From 4079632d1aed4f3e50ea21de674a9b6d537d3e05 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat, 13 Jul 2019 11:41:37 +0000
Subject: [PATCH] remove modifying to /etc/pam.d directly (unrelased)
 config-package-dev displace /etc/securetty remove trailing spaces

https://forums.whonix.org/t/restrict-root-access/7658/31
---
 debian/security-misc.displace   |  3 +--
 debian/security-misc.postinst   | 11 +----------
 debian/security-misc.prerm      | 27 +++------------------------
 debian/security-misc.undisplace |  5 +++++
 etc/pam.d/su.security-misc      |  4 ++--
 5 files changed, 12 insertions(+), 38 deletions(-)
 create mode 100644 debian/security-misc.undisplace

diff --git a/debian/security-misc.displace b/debian/security-misc.displace
index a152262..9bce6c3 100644
--- a/debian/security-misc.displace
+++ b/debian/security-misc.displace
@@ -2,5 +2,4 @@
 ## See the file COPYING for copying conditions.
 
 /etc/login.defs.security-misc
-/etc/pam.d/common-session-noninteractive.security-misc
-/etc/pam.d/common-session.security-misc
+/etc/securetty.security-misc
diff --git a/debian/security-misc.postinst b/debian/security-misc.postinst
index 11e808d..9217645 100644
--- a/debian/security-misc.postinst
+++ b/debian/security-misc.postinst
@@ -29,16 +29,7 @@ case "$1" in
     ;;
 esac
 
-[ -n "$DEBIAN_FRONTEND" ] || DEBIAN_FRONTEND="noninteractive"
-[ -n "$DEBIAN_PRIORITY" ] || DEBIAN_PRIORITY="critical"
-[ -n "$DEBCONF_NOWARNINGS" ] || DEBCONF_NOWARNINGS="yes"
-[ -n "$APT_LISTCHANGES_FRONTEND" ] || APT_LISTCHANGES_FRONTEND="text"
-export POLICYRCD DEBIAN_FRONTEND DEBIAN_PRIORITY DEBCONF_NOWARNINGS APT_LISTCHANGES_FRONTEND
-
-## Jul 07 20:35:39 host sudo[16090]: PAM unable to dlopen(pam_cgfs.so): /lib/security/pam_cgfs.so: cannot open shared object file: No such file or directory
-## Jul 07 20:35:39 host sudo[16090]: PAM adding faulty module: pam_cgfs.so
-## --package hangs in Qubes updater since it starts whiptail for interactive dpkg configuration dialog.
-pam-auth-update --force
+pam-auth-update --package
 
 true "INFO: debhelper beginning here."
 
diff --git a/debian/security-misc.prerm b/debian/security-misc.prerm
index 95a420a..d23c9a4 100644
--- a/debian/security-misc.prerm
+++ b/debian/security-misc.prerm
@@ -15,30 +15,9 @@ true "
 #####################################################################
 "
 
-[ -n "$DEBIAN_FRONTEND" ] || DEBIAN_FRONTEND="noninteractive"
-[ -n "$DEBIAN_PRIORITY" ] || DEBIAN_PRIORITY="critical"
-[ -n "$DEBCONF_NOWARNINGS" ] || DEBCONF_NOWARNINGS="yes"
-[ -n "$APT_LISTCHANGES_FRONTEND" ] || APT_LISTCHANGES_FRONTEND="text"
-export POLICYRCD DEBIAN_FRONTEND DEBIAN_PRIORITY DEBCONF_NOWARNINGS APT_LISTCHANGES_FRONTEND
-
-## pam-auth-update is usually used in postinst and prerm.
-## Added extra space after /var to avoid lintian false positive warning.
-#grep -r -l pam-auth-update /var /lib/dpkg/info
-# /var /lib/dpkg/info/libpam-runtime.postinst
-# /var /lib/dpkg/info/libpam-runtime.prerm
-# /var /lib/dpkg/info/libpam-cap:amd64.postinst
-# /var /lib/dpkg/info/libpam-cap:amd64.prerm
-# /var /lib/dpkg/info/libpam-systemd:amd64.postinst
-# /var /lib/dpkg/info/libpam-systemd:amd64.prerm
-# /var /lib/dpkg/info/libpam-cgfs.postinst
-# /var /lib/dpkg/info/libpam-cgfs.prerm
-# /var /lib/dpkg/info/libpam-gnome-keyring:amd64.postinst
-# /var /lib/dpkg/info/libpam-gnome-keyring:amd64.prerm
-
-## Jul 07 20:35:39 host sudo[16090]: PAM unable to dlopen(pam_cgfs.so): /lib/security/pam_cgfs.so: cannot open shared object file: No such file or directory
-## Jul 07 20:35:39 host sudo[16090]: PAM adding faulty module: pam_cgfs.so
-## --package hangs in Qubes updater since it starts whiptail for interactive dpkg configuration dialog.
-pam-auth-update --force
+if [ "$1" = remove ]; then
+   pam-auth-update --package --remove "$DPKG_MAINTSCRIPT_PACKAGE"
+fi
 
 true "INFO: debhelper beginning here."
 
diff --git a/debian/security-misc.undisplace b/debian/security-misc.undisplace
new file mode 100644
index 0000000..8f1694d
--- /dev/null
+++ b/debian/security-misc.undisplace
@@ -0,0 +1,5 @@
+## Copyright (C) 2019 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
+## See the file COPYING for copying conditions.
+
+/etc/pam.d/common-session-noninteractive.security-misc
+/etc/pam.d/common-session.security-misc
diff --git a/etc/pam.d/su.security-misc b/etc/pam.d/su.security-misc
index 6e3c5ea..a5da27b 100644
--- a/etc/pam.d/su.security-misc
+++ b/etc/pam.d/su.security-misc
@@ -31,7 +31,7 @@ auth       required   pam_wheel.so
 # This module parses environment configuration file(s)
 # and also allows you to use an extended config
 # file /etc/security/pam_env.conf.
-# 
+#
 # parsing /etc/environment needs "readenv=1"
 session       required   pam_env.so readenv=1
 # locale variables are also kept into /etc/default/locale in etch
@@ -40,7 +40,7 @@ session       required   pam_env.so readenv=1 envfile=/etc/default/locale
 
 # Defines the MAIL environment variable
 # However, userdel also needs MAIL_DIR and MAIL_FILE variables
-# in /etc/login.defs to make sure that removing a user 
+# in /etc/login.defs to make sure that removing a user
 # also removes the user's mail spool file.
 # See comments in /etc/login.defs
 #