwd helper.
>>
>> * gnu/packages/patches/change-path-to-unix_chkpwd.patch: New file.
>> * gnu/packages/linux.scm (linux-pam): Add patch.
>> * gnu/system/pam.scm (pam-root-service-type): Add unix_chkpwd to setuid.
>
> LGTM, minor the patch file name as reported by =E2=80=98guix lint=E2=80=
=99 and missing
> =E2=80=98gnu/local.mk=E2=80=99.
>
> However, it looks like my brain wasn=E2=80=99t fully operational when I
> previously replied, because:
>
> --8<---------------cut here---------------start------------->8---
> $ guix refresh -l linux-pam
> Building the following 2418 packages would ensure 6038 dependent
> packages are rebuilt: [=E2=80=A6]
> --8<---------------cut here---------------end--------------->8---
>
> So I went ahead, fixed up the issues above, and pushed to
> =E2=80=98core-updates=E2=80=99.

Thank you very much!)

When is the next core-update to master merge scheduled?

=2D-=20
Best regards,
Andrew Tropin

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEEKEGaxlA4dEDH6S/6IgjSCVjB3rAFAmIZ0rgPHGFuZHJld0B0
cm9wLmluAAoJECII0glYwd6wg0MP/Rx+powCeCNaHQ0XnakliIkI9NHztDx8qC+N
eEoTO6uTfreZWs0EqKoTawGKAlNQk4GQUfO9MmoUFbzScT5t3bMYln7geYJbmD+k
bwkmxypvPb9pOLeLsbrJ7MROqljiSU4tldH9s9QuWk/BKNWJvdDpPwFz7aX5I+ec
iPxiUiHmz71cJCTrKJQNVuPgi+GS6qKIAkvJs1/M6Awk2nJzNMwJgTCP8GCsKvRr
kd6egCsHVhgfrqkcBqnKQofGJ3h+90ax34oPm/Imhg7hYkxznXivWZBQgIPzBcVd
ZkDNC0EGIneQGpJ25Qxhv9Olgb+NeMf2x+wheQJJ4aM1Vr5MJgxUgDycU9rJiUEa
nMC/fhN27BiqwsFJEZEXi4kicd0nvhJ6jMLYH8axuEzFUwLtistzccNNROlHI4zp
OyW/Byanyc8J6N9694tdbwVb3HWAUyLPPb59pwF7m9wVT+9f410ySBdOBrFzI8K/
YY22Rb3+G0kOOzYicqWHC9csLrAQ6no5srjxF04tfp/IgbrFBoASDgccRtHbxSn6
5q5EPUanLFg4+Yhp9oXBKTizuYgGO17db4oqFF0Szpkq+ySBe/UolbfsQ7oc3nm/
ANEhclKPWRi9RmGsYjasbSj/a/SDnqTE262JG3aZriNz+nGtcL4QRx/KQCHg2ZSe
dAZhzs/P
=Jx+Y
-----END PGP SIGNATURE-----
--=-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Sun Feb 27 17:03:40 2022
Received: (at 53468-done) by debbugs.gnu.org; 27 Feb 2022 22:03:40 +0000
Received: from localhost ([127.0.0.1]:59468 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1nORdc-0000iF-HO
	for submit@debbugs.gnu.org; Sun, 27 Feb 2022 17:03:40 -0500
Received: from hera.aquilenet.fr ([185.233.100.1]:55950)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1nORdb-0000i3-7S
 for 53468-done@debbugs.gnu.org; Sun, 27 Feb 2022 17:03:31 -0500
Received: from localhost (localhost [127.0.0.1])
 by hera.aquilenet.fr (Postfix) with ESMTP id A0C0D399;
 Sun, 27 Feb 2022 23:03:24 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at aquilenet.fr
Received: from hera.aquilenet.fr ([127.0.0.1])
 by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id r4DCYQNDd-ES; Sun, 27 Feb 2022 23:03:23 +0100 (CET)
Received: from ribbon (91-160-117-201.subs.proxad.net [91.160.117.201])
 by hera.aquilenet.fr (Postfix) with ESMTPSA id 46C1313B;
 Sun, 27 Feb 2022 23:03:23 +0100 (CET)
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
To: Andrew Tropin <andrew@trop.in>
Subject: Re: bug#53468: [RFC PATCH] gnu: linux-pam: Change path to
 unix_chkpwd helper.
References: <87tudu38yz.fsf@trop.in> <87sftetuhg.fsf@trop.in>
 <877daamgf2.fsf_-_@gnu.org> <878ruo60c9.fsf@trop.in>
 <8735kq2vje.fsf_-_@gnu.org> <87o82udruv.fsf@trop.in>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 9 =?utf-8?Q?Vent=C3=B4se?= an 230 de la =?utf-8?Q?R?=
 =?utf-8?Q?=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Sun, 27 Feb 2022 23:03:22 +0100
In-Reply-To: <87o82udruv.fsf@trop.in> (Andrew Tropin's message of "Sat, 26 Feb
 2022 10:11:52 +0300")
Message-ID: <87bkyst1at.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spamd-Bar: /
Authentication-Results: hera.aquilenet.fr;
	none
X-Rspamd-Server: hera
X-Rspamd-Queue-Id: A0C0D399
X-Spamd-Result: default: False [-0.10 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[]; RCPT_COUNT_TWO(0.00)[2];
 FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+];
 RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[];
 MID_RHS_MATCH_FROM(0.00)[]
X-Spam-Score: 1.0 (+)
X-Debbugs-Envelope-To: 53468-done
Cc: 53468-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.0 (/)

