linux-pam: make it use SUID wrapped version of unix_ckpwd

2 years ago · fd8f6de4b8
parent a10d11b59f
commit fd8f6de4b8
2 changed files with 8 additions and 0 deletions
--- a/pkgs/os-specific/linux/pam/default.nix
+++ b/pkgs/os-specific/linux/pam/default.nix
@ -12,6 +12,8 @@ stdenv.mkDerivation rec {
    sha256 = "sha256-IB1AcwsRNbGzzeoJ8sKKxjTXMYHM0Bcs7d7jZJxXkvw=";
  };

+  patches = [ ./suid-wrapper-path.patch ];
+
  outputs = [ "out" "doc" "man" /* "modules" */ ];

  depsBuildBuild = [ buildPackages.stdenv.cc ];
--- a/pkgs/os-specific/linux/pam/suid-wrapper-path.patch
+++ b/pkgs/os-specific/linux/pam/suid-wrapper-path.patch
@ -0,0 +1,6 @@
+It needs the SUID version during runtime, and that can't be in /nix/store/**
+--- a/modules/pam_unix/Makefile.in
+++ b/modules/pam_unix/Makefile.in
+@@ -651 +651 @@
+-	-DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\" \
+	-DCHKPWD_HELPER=\"/run/wrappers/bin/unix_chkpwd\" \