[Bug 728586] New: pam configuration broken for gnome-keyring (DVD install w/certain hardware?)
https://bugzilla.novell.com/show_bug.cgi?id=728586 https://bugzilla.novell.com/show_bug.cgi?id=728586#c0 Summary: pam configuration broken for gnome-keyring (DVD install w/certain hardware?) Classification: openSUSE Product: openSUSE 12.1 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: GNOME AssignedTo: bnc-team-gnome@forge.provo.novell.com ReportedBy: RBrownCCB@opensuse.org QAContact: qa@suse.de Found By: --- Blocker: --- This is a strange one - I'm getting symptoms near enough identical to the bug report for bnc#723339 https://bugzilla.novell.com/show_bug.cgi?id=723339 ie. After install, with autologin disabled, logging in and launching an application that requires keyring asks to create a 'Default' keyring, because our usual 'login' keyring is missing However this is only happening in certain circumstances It only seems to be during installs with the RC2 DVD - the GNOME LiveCD install is fine When doing the DVD install, any combination of options doesn't appear to change the behaviour - I've tried automatic and manual configuration and done dozens of different installs with different parameters chosen with no change in behaviour. However, this problem only occurs on certain hardware - my Lenovo X220 laptop has this problem (and it is always reproducible) but my iMac and any VirtualBox VM I have created also do not exhibit this problem. All 3 machines have been installed from the same DVD Media and the media passes a check. As I type this I'm doing a fresh DVD install in order to capture a broken /var/log/messages & y2log Is there anywhere else I need to be looking? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=728586 https://bugzilla.novell.com/show_bug.cgi?id=728586#c Richard Brown <RBrownCCB@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|pam configuration broken |pam configuration broken |for gnome-keyring (DVD |for gnome-keyring (DVD |install w/certain |install w/fingerprint |hardware?) |scanner) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=728586 https://bugzilla.novell.com/show_bug.cgi?id=728586#c1 --- Comment #1 from Richard Brown <RBrownCCB@opensuse.org> 2011-11-06 22:32:41 UTC --- Okay, figured out more info My X220 has a fingerprint scanner With the fingerprint scanner enabled in the BIOS, something goes wrong to cause the pam problems described above - would /var/log/messages and y2logs be the right logs to help identify exactly what is going wrong during the DVD install process? With the fingerprint scanner disabled, the DVD install behaves perfectly normally, and the login keyring is being made correctly, as it should -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=728586 https://bugzilla.novell.com/show_bug.cgi?id=728586#c2 --- Comment #2 from Richard Brown <RBrownCCB@opensuse.org> 2011-11-06 23:00:20 UTC --- Created an attachment (id=460631) --> (http://bugzilla.novell.com/attachment.cgi?id=460631) y2logs from DVD install fingerprint reader enabled Attached at y2logs from a broken DVD install with the fingerprint scanner enabled -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=728586 https://bugzilla.novell.com/show_bug.cgi?id=728586#c3 --- Comment #3 from Richard Brown <RBrownCCB@opensuse.org> 2011-11-06 23:00:58 UTC --- Created an attachment (id=460632) --> (http://bugzilla.novell.com/attachment.cgi?id=460632) var/log/messages from DVD install with fingerprint scanner enabled -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=728586 https://bugzilla.novell.com/show_bug.cgi?id=728586#c4 Vincent Untz <vuntz@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO CC| |vuntz@suse.com InfoProvider| |RBrownCCB@opensuse.org --- Comment #4 from Vincent Untz <vuntz@suse.com> 2011-11-07 08:25:38 UTC --- Weird. Could you attach the content of /etc/pam.d? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=728586 https://bugzilla.novell.com/show_bug.cgi?id=728586#c5 Richard Brown <RBrownCCB@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|RBrownCCB@opensuse.org | --- Comment #5 from Richard Brown <RBrownCCB@opensuse.org> 2011-11-07 10:52:30 UTC --- Created an attachment (id=460673) --> (http://bugzilla.novell.com/attachment.cgi?id=460673) Contents of /etc/pam.d -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=728586 https://bugzilla.novell.com/show_bug.cgi?id=728586#c6 --- Comment #6 from Vincent Untz <vuntz@suse.com> 2011-11-07 11:04:15 UTC --- Hrm, so you don't have any gnome-keyring-pam bits in there. Do you have, by any chance, the list of packages that get installed when you enable/disable the fingerprint reader? I see there's one when it's enabled in the y2logs, but none when it's disabled. It'd be interesting to know the difference between the two. Interestingly, in the zypper history from the y2logs, I can see this: 2011-11-06 22:43:21|install|patterns-openSUSE-gnome_yast|12.1-25.19.1|x86_64|2935:y2base|openSUSE-12.1-12.1-1.4|3aa0f885975fa29b3ff3417a85885911f07a3a74 # 2011-11-06 22:43:21 gnome-keyring-pam-3.2.1-2.2.2.x86_64.rpm installed ok # Additional rpm output: # ERROR: module /lib/security/pam_gnome_keyring.so is not installed. # 2011-11-06 22:43:21|install|gnome-keyring-pam|3.2.1-2.2.2|x86_64|2935:y2base|openSUSE-12.1-12.1-1.4|b9a305f2805c2fa28f22a2b963c06535e0dc7c7a I assume that gnome-keyring-pam installs the file in /lib64. Could it be that we need gnome-keyring-pam-32bit to be installed to have the pam-config call succeed? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=728586 https://bugzilla.novell.com/show_bug.cgi?id=728586#c7 Vincent Untz <vuntz@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |kukuk@suse.com --- Comment #7 from Vincent Untz <vuntz@suse.com> 2011-11-07 11:10:16 UTC --- (In reply to comment #6)
I assume that gnome-keyring-pam installs the file in /lib64. Could it be that we need gnome-keyring-pam-32bit to be installed to have the pam-config call succeed?
