717150 – sys-auth/pambase-20200304 incorrectly refers to an non-existent file /lib64/security/pam_systemd.so

Bug 717150 - sys-auth/pambase-20200304 incorrectly refers to an non-existent file /lib64/security/pam_systemd.so

Summary: sys-auth/pambase-20200304 incorrectly refers to an non-existent file /lib64/s...

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Mikle Kolyada (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2020-04-11 21:18 UTC by devsk
Modified:	2020-04-17 04:01 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description devsk 2020-04-11 21:18:00 UTC

This system does not have systemd, so USE=-systemd below:

# emerge -pv1O pambase

These are the packages that would be merged, in order:

[ebuild   R    ] sys-auth/pambase-20200304::gentoo  USE="consolekit cracklib nullok sha512 -caps -debug -elogind -minimal -mktemp -pam_krb5 -pam_ssh -passwdqc -securetty (-selinux) -systemd" 0 KiB


I keep seeing repeated messages filling up my /var/log/messages:

crond[4637]: PAM unable to dlopen(/lib64/security/pam_systemd.so): /lib64/security/pam_systemd.so: cannot open shared object file: No such file or directory


Reproducible: Always

Steps to Reproduce:
1. emerge -1v pambase with a system-wide USE flags containing -systemd
2. Look at /var/log/messages
3.
Actual Results:  
Tons of messages like the above.

Expected Results:  
No messages from pam.

Comment 1 devsk 2020-04-11 21:20:21 UTC

The same thing is done by x11-misc/sddm-0.18.1-r1 as well. It has /etc/pam.d/sddm-greeter which refers pam_systemd.so

Let's fix that one too.

Comment 2 devsk 2020-04-11 21:24:30 UTC

Its this line that should be removed:

# grep systemd /etc/pam.d/system-auth
session         optional        pam_systemd.so

I know both of these packages mark it optional and its not causing any breakage, but I don't want to see that message pollute /var/log/messages

Comment 3 Arfrever Frehtes Taifersar Arahesis 2020-04-17 01:01:49 UTC

pam.d(5) man page says:
"""
If the type value from the list above is prepended with a - character the PAM library will not log to the system log if it is not possible to load the module because it is missing in the system. This can be useful especially for modules which are not always installed on the system and are not required for correct authentication and authorization of the login session.
"""


Source code of pambase looks correct.
Makefile (https://github.com/gentoo/pambase/blob/master/Makefile) contains:
ifeq "$(SYSTEMD)" "yes"
PAMFLAGS += -DHAVE_SYSTEMD=1
endif

system-auth.in (https://github.com/gentoo/pambase/blob/master/system-auth.in) contains:
#if HAVE_SYSTEMD
-session        optional        pam_systemd.so
#endif

So /etc/pam.d/system-auth with USE="-systemd" has no entry for pam_systemd.so at all, while with USE="systemd" it has entry starting with "-" character.


Maybe you copied configuration files from another system with systemd, and made mistakes when manually editing these files.

Comment 4 devsk 2020-04-17 04:01:01 UTC

Closing this as invalid. I think this line got added there when I had temporarily tried systemd long time ago (2016?) and before the code you see above (which would have created it with "-" in front), and then, it just kept getting merged forward with cfg-update somehow.

Somehow, re-emerging sddm with elogind (I finally moved to elogind yesterday) also fixed the sddm file in pam.d....:-) So, its all good.