pambase update broke logins. Artix overall administrability enhancement.

Topic: pambase update broke logins. Artix overall administrability enhancement. (Read 1210 times) previous topic - next topic

0 Members and 1 Guest are viewing this topic.

pambase update broke logins. Artix overall administrability enhancement.

01 September 2020, 22:11:52

Hey,

so today I rebooted and wasn't able to log back in.
sddm, which is configured to autologin, was stuck on a black screen with mouse and tty login just said the password was wrong...
I booted a live system. I have a cron job running pacman -Syu every couple days and since I didn't change anything, I looked at the pacman log from cron. (I know, that running pacman like that is officially unsupported, but I'd argue, this wasn't really the problem here.)

Code: [Select]

Subject: fcron <systab@arctic> ionice -c 2 -n 7 pacman --noprogressbar --noconfirm -Syu
Content-Type: text/plain; charset=ANSI_X3.4-1968
Auto-Submitted: auto-generated
X-Cron-Env: <USER=root>
X-Cron-Env: <LOGNAME=root>
X-Cron-Env: <HOME=/root>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <SHELL=/usr/bin/sh>
Status: RO
Content-Length: 16598
Lines: 352

:: Synchronizing package databases...
downloading system.db...
downloading world.db...
downloading galaxy.db...
downloading extra.db...
downloading community.db...
downloading multilib.db...
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...

Packages (93) amd-ucode-20200817.7a30af1-1  aqbanking-6.2.2-1  archlinux-keyring-20200820-1  bash-5.0.018-1  binutils-2.35-1  ca-certificates-mozilla-3.56-1  cmake-3.18.2-1  cups-2.3.3-3  curl-7.72.0-2  fuse-common-3.9.3-1  fuse3-3.9.3-1  gcc-10.2.0-1  gcc-fortran-10.2.0-1  gcc-libs-10.2.0-1  gdm-3.36.3-6  glib2-2.64.5-1  glib2-docs-2.64.5-1  glibc-2.32-2  gnucash-4.1-1  gnucash-docs-4.1-1  hwids-20200813.1-1  iana-etc-20200812-1  intel-gmmlib-20.2.4-1  iputils-20190709-3  kbd-2.3.0-2  ldb-1:2.1.4-1  lib32-amdvlk-2020.Q3.4-1  lib32-gcc-libs-10.2.0-1  lib32-glib2-2.64.5-1  lib32-glibc-2.32-2  lib32-libx11-1.6.11-1  lib32-mesa-20.1.6-1  lib32-nspr-4.28-1  lib32-nss-3.56-1  lib32-p11-kit-0.23.21-1  lib32-pango-1:1.46.1-1  lib32-systemd-246.2-1  libcap-2.42-1  libcups-2.3.3-3  libgdm-3.36.3-6  libinput-1.16.1-1  libmm-glib-1.14.2-1  libnm-1.26.2-1  libnsl-1.3.0-1  libp11-kit-0.23.21-1  libpipeline-1.5.3-1  libpurple-2.14.1-3  libreoffice-still-6.4.6-1  libreoffice-still-de-6.4.6-1  libtool-2.4.6+42+gb88cebd5-14  libutil-linux-2.36-2  libva-mesa-driver-20.1.6-1  libxcrypt-4.4.16-3  linux-5.8.3.artix1-1  linux-api-headers-5.7-1  linux-firmware-20200817.7a30af1-1  linux-lts-5.4.60-1  man-pages-5.08-1  mesa-20.1.6-1  mesa-vdpau-20.1.6-1  mpfr-4.1.0-1  mpg123-1.26.3-2  nano-5.1-1  neomutt-20200821-1  networkmanager-1.26.2-1  ninja-1.10.1-1  nspr-4.28-1  nss-3.56-1  nvidia-utils-450.66-1  openbsd-netcat-1.217_2-1  openexr-2.5.3-1  p11-kit-0.23.21-1  pam-1.4.0-3  pambase-20200721.1-2  pango-1:1.46.1-1  perl-libwww-6.47-1  pidgin-2.14.1-3  python-dephell-argparse-0.1.3-1  remmina-1:1.4.8-1  rhash-1.4.0-1  rrdtool-1.7.2-5.1  sddm-0.18.1-3  seabios-1.14.0-1  smbclient-4.12.6-1  sqlite-3.33.0-1  sysstat-12.4.0-1  telegram-desktop-2.3.0-2  thin-provisioning-tools-0.9.0-1  util-linux-2.36-2  vlc-3.0.11.1-2  xfce4-weather-plugin-0.10.1-2  xfsprogs-5.7.0-3  zathura-0.4.6-1

