diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2023-10-07 18:19:51 +0200 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2023-10-08 23:43:49 +0200 |
| commit | 002c5bec07e88c00d9d96209438728d0271f57da (patch) | |
| tree | 622ab7c7fdd202be6ae4f9cb0d9093cf0fac5e0b /gnu/build | |
| parent | 9b77bd0b9b4f3de69390da0ba7db5b9dbc01e554 (diff) | |
| download | guix-002c5bec07e88c00d9d96209438728d0271f57da.tar.gz | |
accounts: Ensure ‘last-change’ field of shadow entries is never zero.
* gnu/build/accounts.scm (passwd->shadow): Add ‘max’ call so NOW is greater than or equal to 1.
Diffstat (limited to 'gnu/build')
| -rw-r--r-- | gnu/build/accounts.scm | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/gnu/build/accounts.scm b/gnu/build/accounts.scm index 1247fc640c..19ead9dca8 100644 --- a/gnu/build/accounts.scm +++ b/gnu/build/accounts.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2019, 2021 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2019, 2021, 2023 Ludovic Courtès <ludo@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -525,7 +525,15 @@ password from USERS." (lookup-procedure current-shadow shadow-entry-name)) (define now - (days-since-epoch current-time)) + ;; On machines without a real-time clock (typically Arm SBCs), the system + ;; clock may be at 1970-01-01 while booting, while would lead us to define + ;; NOW as zero. + ;; + ;; However, the 'isexpired' function in Shadow interprets the combination + ;; uninitialized password + last-change = 0 as "The password has expired, + ;; it must be changed", which prevents logins altogether. To avoid that, + ;; never set 'last-change' to zero. + (max (days-since-epoch current-time) 1)) (map (lambda (user passwd) (or (previous-entry (password-entry-name passwd)) |