hooks: move all pam.d files into usr/lib and replace their @includes …

…with abs paths
canonical · Dec 2, 2024 · ceca0ee · ceca0ee
1 parent bc26b74
commit ceca0ee
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 3 deletions.
diff --git a/hook-tests/031-faillock.test b/hook-tests/031-faillock.test
@@ -2,4 +2,4 @@
 
 set -eu
 
-grep pam_faillock.so etc/pam.d/common-auth
+grep pam_faillock.so usr/lib/pam.d/common-auth
diff --git a/hooks/900-cleanup-etc-var.chroot b/hooks/900-cleanup-etc-var.chroot
@@ -22,8 +22,15 @@ rm /etc/debian_version
 # /etc/pam.d to allow snaps to mount their own pam.d files as well
 rm /etc/pam.conf
 
-# we cannot move the common-* files, as they are expected only in /etc/pam.d
-find /etc/pam.d/ -type f ! -name "common-*" -exec mv {} /usr/lib/pam.d \;
+# move pam.d files from /etc/pam.d to /usr/lib/pam.d to allow snaps
+# to mount on top and provide their own.
+mv etc/pam.d/* usr/lib/pam.d
+
+# Prefix all includes with /usr/lib/pam.d for now, we have to do this unfortunately
+# due to a bug in the debian patch for @includes.
+# See filed bug: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/2087827
+# XXX: Remove this line once its fixed upstream
+find usr/lib/pam.d/ -type f -exec sed -i -e 's/\@include /\@include \/usr\/lib\/pam.d\//g' {} \;
 
 # cloud-init adds stuff here
 rm -rvf /etc/profile.d/Z99-cloud*
Original file line number	Diff line number	Diff line change
Expand Up		@@ -2,4 +2,4 @@

		set -eu

		grep pam_faillock.so etc/pam.d/common-auth
		grep pam_faillock.so usr/lib/pam.d/common-auth