* QA Notice: the following files are outside of the prefix: * /usr * /usr/lib64 * /usr/lib64/libpam.la * /usr/lib64/libpamc.so.0 * /usr/lib64/libpam_misc.so.0.82.1 * /usr/lib64/libpamc.so.0.82.1 * /usr/lib64/libpam_misc.so * /usr/lib64/libpam.so.0.85.1 * /usr/lib64/libpam_misc.la * /usr/lib64/libpam.so * /usr/lib64/libpamc.la * /usr/lib64/libpamc.so * /usr/lib64/libpam.so.0 * /usr/lib64/libpam_misc.so.0 * /usr/include * /usr/include/security ... * /lib64/security/pam_faillock.la * /lib64/security/pam_group.la * /lib64/security/pam_shells.so * /lib64/security/pam_echo.la * /lib64/security/pam_access.la * /lib64/security/pam_unix.so * /lib64/security/pam_wheel.la * /lib64/security/pam_localuser.la * /lib64/security/pam_motd.la * /lib64/security/pam_stress.so * /lib64/security/pam_mail.so This is curious since the subject pam is presently installed with USE=berkdb [I] sys-libs/pam Available versions: 1.5.1 {audit berkdb debug +filecaps nis selinux split-usr ABI_MIPS="n32 n64 o32" ABI_S390="32 64" ABI_X86="32 64 x32"} Installed versions: 1.5.1(08:07:25 PM 01/14/2021)(berkdb filecaps split-usr -audit -debug -nis -selinux ABI_MIPS="-n32 -n64 -o32" ABI_S390="-32 -64" ABI_X86="64 -32 -x32") Homepage: https://github.com/linux-pam/linux-pam Description: Linux-PAM (Pluggable Authentication Modules) Perhaps an eclass has changed? See https://bugs.gentoo.org/709924 for a similar issue.
Created attachment 720864 [details] build.log
Yeah, an eclass changed to remove Prefix support. It wasn't strictly necessary to remove it, but I did understand that AFAIK, there's no point in using PAM on Prefix anyway. What's pulling it in on your system?
(In reply to Sam James from comment #2) > Yeah, an eclass changed to remove Prefix support. It wasn't strictly > necessary to remove it, but I did understand that AFAIK, there's no point in > using PAM on Prefix anyway. > > What's pulling it in on your system? $ equery d sys-libs/pam * These packages depend on pam: net-print/cups-2.3.3_p2-r2 (pam ? sys-libs/pam) sys-apps/util-linux-2.37 (pam ? sys-libs/pam) sys-auth/pambase-20210201.1 (>=sys-libs/pam-1.4.0) (pam_krb5 ? >=sys-libs/pam-1.4.0) (selinux ? sys-libs/pam[selinux]) (sha512 ? >=sys-libs/pam-1.4.0) sys-auth/passwdqc-2.0.2-r1 (sys-libs/pam) sys-libs/libcap-2.51 (pam ? sys-libs/pam[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_s390_32(-)?,abi_s390_64(-)?]) Perhaps build with USE=-pam? I don't have USE=pam enabled anywhere.
(In reply to Steven Trogdon from comment #3) > (In reply to Sam James from comment #2) > > Yeah, an eclass changed to remove Prefix support. It wasn't strictly > > necessary to remove it, but I did understand that AFAIK, there's no point in > > using PAM on Prefix anyway. > > > > What's pulling it in on your system? > > $ equery d sys-libs/pam > * These packages depend on pam: > net-print/cups-2.3.3_p2-r2 (pam ? sys-libs/pam) > sys-apps/util-linux-2.37 (pam ? sys-libs/pam) > sys-auth/pambase-20210201.1 (>=sys-libs/pam-1.4.0) > (pam_krb5 ? >=sys-libs/pam-1.4.0) > (selinux ? sys-libs/pam[selinux]) > (sha512 ? >=sys-libs/pam-1.4.0) > sys-auth/passwdqc-2.0.2-r1 (sys-libs/pam) > sys-libs/libcap-2.51 (pam ? > sys-libs/pam[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?, > abi_mips_n64(-)?,abi_mips_o32(-)?,abi_s390_32(-)?,abi_s390_64(-)?]) > > Perhaps build with USE=-pam? I don't have USE=pam enabled anywhere. For stuff like this, avoid relying on equery d because it approximates. Let's try: emerge -avc sys-libs/pam.
It may be that nothing really depends on pam. Only sys-auth/passwdqc depends explicitly on it and I don't see where passwdqc is used. I'm sure something needed this stuff at one time. I would not install pam on purpose.
(In reply to Steven Trogdon from comment #5) > It may be that nothing really depends on pam. Only sys-auth/passwdqc depends > explicitly on it and I don't see where passwdqc is used. I'm sure something > needed this stuff at one time. I would not install pam on purpose. I'm sure, that's why I was wondering what emerge -avc said, so we could figure it out ;)
Thanks, as I suspected $ emerge -avc sys-libs/pam Calculating dependencies... done! sys-libs/pam-1.5.1 pulled in by: sys-auth/pambase-20210201.1 requires >=sys-libs/pam-1.4.0 sys-auth/passwdqc-2.0.2-r1 requires sys-libs/pam >>> No packages selected for removal by depclean Packages installed: 761 Packages in world: 78 Packages in system: 33 Required packages: 761 Number removed: 0
(In reply to Steven Trogdon from comment #7) > Thanks, as I suspected > > $ emerge -avc sys-libs/pam > > Calculating dependencies... done! > sys-libs/pam-1.5.1 pulled in by: > sys-auth/pambase-20210201.1 requires >=sys-libs/pam-1.4.0 > sys-auth/passwdqc-2.0.2-r1 requires sys-libs/pam > > >>> No packages selected for removal by depclean > Packages installed: 761 > Packages in world: 78 > Packages in system: 33 > Required packages: 761 > Number removed: 0 Okay, next step... emerge -avc sys-libs/pam sys-auth/pambase sys-auth/passwdqc (I think you get the idea.) Something is naughtily dragging in PAM and we're going to investigate it and figure out what, then fix the ebuild(s).
