Hi, As a continuation of a hardened-ML-posts file a Bug on rsbac-admin-1.2.5. Can confirm an error on compiling NSS-part of rsbac-admin, log follows: ...BEGIN... Building RSBAC Libraries... ------------------------------------- make[1]: warning: jobserver unavailable: using -j1. Add `+' to parent make rule. LIB helpers/acl_getname.c SYM librsbac.so.1.2.5 AR helpers/acl_getname.c SYM librsbac-1.2.5.a Building RSBAC PAM... ------------------------------------- make[1]: warning: jobserver unavailable: using -j1. Add `+' to parent make rule. LIB pam_rsbac.c Building RSBAC NSS... ------------------------------------- make[1]: warning: jobserver unavailable: using -j1. Add `+' to parent make rule. LIBTOOL interface.c LIB pam_rsbac_de.c LIB pam_rsbac_oldpw.c LIB pam_rsbac_oldpw_de.c LIBTOOL libnss_rsbac.la i386-pc-linux-gnu-g++: /usr/lib/gcc-lib/i386-pc-linux-gnu/3.3.5-20050130/../../../crti.o: No such file or directory i386-pc-linux-gnu-g++: /usr/lib/gcc-lib/i386-pc-linux-gnu/3.3.5-20050130/crtbeginS.o: No such file or directory i386-pc-linux-gnu-g++: /usr/lib/gcc-lib/i386-pc-linux-gnu/3.3.5-20050130/crtendS.o: No such file or directory i386-pc-linux-gnu-g++: /usr/lib/gcc-lib/i386-pc-linux-gnu/3.3.5-20050130/../../../crtn.o: No such file or directory make[1]: *** [libnss_rsbac.la] Error 1 make: *** [nss] Error 2 /usr/portage/sys-apps/rsbac-admin/rsbac-admin-1.2.5.ebuild: line 33: cannot build ( pam nss): command not found >>> Test phase [not enabled]: sys-apps/rsbac-admin-1.2.5 ...SKIP... Second part in the install stage Building RSBAC PAM... ------------------------------------- Installing RSBAC PAM... ------------------------------------- DIR /var/tmp/portage/rsbac-admin-1.2.5/image//lib/security INSTALL pam_rsbac.so pam_rsbac_de.so pam_rsbac_oldpw.so pam_rsbac_oldpw_de.so CLEAN pam_rsbac.so pam_rsbac_de.so pam_rsbac_oldpw.so pam_rsbac_oldpw_de.so Building RSBAC NSS... ------------------------------------- LIBTOOL interface.c LIBTOOL libnss_rsbac.la i386-pc-linux-gnu-g++: /usr/lib/gcc-lib/i386-pc-linux-gnu/3.3.5-20050130/../../../crti.o: No such file or directory i386-pc-linux-gnu-g++: /usr/lib/gcc-lib/i386-pc-linux-gnu/3.3.5-20050130/crtbeginS.o: No such file or directory i386-pc-linux-gnu-g++: /usr/lib/gcc-lib/i386-pc-linux-gnu/3.3.5-20050130/crtendS.o: No such file or directory i386-pc-linux-gnu-g++: /usr/lib/gcc-lib/i386-pc-linux-gnu/3.3.5-20050130/../../../crtn.o: No such file or directory make[1]: *** [libnss_rsbac.la] Error 1 make: *** [nss] Error 2 man: prepallstrip: ...END... Main problem i see here isn't just the error, but mostly the fact that ebuild compiles and installs (despite the error). IMHO it's due to not using 'epatch' or checking the exit-code. Later tried to remake it to use epatch (using a "die" part), still unfinished. So the current ebuild build with hidden errors (just for me). IMHO rsbac-admin-1.2.4 uses "autotools"(autoconfig,automake,libtool,autoheaders) Part of the logs: ...BEGIN... checking ncurses.h usability... yes checking ncurses.h presence... yes checking for ncurses.h... yes checking shadow.h usability... yes checking shadow.h presence... yes checking for shadow.h... yes configure: creating ./config.status config.status: creating m4/Makefile config.status: creating Makefile config.status: creating src/Makefile config.status: creating po/Makefile.in config.status: creating po/Makefile config.status: creating man/Makefile config.status: creating config.h config.status: executing depfiles commands * econf: updating rsbac-admin-v1.2.4/contrib/rsbac-klogd-2.0/config.guess with /usr/share/gnuconfig/config.guess * econf: updating rsbac-admin-v1.2.4/contrib/rsbac-klogd-2.0/config.sub with /usr/share/gnuconfig/config.sub * econf: updating rsbac-admin-v1.2.4/contrib/nss_rsbac/config.guess with /usr/share/gnuconfig/config.guess * econf: updating rsbac-admin-v1.2.4/contrib/nss_rsbac/config.sub with /usr/share/gnuconfig/config.sub * econf: updating rsbac-admin-v1.2.4/config.guess with /usr/share/gnuconfig/config.guess * econf: updating rsbac-admin-v1.2.4/config.sub with /usr/share/gnuconfig/config.sub ./configure --prefix=/usr --host=i386-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --build=i386-pc-linux-gnu checking for a BSD-compatible install... /bin/install -c checking whether build environment is sane... yes /var/tmp/portage/rsbac-admin-1.2.4/work/rsbac-admin-v1.2.4/contrib/rsbac-klogd-2.0/missing: Unknown `--run' option Try `/var/tmp/portage/rsbac-admin-1.2.4/work/rsbac-admin-v1.2.4/contrib/rsbac-klogd-2.0/missing --help' for more information configure: WARNING: `missing' script is too old or missing checking for gawk... gawk ...END... Have read about autotools but still not all of it, so could be wrong here. PS: have some spare time so could help with whatever is needed (if i can do it). Thanks.Rumen Reproducible: Always Steps to Reproduce: 1. 