Hi,

Andrew Tropin <andrew@trop.in> skribis:

> When is the next core-update to master merge scheduled?

It=E2=80=99s not scheduled, but it=E2=80=99s likely several months from now=
=E2=80=A6  maybe less
if motivated people help drive the effort.  :-)

Ludo=E2=80=99.




From unknown Thu Sep 18 21:00:33 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Mon, 28 Mar 2022 11:24:07 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator


From debbugs-submit-bounces@debbugs.gnu.org Fri Mar 03 18:46:50 2023
Received: (at control) by debbugs.gnu.org; 3 Mar 2023 23:46:50 +0000
Received: from localhost ([127.0.0.1]:34218 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1pYF6v-0002Jj-V0
	for submit@debbugs.gnu.org; Fri, 03 Mar 2023 18:46:50 -0500
Received: from wolfsden.cz ([37.205.8.62]:55066)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <wolf@wolfsden.cz>) id 1pYF6t-0002JW-Iq
 for control@debbugs.gnu.org; Fri, 03 Mar 2023 18:46:48 -0500
Received: by wolfsden.cz (Postfix, from userid 104)
 id 58361242F07; Fri,  3 Mar 2023 23:46:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
 t=1677887206; bh=bLqjsPbUnyZs688CvhxrJoLpvUJ76xS9q7clBi+6ChQ=;
 h=Date:From:To:Subject;
 b=HVvNolbVnnlWG3rzd1gzr4wKkq44K0UQOCgtr8FDyFdLVGS2mE2zXmxvVmra8Q5dY
 yvr+aFIi9a29yGe3mDiLo9v73z8GoL3cjpyBME3Q88dkpohSNMak0EC4cu5iLJdJTs
 PBSzKErt6B2Sac0OhrVFRn+jS9EmJ7/EZQ6v4dXjnsCNQtN00vVkCajwHmHHZpV7la
 viICh2ZSeq/2taE/WekDu+wp+stbY6KrjzSywUuqKsBIrqN8SwF1nckLFwpU5ITX3z
 cVi9H0+/E1Qi5S7jmSKgE4pktSPweTwL0uyBLC+31IWZXpzrWtBbc3QWWFH/1M2rbc
 WEWLm+hf/Sl7TZIoF2+bMc70R8Da3Y8IWaxD6J6MszD/TiXjWHr6yl6VWC9jEOSLuw
 jY2T8V9IXtEa9nCq1A2tbbDu/Lo8DjSWj+iqxg97H3ScRkeimHyGRv0G5CRECU0VgY
 qrOeP2tKdUpwG3XIJhTQS/D36ZcdRcDEVoJAOhKf+YVe9Zpbtpyt7ky9zDn0aP9cdT
 4a32+d8c3HngTDali7gtcbvJFTRi8OVnSJIp6ht9pGhAouwvGf1S75vtsfZyHyE/ui
 0rta/McvRkFoAsYDcJ4tx9PYKCHYq4D/PnNm3P4UsO+20I+mqggp9zFPRgJBv2zWoM
 mqhl6YGtFKWcULw+5n5WF7cc=
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden
X-Spam-Level: 
X-Spam-Status: No, score=-1.2 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED
 autolearn=unavailable autolearn_force=no version=3.4.6
Received: from localhost (unknown [128.0.188.242])
 by wolfsden.cz (Postfix) with ESMTPSA id 7965D242061
