From 8718063db20e18c46c8ac0abf5a7195eb87f0c01 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 27 Aug 2025 16:10:08 +0200 Subject: [PATCH] build_library: Add a check for PAM configs This is to make sure that all the packages installing pam configs actually have them in the vendor directory. Signed-off-by: Krzesimir Nowak --- build_library/prod_image_util.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/build_library/prod_image_util.sh b/build_library/prod_image_util.sh index 9beaf7f433..7463f26d40 100755 --- a/build_library/prod_image_util.sh +++ b/build_library/prod_image_util.sh @@ -158,10 +158,14 @@ create_prod_image() { L+ /etc/ld.so.conf - - - - ../usr/lib/ld.so.conf EOF - # Move the PAM configuration into /usr - sudo mkdir -p ${root_fs_dir}/usr/lib/pam.d - sudo mv -n ${root_fs_dir}/etc/pam.d/* ${root_fs_dir}/usr/lib/pam.d/ - sudo rmdir ${root_fs_dir}/etc/pam.d + local -a bad_pam_files + mapfile -t -d '' bad_pam_files < <(find "${root_fs_dir}"/etc/security "${root_fs_dir}"/etc/pam.d ! -type d ! -name '.keep*' -print0) + if [[ ${#bad_pam_files[@]} -gt 0 ]]; then + error "Found following PAM config files: ${bad_pam_files[@]#"${root_fs_dir}"}" + error "Expected them to be either removed or, better, vendored (/etc/pam.d files should be in /usr/lib/pam, /etc/security files should be in /usr/lib/pam/security)." + error "Vendoring can be done with vendorize_pam_files inside a post_src_install hook for the package that installed the config file." + die "PAM config errors spotted" + fi # Remove source locale data, only need to ship the compiled archive. sudo rm -rf ${root_fs_dir}/usr/share/i18n/