Skip to content

pam: re-enable pam_lastlog module#281182

Merged
marsam merged 1 commit intoNixOS:stagingfrom
trofi:pam-re-enable-lastlog
Jan 17, 2024
Merged

pam: re-enable pam_lastlog module#281182
marsam merged 1 commit intoNixOS:stagingfrom
trofi:pam-re-enable-lastlog

Conversation

@trofi
Copy link
Contributor

@trofi trofi commented Jan 15, 2024
edited
Loading

Without the chnage login fails at least in VM tests as:

$ nix build --no-link -f. gjs.tests -L
...
vm-test-run-gjs> machine # [    6.331514] lightdm[1069]: PAM unable to dlopen(/nix/store/9p9ya5n7zi0smc3fb95ck2yvjma26dn5-linux-pam-1.5.3/lib/security/pam_lastlog.so): /nix/store/9p9ya5n7zi0smc3fb95ck2yvjma26dn5-linux-pam-1.5.3/lib/security/pam_lastlog.so: cannot open shared object file: No such file or directory
vm-test-run-gjs> machine # [    6.332529] lightdm[1069]: PAM adding faulty module: /nix/store/9p9ya5n7zi0smc3fb95ck2yvjma26dn5-linux-pam-1.5.3/lib/security/pam_lastlog.so

Description of changes

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.05 Release Notes (or backporting 23.05 and 23.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@trofi
pam: re-enable pam_lastlog module
0a59952 
Without the chnage login fails at least in VM tests as:

    $ nix build --no-link -f. gjs.tests -L
    ...
    vm-test-run-gjs> machine # [    6.331514] lightdm[1069]: PAM unable to dlopen(/nix/store/9p9ya5n7zi0smc3fb95ck2yvjma26dn5-linux-pam-1.5.3/lib/security/pam_lastlog.so): /nix/store/9p9ya5n7zi0smc3fb95ck2yvjma26dn5-linux-pam-1.5.3/lib/security/pam_lastlog.so: cannot open shared object file: No such file or directory
    vm-test-run-gjs> machine # [    6.332529] lightdm[1069]: PAM adding faulty module: /nix/store/9p9ya5n7zi0smc3fb95ck2yvjma26dn5-linux-pam-1.5.3/lib/security/pam_lastlog.so
@NickCao
Copy link
Member

NickCao commented Jan 15, 2024

Shall we do

--- a/nixos/modules/security/pam.nix
+++ b/nixos/modules/security/pam.nix
@@ -813,9 +813,6 @@ let
             skel = config.security.pam.makeHomeDir.skelDirectory;
             inherit (config.security.pam.makeHomeDir) umask;
           }; }
-          { name = "lastlog"; enable = cfg.updateWtmp; control = "required"; modulePath = "${pkgs.pam}/lib/security/pam_lastlog.so"; settings = {
-            silent = true;
-          }; }
           { name = "ecryptfs"; enable = config.security.pam.enableEcryptfs; control = "optional"; modulePath = "${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"; }
           # Work around https://github.com/systemd/systemd/issues/8598
           # Skips the pam_fscrypt module for systemd-user sessions which do not have a password

@trofi
Copy link
Contributor Author

trofi commented Jan 15, 2024

Shall we do

--- a/nixos/modules/security/pam.nix
+++ b/nixos/modules/security/pam.nix
@@ -813,9 +813,6 @@ let
             skel = config.security.pam.makeHomeDir.skelDirectory;
             inherit (config.security.pam.makeHomeDir) umask;
           }; }
-          { name = "lastlog"; enable = cfg.updateWtmp; control = "required"; modulePath = "${pkgs.pam}/lib/security/pam_lastlog.so"; settings = {
-            silent = true;
-          }; }
           { name = "ecryptfs"; enable = config.security.pam.enableEcryptfs; control = "optional"; modulePath = "${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"; }
           # Work around https://github.com/systemd/systemd/issues/8598
           # Skips the pam_fscrypt module for systemd-user sessions which do not have a password

I suggest doing it separately in master. It's a functional change. And we might as well try https://github.com/thkukuk/lastlog2 as a replacement.

This was referenced Jan 15, 2024
Merged
Merged
@ofborg ofborg bot added 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Jan 16, 2024
@marsam marsam merged commit 0ae697b into NixOS:staging Jan 17, 2024
@trofi trofi deleted the pam-re-enable-lastlog branch January 17, 2024 10:27
@amaxine amaxine mentioned this pull request Jan 20, 2024
Closed
13 tasks
@LordGrimmauld LordGrimmauld mentioned this pull request Jul 28, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@marsam marsam marsam approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@trofi @NickCao @marsam