Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 599474 - sys-auth/elogind: Kernel check, more permissions and an init script are needed
Summary: sys-auth/elogind: Kernel check, more permissions and an init script are needed
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Overlays (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo KDE team
URL:
Whiteboard: inOverlay
Keywords:
Depends on:
Blocks: elogind-support
  Show dependency tree
 
Reported: 2016-11-11 14:20 UTC by Sven Eden
Modified: 2017-01-20 11:23 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
elogind-219.12-r7.ebuild (elogind-219.12-r7.ebuild,3.21 KB, text/plain)
2016-11-11 14:22 UTC, Sven Eden
Details
Add missing login1 permissions (elogind-add_missing_login1_permissions.patch,5.53 KB, patch)
2016-11-11 14:25 UTC, Sven Eden
Details | Diff
elogind.conf file for /etc/conf.d (elogind.conf,226 bytes, text/plain)
2016-11-11 14:25 UTC, Sven Eden
Details
elogind init script for /etc/init.d (elogind.init,513 bytes, text/plain)
2016-11-11 14:26 UTC, Sven Eden
Details
elogind-219.12-r8.ebuild (elogind-219.12-r8.ebuild,3.40 KB, text/plain)
2016-11-15 09:52 UTC, Sven Eden
Details
elogind-219.12-r9.ebuild (elogind-219.12-r9.ebuild,3.64 KB, text/plain)
2016-11-25 12:14 UTC, Sven Eden
Details
Updated init script for elogind (elogind.init,643 bytes, text/plain)
2016-12-02 11:19 UTC, Sven Eden
Details
elogind-219.12-r10 Revision bump (elogind-219.12-r10.ebuild,3.64 KB, text/plain)
2016-12-02 11:20 UTC, Sven Eden
Details
elogind-219.12-r11.ebuild (elogind-219.12-r11.ebuild,2.24 KB, text/plain)
2017-01-12 17:30 UTC, Sven Eden
Details
fix permissions on /run/systemd (fix_elogind-init.patch,353 bytes, patch)
2017-01-20 11:23 UTC, Sven Eden
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sven Eden 2016-11-11 14:20:48 UTC
The following issues are present in the current ebuild from the kde overlay:

- Many permissions from modern systemd-logind are missing in the org.freedesktop.login1.conf

- Kernel features, that are required, are not checked.

- org.freedesktop.login1.service must not be patched to start elogind. Instead, an init script is needed.
  Otherwise, the first login will call the elogind launch via dbus when connecting to pam_elogind.so.
  Unfortunately this means, that if xdm starts SDDM, the greeter has already questioned for available services before elogind is up. The consequence is, that sddm only provides "shutdown" and "reboot", but both do not work.
  After launching elogind using an init script, sddm provides "shutdown", "reboot", "suspend" and "hibernate", with all four buttons working as expected.

- SECURITY_SMACK support should be disabled unless activated in the kernel config.

- --with-udevrulesdir should be set.
Comment 1 Sven Eden 2016-11-11 14:22:56 UTC
Created attachment 452984 [details]
elogind-219.12-r7.ebuild

Updated ebuild, fixing all issues mentioned above
Comment 2 Sven Eden 2016-11-11 14:25:10 UTC
Created attachment 452986 [details, diff]
Add missing login1 permissions

This patch, originating from https://github.com/wingo/elogind/pull/4 , adds the requested permissions.

See also: https://github.com/systemd/systemd/issues/471
Comment 3 Sven Eden 2016-11-11 14:25:39 UTC
Created attachment 452988 [details]
elogind.conf file for /etc/conf.d
Comment 4 Sven Eden 2016-11-11 14:26:01 UTC
Created attachment 452990 [details]
elogind init script for /etc/init.d
Comment 5 Sven Eden 2016-11-11 14:26:50 UTC
The update can be tested from my overlay at layman/seden.
Comment 6 David Seifert gentoo-dev 2016-11-12 15:15:36 UTC
Comment on attachment 452984 [details]
elogind-219.12-r7.ebuild

