c/zfsonlinux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

buildsys: make libpam-zfs a separate package

Browse Source 
ZFS includes (since 2.0.0) a pam-module, which takes the login
credentials of an user to unlock their home-dataset.

Enabling it in its current state can cause some side-effects like
prompting for a password when running `su` as root (see [0]).

Our update to ZFS 2.0.0 shipped the pam config in zfsutils-linux,
whereas debian-upstream split it out into its own optional package

This commit adopts this change.
based on debian-upstream [1] commit
cad2f3d24aa44cfdce1e2eae8b6ba027efaba2d6

The issue becomes apparent by installing the current zfsutils-linux
package and running `pam-auth-update --package` (e.g. by installing
an upgraded libpam-runtime package).

[0] https://github.com/openzfs/zfs/issues/11222
[1] https://salsa.debian.org/zfsonlinux-team/zfs/

Reported-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Originally-by: Antonio Russo <aerusso@aerusso.net>
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
This commit is contained in:
Stoiko Ivanov 2021-02-09 19:41:43 +01:00 committed by Thomas Lamprecht
parent b34f3bcce2
commit 1f122c546d
5 changed files with 30 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
debian/control vendored
View File

@ -5,6 +5,8 @@ Maintainer: Proxmox Support Team <support@proxmox.com>
Build-Depends: debhelper (>= 10~), Build-Depends: debhelper (>= 10~),
dh-python, dh-python,
libblkid-dev, libblkid-dev,
libelf-dev,
libpam0g-dev,
libssl-dev | libssl1.0-dev, libssl-dev | libssl1.0-dev,
libtool, libtool,
lsb-release, lsb-release,
@ -30,6 +32,18 @@ Description: Solaris name-value library for Linux
transporting data across process boundaries, transporting between transporting data across process boundaries, transporting between
kernel and userland, and possibly saving onto disk files. kernel and userland, and possibly saving onto disk files.
Package: libpam-zfs
Section: contrib/admin
Architecture: linux-any
Depends: libpam-runtime, ${misc:Depends}, ${shlibs:Depends}
Description: PAM module for managing encryption keys for ZFS
OpenZFS is a storage platform that encompasses the functionality of
traditional filesystems and volume managers. It supports data checksums,
compression, encryption, snapshots, and more.
.
This provides a Pluggable Authentication Module (PAM) that automatically
unlocks encrypted ZFS datasets upon login.
Package: libuutil2linux Package: libuutil2linux
Section: contrib/libs Section: contrib/libs
Architecture: linux-any Architecture: linux-any

2
debian/libpam-zfs.install vendored Normal file
View File

@ -0,0 +1,2 @@
lib/*/security/pam_zfs_key.so
usr/share/pam-configs/zfs_key

6
debian/libpam-zfs.postinst vendored Normal file
View File

@ -0,0 +1,6 @@
#!/bin/sh
set -e
pam-auth-update --package
#DEBHELPER#

8
debian/libpam-zfs.prerm vendored Normal file
View File

@ -0,0 +1,8 @@
#!/bin/sh
set -e
if [ "$1" = remove ] ; then
pam-auth-update --package --remove zfs_key
fi
#DEBHELPER#

2
debian/zfsutils-linux.install vendored
View File

@ -2,7 +2,6 @@
etc/default/zfs etc/default/zfs
etc/zfs/zfs-functions etc/zfs/zfs-functions
etc/zfs/zpool.d/ etc/zfs/zpool.d/
lib/*/security/pam_zfs_key.so
lib/systemd/system-preset/ lib/systemd/system-preset/
lib/systemd/system/zfs-import-cache.service lib/systemd/system/zfs-import-cache.service
lib/systemd/system/zfs-import-scan.service lib/systemd/system/zfs-import-scan.service
@ -119,4 +118,3 @@ usr/share/man/man8/zpoolconcepts.8
usr/share/man/man8/zpoolprops.8 usr/share/man/man8/zpoolprops.8
usr/share/man/man8/zstream.8 usr/share/man/man8/zstream.8
usr/share/man/man8/zstreamdump.8 usr/share/man/man8/zstreamdump.8
usr/share/pam-configs/zfs_key