 for <control@debbugs.gnu.org>; Fri,  3 Mar 2023 23:46:45 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
 t=1677887205; bh=bLqjsPbUnyZs688CvhxrJoLpvUJ76xS9q7clBi+6ChQ=;
 h=Date:From:To:Subject;
 b=eg3sjHmnOKnIUvnRLvntetjLy9ERSdZ/4UUxMKB3XioQDGXKGTecrCMD6lerrOFCm
 z4wDOziY3P+T5KEq2LZ6xQiCS+a6hQAIX0Q7sP72v5WgKR4K1F/a7uvivdUVrCiPcq
 RYWgFDEjl1PBm26O6X58aVt8RNs3R9yme+WWs01JDIYtsz2Ys9qSibkXpYf9uCKxY/
 qElZnyy+Pw178xllph9PLiRJ78JwrWIqiqbLKFzQ73vnk/FdF8W3LBG7/7symMNfME
 BJTzNQA9JnqCF7VH3lNLbA5pGOZyxwl5RczkcCco0D5XFfMoPRBQDb2WSuJmATgqN/
 TmQInsi5izWf1IpJIccFVs732UJxpQ/WKOz5TsMilOfEO7/2XC2tF5uWiZiz0Axo7e
 l35EhjyMYTb/QIWIr5Ri369MhpbW91Jdq8sm5H7GhH9oSzfaGfcLWg1hbpH4sqK/Db
 MFdegLCgl9vDND8/qwKEwPqVLOXlWSDlbRlwTMkZ6neJf+kVLOPoO863VvM1FVruyl
 MEvti7cVQYxjFuu/uECTjJbCGR6M/kpXiGiHxOL3qkKq+T9JmBHwK3PWPu5D8g3sA6
 4fxJs3ChGqlrmHLyqwzHG09WP2our7smhOys+V0ylqfIJ3qa905fJVMq3vcnW8WG/o
 GZ6OW/S9QMRB24xVbMAWiQvk=
Date: Sat, 4 Mar 2023 00:46:45 +0100
From: wolf <wolf@wolfsden.cz>
To: control@debbugs.gnu.org
Subject: Unarchive
Message-ID: <ZAKG5Uc8MCprXC8H@ws>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="jzK6zehS/3ygSE4Y"
Content-Disposition: inline
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


--jzK6zehS/3ygSE4Y
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

unarchive 53468

--=20
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.

--jzK6zehS/3ygSE4Y
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEt4NJs4wUfTYpiGikL7/ufbZ/wakFAmQChuUACgkQL7/ufbZ/
wanglBAAqOKhJa7VRQdI+6wMdONasqfNBjEOxYmJLjocQD3zoB6Cri+loy0EdAPh
BeeuYt+5iD3dIz3TcWzNCf49q9of0sPB7mcUtWvl2EEWy5ZA9rvvhyupl7FQpMQJ
qqtxaSrRyOXpgla9ltSdOItMpJnYYEhtIV09pE7Eea97qJlVM1s6KprxP66ZqCii
GdlrQPUUetFZeQY4Sm4fs1P3ANcoZkJB1kepwEfYm0Dur8bLM8PlcQkVB+G1B2lq
Zhw14kgPWntAP3OjaJb8qww26V21jpQnK9CTfw970AGQs0LY8whuODjD0gqyDGgw
j+8G74IeEb5S8iWIgecERUXnhtFXVlOFcdMZYCrJvGNOrqDnYEe/74zbhwIE1bVb
1OeLGIDR6RdEmh8R1W0KOYngxglX8KmoxLwS5eUHfS05V2lmi/+inC5Y4WVP6gAU
TliWXy3CCZdMX5CIo33QOpUVYkiN3TLcLv5yHMow8KiRYFhxda18QLYFIs8Aj6gO
zwBg8AmS7No+M0c2Ncubi4MZWja6ETq0MEJdZh8EdlDe5y0Mo1/PbuNF0IsV4uVQ
yQMM1Ae5ylARwDURg/FrpFkOKc0Cut6/dryrmBLReq7IPhSsj8zFF32f8vSY8NG2
jOnEBs7aMAFjc2OSDxVJ3c5/Hjaje2O+Q4R5Xj+LUJvefGcLBvk=
=DLp9
-----END PGP SIGNATURE-----