># Copyright 1999-2016 Gentoo Foundation
># Distributed under the terms of the GNU General Public License v2
># $Id$
>
>EAPI=6
>
>inherit autotools eutils linux-info pam udev
>
>DESCRIPTION="The systemd project's logind, extracted to a standalone package"
>HOMEPAGE="https://github.com/wingo/elogind"
>SRC_URI="https://github.com/wingo/elogind/archive/v${PV}.tar.gz -> ${P}.tar.gz"
>
>LICENSE="CC0-1.0 LGPL-2.1+ public-domain"
>SLOT="0"
>KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux"
>IUSE="acl apparmor pam policykit selinux +seccomp"
>
>COMMON_DEPEND="
>	sys-libs/libcap
>	sys-apps/util-linux
>	virtual/libudev:=
>	acl? ( sys-apps/acl )
>	apparmor? ( sys-libs/libapparmor )
>	pam? ( virtual/pam )
>	seccomp? ( sys-libs/libseccomp )
>	selinux? ( sys-libs/libselinux )
>"
>RDEPEND="${COMMON_DEPEND}
>	sys-apps/dbus
>	policykit? ( sys-auth/polkit )
>	!sys-auth/systemd
>"
>DEPEND="${COMMON_DEPEND}
>	dev-util/gperf
>	dev-util/intltool
>	sys-devel/libtool
>	virtual/pkgconfig
>"
>
>DOCS=( NEWS README TODO )

you can nix these, they're part of default einstalldocs set

>PATCHES=(
>	"${FILESDIR}/${PN}-docs.patch"
>	"${FILESDIR}/${PN}-lrt.patch"
>	"${FILESDIR}/${P}-session.patch"
>	"${FILESDIR}/${PN}-add_missing_login1_permissions.patch"
>)
>
>pkg_setup() {
>	if use kernel_linux; then
>		linux-info_pkg_setup
>		if ! linux_config_exists; then
>			ewarn "Can't check the linux kernel configuration."
>		else
>			local missing_count=0
>			if linux_chkconfig_present AUDIT; then
>				ewarn "AUDIT is enabled. If you have problems with the auditing"
>				ewarn "  system creating and closing sessions, then disable it."
>			fi
>			if ! linux_chkconfig_present CGROUPS; then
>				eerror "CGROUPS is not enabled but needed by elogind."
>				eerror " (it is OK to disable all controllers)"
>				missing_count=$((missing_count+1))
>			fi
>			if ! linux_chkconfig_present INOTIFY_USER; then
>				eerror "INOTIFY_USER is not enabled but needed by elogind."
>				missing_count=$((missing_count+1))
>			fi
>			if ! linux_chkconfig_present SIGNALFD; then
>				eerror "SIGNALFD is not enabled but needed by elogind."
>				missing_count=$((missing_count+1))
>			fi
>			if ! linux_chkconfig_present TIMERFD; then
>				eerror "TIMERFD is not enabled but needed by elogind."
>				missing_count=$((missing_count+1))
>			fi
>			if ! linux_chkconfig_present EPOLL; then
>				eerror "EPOLL is not enabled but needed by elogind."
>				missing_count=$((missing_count+1))
>			fi
>			if ! linux_chkconfig_present SECCOMP; then
>				einfo "SECCOMP is not enabled but useful to elogind."
>			fi
>			[ 0 -lt $missing_count ] && die "$missing_count required kernel features are missing."
>		fi
>	fi
>}
>
>src_prepare() {
>	default
>
>	# Makefile.am is patched by
>	# - "${FILESDIR}/${PN}-docs.patch"
>	# - "${FILESDIR}/${PN}-lrt.patch"
>	eautoreconf
>}
>
>src_configure() {
>	local use_smack="--disable-smack"
>	if linux_config_exists && linux_chkconfig_present SECURITY_SMACK; then
>		use_smack="--enable-smack"
>	fi
>
>	econf \
>		--with-pamlibdir=$(getpam_mod_dir) \
>		--with-udevrulesdir="$(get_udevdir)"/rules.d \
>		$(use_enable acl) \
>		$(use_enable apparmor) \
>		$(use_enable pam) \
>		$(use_enable seccomp) \
>		$(use_enable selinux) \
>		$use_smack
>}
>
>src_install() {
>	default
>	prune_libtool_files --modules

If possible, get rid of prune_libtool_files. If the package installs .pc files, you can nix it. You can then also get rid of 'eutils'.

>
>	newinitd "${FILESDIR}"/${PN}.init ${PN}
>	newconfd "${FILESDIR}"/${PN}.conf ${PN}
>}
Comment 7 Sven Eden 2016-11-15 09:52:39 UTC
Created attachment 453370 [details]
elogind-219.12-r8.ebuild

The following updates where made:#

- Remove check for CONFIG_AUDIT
  The auditing system can be a problem with systemd in containers.
  But that is something not possible with elogind.
- Install libraries in /lib* instead of /usr/lib*
  Tools used in early boot, thus before mounting a separate /usr
  partition, like 'ps' need libelogind.so in /lib. (See bug 599504)
- Added a pkg_postinst() message about adding eloging to the
  default runlevel.
- Remove superfluous DOCS array and add a note why we have to
  prune_libtool_files.