Total Download Size:    804.55 MiB
Total Installed Size:  2747.92 MiB
Net Upgrade Size:        15.52 MiB

:: Proceed with installation? [Y/n] 
:: Retrieving packages...
downloading amd-ucode-20200817.7a30af1-1-any.pkg.tar.zst...
downloading linux-api-headers-5.7-1-any.pkg.tar.zst...
downloading iana-etc-20200812-1-any.pkg.tar.zst...
downloading glibc-2.32-2-x86_64.pkg.tar.zst...
downloading gcc-libs-10.2.0-1-x86_64.pkg.tar.zst...
downloading bash-5.0.018-1-x86_64.pkg.tar.zst...
downloading libp11-kit-0.23.21-1-x86_64.pkg.tar.zst...
downloading libcap-2.42-1-x86_64.pkg.tar.zst...
downloading p11-kit-0.23.21-1-x86_64.pkg.tar.zst...
downloading libutil-linux-2.36-2-x86_64.pkg.tar.zst...
downloading libnsl-1.3.0-1-x86_64.pkg.tar.zst...
downloading ca-certificates-mozilla-3.56-1-x86_64.pkg.tar.zst...
downloading curl-7.72.0-2-x86_64.pkg.tar.zst...
downloading glib2-2.64.5-1-x86_64.pkg.tar.zst...
downloading archlinux-keyring-20200820-1-any.pkg.tar.zst...
downloading sqlite-3.33.0-1-x86_64.pkg.tar.zst...
downloading binutils-2.35-1-x86_64.pkg.tar.zst...
downloading pambase-20200721.1-2-any.pkg.tar.zst...
downloading pam-1.4.0-3-x86_64.pkg.tar.zst...
downloading libxcrypt-4.4.16-3-x86_64.pkg.tar.zst...
downloading hwids-20200813.1-1-any.pkg.tar.zst...
downloading kbd-2.3.0-2-x86_64.pkg.tar.zst...
downloading util-linux-2.36-2-x86_64.pkg.tar.zst...
downloading nspr-4.28-1-x86_64.pkg.tar.zst...
downloading nss-3.56-1-x86_64.pkg.tar.zst...
downloading libtool-2.4.6+42+gb88cebd5-14-x86_64.pkg.tar.zst...
downloading mpfr-4.1.0-1-x86_64.pkg.tar.zst...
downloading gcc-10.2.0-1-x86_64.pkg.tar.zst...
downloading gcc-fortran-10.2.0-1-x86_64.pkg.tar.zst...
downloading xfsprogs-5.7.0-3-x86_64.pkg.tar.zst...
downloading thin-provisioning-tools-0.9.0-1-x86_64.pkg.tar.zst...
downloading glib2-docs-2.64.5-1-x86_64.pkg.tar.zst...
downloading iputils-20190709-3-x86_64.pkg.tar.zst...
downloading lib32-glibc-2.32-2-x86_64.pkg.tar.zst...
downloading lib32-gcc-libs-10.2.0-1-x86_64.pkg.tar.zst...
downloading libpipeline-1.5.3-1-x86_64.pkg.tar.zst...
downloading linux-5.8.3.artix1-1-x86_64.pkg.tar.zst...
downloading linux-firmware-20200817.7a30af1-1-any.pkg.tar.zst...
downloading linux-lts-5.4.60-1-x86_64.pkg.tar.zst...
downloading man-pages-5.08-1-any.pkg.tar.zst...
downloading nano-5.1-1-x86_64.pkg.tar.zst...
downloading rhash-1.4.0-1-x86_64.pkg.tar.zst...
downloading cmake-3.18.2-1-x86_64.pkg.tar.zst...
downloading libcups-2.3.3-3-x86_64.pkg.tar.zst...
downloading cups-2.3.3-3-x86_64.pkg.tar.zst...
downloading fuse-common-3.9.3-1-x86_64.pkg.tar.zst...
downloading fuse3-3.9.3-1-x86_64.pkg.tar.zst...
downloading libgdm-3.36.3-6-x86_64.pkg.tar.zst...
downloading mesa-20.1.6-1-x86_64.pkg.tar.zst...
downloading libinput-1.16.1-1-x86_64.pkg.tar.zst...
downloading nvidia-utils-450.66-1-x86_64.pkg.tar.zst...
downloading pango-1:1.46.1-1-x86_64.pkg.tar.zst...
downloading libnm-1.26.2-1-x86_64.pkg.tar.zst...
downloading libmm-glib-1.14.2-1-x86_64.pkg.tar.zst...
downloading gdm-3.36.3-6-x86_64.pkg.tar.zst...
downloading ldb-1:2.1.4-1-x86_64.pkg.tar.zst...
downloading libpurple-2.14.1-3-x86_64.pkg.tar.zst...
downloading libva-mesa-driver-20.1.6-1-x86_64.pkg.tar.zst...
downloading mesa-vdpau-20.1.6-1-x86_64.pkg.tar.zst...
downloading mpg123-1.26.3-2-x86_64.pkg.tar.zst...
downloading networkmanager-1.26.2-1-x86_64.pkg.tar.zst...
downloading openexr-2.5.3-1-x86_64.pkg.tar.zst...
downloading perl-libwww-6.47-1-any.pkg.tar.zst...
downloading pidgin-2.14.1-3-x86_64.pkg.tar.zst...
downloading rrdtool-1.7.2-5.1-x86_64.pkg.tar.zst...
downloading sddm-0.18.1-3-x86_64.pkg.tar.zst...
