Having selinux leads to error from misplaced comment: system-login.in:51:0: error: invalid preprocessing directive #Note # Note: modules that run in the user's context must come after this line. ^ Reproducible: Always Portage 2.2.17 (python 2.7.9-final-0, hardened/linux/amd64/no-multilib/selinux, gcc-4.9.2, glibc-2.20-r1, 3.18.5-hardened x86_64) ================================================================= System uname: Linux-3.18.5-hardened-x86_64-Quad-Core_AMD_Opteron-tm-_Processor_2356-with-gentoo-2.2 KiB Mem: 16427560 total, 15552572 free KiB Swap: 4194300 total, 4194300 free Timestamp of repository gentoo: Sat, 14 Feb 2015 20:30:01 +0000 sh bash 4.3_p33-r1 ld GNU ld (Gentoo 2.24 p1.4) 2.24 app-shells/bash: 4.3_p33-r1::gentoo dev-lang/perl: 5.20.1-r4::gentoo dev-lang/python: 2.7.9-r2::gentoo, 3.3.5-r1::gentoo dev-util/pkgconfig: 0.28-r2::gentoo sys-apps/baselayout: 2.2::gentoo sys-apps/openrc: 0.13.9::gentoo sys-apps/sandbox: 2.6-r1::gentoo sys-devel/autoconf: 2.69::gentoo sys-devel/automake: 1.15::gentoo sys-devel/binutils: 2.24-r3::gentoo sys-devel/gcc: 4.9.2::gentoo sys-devel/gcc-config: 1.8::gentoo sys-devel/libtool: 2.4.5::gentoo sys-devel/make: 4.1-r1::gentoo sys-kernel/linux-headers: 3.19::gentoo (virtual/os-headers) sys-libs/glibc: 2.20-r1::gentoo Repositories: gentoo location: /usr/portage sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: -1000 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/usr/portage/distfiles" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox selinux sesandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="ftp://mirror.bytemark.co.uk/gentoo/ http://mirror.qubenet.net/mirror/gentoo/ http://www.mirrorservice.org/sites/distfiles.gentoo.org/ ftp://ftp.mirrorservice.org/sites/distfiles.gentoo.org/" LANG="en_GB.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j6" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" USE="acl amd64 berkdb bindist bzip2 cli cracklib crypt cxx dri gdbm gnutls gpg hardened iconv justify libav mmx modules ncurses nls nptl open_perms openmp pam pax_kernel pcre peer_perms readline selinux session sse sse2 ssh ssl tcpd threads ubac unconfined unicode urandom xattr xtpax zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx sse sse2" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_3" RUBY_TARGETS="ruby19 ruby20" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga nouveau nv r128 radeon savage sis tdfx trident vesa via vmware dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
Got the same issue here. $ emerge --info Portage 2.2.17 (python 3.3.5-final-0, hardened/linux/amd64/no-multilib/selinux, gcc-4.9.2, glibc-2.20-r1, 3.18.5-hardened-r1 x86_64) ================================================================= System uname: Linux-3.18.5-hardened-r1-x86_64-AMD_E-350_Processor-with-gentoo-2.2 KiB Mem: 3634628 total, 844140 free KiB Swap: 4607060 total, 4606644 free Timestamp of repository gentoo: Sun, 15 Feb 2015 00:45:01 +0000 sh bash 4.3_p33-r1 ld GNU ld (Gentoo 2.24 p1.4) 2.24 app-shells/bash: 4.3_p33-r1::gentoo dev-lang/perl: 5.20.2::gentoo dev-lang/python: 2.7.9-r2::gentoo, 3.3.5-r1::gentoo, 3.4.2::gentoo dev-util/cmake: 3.1.0::gentoo dev-util/pkgconfig: 0.28-r2::gentoo sys-apps/baselayout: 2.2::gentoo sys-apps/openrc: 0.13.9::gentoo sys-apps/sandbox: 2.6-r1::gentoo sys-devel/autoconf: 2.13::gentoo, 2.69::gentoo sys-devel/automake: 1.11.6-r1::gentoo, 1.15::gentoo sys-devel/binutils: 