2. 3. Gentoo Base System version 1.6.13 Portage 2.0.51.22-r3 (hardened/x86/2.6, gcc-3.4.4, glibc-2.3.5-r2, 2.6.11-rsbac-r3-rsbac i686) ================================================================= System uname: 2.6.11-rsbac-r3-rsbac i686 AMD Athlon(tm) XP 2200+ dev-lang/python: 2.3.5-r2, 2.4.1-r1 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.15.92.0.2-r10 sys-devel/libtool: 1.5.18-r1 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i386-pc-linux-gnu" CFLAGS="-O2 -march=athlon-xp -pipe -fomit-frame-pointer" CHOST="i386-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/alias /var/qmail/control /var/service" CONFIG_PROTECT_MASK="/etc/gconf /etc/init.d /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=athlon-xp -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig buildpkg ccache collision-protect distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://gentoo.ITDNet.net/gentoo http://ftp.uni-erlangen.de/pub/mirrors/gentoo ftp://files.gentoo.gr http://mirror.etf.bg.ac.yu/gentoo http://mirror.datapipe.net/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="3dnow X X509 acl acpi apache2 bash-completion berkdb caps cdb cdr crypt curl dlloader eds esd evo exif freetype gnutls gstreamer gtkhtml hal hardened iconv imap ithreads javascript maildir mime mmx ncurses nls nptl nvidia ogg pam perl pic png posix ppds prelude python readline skey slang sse ssl svg symlink tcpd threads unicode usb userlocales vorbis win32codecs x86 xml2 xsl xvid zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS
hi rumen! first of all, i do not understand this 1.2.4 stuff. You are trying to emerge 1.2.5 (~x86), which is NOT auto tools based. No auto tools, no 1.2.4, its 1.2.5. Epatch is never used, as there is no patching done. I do not understand what you mean with this either Second thing is, try running: fix_libtool_files.sh (see help for usage) this should fix the "crti.o" lines problem on your system. There are various topics open about it on the forums: http://forums.gentoo.org/viewtopic-t-384716-highlight-crti+o.html to get a better idea There is however, a typo (outch) in die on building, which i corrected now (thanks!) Please tell me if you got it running.
Hi kang, Yes got it working at last, this even without recompiling libtool (your link). Didn't do this till now as GCC was compiling all other packages and only rsbac-admin-1.2.5 (not even 1.2.4) had problems (checked with gcc-config, fix_libtools_files.sh etc.). Sorry to have got you confused with my writting about "epatch", but as i have three partitions with different things (normal,RSBAC & Xen) and switch among them + reading a lot of things recently, seems i need some more coffee ;-) Instead of 'epatch' wanted to mention "econf" (that's why i mentioned 'auto tools'). My idea was that the error was due to not running them first and not an error with GCC or libtool (an error in the config phase). Since there are many changes from rsbac-admin-1.2.4 thought it was some error in the ebuild itself (missing additional config phase). Read the upgrade doc (1.2.4 to 1.2.5) and it mentions activating RSBAC own's logging & switching OFF syslog, while rsbac-admin-1.2.5 disables rklog making and advices to use of syslog-ng (REDAME,Changelog IIRC). Which path to choose? Closing this BUG, as it's solved. Thanks for your patience here. Rumen
rklogd is nice because it does not produce any rsbac not granted warning in the rsbac log by default. it means if you run it, you can tail the log and wont get an endless loop of denials, which will fill your disk pretty fast. However, rklogd is also not so nice, provides not feature beside raw logging. Utilities like syslog-ng provide more efficient and managable logging. You can have many rules on what you want to see/separate easily, so this is better. The only problem being that you have to give some rights to syslog-ng or it will log its own denials in loop and the log will fill up. See: http://rsbac.org/documentation/administration_examples/syslog-ng Also you can of course use RSBAC logging features :) (see rsbac_menu, its the log array low/high and log program/user based, you can log per target per request per denial/accept, etc.. 100% customisable)
