Move sys-libs/pam to portage-stable #1706

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merged

krnowak merged 22 commits into main from krnowak/pam

Nov 12, 2025

Member

krnowak commented Feb 27, 2024 •

edited

Loading

CI: http://localhost:8080/job/container/job/sdk/2363/cldsv/

Needs flatcar/baselayout#38 first.

Move sys-auth/pambase to portage stable.
- It has two user-patches, one could maybe be upstreamed, the other one is some Flatcar modifications.
- The first user patch is a slight rework of some session stuff to make it unnecessary for systemd-user and system-run0 PAM config files from sys-apps/systemd to catch up with changes in pambase.
- The second user patch consists mostly of some Flatcar-specific modifications, so the files do not differ too greatly from what we used to have (mostly timeouts, and dropped some sssd-related checks).
Pull in baselayout with its pam config files removed.
Move sys-libs/pam to portage stable.
Update some packages through coreos/config/env to move their pam configs to vendor directory.
Clean up messed up pam vendor directories.
- The mess was that we had /usr/lib/pam.d, /usr/lib/pam and /usr/share/pam.d directories. PAM config files were either in /usr/lib/pam.d or in /usr/share/pam.d. /usr/lib/pam was only for the /usr/lib/pam/security directory.
- Defaults to /usr/lib/pam as a vendor directory.
  - I wasn't entirely sure which directory to pick up for vendor directory, just went with one. Made the other directories symlinks to this one.
Add a check to prod_image_util to verify that all pam config files have their copies in vendor directory.

--

Changelog entries added in the respective changelog/ directory (user-facing change, bug fix, security fix, update)
Inspected CI output for image differences: /boot and /usr size, packages, list files for any missing binaries, kernel modules, config files, kernel modules, etc.

krnowak added the main label

krnowak had a problem deploying to development

February 27, 2024 09:41

— with

GitHub Actions Error

krnowak force-pushed the krnowak/pam branch from f0b32ad to efcb030 Compare

March 4, 2024 09:53

krnowak had a problem deploying to development

March 4, 2024 09:53

— with

GitHub Actions Error

krnowak had a problem deploying to development

March 4, 2024 10:04

— with

GitHub Actions Error

github-actions bot mentioned this pull request

Monthly contributions report 2024-02-22 - 2024-03-21 flatcar/Flatcar#1398

Closed

krnowak force-pushed the krnowak/pam branch from 385560e to 15392fc Compare

October 16, 2025 15:42

krnowak had a problem deploying to development

October 16, 2025 15:43

— with

GitHub Actions Error

krnowak force-pushed the krnowak/pam branch from 15392fc to 50b5a89 Compare

October 17, 2025 10:28

krnowak had a problem deploying to development

October 17, 2025 10:28

— with

GitHub Actions Error

krnowak force-pushed the krnowak/pam branch from 50b5a89 to 406ecf3 Compare

October 21, 2025 09:56

krnowak had a problem deploying to development

October 21, 2025 09:56

— with

GitHub Actions Error

krnowak force-pushed the krnowak/pam branch from 406ecf3 to e0a8c69 Compare

October 21, 2025 10:53

krnowak had a problem deploying to development

October 21, 2025 10:53

— with

GitHub Actions Error

krnowak force-pushed the krnowak/pam branch from e0a8c69 to dc07054 Compare

October 21, 2025 11:50

krnowak had a problem deploying to development

October 21, 2025 11:50

— with

GitHub Actions Error

krnowak force-pushed the krnowak/pam branch from dc07054 to 4d5f669 Compare

October 22, 2025 07:26

krnowak had a problem deploying to development

October 22, 2025 07:27

— with

GitHub Actions Error

krnowak force-pushed the krnowak/pam branch from 4d5f669 to 146106a Compare

October 24, 2025 07:56

krnowak had a problem deploying to development

October 24, 2025 07:56

— with

GitHub Actions Error

krnowak force-pushed the krnowak/pam branch from 146106a to af7069e Compare

October 24, 2025 12:24

krnowak had a problem deploying to development

October 24, 2025 12:24

— with

GitHub Actions Error

krnowak force-pushed the krnowak/pam branch from af7069e to 3267e8a Compare

October 28, 2025 13:11

krnowak had a problem deploying to development

October 28, 2025 13:11

— with

GitHub Actions Error

krnowak had a problem deploying to development

October 28, 2025 15:10

— with

GitHub Actions Error

krnowak force-pushed the krnowak/pam branch from b2c3dac to 4d334f5 Compare

October 29, 2025 10:54

krnowak had a problem deploying to development

October 29, 2025 10:54

— with

GitHub Actions Error

krnowak force-pushed the krnowak/pam branch from 4d334f5 to 21a1774 Compare

October 29, 2025 12:24

krnowak had a problem deploying to development

October 29, 2025 12:24

— with

GitHub Actions Error

krnowak force-pushed the krnowak/pam branch from 21a1774 to c7f376a Compare

October 29, 2025 14:19

Member Author

krnowak commented Nov 12, 2025

@chewi: Thanks for the review. :) Can I haz a review also for baselayout PR, that this PR is using? flatcar/baselayout#38

Thanks!

krnowak added 22 commits

November 12, 2025 18:00


          overlay coreos/user-patches: Add a user patch for sys-libs/pam

d4b2965

It's a patch for adding the account locking functionality.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>


          overlay profiles: Add a function for vendorizing pam files

2b120cc

This is meant to be used by packages installing pam config files. The
function should be invoked in a post src_install hook.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>


          overlay coreos/config: Add config overrides for sys-libs/pam

86df95d

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>


          overlay sys-libs/pam: Move to portage-stable

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>


          sys-libs/pam: Sync with Gentoo

5e7e095

It's from Gentoo commit 197e3931b76a596e0df99bd22809d1db04ec5131.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>


          .github: Add sys-libs/pam to automation

8ed5996

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>


          build_library: Add a check for PAM configs

This is to make sure that all the packages installing pam configs
actually have them in the vendor directory.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>


          overlay sys-auth/pambase: Move to portage-stable

c9573f1

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>


          sys-auth/pambase: Sync with Gentoo

14c8a7b

It's from Gentoo commit f32e281b3b124b273302ddffeb06c0e6f20852e9.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>


          overlay coreos/user-patches: Add patches for sys-auth/pambase

fa4e6f2

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>


          .github: Add sys-auth/pambase to automation

1a0727e

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>


          overlay sys-apps/baselayout: Pull in pam files removal, cleanups

b4c59b6

We are building sssd on arm64, so drop the unnecessary code. Also
create some more compatibility symlinks.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>


          overlay coreos/config: Clean up pam config mess for sys-apps/systemd

1668f15

Use the default location for pam configs. We replace them with our own
in post_src_install hook anyway.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>


          overlay profiles: Set some USE flags for sys-auth/pambase

064cca2

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>


          overlay coreos/config: Add vendoring of PAM files to a couple of pack…

318e6af

…ages

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>


          overlay coreos-base/oem-vmware: Do not mangle pam files

009df56

This already should be taken care of by open-vm-tools post install
hooks.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>


          app-text/docbook-xsl-ns-stylesheets: Add from Gentoo

9ba0af2

It's from Gentoo commit 0ad96e879b651cc7e8214159d5841d6b633bef8a.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>


          .github: Add app-text/docbook-xsl-ns-stylesheets to automation

b9b3567

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>


          .github: Sort entries in automation list

46b966c

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>


          build_packages: Break a new dep loop

bcde678

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>


          build_packages: Document another dep loop

9c606ea

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>


          changelog: Add entries

eb522c7

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>

krnowak force-pushed the krnowak/pam branch from ce52dd8 to eb522c7 Compare

November 12, 2025 17:05

krnowak requested a deployment to development

November 12, 2025 17:05

— with

GitHub Actions Waiting

krnowak merged commit 5d49390 into main

1 of 5 checks passed

github-project-automation bot moved this from ✅ Testing / in Review to Implemented in Flatcar tactical, release planning, and roadmap

krnowak deleted the krnowak/pam branch

November 12, 2025 17:07

dongsupark mentioned this pull request

update: pam flatcar/Flatcar#1349

Closed

github-actions bot mentioned this pull request

Monthly contributions report 2025-10-22 - 2025-11-21 flatcar/Flatcar#1953

Open

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

main