downloading seabios-1.14.0-1-any.pkg.tar.zst...
downloading smbclient-4.12.6-1-x86_64.pkg.tar.zst...
downloading vlc-3.0.11.1-2-x86_64.pkg.tar.zst...
downloading xfce4-weather-plugin-0.10.1-2-x86_64.pkg.tar.zst...
downloading intel-gmmlib-20.2.4-1-x86_64.pkg.tar.zst...
downloading ninja-1.10.1-1-x86_64.pkg.tar.zst...
downloading python-dephell-argparse-0.1.3-1-any.pkg.tar.zst...
downloading libreoffice-still-6.4.6-1-x86_64.pkg.tar.zst...
downloading libreoffice-still-de-6.4.6-1-any.pkg.tar.zst...
downloading aqbanking-6.2.2-1-x86_64.pkg.tar.zst...
downloading gnucash-4.1-1-x86_64.pkg.tar.zst...
downloading gnucash-docs-4.1-1-any.pkg.tar.zst...
downloading neomutt-20200821-1-x86_64.pkg.tar.zst...
downloading openbsd-netcat-1.217_2-1-x86_64.pkg.tar.zst...
downloading remmina-1:1.4.8-1-x86_64.pkg.tar.zst...
downloading sysstat-12.4.0-1-x86_64.pkg.tar.zst...
downloading telegram-desktop-2.3.0-2-x86_64.pkg.tar.zst...
downloading zathura-0.4.6-1-x86_64.pkg.tar.zst...
downloading lib32-amdvlk-2020.Q3.4-1-x86_64.pkg.tar.zst...
downloading lib32-glib2-2.64.5-1-x86_64.pkg.tar.zst...
downloading lib32-libx11-1.6.11-1-x86_64.pkg.tar.zst...
downloading lib32-mesa-20.1.6-1-x86_64.pkg.tar.zst...
downloading lib32-nspr-4.28-1-x86_64.pkg.tar.zst...
downloading lib32-p11-kit-0.23.21-1-x86_64.pkg.tar.zst...
downloading lib32-nss-3.56-1-x86_64.pkg.tar.zst...
downloading lib32-pango-1:1.46.1-1-x86_64.pkg.tar.zst...
downloading lib32-systemd-246.2-1-x86_64.pkg.tar.zst...
checking keyring...
checking package integrity...
loading package files...
checking for file conflicts...
checking available disk space...
:: Running pre-transaction hooks...
(1/1) Removing linux initcpios...
:: Processing package changes...
upgrading amd-ucode...
upgrading linux-api-headers...
upgrading iana-etc...
upgrading glibc...
warning: /etc/locale.gen installed as /etc/locale.gen.pacnew
Generating locales...
  de_DE.UTF-8... done
  en_US.UTF-8... done
Generation complete.
upgrading gcc-libs...
upgrading bash...
upgrading libp11-kit...
upgrading libcap...
upgrading p11-kit...
upgrading libutil-linux...
upgrading libnsl...
upgrading ca-certificates-mozilla...
upgrading curl...
upgrading glib2...
upgrading aqbanking...
upgrading archlinux-keyring...
==> Appending keys from archlinux.gpg...
==> Locally signing trusted keys in keyring...
  -> Locally signing key D8AFDDA07A5B6EDFA7D8CCDAD6D055F927843F1C...
  -> Locally signing key DDB867B92AA789C165EEFA799B729B06A680C281...
  -> Locally signing key 91FFE0700E80619CEB73235CA88E23E377514E00...
  -> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
  -> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
==> Importing owner trust values...
==> Disabling revoked keys in keyring...
  -> Disabling key 8F76BEEA0289F9E1D3E229C05F946DED983D4366...
  -> Disabling key 63F395DE2D6398BBE458F281F2DBB4931985A992...
  -> Disabling key 50F33E2E5B0C3D900424ABE89BDCF497A4BBCC7F...
  -> Disabling key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
  -> Disabling key 39F880E50E49A4D11341E8F939E4F17F295AFBF4...
  -> Disabling key 8840BD07FC24CB7CE394A07CCF7037A4F27FB7DA...
  -> Disabling key 5559BC1A32B8F76B3FCCD9555FA5E5544F010D48...
  -> Disabling key 0B20CA1931F5DA3A70D0F8D2EA6836E1AB441196...
  -> Disabling key 07DFD3A0BC213FA12EDC217559B3122E2FA915EC...
  -> Disabling key 4FCF887689C41B09506BE8D5F3E1D5C5D30DB0AD...
  -> Disabling key 5A2257D19FF7E1E0E415968CE62F853100F0D0F0...
  -> Disabling key D921CABED130A5690EF1896E81AF739EC0711BF1...
  -> Disabling key 7FA647CD89891DEDC060287BB9113D1ED21E1A55...
