Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 925222 - sys-libs/pam: pam_lastlog is not present on musl systems
Summary: sys-libs/pam: pam_lastlog is not present on musl systems
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo's Team for Core System packages
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-02-22 08:49 UTC by A. Wilcox (awilfox)
Modified: 2024-04-13 17:33 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
build log for sys-libs/pam-1.5.3 on a musl amd64 system (host02-sys-libs-pam-1.5.3.log,438.36 KB, text/plain)
2024-02-22 08:52 UTC, A. Wilcox (awilfox) 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description A. Wilcox (awilfox) 2024-02-22 08:49:35 UTC 
I noticed in the /var/log/auth.log of my musl server:


Feb 22 08:27:29 auth01 sshd[1930]: PAM unable to dlopen(/lib/security/pam_lastlog.so): Error loading shared library /lib/security/pam_lastlog.so: No such file or directory 
Feb 22 08:27:29 auth01 sshd[1930]: PAM adding faulty module: /lib/security/pam_lastlog.so 
Feb 22 08:27:32 auth01 sshd[1930]: Accepted publickey for root from 172.16.11.1 port 59401 ssh2: ED25519 SHA256:Qvj665cWCNZDAGXBPFfpHU99mTflkkj+UN4gaKNh2Ag 
Feb 22 08:27:32 auth01 sshd[1930]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0) 
Feb 22 08:27:33 auth01 sshd[1932]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory 
Feb 22 08:35:35 auth01 sshd[1993]: PAM unable to dlopen(/lib/security/pam_lastlog.so): Error loading shared library /lib/security/pam_lastlog.so: No such file or directory 
Feb 22 08:35:35 auth01 sshd[1993]: PAM adding faulty module: /lib/security/pam_lastlog.so 
Feb 22 08:35:38 auth01 sshd[1993]: Accepted publickey for root from 172.16.11.1 port 59792 ssh2: ED25519 SHA256:Qvj665cWCNZDAGXBPFfpHU99mTflkkj+UN4gaKNh2Ag 
Feb 22 08:35:38 auth01 sshd[1993]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0) 
Feb 22 08:35:39 auth01 sshd[1995]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory 


I realise there is no utmps support (yet) in Gentoo, but I wouldn't expect PAM unable to dlopen errors.  On my glibc server, it is there, but it's missing on musl:


code01 ~ # qfile /lib64/security/pam_lastlog.so
sys-libs/pam: /lib64/security/pam_lastlog.so

auth01 ~ # stat /lib/security/pam_lastlog.so
stat: cannot stat '/lib/security/pam_lastlog.so': No such file or directory


Both are running stable amd64.  musl box:

Portage 3.0.61 (python 3.11.7-final-0, default/linux/amd64/17.0/musl/hardened, gcc-13, musl-1.2.3-r8, 6.6.13-gentoo-dist x86_64)
=================================================================
System uname: Linux-6.6.13-gentoo-dist-x86_64-AMD_EPYC-Rome_Processor-with-libc
KiB Mem:     8133224 total,   7497652 free
KiB Swap:          0 total,         0 free
Timestamp of repository gentoo: Wed, 21 Feb 2024 02:30:00 +0000
Head commit of repository gentoo: 1ae87d3661cf33b77e5216d7f36f7f6346e3f9fb
sh bash 5.1_p16-r6
ld GNU ld (Gentoo 2.41 p5) 2.41.0
app-misc/pax-utils:        1.3.7::gentoo
app-shells/bash:           5.1_p16-r6::gentoo
dev-build/autoconf:        2.71-r6::gentoo
dev-build/automake:        1.16.5-r2::gentoo
dev-build/libtool:         2.4.7-r2::gentoo
dev-build/make:            4.4.1-r1::gentoo
dev-build/meson:           1.3.1-r1::gentoo
dev-java/java-config:      2.3.3-r1::gentoo
dev-lang/perl:             5.38.2-r1::gentoo
dev-lang/python:           3.11.7::gentoo, 3.12.1_p1::gentoo
sys-apps/baselayout:       2.14-r2::gentoo
sys-apps/openrc:           0.53::gentoo
sys-apps/sandbox:          2.38::gentoo
sys-devel/binutils:        2.41-r5::gentoo
sys-devel/binutils-config: 5.5::gentoo
sys-devel/gcc:             13.2.1_p20240113-r1::gentoo
sys-devel/gcc-config:      2.11::gentoo
sys-kernel/linux-headers:  6.6::gentoo (virtual/os-headers)
sys-libs/musl:             1.2.3-r8::gentoo
Repositories:

gentoo
    location: /var/db/repos/gentoo
    sync-type: rsync
    sync-uri: rsync://rsync.gentoo.org/gentoo-portage
    priority: -1000
    volatile: False
    sync-rsync-extra-opts: 
    sync-rsync-verify-jobs: 1
    sync-rsync-verify-max-age: 3
    sync-rsync-verify-metamanifest: yes

