Add script to avoid fingerprint-auth issues for long term Fedora users

Resolves: #1942443
This commit is contained in:
Benjamin Berg 2021-04-16 15:56:08 +02:00
parent ea80571848
commit 1d8ac5d19c

View File

@ -3,7 +3,7 @@
Summary: An extensible library which provides authentication for applications
Name: pam
Version: 1.5.1
Release: 4%{?dist}
Release: 5%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+
# - this option is redundant as the BSD license allows that anyway.
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@ -361,7 +361,26 @@ done
%doc doc/txts
%doc doc/sag/*.txt doc/sag/html
%posttrans
# For people upgrading from older Fedora versions, authselect might not be
# enabled or unable to do anything due to e.g. a modified nsswitch.conf.
# The following snippets apply important fixes in those cases.
# Change pam_fprintd.so in fingerprint-auth from sufficient to [success=done default=bad]
# in order for PAM_AUTHINFO_UNAVAIL error codes to be propagated.
FILE="$(readlink -f %{_sysconfdir}/pam.d/fingerprint-auth || echo %{_sysconfdir}/pam.d/fingerprint-auth)"
test "$FILE" != %{_sysconfdir}/authselect/fingerprint-auth && \
%__grep -q '^auth[[:space:]]\+sufficient[[:space:]]\+pam_fprintd.so' $FILE && \
%__sed -i.bak -e 's/^auth[[:space:]]\+sufficient[[:space:]]\+pam_fprintd.so\(.*\)/auth [success=done default=bad] pam_fprintd.so\1/g' $FILE
exit 0
%changelog
* Fri Apr 16 2021 Benjamin Berg <bberg@redhat.com> - 1.5.1-5
- Add script to avoid fingerprint-auth issues for long term Fedora users
Resolves: #1942443
* Mon Apr 12 2021 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-4
- Change fingerprint-auth.pamd to return PAM_AUTHINFO_UNAVAIL from pam_fprintd.so
- Clean auto-generated message from pam stack files