  -> Disabling key BC1FBE4D2826A0B51E47ED62E2539214C6C11350...
  -> Disabling key 4A8B17E20B88ACA61860009B5CED81B7C2E5C0D2...
  -> Disabling key 5696C003B0854206450C8E5BE613C09CB4440678...
  -> Disabling key 684148BB25B49E986A4944C55184252D824B18E8...
  -> Disabling key 8CF934E339CAD8ABF342E822E711306E3C4F88BC...
  -> Disabling key F5A361A3A13554B85E57DDDAAF7EF7873CFD4BB6...
  -> Disabling key 5E7585ADFF106BFFBBA319DC654B877A0864983E...
  -> Disabling key 65EEFE022108E2B708CBFCF7F9E712E59AF5F22A...
  -> Disabling key 40440DC037C05620984379A6761FAD69BA06C6A9...
  -> Disabling key 34C5D94FE7E7913E86DC427E7FB1A3800C84C0A5...
  -> Disabling key 81D7F8241DB38BC759C80FCE3A726C6170E80477...
  -> Disabling key E7210A59715F6940CF9A4E36A001876699AD6E84...
  -> Disabling key 5357F3B111688D88C1D88119FCF2CB179205AC90...
  -> Disabling key 4D913AECD81726D9A6C74F0ADA6426DD215B37AD...
  -> Disabling key FB871F0131FEA4FB5A9192B4C8880A6406361833...
  -> Disabling key 66BD74A036D522F51DD70A3C7F2A16726521E06D...
  -> Disabling key B1F2C889CB2CCB2ADA36D963097D629E437520BD...
  -> Disabling key 9515D8A8EAB88E49BB65EDBCE6B456CAF15447D5...
  -> Disabling key 76B4192E902C0A52642C63C273B8ED52F1D357C1...
  -> Disabling key 40776A5221EF5AD468A4906D42A1DB15EC133BAD...
  -> Disabling key D4DE5ABDE2A7287644EAC7E36D1A9E70E19DAA50...
  -> Disabling key 44D4A033AC140143927397D47EFD567D4C7EA887...
==> Updating trust database...
gpg: next trustdb check due at 2020-09-13
upgrading sqlite...
upgrading binutils...
upgrading rhash...
upgrading cmake...
upgrading pambase...
warning: /etc/pam.d/system-auth installed as /etc/pam.d/system-auth.pacnew
warning: /etc/pam.d/system-login installed as /etc/pam.d/system-login.pacnew
upgrading pam...
installing libxcrypt...
upgrading libcups...
upgrading hwids...
upgrading kbd...
upgrading util-linux...
upgrading nspr...
upgrading nss...
upgrading libtool...
upgrading cups...
upgrading fuse-common...
upgrading fuse3...
upgrading mpfr...
upgrading gcc...
upgrading gcc-fortran...
upgrading libgdm...
upgrading mesa...
upgrading libinput...
upgrading nvidia-utils...
If you run into trouble with CUDA not being available, run nvidia-modprobe first.
upgrading pango...
upgrading xfsprogs...
New optional dependencies for xfsprogs
    python: for xfs_scrub_all script [installed]
    smtp-forwarder: for xfs_scrub_fail script
upgrading thin-provisioning-tools...
upgrading libnm...
upgrading libmm-glib...
upgrading gdm...
upgrading glib2-docs...
upgrading gnucash...
upgrading gnucash-docs...
upgrading intel-gmmlib...
upgrading iputils...
upgrading ldb...
upgrading lib32-amdvlk...
upgrading lib32-glibc...
upgrading lib32-gcc-libs...
upgrading lib32-glib2...
upgrading lib32-libx11...
upgrading lib32-mesa...
upgrading lib32-nspr...
upgrading lib32-p11-kit...
upgrading lib32-nss...
upgrading lib32-pango...
upgrading lib32-systemd...
upgrading libpipeline...
upgrading libpurple...
upgrading libreoffice-still...
upgrading libreoffice-still-de...
upgrading libva-mesa-driver...
upgrading linux...
upgrading linux-firmware...
upgrading linux-lts...
upgrading man-pages...
upgrading mesa-vdpau...
upgrading mpg123...
New optional dependencies for mpg123
    perl: for conplay [installed]
upgrading nano...
upgrading neomutt...
upgrading networkmanager...
upgrading ninja...
upgrading openbsd-netcat...
upgrading openexr...
upgrading perl-libwww...
upgrading pidgin...
upgrading python-dephell-argparse...
upgrading remmina...
upgrading rrdtool...
upgrading sddm...
upgrading seabios...
upgrading smbclient...
upgrading sysstat...
upgrading telegram-desktop...
upgrading vlc...
