From 7cf8ff1e6fe0c9e9f58705f91a1a1743edf9d041 Mon Sep 17 00:00:00 2001
From: Yuxuan Lu <luyuxuanleo@gmail.com>
Date: Sat, 24 Jun 2023 16:26:52 +0800
Subject: [PATCH] Fix debian packaging (#1742)

* Fix debian package
* Fix mode on pam config
* Set up PAM by default
* Update platform/debian/kanidm-unixd/postinst

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
---
 .../debian/kanidm-unixd/{kanidm-unixd.pam => kanidm.pam}  | 0
 platform/debian/kanidm-unixd/postinst                     | 2 +-
 platform/debian/kanidm-unixd/prerm                        | 3 +++
 platform/debian/kanidm-unixd/rules                        | 8 ++++++--
 4 files changed, 10 insertions(+), 3 deletions(-)
 rename platform/debian/kanidm-unixd/{kanidm-unixd.pam => kanidm.pam} (100%)
 create mode 100644 platform/debian/kanidm-unixd/prerm

diff --git a/platform/debian/kanidm-unixd/kanidm-unixd.pam b/platform/debian/kanidm-unixd/kanidm.pam
similarity index 100%
rename from platform/debian/kanidm-unixd/kanidm-unixd.pam
rename to platform/debian/kanidm-unixd/kanidm.pam
diff --git a/platform/debian/kanidm-unixd/postinst b/platform/debian/kanidm-unixd/postinst
index d8fb8b9a9..ddd9c2d2a 100644
--- a/platform/debian/kanidm-unixd/postinst
+++ b/platform/debian/kanidm-unixd/postinst
@@ -8,13 +8,13 @@ set -e
 
 case "$1" in
     configure)
+        pam-auth-update --package
         if [ ! -f /etc/kanidm/config ]; then
             echo "============================="
             echo "Thanks for installing Kanidm!"
             echo "============================="
             echo "Please ensure you create configuration files at /etc/kanidm/unixd and /etc/kanidm/config"
             echo "Examples are in /usr/share/kanidm-unixd/"
-            echo "To configure pam module, please run pam-auth-update and select Kanidm"
             echo "To configure nsswitch, please follow instructions in https://kanidm.github.io/kanidm/master/integrations/pam_and_nsswitch.html"
         fi
     ;;
diff --git a/platform/debian/kanidm-unixd/prerm b/platform/debian/kanidm-unixd/prerm
new file mode 100644
index 000000000..40f7ccf10
--- /dev/null
+++ b/platform/debian/kanidm-unixd/prerm
@@ -0,0 +1,3 @@
+if [ "$1" = remove ]; then
+    pam-auth-update --package --remove kanidm
+fi
diff --git a/platform/debian/kanidm-unixd/rules b/platform/debian/kanidm-unixd/rules
index a70c108cd..39cef815f 100755
--- a/platform/debian/kanidm-unixd/rules
+++ b/platform/debian/kanidm-unixd/rules
@@ -11,6 +11,7 @@ PKGDIR=debian/${PACKAGE}
 BINDIR=${PKGDIR}/usr/sbin/
 LIBDIR=${PKGDIR}/lib/${DEB_HOST_MULTIARCH}
 SHARED_DIR=${PKGDIR}/usr/share/${PACKAGE}
+PAMDIR=${PKGDIR}/usr/share/pam-configs/
 DISTRIBUTOR_ID=$(shell lsb_release -is)
 DISTRIBUTOR_RELEASE=$(shell lsb_release -rs)
 DISTRIBUTOR=$(DISTRIBUTOR_ID)_$(DISTRIBUTOR_RELEASE)
@@ -51,6 +52,7 @@ override_dh_systemd_start:
 
 override_dh_auto_install:
 	mkdir -p ${BINDIR}
+	mkdir -p ${PAMDIR}
 	mkdir -p ${LIBDIR}/security
 	install \
 		-g root -o root \
@@ -80,8 +82,10 @@ override_dh_auto_install:
 		-g root -o root \
 		target/release/libnss_kanidm.so \
 		${LIBDIR}/libnss_kanidm.so.2
-
-
+	install \
+		-g root -o root -m 644 \
+		debian/kanidm.pam \
+		${PAMDIR}/kanidm
 
 override_dh_installexamples:
 	mkdir -p ${SHARED_DIR}