$ emerge -avc sys-libs/pam sys-auth/pambase sys-auth/passwdqc Calculating dependencies... done! >>> Calculating removal order... >>> These are the packages that would be unmerged: sys-auth/pambase selected: 20210201.1 protected: none omitted: none sys-auth/passwdqc selected: 2.0.2-r1 protected: none omitted: none sys-libs/pam selected: 1.5.1 protected: none omitted: none All selected packages: =sys-auth/passwdqc-2.0.2-r1 =sys-libs/pam-1.5.1 =sys-auth/pambase-20210201.1 >>> 'Selected' packages are slated for removal. >>> 'Protected' and 'omitted' packages will not be removed. Would you like to unmerge these packages? [Yes/No] I removed them without incident - world seems OK. Not sure what pulled all this in initially. It's been in place since 1/14/21. The berkdb useflag changed and a rebuild of sys-libs/pam with USE=-berkdb was required when updating world. Otherwise, it would have gone unnoticed until a pam upgrade. The last world upgrade was on 6/25/21.
My suspicion is that cups-2.3.3-r1 was the culprit. Perhaps the pam useflag was not disabled for Prefix then. From my logs, immediately after the pam stuff is installed there is an attempt to build cups-2.3.3-r1. It actually failed so I can't be sure.
(In reply to Steven Trogdon from comment #9) > $ emerge -avc sys-libs/pam sys-auth/pambase sys-auth/passwdqc > > Calculating dependencies... done! > >>> Calculating removal order... > > >>> These are the packages that would be unmerged: > > sys-auth/pambase > selected: 20210201.1 > protected: none > omitted: none > > sys-auth/passwdqc > selected: 2.0.2-r1 > protected: none > omitted: none > > sys-libs/pam > selected: 1.5.1 > protected: none > omitted: none > > All selected packages: =sys-auth/passwdqc-2.0.2-r1 =sys-libs/pam-1.5.1 > =sys-auth/pambase-20210201.1 > > >>> 'Selected' packages are slated for removal. > >>> 'Protected' and 'omitted' packages will not be removed. > > Would you like to unmerge these packages? [Yes/No] > > I removed them without incident - world seems OK. Not sure what pulled all > this in initially. It's been in place since 1/14/21. The berkdb useflag > changed and a rebuild of sys-libs/pam with USE=-berkdb was required when > updating world. Otherwise, it would have gone unnoticed until a pam upgrade. > The last world upgrade was on 6/25/21. This feels weird. If nothing needed them, then it makes me wonder if you're running emerge -avc (depclean) after every world upgrade? Did it say "removing from world file"?
(In reply to Sam James from comment #11) > (In reply to Steven Trogdon from comment #9) > > This feels weird. If nothing needed them, then it makes me wonder if > running emerge -avc (depclean) after every world upgrade? > > Did it say "removing from world file"? No it didn't see that. It's possible that something installed was not in my world file. I usually don't do emerge -avc after an upgrade. The only thing I can offer is that after emerge --sync and emerge -puDN world the 3 associated PAM packages were installed before an attempt to install the above cups. This was the first time the 3 PAM packages were installed.
(In reply to Steven Trogdon from comment #12) > (In reply to Sam James from comment #11) > > (In reply to Steven Trogdon from comment #9) > > > > This feels weird. If nothing needed them, then it makes me wonder if > > running emerge -avc (depclean) after every world upgrade? > > > > Did it say "removing from world file"? > > No it didn't see that. It's possible that something installed was not in my > world file. I usually don't do emerge -avc after an upgrade. The only thing > I can offer is that after emerge --sync and emerge -puDN world the 3 > associated PAM packages were installed before an attempt to install the > above cups. This was the first time the 3 PAM packages were installed. OK, thanks for the info. We should probably mask these packages as a precaution on Prefix anyway. You should be running emerge -avc after upgrades (emerge will tell you to!) though.
I just hit this issue as net-misc/tigervnc[server] pulls in sys-libs/pam. This flag is enabled by default. I just manually disabled it as a workaround.
(In reply to Nick Bowler from comment #14) > I just manually disabled it as a workaround. Or at least that would have been a workaround if net-misc/tigervnc[-server] actually compiled without pam installed, which it doesn't: bug #852830
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a0d4d015b1ad0bde56e3ca91deec3636d2025944 commit a0d4d015b1ad0bde56e3ca91deec3636d2025944 Author: Atharva <atharvaamritkar@protonmail.com> AuthorDate: 2022-06-11 08:18:22 +0000 Commit: Guilherme Amadio <amadio@gentoo.org> CommitDate: 2022-06-27 15:00:00 +0000 sys-libs/pam: add back prefix support Bug: https://bugs.gentoo.org/695966 Closes: https://bugs.gentoo.org/799803 Fixes: 0c59c9cbfc8f371bc2efa2835c3977cc39f59be3 Signed-off-by: Atharva <atharvaamritkar@protonmail.com> Signed-off-by: Guilherme Amadio <amadio@gentoo.org> sys-libs/pam/pam-1.5.2-r1.ebuild | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