--jzK6zehS/3ygSE4Y--




From debbugs-submit-bounces@debbugs.gnu.org Fri Mar 03 18:51:20 2023
Received: (at 53468) by debbugs.gnu.org; 3 Mar 2023 23:51:20 +0000
Received: from localhost ([127.0.0.1]:34232 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1pYFBH-0002W3-TU
	for submit@debbugs.gnu.org; Fri, 03 Mar 2023 18:51:20 -0500
Received: from wolfsden.cz ([37.205.8.62]:53502)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <wolf@wolfsden.cz>) id 1pYFBF-0002Vr-By
 for 53468@debbugs.gnu.org; Fri, 03 Mar 2023 18:51:18 -0500
Received: by wolfsden.cz (Postfix, from userid 104)
 id 09EB4242E08; Fri,  3 Mar 2023 23:51:16 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
 t=1677887476; bh=Txb57RAzIkeV7V33FPAbOngx2/6lyKJ85v1zWcVSGYs=;
 h=Resent-From:Resent-Date:Resent-To:Date:From:To:Subject;
 b=jg6qVJQJLNhDBEVq3AccA1n/LLFa5klIfF2XPkRtdObZFmmTGa7jkJwevoFC/v0se
 P1ZJayCaNYxX2FP5mFvN2ienV9EMf46he+ScV9elIhEwWoFjCeLizDfNQSSmgo0U5x
 IbvlnhXCZwROX5KklVIEOId9rWA3U2Nsvbmu2f7SEEu6qiWjWC5mAjxeWJPDxyxMrL
 937obVCb+2QNgGhroSinK4JyTmk2/qk3JUpUGS40eUWGKj4ynG0NqQcsVtRsVZZeRU
 m8izcLTJSj8XlR7hn8+A88OB2XWgIahK8Fgzxponl1ermlfyGRqGiygAzFO1YBojxk
 /pcBiXlaaWSmyYL6YukmxKCXQOtxWBE7qo2CkUXRouJPhy+fy1Y4yRNwnztwyAYWt8
 vCpksGnkpA+rPAiYarC7p77ii/dbYRtUy5M22BVurlpuEn11bZjWmBQ9Ia5Z1LVFrB
 wtF/zf3lTtV2koG+63QfHEHGwlYo5JvN6l5m0O4PSCMAECqLane0zGIuOXnc0bKP3S
 dEYpMADJkI29pxzFt4HR4IlhEK6DmiqjwKV7nsx1sNgsCj29amSZ+6hsiYUB6rl1bI
 oPXi2otunGmNTvKw1ybQowcLM0w8qPrlNOAqgZzNepvac9LNu1SDuWrdHU727F2psf
 n1HVV/itsUG9rnrWKoKNYi9g=
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden
X-Spam-Level: 
X-Spam-Status: No, score=-1.2 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED
 autolearn=unavailable autolearn_force=no version=3.4.6
Received: from localhost (unknown [128.0.188.242])
 by wolfsden.cz (Postfix) with ESMTPSA id 9D91F2427B3
 for <53468@debbugs.gnu.org>; Fri,  3 Mar 2023 23:51:11 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
 t=1677887472; bh=Txb57RAzIkeV7V33FPAbOngx2/6lyKJ85v1zWcVSGYs=;
 h=Resent-From:Resent-Date:Resent-To:Date:From:To:Subject;
 b=a1fU9e/4PyiyWc/WDC2I07UPxOU96cbPyTAIZ6qgBWgcUMlDawpfIaBLsxVKPhlWj
 dwP4HQOKyPelF1MYkY6tvwaboedNzshKjx4GqfqyZqwEj9hJivYDa6wMwPhooLMSBu
 O9D/hDt4Mu09kaGT9mwC67iXM9L7V9lFkbA9Wav7aTWAMVEGshHh68QbNxIuQU6Rwl
 hHFd5UBVOuL2YOZ0AEzpXlbOZeuIU76mQBexf4R5WUCLycuAmhxOghuvG5IUXO4zZN
 NRktOYZ7NNwbTVS/R6BUiPMU7WUDDpS1G3YNphHEqn6GoWKHJpkkwJ3kj1bkwMLA22
 Vj09S3fZvMR+H4qql2iIwNxpgEIYPkY0pqKig8/gDm4TNH/fU8/xMnKpfY2ySS8VZq
 hYeg0fPH50TH/Xy+ohHIqItlXD25L3Z2WNqBJIUvSqpGtHgL6/yVfZCZM6uAZz7bE5
 2CE52DlS8HRrF40389TnsTcM5HNDdUWyuJbmbYNyOsA2S9UcHN4OsdOWiLpWi/lUW8
 XfvBZQwUWjEzT964QDmCR66fAIfzops7PdE7HvAxPac+aWai6AJM7oLDp2Rm9vHgos
 /Z7+WpeRuH1PtvZZePfGtGW6XOvzpX6M0rv40ORxE4lOrMejgmUIjEHav7y+9vbXu4
 ADJuj3lO/27cGnFQlfoM8EnU=
Resent-From: wolf <wolf@wolfsden.cz>
Resent-Date: Sat, 4 Mar 2023 00:51:10 +0100
Resent-Message-ID: <ZAKH7kFaA6V7uMS4@ws>
Resent-To: 53468@debbugs.gnu.org
Date: Sat, 4 Mar 2023 00:33:56 +0100
From: wolf <wolf@wolfsden.cz>
To: 53468@debbugs.gnu.org
Subject: Re: [RFC PATCH] gnu: linux-pam: Change path to unix_chkpwd helper.
Message-ID: <ZAKD5PIWBQ6TUpCD@ws>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="ztDRYB7o1rSasQ2E"
Content-Disposition: inline
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 53468
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