New optional dependencies for vlc
    lua52-socket: http interface [installed]
upgrading xfce4-weather-plugin...
upgrading zathura...
:: Running post-transaction hooks...
( 1/13) Creating system user accounts...
( 2/13) Creating temporary files...
( 3/13) Reloading device manager configuration...
( 4/13) Rebuilding certificate stores...
( 5/13) Updating module dependencies...
( 6/13) Updating linux initcpios...
==> Building image from preset: /etc/mkinitcpio.d/linux-lts.preset: 'default'
  -> -k /boot/vmlinuz-linux-lts -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-lts.img
==> Starting build: 5.4.60-1-lts
  -> Running build hook: [base]
  -> Running build hook: [udev]
  -> Running build hook: [autodetect]
  -> Running build hook: [modconf]
  -> Running build hook: [block]
  -> Running build hook: [filesystems]
  -> Running build hook: [keyboard]
  -> Running build hook: [resume]
  -> Running build hook: [fsck]
==> Generating module dependencies
==> Creating gzip-compressed initcpio image: /boot/initramfs-linux-lts.img
==> Image generation successful
==> Building image from preset: /etc/mkinitcpio.d/linux-lts.preset: 'fallback'
  -> -k /boot/vmlinuz-linux-lts -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-lts-fallback.img -S autodetect
==> Starting build: 5.4.60-1-lts
  -> Running build hook: [base]
  -> Running build hook: [udev]
  -> Running build hook: [modconf]
  -> Running build hook: [block]
==> WARNING: Possibly missing firmware for module: aic94xx
==> WARNING: Possibly missing firmware for module: wd719x
  -> Running build hook: [filesystems]
  -> Running build hook: [keyboard]
  -> Running build hook: [resume]
  -> Running build hook: [fsck]
==> Generating module dependencies
==> Creating gzip-compressed initcpio image: /boot/initramfs-linux-lts-fallback.img
==> Image generation successful
==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'default'
  -> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux.img
==> Starting build: 5.8.3-artix1-1
  -> Running build hook: [base]
  -> Running build hook: [udev]
  -> Running build hook: [autodetect]
  -> Running build hook: [modconf]
  -> Running build hook: [block]
==> WARNING: Possibly missing firmware for module: xhci_pci
  -> Running build hook: [filesystems]
  -> Running build hook: [keyboard]
  -> Running build hook: [resume]
  -> Running build hook: [fsck]
==> Generating module dependencies
==> Creating gzip-compressed initcpio image: /boot/initramfs-linux.img
==> Image generation successful
==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'fallback'
  -> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-fallback.img -S autodetect
==> Starting build: 5.8.3-artix1-1
  -> Running build hook: [base]
  -> Running build hook: [udev]
  -> Running build hook: [modconf]
  -> Running build hook: [block]
==> WARNING: Possibly missing firmware for module: aic94xx
==> WARNING: Possibly missing firmware for module: wd719x
==> WARNING: Possibly missing firmware for module: xhci_pci
  -> Running build hook: [filesystems]
  -> Running build hook: [keyboard]
  -> Running build hook: [resume]
  -> Running build hook: [fsck]
==> Generating module dependencies
==> Creating gzip-compressed initcpio image: /boot/initramfs-linux-fallback.img
==> Image generation successful
( 7/13) Warn about old perl modules
( 8/13) Compiling GSettings XML schema files...
( 9/13) Updating icon theme caches...
(10/13) Updating the info directory file...
(11/13) Updating the desktop file MIME type cache...
(12/13) Updating the MIME type database...
(13/13) Updating the vlc plugin cache...