2.24-r3::gentoo sys-devel/gcc: 4.9.2::gentoo sys-devel/gcc-config: 1.8::gentoo sys-devel/libtool: 2.4.5::gentoo sys-devel/make: 4.1-r1::gentoo sys-kernel/linux-headers: 3.19::gentoo (virtual/os-headers) sys-libs/glibc: 2.20-r1::gentoo Repositories: gentoo location: /usr/portage sync-type: websync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: -1000 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=btver1 -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=btver1 -O2 -pipe" DISTDIR="/usr/portage/distfiles" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox selinux sesandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://ftp.spline.inf.fu-berlin.de/mirrors/gentoo/ http://mirrors.xmu.edu.cn/gentoo/" INSTALL_MASK="/lib/systemd /lib32/systemd /lib64/systemd /usr/lib/systemd /usr/lib32/systemd /usr/lib64/systemd /etc/systemd" LANG="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" USE="X acl alsa amd64 bindist bzip2 cli cracklib crypt cups cxx dri gdbm hardened iconv ipv6 jpeg justify mmx mmxext modules ncurses nls nptl open_perms opengl openmp pam pax_kernel pcre qt5 readline selinux session sse sse2 sse3 ssl ssse3 tcpd threads udev unconfined unicode urandom vdpau wayland xattr xtpax zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2 sse3 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_3 python3_4" RUBY_TARGETS="ruby19 ruby20" USERLAND="GNU" VIDEO_CARDS="radeon r600" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
Confirm
$ emerge -pqv pambase [ebuild U ] sys-auth/pambase-20150213 [20140313] USE="cracklib nullok%* (selinux) sha512 -consolekit -debug -gnome-keyring -minimal -mktemp -pam_krb5 -pam_ssh -passwdqc -securetty% (-systemd)" same with $ emerge -pqv pambase [ebuild U ] sys-auth/pambase-20150213 [20140313] USE="cracklib (selinux) sha512 -consolekit -debug -gnome-keyring -minimal -mktemp -nullok% -pam_krb5 -pam_ssh -passwdqc -securetty% (-systemd)"
Created attachment 396692 [details] sys-auth/pambase-20150213 build.log
Created attachment 396696 [details] sys-auth/pambase-20150213 build.log
Looks like the # should be escaped somehow system-login.in:51:0: error: invalid preprocessing directive #Note # Note: modules that run in the user's context must come after this line. ^
Same issue here. I just can't login. Have to pass trought the live usb and wait for the fix. I tried to configure an autologin, without success. Hope the problem will be solved quickly. Thanks for the PAM team for their work.
Looks like the easiest solution to still keep the comment but don't have the CPP preprocessor look at it is to prepend the comment with whitespace (due to pambase using traditional-cpp leading whitespace is no longer used for preprocessor macros): --- system-login.in.orig 2015-03-04 09:04:54.318140042 +0100 +++ system-login.in 2015-03-04 09:28:20.918196479 +0100 @@ -48,7 +48,7 @@ session optional pam_ck_connector.so nox11 #endif #if HAVE_SELINUX -# Note: modules that run in the user's context must come after this line. + # Note: modules that run in the user's context must come after this line. session required pam_selinux.so multiple open #endif #if HAVE_GNOME_KEYRING