--ztDRYB7o1rSasQ2E
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hello,

I would like to ask when this could be available on master? It seems it was
added into core-updates more then a year ago. As far as I understand this i=
s the
only blocker preventing me from using xscreensaver. Last update under the b=
ug
is:

> It=E2=80=99s not scheduled, but it=E2=80=99s likely several months from n=
ow=E2=80=A6

So I would like to ask if there is any update on this. No pressure, just as=
king.

Thanks and have a nice day,

W.

--=20
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.

--ztDRYB7o1rSasQ2E
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEt4NJs4wUfTYpiGikL7/ufbZ/wakFAmQCg94ACgkQL7/ufbZ/
wakvCw//eckQXoHo9fG150iZRl+o/+iQj+vFO871eYlGaWtXwi7T8n9iJNgs1ypJ
abvM5iH/DLQzqKsAEDoC0V8Wwp4OqF0vIKJ59AcGRIOx2cGRtOdUWthmjJ/SNT8K
pemkkuj9iPeyWuB6h8g3WMhk3foRzVILq3DdNXEm6Qme+ik8pwcsLeuT2VepxTV6
8O+6gH8uudB1H0cy/snL5Szdw2/4rNLeeWkcbpEBFWSlxxJwxtsmUvTFaEIoWXLO
Xr5O3xlV0f9fzXu9IuDiDRmna9ZNVTLGg6584rekSkYr7seJkBXFcmGKROKvVd+P
rtX4ApeJV10AGGt+mZiSpPijF/IqIUhYnjHWmWedu1rZh3M0ZVZ1SobWXEyrtQYv
AbHVeCsUtR2N8yMUGvtPs3LcGh8CDKpbVFBO7Fq+5/WF+iOrUVP4WTjl3Pg6vO1U
KZ5cjqdZGLF9OxJyw46WkShB4XtvOeEd2wYdpqZKCKkHXgR4xAQSejtLKSjGqwLo
/gvkXaqiwdP8dbxs9m4SoCyVmUpXGo8gW0BOyFtVaLGvm1sRZmndDMcy60OebBw9
W/G5miGVkNPnStr0utjEnxJT98eMNKm1RCzZCkXRY7sNsENznCGF+52eRavtdOP0
qkb/JNZd9+lj1qs+/sONN47+8XcnyOoCcOXsRzRj9kbHneBzJTY=
=G6QJ
-----END PGP SIGNATURE-----

