accounts: Ensure ‘last-change’ field of shadow entries is never zero.

* gnu/build/accounts.scm (passwd->shadow): Add ‘max’ call so NOW is greater than or equal to 1.
2025-01-11 13:49:23 -05:00 · 2023-10-07 18:19:51 +02:00 · 2023-10-07 18:19:51 +02:00 · 002c5bec07
commit 002c5bec07
parent 9b77bd0b9b
1 changed files with 10 additions and 2 deletions
--- a/gnu/build/accounts.scm
+++ b/gnu/build/accounts.scm
@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2019, 2021 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2019, 2021, 2023 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -525,7 +525,15 @@ (define previous-entry
    (lookup-procedure current-shadow shadow-entry-name))

  (define now
-    (days-since-epoch current-time))
+    ;; On machines without a real-time clock (typically Arm SBCs), the system
+    ;; clock may be at 1970-01-01 while booting, while would lead us to define
+    ;; NOW as zero.
+    ;;
+    ;; However, the 'isexpired' function in Shadow interprets the combination
+    ;; uninitialized password + last-change = 0 as "The password has expired,
+    ;; it must be changed", which prevents logins altogether.  To avoid that,
+    ;; never set 'last-change' to zero.
+    (max (days-since-epoch current-time) 1))

  (map (lambda (user passwd)
         (or (previous-entry (password-entry-name passwd))