I don't know if the bug is under process, but i still have this (my build.log): * Package: sys-auth/pambase-20150213 * Repository: gentoo * Maintainer: pam-bugs@gentoo.org * USE: abi_x86_64 amd64 cracklib elibc_glibc kernel_linux nullok selinux sha512 userland_GNU * FEATURES: preserve-libs sandbox selinux sesandbox userpriv usersandbox >>> Unpacking source... >>> Unpacking pambase-20150213.tar.xz to /var/tmp/portage/sys-auth/pambase-20150213/work >>> Source unpacked in /var/tmp/portage/sys-auth/pambase-20150213/work >>> Preparing source in /var/tmp/portage/sys-auth/pambase-20150213/work/pambase-20150213 ... >>> Source prepared. >>> Configuring source in /var/tmp/portage/sys-auth/pambase-20150213/work/pambase-20150213 ... >>> Source configured. >>> Compiling source in /var/tmp/portage/sys-auth/pambase-20150213/work/pambase-20150213 ... make -j5 -l5 GIT=true DEBUG=no CRACKLIB=yes PASSWDQC=no CONSOLEKIT=no SYSTEMD=no GNOME_KEYRING=no SELINUX=yes NULLOK=yes MKTEMP=no PAM_SSH=no SECURETTY=no SHA512=yes KRB5=no MINIMAL=no IMPLEMENTATION=linux-pam LINUX_PAM_VERSION=0x010108 cpp -traditional-cpp -P -include linux-pam-conf -include basic-conf -DLINUX_PAM_VERSION=0x010108 -DHAVE_CRACKLIB=1 -DHAVE_SELINUX=1 -DWANT_NULLOK=1 -DWANT_SHA512=1 login.in -o login cpp -traditional-cpp -P -include linux-pam-conf -include basic-conf -DLINUX_PAM_VERSION=0x010108 -DHAVE_CRACKLIB=1 -DHAVE_SELINUX=1 -DWANT_NULLOK=1 -DWANT_SHA512=1 passwd.in -o passwd cpp -traditional-cpp -P -include linux-pam-conf -include basic-conf -DLINUX_PAM_VERSION=0x010108 -DHAVE_CRACKLIB=1 -DHAVE_SELINUX=1 -DWANT_NULLOK=1 -DWANT_SHA512=1 su.in -o su cpp -traditional-cpp -P -include linux-pam-conf -include basic-conf -DLINUX_PAM_VERSION=0x010108 -DHAVE_CRACKLIB=1 -DHAVE_SELINUX=1 -DWANT_NULLOK=1 -DWANT_SHA512=1 system-auth.in -o system-auth cpp -traditional-cpp -P -include linux-pam-conf -include basic-conf -DLINUX_PAM_VERSION=0x010108 -DHAVE_CRACKLIB=1 -DHAVE_SELINUX=1 -DWANT_NULLOK=1 -DWANT_SHA512=1 system-login.in -o system-login sed -i -e '/^$/d' -e '/^\/\//d' login sed -i -e '/^$/d' -e '/^\/\//d' passwd sed -i -e '/^$/d' -e '/^\/\//d' su cpp -traditional-cpp -P -include linux-pam-conf -include basic-conf -DLINUX_PAM_VERSION=0x010108 -DHAVE_CRACKLIB=1 -DHAVE_SELINUX=1 -DWANT_NULLOK=1 -DWANT_SHA512=1 system-local-login.in -o system-local-login cpp -traditional-cpp -P -include linux-pam-conf -include basic-conf -DLINUX_PAM_VERSION=0x010108 -DHAVE_CRACKLIB=1 -DHAVE_SELINUX=1 -DWANT_NULLOK=1 -DWANT_SHA512=1 system-remote-login.in -o system-remote-login system-login.in:51:0: error: invalid preprocessing directive #Note # Note: modules that run in the user's context must come after this line. ^ sed -i -e '/^$/d' -e '/^\/\//d' system-auth Makefile:93: recipe for target 'system-login' failed make: *** [system-login] Error 1 make: *** Waiting for unfinished jobs.... sed -i -e '/^$/d' -e '/^\/\//d' system-local-login sed -i -e '/^$/d' -e '/^\/\//d' system-remote-login * ERROR: sys-auth/pambase-20150213::gentoo failed (compile phase): * emake failed * * If you need support, post the output of `emerge --info '=sys-auth/pambase-20150213::gentoo'`, * the complete build log and the output of `emerge -pqv '=sys-auth/pambase-20150213::gentoo'`. * The complete build log is located at '/var/tmp/portage/sys-auth/pambase-20150213/temp/build.log'. * The ebuild environment file is located at '/var/tmp/portage/sys-auth/pambase-20150213/temp/environment'. * Working directory: '/var/tmp/portage/sys-auth/pambase-20150213/work/pambase-20150213' * S: '/var/tmp/portage/sys-auth/pambase-20150213/work/pambase-20150213' This is my make.conf: # These settings were set by the catalyst build script that automatically # built this stage. # Please consult /usr/share/portage/config/make.conf.example for a more # detailed example. CFLAGS="-march=native -O2 -pipe" CXXFLAGS="${CFLAGS}" # WARNING: Changing your CHOST is not something that should be done lightly. # Please consult http://www.gentoo.org/doc/en/change-chost.xml before changing. CHOST="x86_64-pc-linux-gnu" # These are the USE flags that were used in addition to what is provided by the # profile used for building. USE="bindist mmx sse sse2 X xcb audiofile flac alsa apng jpg png jpeg imlib selinux cpu_flags_x86_mmxext sqlite xkb libav python mpd wifi mp3 network fifo ogg visualizer clock udev apcupsd tty-helpers unicode truetype type1 cleartype corefonts pango thinkpad threads stream live hls applehttp perl gtk3 qt4 rtmp" PORTDIR="/usr/portage" DISTDIR="${PORTDIR}/distfiles" PKGDIR="${PORTDIR}/packages" MAKEOPTS="-j5 -l5" INPUT_DEVICES="evdev synaptics mouse keyboard" VIDEO_CARDS="intel vesa fbdev" ACCEPT_KEYWORDS="~amd64 amd64" It's blocking emerge --deep @world. Thanks you.
Sven's suggestion works, so you could for example do it like that: # ebuild /usr/portage/sys-auth/pambase-20150213.ebuild unpack # nano -w /var/tmp/portage/sys-auth/pambase-20150213/work/pambase-20150213/system-login.in go to the line that says "# Note: modules that run in the user's context must come after this line." and prepend an additional whitespace so it reads " # Note: modules that run in the user's context must come after this line." and save your change (press ctrl+o then enter). with # ebuild /usr/portage/sys-auth/pambase-20150213.ebuild merge pambase-20150213 should successfully compile and install. Of course instead of manually editing the file you probably could also use Sven's patch ;) ($ man patch)
Am seeing this too.
#define COMMENT # Note: COMMENT modules that run in the user's context must come after this line. this works too if a cleaner solution is desired.
Same issue here. But another solution in comparison how other comments in pambase working. --- system-login.in +++ system-login.in @@ -48,7 +48,7 @@ session optional pam_ck_connector.so nox11 #endif #if HAVE_SELINUX -# Note: modules that run in the user's context must come after this line. +/* Note: modules that run in the user's context must come after this line. */ session required pam_selinux.so multiple open #endif #if HAVE_GNOME_KEYRING
Nicolas' patch works fine if you make it a user patch, and follow the instructions for the bashrc component in https://wiki.gentoo.org/wiki//etc/portage/patches#Adding_user_patches Could we get this patched in, or fixed upstream? This is irritating on new server builds.
I've added my suggestion to the ebuild. The use of /* ... */ does not result in a comment in the file itself that the user can read, and that is the intention of the note. Anyway, fix implemented (no version bump as it doesn't matter for those who already have a working installation, and for SELinux users the build failed anyway). Please resync the Portage tree (perhaps want to wait an hour or so for the changes to propagate) or fetch the changes tomorrow (if using emerge-webrsync) and see if the problem is fixed for you. Here, the package builds fine now.
this is stable now
(In reply to Sven Vermeulen from comment #15) this is a Gentoo project which means the patches should be going into the git repos directly rather than into ebuilds http://gitweb.gentoo.org/proj/pambase.git/commit/?id=abf9fef20f1da54ca161616c059afd10449baced