[arch-general] PAM 1.3.1 -> 1.5.1 did pam_tally get removed?

Erich Eckner arch at eckner.net
Wed Feb 24 05:02:51 UTC 2021


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi all,

On Tue, 23 Feb 2021, David C. Rankin via arch-general wrote:

> On 2/22/21 6:58 AM, Anton Hvornum via arch-general wrote:
>> I added 2FA way back when to /etc/pam.d/system-login and that meant
>> that pacman placed a .pacnew file alongside the modified system-login
>> (as expected) on upgrade.
>> But the notification about this got lost in the sea of packages which
>> is on me of course. But seeing as this is a modification to a system
>> critical file can (and did) cause a complete lockout of accounts on
>> the machine due to `auth    required` being the keywords put in place.
>> I would have expected this to be on the bulletin board about possible
>> manual intervention required.
>
> Arch does a fantastic job in doing all that it does in a rolling release, so
> don't take this the wrong way, but I do agree with Anton a bit here. Over the
> years (12 now), there have been 4-5 times that an update with pacman -Syu has
> left me with either a critical server package in need of an immediate day long
> learn and reconfigure session, or a change has left remote adminned machines
> unreachable.

I have been there too, and there are some things I do (besides checking 
the news and running pacdiff) which will help:

1. Use some wrapper around pacman, which gives me an "emergency" shell, in 
case the system becomes unreachable (think: new ssh connections being 
rejected due to some change in ssh).

2. Revert the update if I really need the system *now* and cannot invest 
the time *now* to repair whatever was broken.

3. Do the update when noone desperately needs the machine (Once, I did a 
reboot of the lab server in the morning and it decided it will fsck the 
data raid which took over an hour ... fun, fun, fun)

4. Build my own packages with as many depends=(libfoo.so) dependencies 
instead of depends=(foo) as possible, so already `pacman -Syu` will 
complain about broken linking. Here, I want to say a big THANKS to arch 
package maintainers for including more and more provides=(libfoo.so) into 
official PKGBUILDs!

[ ... snip ... ]

regards,
Erich

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAmA13fwACgkQCu7JB1Xa
e1pEyg//XFPNPM9CC6EemJJe8WJUqC7Rb3n6FXX+TmjqA4dU9zPzi+ku6dGkfDVY
mpl6FDwKx0MHxj7mHKfvvR9K5lJ0sebV80dKuoNQcszJjDkDqed3OUxtG/jLvRpR
CvXy1IF0iRs63GaIph5GQBd8TInA7vY+DZPEtvIKV/vACpTd3VmUIyrfBAODDtMP
9U90nGKiNOqwUeozPqXAw9+P3TIQHCJwA9cAaKn2eXbpqZfrCiaOxas5wjMXG0uK
utg70AUsl9K4jCv0RJOnFKbFPbu41FITH69xRjAw28V5s3cdDtFWVh3R1wLWxVVs
hlC1vWv1NAP/qJ4dezTsTqfuuTErhQQ4oLB65WAR3DJ8eNpygJgZm6U7DqvlEzhH
7ixj8oxub4DfsRJ+19Kh3BDEkNFlAuckHlPLYcviO6SGAauYb8IA3vuYZDrFs/u/
NOidL7R6AytjCWBbL8JhxRENYaVxViPCQnocZyRFxMLCoR84jFGdpQRUSG+gMeD3
bsuP8W5NUn1GpQvP7ae6FbUeefPTPdwkQBklNQrFcxq0EXMPiXQAxsKnODqsbE5R
QpefIMdfiyCwWLetSHXukDceA0vgpBMIROn06vOg9AjwdxIX5XqAYqlGBQBEkz7n
QJH1TZ0bBhMX9Ot0czfT++COdiLSzkkrR1unX7WoWfkFwi0nMhA=
=G+cB
-----END PGP SIGNATURE-----


More information about the arch-general mailing list