Bug #2031
[pam] On i686 libpam.so links against libaudit.so, but doesn not depends=(audit)
90%
Description
i cant fully explain why this is, but there is a major breakage for anyone using openrc who upgrades i686 today
$ sudo ls / sudo: error in /etc/sudo.conf, line 0 while loading plugin "sudoers_policy" sudo: unable to load /usr/lib/sudo/sudoers.so: libaudit.so.1: cannot open shared object file: No such file or directory sudo: fatal error, unable to load plugins
this seems to comes down to the latest version of systemd that is in [core], which has added a dependency on the 'audit' package - now su from 'util-linux' wants to link to the audit .so - there is no update to 'util-linux' - the linker is enforcing this for some reason - this causes su and sudo not to work - and worse, it is not possible to login as any user; so as soon as you logout, yer toast - i had to chroot in and install the 'audit' package - but that did solve the problem
so probably the 'notsystemd' dummy package needs to depend on 'audit' now - that is the one that depends on util-linux
su is the only thing i noticed that actually needs it so maybe it is only a dependency of that; but it is 'systemd' in [core] that added the dependency explicitly and not 'util-linux'
another thing i note was that 'util-linux' is a 'base' package; but not a 'base-openrc' package - im not sure why that is
History
Updated by lukeshu over 5 years ago
another thing i note was that 'util-linux' is a 'base' package; but not a 'base-openrc' package - im not sure why that is
Because it's imported from Arch; and that would be the only change. So, instead, it's a dep of the pcr/base-meta
.
Updated by lukeshu over 5 years ago
$ pacman -Qlq util-linux libutil-linux sudo | grep -v '/$' | xargs ldd 2>/dev/null | grep -i -e audit -e ^/ | grep -i -B1 audit /usr/bin/chfn: libaudit.so.1 => /usr/lib/libaudit.so.1 (0xb7cc8000) -- /usr/bin/chsh: libaudit.so.1 => /usr/lib/libaudit.so.1 (0xb7bfb000) -- /usr/bin/login: libaudit.so.1 => /usr/lib/libaudit.so.1 (0xb7cd7000) -- /usr/bin/runuser: libaudit.so.1 => /usr/lib/libaudit.so.1 (0xb7d39000) -- /usr/bin/su: libaudit.so.1 => /usr/lib/libaudit.so.1 (0xb7cea000) -- /usr/lib/sudo/sudoers.so: libaudit.so.1 => /usr/lib/libaudit.so.1 (0xb7aaa000)
and
$ pacman -Qlq util-linux libutil-linux sudo | grep -v '/$' | xargs ldd 2>/dev/null | grep -i -e audit -e ^/ | grep -i -B1 -e audit | grep ^/ |cut -d: -f1 | pacman -Qo - /usr/bin/chfn is owned by util-linux 2.32.1-2.1 /usr/bin/chsh is owned by util-linux 2.32.1-2.1 /usr/bin/login is owned by util-linux 2.32.1-2.1 /usr/bin/runuser is owned by util-linux 2.32.1-2.1 /usr/bin/su is owned by util-linux 2.32.1-2.1 /usr/lib/sudo/sudoers.so is owned by sudo 1.8.25-1.0
Note that this only appears to be an issue on i686; on x86_64 those are not linked against libaudit.
Updated by lukeshu over 5 years ago
Versions:
| util-linux | sudo x86_64 | 2.32.1-2 | 1.8.25.p1-1 i686 | 2.32.1-2.1 | 1.8.25-1.0
Updated by lukeshu over 5 years ago
They seem to be linked with libaudit indirectly through libpam.
| pam x86_64 | 1.3.1-1 i686 | 1.3.1-1.2
Updated by lukeshu over 5 years ago
Temporary fix:
- Copy Arch 32's pam PKGBUILD to
libre/pam/
- Add
depends+=(audit)
- Set
arch=(i686)
(removing the other arches) - Set ver to
1.3.1-1.3.par1
Updated by lukeshu over 5 years ago
- Subject changed from [util-linux][notsystemd]: su requires audit .so that is not a dependency on an openrc system to [pam] On i686 libpam.so links against libaudit.so, but doesn not depends=(audit)
Updated by lukeshu over 5 years ago
- % Done changed from 0 to 90
pam-1.3.1-1.3.par1-i686
is now on libre
.
Leaving this issue open until it's fixed upstream in Arch 32 and we can remove libre/pam.