Skip to content

nixos/pam: replace deprecated lastlog with lastlog2#282337

Closed
amaxine wants to merge 2 commits intoNixOS:masterfrom
amaxine:pam_lastlog2
Closed

nixos/pam: replace deprecated lastlog with lastlog2#282337
amaxine wants to merge 2 commits intoNixOS:masterfrom
amaxine:pam_lastlog2

Conversation

@amaxine
Copy link
Contributor

@amaxine amaxine commented Jan 20, 2024
edited
Loading

Description of changes

As of pam 1.5.3, lastlog is considered deprecated (see also #267447 and #281182). This PR attempts to introduce pam_lastlog2 and switch the configuration over. Tested full functionality.

cc @trofi

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.05 Release Notes (or backporting 23.05 and 23.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` labels Jan 20, 2024
amaxine
amaxine commented Jan 20, 2024
View reviewed changes
nixos/modules/security/pam.nix
Comment on lines +1523 to +1525
systemd.packages = optionals config.security.pam.services.login.updateWtmp [ pkgs.pam_lastlog2 ];
systemd.services.lastlog2-import.enable = config.security.pam.services.login.updateWtmp;
systemd.tmpfiles.packages = optionals config.security.pam.services.login.updateWtmp [ pkgs.pam_lastlog2 ];
Copy link
Contributor Author

@amaxine amaxine Jan 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While this "works" since this is the only in nix use of updateWtmp (which should probably be updated to be updateLastlog, but I didn't go searching for historical reasons), I feel like it should be relying on globbing config.security.pam.services.*.updateWtmp - but I'm not sure how to make this happen.

@ofborg ofborg bot added 8.has: package (new) This PR adds a new package 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. labels Jan 20, 2024
@amaxine
Copy link
Contributor Author

amaxine commented Jan 20, 2024

I think to fully maintain behaviour we probably also want to introduce pam_wtmpdb and enable both.

@delroth delroth added the 12.approvals: 1 This PR was reviewed and approved by one person. label Jan 20, 2024
@amaxine amaxine changed the title pam_lastlog2: init at 1.2.0 nixos/pam: replace deprecated lastlog with lastlog2 Jan 20, 2024
@amaxine
Copy link
Contributor Author

amaxine commented Jan 20, 2024

Updated PR name to more accurately reflect the purpose of these changes.

It looks like lastlog2 will be merged into util-linux, so this might be relatively short lived (util-linux/util-linux#2508), nonetheless I don't think it hurts to sort it out now, and just drop pam_lastlog2 once it becomes part of util-linux in a future release.

I have pam_wtmpd in a branch, untested: https://github.com/amaxine/nixpkgs/tree/pam_wtmpdb - this would fully replace lastlog functionality, though I'm not sure if that's necessary. I'm not super familiar with pam, or with everything that interacts with lastlog and wtmp.

@amaxine
Copy link
Contributor Author

amaxine commented Jan 27, 2024

Looks like lastlog2 will make it into 2.40 of util-linux, I'm gonna leave this PR until that makes its way into nix.

@amaxine
Copy link
Contributor Author

amaxine commented Feb 11, 2024

Closing this. Should be revisited when 2.40 is out (rc1 is out), but I'm not promising I'll do it myself.

@amaxine amaxine closed this Feb 11, 2024
@amaxine amaxine deleted the pam_lastlog2 branch February 11, 2024 15:53
@MatthewCroughan MatthewCroughan mentioned this pull request May 4, 2025
Open
3 tasks
This was referenced Jul 28, 2025
Merged
Closed
@LordGrimmauld LordGrimmauld mentioned this pull request Jul 28, 2025
Merged
13 tasks
LordGrimmauld added a commit to LordGrimmauld/nixpkgs that referenced this pull request Jul 31, 2025
@LordGrimmauld @amaxine
nixos/pam: switch to lastlog2
d30eeb3 
Adaptation of NixOS#282337 to use `util-linux` as `lastlog2` provider

Co-Authored-By: Maxine Aubrey <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@trofi trofi trofi approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 8.has: package (new) This PR adds a new package 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 12.approvals: 1 This PR was reviewed and approved by one person.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@amaxine @trofi @delroth