Summary: | sys-libs/pam: update occurs before sys-auth/pambase, causing PAM authentication failures with now non-existent modules | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | calimeroteknik |
Component: | Current packages | Assignee: | Mikle Kolyada (RETIRED) <zlogene> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | dev-portage, sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 40127 | ||
Bug Blocks: |
Description
calimeroteknik
2020-10-12 19:36:40 UTC
A way to avoid this sort of scenario was suggested: merging pam and pambase. I talked about this with Zlogene and we're not really sure how this could be avoided. There are only two options: 1) Forcing an upgrade somehow immediately before/after pam 2) Merging them into the same package (which has been considered for other reasons in the past) I'll CC portage-dev in case they have any ideas on how to do 1) here but in some sense, this is an unavoidable problem. If you were running the update in e.g. screen or tmux, and the update was allowed to finish, you would be fine. Interrupting updates in general is not a solved problem in Gentoo. I think I have heard something like libostree could somehow solve that, but we're not using that right now. To clarify, I was running this in a screen but was worried that if the build of another package failed for whatever reason, emerge would exit between the updates of pam and pambase, leaving the system in that state. This is, however, exactly the reason I pass --keep-going to emerge. (In reply to Sam James from comment #2) > If you were running the update in e.g. screen or tmux, and the update was > allowed to finish, you would be fine. Interrupting updates in general is not > a solved problem in Gentoo. I solve this for myself by creating a btrfs subvolume snapshot of my root filesystem, updating the snapshot in a chroot, and then rebooting into the updated snapshot. > I think I have heard something like libostree could somehow solve that, but > we're not using that right now. That would be very simliar to my btrfs approach. The user has to reboot into the new image, which is a much different user experience than the sort of in-place update that can temporarily break PAM authentication. |