--ztDRYB7o1rSasQ2E--




From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 07 12:57:38 2023
Received: (at 53468) by debbugs.gnu.org; 7 Mar 2023 17:57:38 +0000
Received: from localhost ([127.0.0.1]:47155 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1pZbZC-00053q-8q
	for submit@debbugs.gnu.org; Tue, 07 Mar 2023 12:57:38 -0500
Received: from out5-smtp.messagingengine.com ([66.111.4.29]:57857)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1pZbZA-00053c-DK
 for 53468@debbugs.gnu.org; Tue, 07 Mar 2023 12:57:36 -0500
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
 by mailout.nyi.internal (Postfix) with ESMTP id 561BD5C01D0;
 Tue,  7 Mar 2023 12:57:31 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163])
 by compute1.internal (MEProxy); Tue, 07 Mar 2023 12:57:31 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=cc:cc:content-type:content-type:date:date:from:from
 :in-reply-to:in-reply-to:message-id:mime-version:references
 :reply-to:sender:subject:subject:to:to; s=mesmtp; t=1678211851;
 x=1678298251; bh=3N1sYdY3ZSUBeqPbALIOlgEIzTBVICVGRULeT2+OkPI=; b=
 DoZDnhrEv/mMvGPT93LeNk4E+TObn483Mu23gjO/EojQSYRz5ce+ddf7+8Tt/tWF
 somRv6ym+jhJHveVBwdppRB1FC1hIWgJBCUdDDZ5S1ke2Or1Qp63dC91Bq6+zz6W
 VyKGM9ljtpgLLwMObYWa4eolXYIUZSnDBXXRgK/EBK4=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-type:content-type:date:date
 :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
 :message-id:mime-version:references:reply-to:sender:subject
 :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
 :x-sasl-enc; s=fm1; t=1678211851; x=1678298251; bh=3N1sYdY3ZSUBe
 qPbALIOlgEIzTBVICVGRULeT2+OkPI=; b=YIt0sbsxuMv/zfihcsEexta+wp2pS
 bj6zo8s/T3guGNhNc2XV7q+ftyRvqjC5+WSGnWJG8pd3CfxdVjpvB0l9TRB2UryG
 B2wJ8TGcAYYz1qMEW0KvxrXJ/gt/TCpkAvRz2Ln+Oh1J9JBG7nqPj2JCdLP4samI
 4dnw03X7QU2GRKjnbbxxVylAs+Ws3D9TFnNqilelRnUV/WZwiaECGb6oAtNNWorN
 Flu4dyfjvLB/m1vdpCuEj4EfW+y5jqNROBgdiR522S7dQJqoIzT8sR4uzNYRi95q
 aab5tPEApkN21tRaNEORnHCN839X2mjbaq5P8VbKhVLZOap5zKFspHYaw==
X-ME-Sender: <xms:CnsHZBGf8d4YacqkEk7H-0ZLvpB6CIFIvdX_2YesfSKqkqCHnqFWeA>
 <xme:CnsHZGUcbKu2iqkyxRaC0UDTMHJVY-2FItzDRu140oY1fN2cgeMooLi9ZLRpYJF5S
 _W2pTKrZbNgT-Sa5A>
X-ME-Received: <xmr:CnsHZDItB9meqje5MgZuADAM2zTnSlWYNztqZbDumXpCwzxSwThsNLSlb1rvNUf7QXzLMydfpeCxMF0m1GSxnL9W>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrvddutddguddtudcutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
 necuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvfevuffkfhggtggujgesgh
 dtreertddtvdenucfhrhhomhepnfgvohcuhfgrmhhulhgrrhhiuceolhgvohesfhgrmhhu
 lhgrrhhirdhnrghmvgeqnecuggftrfgrthhtvghrnheptedvtdetfefffffffeelfedvke
 ekfeduveduieejfeeugeelteffvdeuffejleevnecuvehluhhsthgvrhfuihiivgeptden
 ucfrrghrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgrrhhirdhnrghmvg
X-ME-Proxy: <xmx:C3sHZHGWpCV4T7bORq-SPQ_E6jd-a3ueYqMgUIVUJ_3M-cJKrdI79Q>
 <xmx:C3sHZHVYrdDDSgE-hA1exeGo_z7N-rv5JWfOyABGe-jESPdAwp_uSQ>
 <xmx:C3sHZCNkChqFcBsOn71mFbFSrmtGbhOWnQ_OycjbWYwy_NHouhBA_g>
 <xmx:C3sHZIf-hS38s1FqdpI0i6LXIT0U7ybmpeNV0qQtWjMgGneNqmK0aw>
Feedback-ID: i819c4023:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue,
 7 Mar 2023 12:57:30 -0500 (EST)
Date: Tue, 7 Mar 2023 12:57:29 -0500
From: Leo Famulari <leo@famulari.name>
To: wolf <wolf@wolfsden.cz>
Subject: Re: [bug#53468] [RFC PATCH] gnu: linux-pam: Change path to
 unix_chkpwd helper.
Message-ID: <ZAd7Cc3wk1GsI4Eq@jasmine.lan>
References: <87tudu38yz.fsf@trop.in>
 <ZAKD5PIWBQ6TUpCD@ws>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="f+aipehrkMitcch5"
Content-Disposition: inline
In-Reply-To: <ZAKD5PIWBQ6TUpCD@ws>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 53468
Cc: 53468@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)