So the interesting part is

Code: [Select]

upgrading pambase...
warning: /etc/pam.d/system-auth installed as /etc/pam.d/system-auth.pacnew
warning: /etc/pam.d/system-login installed as /etc/pam.d/system-login.pacnew
upgrading pam...

I changed those files at some point in time. Here is the diff between my and the pacman version:

Code: [Select]

diff system-auth.{my,pacnew}  
3,4c3,7
< auth      required  pam_unix.so     try_first_pass nullok nodelay
< auth      optional  pam_faildelay.so   delay=300000
---
> auth       required                    pam_faillock.so      preauth
> # Optionally use requisite above if you do not want to prompt for the password
> # on locked accounts.
> auth       [success=1 default=ignore]  pam_unix.so          try_first_pass nullok
> auth       [default=die]               pam_faillock.so      authfail
6a10,12
> auth       required                    pam_faillock.so      authsucc
> # If you drop the above call to pam_faillock.so the lock will be done also
> # on non-consecutive authentication failures.
12c18
< password  required  pam_unix.so     try_first_pass nullok sha512 shadow
---
> password   required                    pam_unix.so          try_first_pass nullok shadow

Code: [Select]

diff -w system-login.{my,pacnew}  
3d2
< auth       required   pam_tally2.so        onerr=succeed file=/var/log/tallylog
8d6
< account    required   pam_tally2.so
21c19
< session    optional   pam_env.so           user_readenv=1 user_envfile=.pam_environment
---
> session    required   pam_env.so           user_readenv=1

After changing both files to the pacman version, I could login again. (From looking at it, I'd say only changing the system-login would've been enough.)

Looking at syslog:

Code: [Select]

authpriv.err: Sep  1 17:38:59 sddm-helper: PAM unable to dlopen(/usr/lib/security/pam_tally2.so): /usr/lib/security/pam_tally2.so: cannot open shared object file: No such file or directory
authpriv.err: Sep  1 17:38:59 sddm-helper: PAM adding faulty module: /usr/lib/security/pam_tally2.so
authpriv.warn: Sep  1 17:38:59 sddm-helper: gkr-pam: no password is available for user
authpriv.err: Sep  1 17:39:58 login: PAM unable to dlopen(/usr/lib/security/pam_tally2.so): /usr/lib/security/pam_tally2.so: cannot open shared object file: No such file or directory
authpriv.err: Sep  1 17:39:58 login: PAM adding faulty module: /usr/lib/security/pam_tally2.so
authpriv.notice: Sep  1 17:40:00 login: FAILED LOGIN SESSION FROM tty1 FOR mcd, Module is unknown

So pacman decided to keep my configuration, but the new version of pam removed pam_tally2.so.