Binary Repositories:

gentoobinhost
    priority: 1
    sync-uri: https://gentoo.osuosl.org/releases/amd64/binpackages/17.1/x86-64_musl_hardened

ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="@FREE @FREE linux-fw-redistributable"
CBUILD="x86_64-gentoo-linux-musl"
CFLAGS="-O2 -pipe -march=native"
CHOST="x86_64-gentoo-linux-musl"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -pipe -march=native"
DISTDIR="/var/cache/distfiles"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME"
FCFLAGS="-O2 -pipe -march=native"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs binpkg-multi-instance buildpkg-live candy config-protect-if-modified distlocks downgrade-backup ebuild-locks fixlafiles ipc-sandbox merge-sync network-sandbox news noinfo parallel-fetch pid-sandbox pkgdir-index-trusted preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms splitdebug strict unknown-features-warn unmerge-backup unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe -march=native"
GENTOO_MIRRORS="https://ftp.lysator.liu.se/gentoo/"
INSTALL_MASK="charset.alias /usr/share/locale/locale.alias"
LANG="C.UTF8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LEX="flex"
MAKEOPTS="-j8"
PKGDIR="/var/cache/binpkgs"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
SHELL="/bin/bash"
USE="acl amd64 bzip2 cet cli crypt dri fortran hardened iconv ipv6 libedit libtirpc ncurses openmp pam pcre pic pie seccomp split-usr ssl ssp test-rust unicode verify-sig xattr xtpax zlib" ABI_X86="64" ADA_TARGET="gnat_2021" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_anon authn_dbm authn_file authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir env expires ext_filter file_cache filter headers include info log_config logio mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt rdrand sha sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3" ELIBC="musl" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 ntrip navcom oceanserver oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 tsip tripmate tnt ublox" GRUB_PLATFORMS="pc" INPUT_DEVICES="libinput" KERNEL="linux" LCD_DEVICES="bayrad cfontz glk hd44780 lb216 lcdm001 mtxorb text" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php8-1" POSTGRES_TARGETS="postgres15" PYTHON_SINGLE_TARGET="python3_11" PYTHON_TARGETS="python3_11" RUBY_TARGETS="ruby31" VIDEO_CARDS="amdgpu fbdev intel nouveau radeon radeonsi vesa dummy" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipp2p iface geoip fuzzy condition tarpit sysrq proto logmark ipmark dhcpmac delude chaos account"
Unset:  ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EMERGE_DEFAULT_OPTS, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, LC_ALL, LD, LFLAGS, LIBTOOL, LINGUAS, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PYTHONPATH, RANLIB, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS


glibc box:

Portage 3.0.61 (python 3.11.7-final-0, default/linux/amd64/17.1, gcc-13, glibc-2.38-r10, 5.10.27-gentoo-x86_64 x86_64)
=================================================================
System uname: Linux-5.10.27-gentoo-x86_64-x86_64-AMD_EPYC_7601_32-Core_Processor-with-glibc2.38
KiB Mem:     8150868 total,    153828 free
KiB Swap:     524284 total,       332 free
Timestamp of repository gentoo: Fri, 16 Feb 2024 07:00:01 +0000
Head commit of repository gentoo: 662989ac5bf92f3110b4f5fa93d9ec644eb4dccc
sh bash 5.1_p16-r6
ld GNU ld (Gentoo 2.41 p4) 2.41.0
app-misc/pax-utils:        1.3.7::gentoo
app-shells/bash:           5.1_p16-r6::gentoo
dev-build/autoconf:        2.71-r6::gentoo
dev-build/automake:        1.16.5-r2::gentoo
dev-build/cmake:           3.27.9::gentoo
dev-build/libtool:         2.4.7-r1::gentoo
dev-build/make:            4.4.1-r1::gentoo
dev-build/meson:           1.3.0-r2::gentoo
dev-lang/perl:             5.38.2-r1::gentoo
dev-lang/python:           3.11.7::gentoo, 3.12.1_p1::gentoo
sys-apps/baselayout:       2.14-r2::gentoo
sys-apps/openrc:           0.53::gentoo
sys-apps/sandbox:          2.38::gentoo
sys-devel/binutils:        2.41-r3::gentoo
sys-devel/binutils-config: 5.5::gentoo
sys-devel/gcc:             13.2.1_p20230826::gentoo
sys-devel/gcc-config:      2.11::gentoo
sys-kernel/linux-headers:  6.6::gentoo (virtual/os-headers)
sys-libs/glibc:            2.38-r10::gentoo
Repositories:

gentoo
    location: /var/db/repos/gentoo
    sync-type: rsync
    sync-uri: rsync://rsync.gentoo.org/gentoo-portage
    priority: -1000
    volatile: False
    sync-rsync-verify-max-age: 24
    sync-rsync-verify-jobs: 1
    sync-rsync-verify-metamanifest: yes
    sync-rsync-extra-opts: 

ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=native -frecord-gcc-switches"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -pipe -march=native -frecord-gcc-switches"
DISTDIR="/var/cache/distfiles"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildpkg-live candy config-protect-if-modified distlocks downgrade-backup ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news noinfo parallel-fetch pid-sandbox pkgdir-index-trusted preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms splitdebug strict test unknown-features-warn unmerge-backup unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://mirrors.rit.edu/gentoo/"
LANG="C.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LEX="flex"
MAKEOPTS="-j2"
PKGDIR="/var/cache/binpkgs"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
SHELL="/bin/bash"
USE="acl amd64 bzip2 cli crypt dri fortran gdbm iconv ipv6 libtirpc multilib ncurses nls openmp pam pcre readline seccomp split-usr ssl test test-rust unicode xattr zlib" ABI_X86="64" ADA_TARGET="gnat_2021" APACHE2_MODULES="access_compat actions alias auth_basic authn_alias authn_anon authn_core authn_dbm authn_file authz_core authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir env expires ext_filter file_cache filter headers include info log_config logio md mime mime_magic negotiation proxy proxy_http rewrite setenvif socache_shmcb speling status unique_id unixd userdir usertrack vhost_alias watchdog" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt rdrand sha sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 ntrip navcom oceanserver oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 tsip tripmate tnt ublox" INPUT_DEVICES="libinput" KERNEL="linux" LCD_DEVICES="bayrad cfontz glk hd44780 lb216 lcdm001 mtxorb text" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php8-1" POSTGRES_TARGETS="postgres15" PYTHON_SINGLE_TARGET="python3_11" PYTHON_TARGETS="python3_11" RUBY_TARGETS="ruby31" VIDEO_CARDS="amdgpu fbdev intel nouveau radeon radeonsi vesa dummy" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipp2p iface geoip fuzzy condition tarpit sysrq proto logmark ipmark dhcpmac delude chaos account"
Unset:  ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EMERGE_DEFAULT_OPTS, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LFLAGS, LIBTOOL, LINGUAS, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PYTHONPATH, RANLIB, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS


Both are using pam 1.5.3 with default USE:

code01 ~ # eix -I sys-libs/pam
[I] sys-libs/pam
     Available versions:  1.5.3 ~1.5.3-r1 {audit berkdb debug +filecaps nis selinux split-usr ABI_MIPS="n32 n64 o32" ABI_S390="32 64" ABI_X86="32 64 x32"}
     Installed versions:  1.5.3(04:58:12 11/29/23)(filecaps split-usr -audit -berkdb -debug -nis -selinux ABI_MIPS="-n32 -n64 -o32" ABI_S390="-32 -64" ABI_X86="64 -32 -x32")
     Homepage:            https://github.com/linux-pam/linux-pam
     Description:         Linux-PAM (Pluggable Authentication Modules)

auth01 ~ # eix -I sys-libs/pam
[I] sys-libs/pam
     Available versions:  1.5.3 ~1.5.3-r1 {audit berkdb debug +filecaps nis selinux split-usr ABI_MIPS="n32 n64 o32" ABI_S390="32 64" ABI_X86="32 64 x32"}
     Installed versions:  1.5.3(14:42:45 01/16/24)(split-usr -audit -berkdb -debug -filecaps -nis -selinux ABI_MIPS="-n32 -n64 -o32" ABI_S390="-32 -64" ABI_X86="64 -32 -x32")
     Homepage:            https://github.com/linux-pam/linux-pam
     Description:         Linux-PAM (Pluggable Authentication Modules)


Note that auth01 (the musl box)'s installed version is actually the date the stage was built; I have never merged it myself there.

Since the ebuild explicitly calls --enable-lastlog, I guess it's some issue with their build system.  I haven't build-tested it yet because this system doesn't have an external connection to the network, but I'll try on a different musl amd64 and post the build log.
Comment 1 A. Wilcox (awilfox) 2024-02-22 08:52:59 UTC 
Created attachment 885673 [details]
build log for sys-libs/pam-1.5.3 on a musl amd64 system

Indeed, --enable-lastlog is passed, lastlog.h is correctly seen by configure, and it installs the man page.. but never builds the module.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-02-22 08:53:35 UTC 
I remember noticing this a while ago now you say it..
Comment 3 Mike Gilbert gentoo-dev 2024-02-22 15:49:43 UTC 
configure checks for the logwtmp function, and silently disables lastlog if the function is not available.

https://github.com/linux-pam/linux-pam/blob/v1.6.0/configure.ac#L760

musl does not provide logwtmp.
Comment 4 2857 2024-04-13 17:33:06 UTC 
also stubmled upon this. It seems Adelie Linux has some progress?

https://git.adelielinux.org/adelie/packages/-/blob/current/system/procps/use-utmpx.patch