--f+aipehrkMitcch5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Sat, Mar 04, 2023 at 12:33:56AM +0100, wolf wrote:
> So I would like to ask if there is any update on this. No pressure, just asking.

The core-updates branch is now actively being prepared for the merge
into master. It's probably still at least one month away, if not several
months. Unfortunately we can't predict the timeframe.

--f+aipehrkMitcch5
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmQHewkACgkQJkb6MLrK
fwg01xAA6GiTyxFz9WXN2KIjj/XdHTrkiFNHn5WAxBG+C/2iZS6Ae+QjHVDhSW6N
vJRkGO+JUCjGrO2XQr1M882bh8lkiTMYtg9kpp2jls70vewBMO7BjOFHkjHws0Q6
hdJl1h2Z8zi9IiFf2OF5KTkoPoCeXVOyXfBqUjlqwM+iNuDXdvseeTmCIaH5I0YZ
zXAnmQ4nSJ6RM8p6HBXas10hAa8JT17coe5pXuaOZEfdayvTu1HIpR3dD8ec/A9b
gBfmie0hJRuOwkRa4MjcQYjfXWOiNObLI93R8nMVxBxbQD8ver+DSZOmfYv3Eqpo
qCEYfZrMyUmEUoGo2/PDKPDp8pVnk/6ZboBA+nm5oAr7B8ir8Q6YNPSLpgJfbWKV
eDqEIJYDXvHti3l2YjczJhu0EbgortPG52aXdVrrUA6zlYMJX4nzwjtKkUChWn4V
za1ESJSAlvMN4JVC5JY1brKy0RN9ncOoDtWA5E2XSVL1JCoodkqnh1J12RTWgsfO
o1CEHb2mBG8wUUM6ztM/u1dfU9HQBET1Dl6ZXJTXENuqrasClmg0W8qWFBqNcU0M
AhPyVTxJq93ZEmSkGD3Gzw59ojYj/DIgFsMewgbOjxbJsgUA8IrMYaQaI4cJsSBV
E/PG0GpCmzl70CFrHFB6CbaBxZp1mArgFKW5j80AFMmFt950MOI=
=Ex7r
-----END PGP SIGNATURE-----

--f+aipehrkMitcch5--




From unknown Thu Sep 18 21:00:33 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Wed, 05 Apr 2023 11:24:09 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator