We still want the Fedora systemd-user pam config when building with
--noprep so let's install the pam config file using a regular source
instead of patching the one provided by systemd.
This file changes rarely, but it does every one in a while. And since we have an
independent copy, we forget to adjust it. We have had already two bugs because
of this. I submitted a PR upstream to include pam_namespace (because that makes
sense for all distros), so the diff between upstream and us now is just the
inclusion of system-auth (which is not upstreamable).
Effectively, the only difference right now is that 'pam_keyinit force revoke'
is included. It was added upstream with the comment:
We want that systemd --user gets its own keyring as usual, even if the
barebones PAM snippet we ship upstream is used. If we don't do this we get
the basic keyring systemd --system sets up for us.
This makes it possible to build RPMs from a git tree using
`rpmbuild --build-in-place --noprep` and have resulting RPMs
that will preserve the override of the PAM config file.
This needs to commit to HAVE_SELINUX being defined (since there
is no longer an m4 step to make that stanza conditional), but
that should be acceptable since the %build step calls Meson
with -Dselinux=true.
Tested:
- Chdir into a checkout of github.com/systemd/systemd tree and run:
$ rpmbuild -bb --build-in-place --noprep \
--define "gitcommit $(git rev-parse HEAD)" \
--define "_sourcedir $HOME/fedorarpms/systemd" \
~/fedorarpms/systemd/systemd.spec
- Inspect the contents of systemd-user in the generated RPM package:
$ rpm2cpio ~/rpmbuild/RPMS/x86_64/systemd-239-3.git99352de.fc29.x86_64.rpm \
| cpio -i --to-stdout --quiet ./etc/pam.d/systemd-user
...
account include system-auth
...
session include system-auth
