remove modifying to /etc/pam.d directly (unrelased)

config-package-dev displace /etc/securetty
remove trailing spaces

https://forums.whonix.org/t/restrict-root-access/7658/31

debian/security-misc.displace

@@ -2,5 +2,4 @@
 ## See the file COPYING for copying conditions.
 
 /etc/login.defs.security-misc
-/etc/pam.d/common-session-noninteractive.security-misc
+/etc/securetty.security-misc
-/etc/pam.d/common-session.security-misc

debian/security-misc.postinst

@@ -29,16 +29,7 @@ case "$1" in
     ;;
 esac
 
-[ -n "$DEBIAN_FRONTEND" ] || DEBIAN_FRONTEND="noninteractive"
+pam-auth-update --package
-[ -n "$DEBIAN_PRIORITY" ] || DEBIAN_PRIORITY="critical"
-[ -n "$DEBCONF_NOWARNINGS" ] || DEBCONF_NOWARNINGS="yes"
-[ -n "$APT_LISTCHANGES_FRONTEND" ] || APT_LISTCHANGES_FRONTEND="text"
-export POLICYRCD DEBIAN_FRONTEND DEBIAN_PRIORITY DEBCONF_NOWARNINGS APT_LISTCHANGES_FRONTEND
-
-## Jul 07 20:35:39 host sudo[16090]: PAM unable to dlopen(pam_cgfs.so): /lib/security/pam_cgfs.so: cannot open shared object file: No such file or directory
-## Jul 07 20:35:39 host sudo[16090]: PAM adding faulty module: pam_cgfs.so
-## --package hangs in Qubes updater since it starts whiptail for interactive dpkg configuration dialog.
-pam-auth-update --force
 
 true "INFO: debhelper beginning here."
 

debian/security-misc.prerm

@@ -15,30 +15,9 @@ true "
 #####################################################################
 "
 
-[ -n "$DEBIAN_FRONTEND" ] || DEBIAN_FRONTEND="noninteractive"
+if [ "$1" = remove ]; then
-[ -n "$DEBIAN_PRIORITY" ] || DEBIAN_PRIORITY="critical"
+   pam-auth-update --package --remove "$DPKG_MAINTSCRIPT_PACKAGE"
-[ -n "$DEBCONF_NOWARNINGS" ] || DEBCONF_NOWARNINGS="yes"
+fi
-[ -n "$APT_LISTCHANGES_FRONTEND" ] || APT_LISTCHANGES_FRONTEND="text"
-export POLICYRCD DEBIAN_FRONTEND DEBIAN_PRIORITY DEBCONF_NOWARNINGS APT_LISTCHANGES_FRONTEND
-
-## pam-auth-update is usually used in postinst and prerm.
-## Added extra space after /var to avoid lintian false positive warning.
-#grep -r -l pam-auth-update /var /lib/dpkg/info
-# /var /lib/dpkg/info/libpam-runtime.postinst
-# /var /lib/dpkg/info/libpam-runtime.prerm
-# /var /lib/dpkg/info/libpam-cap:amd64.postinst
-# /var /lib/dpkg/info/libpam-cap:amd64.prerm
-# /var /lib/dpkg/info/libpam-systemd:amd64.postinst
-# /var /lib/dpkg/info/libpam-systemd:amd64.prerm
-# /var /lib/dpkg/info/libpam-cgfs.postinst
-# /var /lib/dpkg/info/libpam-cgfs.prerm
-# /var /lib/dpkg/info/libpam-gnome-keyring:amd64.postinst
-# /var /lib/dpkg/info/libpam-gnome-keyring:amd64.prerm
-
-## Jul 07 20:35:39 host sudo[16090]: PAM unable to dlopen(pam_cgfs.so): /lib/security/pam_cgfs.so: cannot open shared object file: No such file or directory
-## Jul 07 20:35:39 host sudo[16090]: PAM adding faulty module: pam_cgfs.so
-## --package hangs in Qubes updater since it starts whiptail for interactive dpkg configuration dialog.
-pam-auth-update --force
 
 true "INFO: debhelper beginning here."
 

debian/security-misc.undisplace

@@ -0,0 +1,5 @@
+## Copyright (C) 2019 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
+## See the file COPYING for copying conditions.
+
+/etc/pam.d/common-session-noninteractive.security-misc
+/etc/pam.d/common-session.security-misc

etc/pam.d/su.security-misc

@@ -31,7 +31,7 @@ auth       required   pam_wheel.so
 # This module parses environment configuration file(s)
 # and also allows you to use an extended config
 # file /etc/security/pam_env.conf.
-# 
+#
 # parsing /etc/environment needs "readenv=1"
 session       required   pam_env.so readenv=1
 # locale variables are also kept into /etc/default/locale in etch
@@ -40,7 +40,7 @@ session       required   pam_env.so readenv=1 envfile=/etc/default/locale
 
 # Defines the MAIL environment variable
 # However, userdel also needs MAIL_DIR and MAIL_FILE variables
-# in /etc/login.defs to make sure that removing a user 
+# in /etc/login.defs to make sure that removing a user
 # also removes the user's mail spool file.
 # See comments in /etc/login.defs
 #