@David:
Thank you very much, but unfortunately prune_libtool_files can not be removed as libelogind.so has to be installed in /lib*. install_qa_check doesn't like *.la files in /lib* at all.
It would be great if something like that would be detected automatically, but it isn't. (yet?)
Comment 8 Sven Eden 2016-11-25 12:14:51 UTC
Created attachment 454324 [details]
elogind-219.12-r9.ebuild

The new ebuild fixes a nasty issue I detected when trying to switch to elogind on my Raspberry Pi 3:

The build system uses $(libdir)/pkgconfig as a target for the libelogind.pc file. So as pkg-config does not look into /lib/pkgconfig, it can no longer find libelogind, and all configure phases searching for it fail. (like dbus)

The new revision fixes that by moving libelogind.pc back to /usr/$(get_libdir)/pkgconfig.

Sorry for the inconvenience with the -r8 ebuild.
Comment 9 Sven Eden 2016-12-02 11:19:51 UTC
Created attachment 454904 [details]
Updated init script for elogind

The current version of elogind does not create a run/systemd directory, but needs it to work properly.

The new init script creates the /run/systemd directory first before starting the service.
Comment 10 Sven Eden 2016-12-02 11:20:43 UTC
Created attachment 454906 [details]
elogind-219.12-r10 Revision bump

Revision bump to force the installation of the new init script.
Comment 11 Sven Eden 2016-12-06 08:49:25 UTC
@KDE Team : I think the ebuild is ready now. The issues left are in elogind itself, which is worked upon.
So if you like, you can take over now. The ebuild for elogind itself is not depending on anything but polkit (See Bug 598615) which is ripe for a take-over, too.
Comment 12 Michael Palimaka (kensington) gentoo-dev 2016-12-29 14:00:54 UTC
Shall we move this straight to main tree?  Might be more likely to get traction from other teams that way.
Comment 13 Andreas Sturmlechner gentoo-dev 2017-01-07 12:06:26 UTC
Thanks for your work! This is now in kde overlay.
Comment 14 Sven Eden 2017-01-12 17:24:55 UTC
(In reply to Andreas Sturmlechner from comment #13)
> Thanks for your work! This is now in kde overlay.

Thank you very much!

The ebuild has some impressive simplifications. I like it. :-)

But I have found the following issues / questions:

========
Why was libelogind.so moved back to /usr/lib?

This causes problems with procps (please see bug 599504 ) and as far as I understood it, upstream (systemd) wants boot relevant files to be installed in /lib anyway.

However, the next versions of elogind will have adopted the option --with-rootlibdir.

With the line 
--rootlibdir="${EPREFIX}"/$(get_libdir)
added to econf, all files will then go into the right places.

Until then, the manual move is necessary, at least for users with separate /usr partition.


========
Unfortunately elogind fails to build with dev-util/gperf-3.1

Therefore the dependency must be adapted to =dev-util/gperf-3.0*.
I just found out today, sorry.


========

I have taken the new ebuild and have adapted it to fix above problems. Please have a look.
Comment 15 Sven Eden 2017-01-12 17:30:19 UTC
Created attachment 459802 [details]
elogind-219.12-r11.ebuild

This is basically the new elogind-219.12-r3.ebuild from KDE overlay with the following two changes:

1) The gperf dependency has been changed to =dev-util/gperf-3.0*, because it does not build using gperf-3.1

Note: This also happens with my current elogind-226 dev branch, which is using the exact build system as systemd-226.

2) /bin/ps is used during the start of openrc and fails, because libelogind.so.0 is not found if it was installed in /usr/lib* with /usr being on a separate partition. So the install goes into /lib* and pkgconfig is moved back to /usr/lib* by src_install().

Note: Later versions of elogind will support --with-rootlibdir which will render this manual move unnecessary.
Comment 16 Andreas Sturmlechner gentoo-dev 2017-01-13 23:04:56 UTC
Thanks for pointing out the issues, now fixed in overlay.

In general, please use diffs instead of full ebuilds so your changes can be tracked more easily.
Comment 17 Andreas Sturmlechner gentoo-dev 2017-01-14 19:31:56 UTC
Moved to tree after fixing build with gperf-3.1 using a systemd patch. Sven, you may want to pick that for your dev branch as well.
Comment 18 Sven Eden 2017-01-20 11:23:07 UTC
Created attachment 460732 [details, diff]
fix permissions on /run/systemd

Sorry for not opening a new bug, but this is just a little oversight on my part.
I was sure I had uploaded that already.

Well, the original elogind.init creates a /run/systemd directory, but I made a mistake on the chmod line.

The directory must have 755 permissions not 644 of course.

I am sorry for the inconvenience!