I wrote this post because this annoys me. This is user/administrator pain that should not exist. This is so stupid. This should not happen. What can be changed, so this kind of stuff doesn't happen? Where is the root cause? Who or what software is to blame?

My two cents: Since /etc/pam.d/system-login belongs to pambase, but depends on files provided from pam, pacman could not have known about that problem. So pacman is not to blame.
But I don't know, how this could've been prevented.

Side question: Would anyone here have seen the pacman warning and acted upon it, if they had manually run pacman -Syu?

Re: pambase update broke logins. Artix overall administrability enhancement.

Reply #1 – 02 September 2020, 00:20:50

Hello,
pacman grimly does its work, it updates packages.
Configuration files are overwritten if they were not changed, if they were changed in will use *.pacnew files.
The idea is to not brick users configuration during update.
User can have anything in configuration file, so the general idea is to install new one alongside it (pacnew file) and warn user about it.
It is up to user to react to these messages.

Check Archwiki for more detailed explanation for pacman.

Re: pambase update broke logins. Artix overall administrability enhancement.

Reply #2 – 04 September 2020, 11:00:00

So the current behaviour is wanted and sysadmins are expected to behave accordingly, correct?

Re: pambase update broke logins. Artix overall administrability enhancement.

Reply #3 – 04 September 2020, 12:09:39

Quote from: castilma – on 04 September 2020, 11:00:00

So the current behaviour is wanted and sysadmins are expected to behave accordingly, correct?

Yes, because you would also complain, if pam overwrote your custom pam files.
Hence *.pacnew is created and a message printed to check your files.
Is there any chance you run a parabola with openrc?
Your errors point to a system that uses systemd pam and to make it work, replaced it with elogind pam module in conf.

Re: pambase update broke logins. Artix overall administrability enhancement.

Reply #4 – 05 September 2020, 03:14:26

There was another thread which discussed this problem (this one has a better title though, took me ages to find that again

) :
https://forum.artixlinux.org/index.php/topic,1725
And it is being attended to:
https://bugs.archlinux.org/task/67641
https://bugs.archlinux.org/task/67636
https://github.com/linux-pam/linux-pam/issues/263

Re: pambase update broke logins. Artix overall administrability enhancement.

Reply #5 – 05 September 2020, 11:14:16

Second bug in archlinux have nice comment :

Quote

Reason for closing: Not a bug
Additional comments about closing: .pacnew files are your responsibility.

Re: pambase update broke logins. Artix overall administrability enhancement.

Reply #6 – 20 September 2020, 15:02:02

Quote from: artoo – on 04 September 2020, 12:09:39

Yes, because you would also complain, if pam overwrote your custom pam files.
Hence *.pacnew is created and a message printed to check your files.

I would complain less, (in this case), because I would still be able to login.
But what I wanted to point out was, that both these 'solutions' are not very nice, and to solve this, one definitely has to think broader.

Quote

Is there any chance you run a parabola with openrc?

No, I'm running artix with runit.

Quote

Your errors point to a system that uses systemd pam and to make it work, replaced it with elogind pam module in conf.

What conf file do you mean?
Heres the installed pam related packages, if that has anything to do with your note.
$ pacman -Ss pam|grep inst -i
system/pam 1.4.0-3 [Installiert]
system/pambase 20200721.1-2.1 [Installiert]
system/shadow 4.8.1-4 [Installiert]

I understand this is just how arch works. I might look into another distro. This can be closed.

Re: pambase update broke logins. Artix overall administrability enhancement.

Reply #7 – 20 September 2020, 16:07:31

There are ways to handle this better - like pacdiff, as I mentioned in the other thread I linked to. You just don't have them installed. The reality is this was a weird one off upgrade issue that affected only a few users. There are testing versions of Arch and Artix, most things get found before they reach the main repos but obviously in this case nobody using the testing repos had this specific unusual config. I've been unable to boot into the desktop at some point with just about every distro I have used for any length of time, at least Arch makes it easy to recover, as you can downgrade, upgrade to a git version, or make your own new version very easily. You were just unlucky - what happened to you was the exception, not the rule. If you are running a mission critical installation with numerous installs, upgrade one first to check it's OK. Personally I have another distro in another partition as a back up to boot into, and rsync backups to an external drive occasionally - these are only the sort of standard precautions you would make to ensure reliable service with any OS, and there's much more you can do besides.