The transitional behaviour was complete before oldoldstable and is no
longer relevant. Moving this snippet will eventually enable us to
remove the preinst for passwd completely (when the
/etc/cron.daily/passwd removal is complete). This will both reduce
the total number of maintscripts and also enable us to simplify
deployment DPKG_ROOT (the InstallBootstrap spec).
* https://wiki.debian.org/Teams/Dpkg/Spec/InstallBootstrap
Signed-off-by: Niels Thykier <niels@thykier.net>
The transitional behaviour was complete before oldoldstable and is no
longer relevant. Moving this snippet will eventually enable us to
remove the preinst for login completely (when the /etc/securetty
removal is complete). This will both reduce the total number of
maintscripts and also enable us to simplify deployment DPKG_ROOT (the
InstallBootstrap spec).
* https://wiki.debian.org/Teams/Dpkg/Spec/InstallBootstrap
Signed-off-by: Niels Thykier <niels@thykier.net>
The following needed massaging to apply:
* debian/patches/508_nologin_in_usr_sbin
* debian/patches/401_cppw_src.dpatch
The remaining patches just got trivial quilt refresh updates,
except debian/patches/506_relaxed_usernames which needed
special attention to be correctly refreshed.
The shadow package did now ship the su program even before this,
Debian uses the util-linux implementation of su (since Buster).
In shadow 4.8 there's now an explicit configure flag that can be
used to disable su explicitly, rather than just not shipping it in
the resulting debian package.
See commit 88de51965d
"Stop shipping su and break old util-linux version. (See #833256)"
pam_selinux calls setexeccon() with the context of the user, that means
that the first execve() after the call to "pam_selinux open" will be
executed in the user's context.
As pam_motd in debian calls system() to run run-parts to generate the
motd dynamically we need to be sure that this is done before that so it
runs in the context of the login executable.
It was added in 2010 (#554170) as a split off from a previous cron
job. I haven't seen an arguement for why it's useful to keep.
Depending on when a mistake occurs in one of the files it backups
it will provide variable recovery time of 0 to 24hours.
