3 files changed, 8 insertions, 1 deletions

diff --git a/debian/changelog b/debian/changelog
index 848f13c0..96dd28fc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,8 @@ pam (1.4.0-10) UNRELEASED; urgency=medium
   * Include upstream patch not to use crypt_checksalt; without this
     passwords set prior to bullseye were considered expired, Closes:
     #992848
+  * Support DPKG_ROOT for pam-auth-update, thanks Johannes 'josch' Schauer
+    Closes: #983427
 
  -- Sam Hartman <hartmans@debian.org>  Thu, 26 Aug 2021 13:43:23 -0600
 
diff --git a/debian/libpam-runtime.postinst b/debian/libpam-runtime.postinst
index 518e8d24..053fdae2 100644
--- a/debian/libpam-runtime.postinst
+++ b/debian/libpam-runtime.postinst
@@ -29,7 +29,7 @@ then
 	done
 fi
 
-pam-auth-update --package $force
+pam-auth-update --root "$DPKG_ROOT" --package $force
 
 if [ -n "$force" ]; then
 	rm -f /etc/pam.d/common-auth.pam-old \
diff --git a/debian/local/pam-auth-update b/debian/local/pam-auth-update
index 5b3c8a07..6c4134bb 100644
--- a/debian/local/pam-auth-update
+++ b/debian/local/pam-auth-update
@@ -88,6 +88,11 @@ while ($#ARGV >= 0) {
 		$force = 1;
 	} elsif ($opt eq '--package') {
 		$package = 1;
+        } elsif ($opt eq '--root') {
+                my $rootdir = shift @ARGV;
+                $savedir = "${rootdir}$savedir";
+                $confdir = "${rootdir}$confdir";
+               $inputdir = "${rootdir}$inputdir";
 	} elsif ($opt eq '--remove') {
 		while ($#ARGV >= 0) {
 			last if ($ARGV[0] =~ /^--/);