Reading the code, we indeed need that. Thorsten: am I right in understanding it is required to put something like this in baselibs.conf: gnome-keyring-pam post "%{_sbindir}/pam-config -a --gnome_keyring" postun "%{_sbindir}/pam-config -d --gnome_keyring" (ie, the same calls than the %post/%postun scriptlet for the non-baselibs.conf package) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=728586 https://bugzilla.novell.com/show_bug.cgi?id=728586#c8 --- Comment #8 from Richard Brown <RBrownCCB@opensuse.org> 2011-11-07 11:36:26 UTC --- Created an attachment (id=460680) --> (http://bugzilla.novell.com/attachment.cgi?id=460680) y2logs from same machine with fingerprint scanner disabled Logs from DVD install with fingerprint reader disabled -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=728586 https://bugzilla.novell.com/show_bug.cgi?id=728586#c9 --- Comment #9 from Richard Brown <RBrownCCB@opensuse.org> 2011-11-07 11:37:07 UTC --- Created an attachment (id=460681) --> (http://bugzilla.novell.com/attachment.cgi?id=460681) var/log/messages from DVD install with fingerprint reader disabled -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=728586 https://bugzilla.novell.com/show_bug.cgi?id=728586#c10 --- Comment #10 from Richard Brown <RBrownCCB@opensuse.org> 2011-11-07 11:37:51 UTC --- Created an attachment (id=460683) --> (http://bugzilla.novell.com/attachment.cgi?id=460683) /etc/pam.d contents from DVD install with fingerprint scanner disabled -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=728586 https://bugzilla.novell.com/show_bug.cgi?id=728586#c12 --- Comment #12 from Vincent Untz <vuntz@suse.com> 2011-11-07 12:03:06 UTC --- (In reply to comment #8)
Created an attachment (id=460680) --> (http://bugzilla.novell.com/attachment.cgi?id=460680) [details] y2logs from same machine with fingerprint scanner disabled
Logs from DVD install with fingerprint reader disabled
For the record: it works in this case, and the difference is that pam-32bit gets installed; I guess this happens because of the fingerprint reader, somehow. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=728586 https://bugzilla.novell.com/show_bug.cgi?id=728586#c13 --- Comment #13 from Richard Brown <RBrownCCB@opensuse.org> 2011-11-07 12:16:16 UTC --- So to summarise, the presence of pam-32bit seems to be what breaks things - my installs without pam-32bit is fine I think I've figured out why pam-32bit is being installed - pam_fprint is recommending (and therefore pulling through) pam_fprint-32bit, which then pulls through a whole bunch of -32bit libs, including pam-32bit, sytemd-32bit, pam-modules-32bit, etc.. The question is, how to solve it.. fix the issue Vincent has found or tweak the packages so it doesn't pull through the huge collection of 32bit stuff? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=728586 https://bugzilla.novell.com/show_bug.cgi?id=728586#c14 Klaus Kämpf <kkaempf@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW CC| |kkaempf@suse.com InfoProvider|kkaempf@suse.com | --- Comment #14 from Klaus Kämpf <kkaempf@suse.com> 2011-11-07 15:24:53 UTC --- See https://bugzilla.novell.com/show_bug.cgi?id=643508 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=728586 https://bugzilla.novell.com/show_bug.cgi?id=728586#c15 --- Comment #15 from Vincent Untz <vuntz@suse.com> 2011-11-07 15:59:27 UTC --- (In reply to comment #14)
There are m -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=728586 https://bugzilla.novell.com/show_bug.cgi?id=728586#c16 Vincent Untz <vuntz@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |kkaempf@suse.com --- Comment #16 from Vincent Untz <vuntz@suse.com> 2011-11-07 16:03:44 UTC --- (sorry, clicked commit by accident) (In reply to comment #14)
There are many comments there, so I might have missed something. But from what I can tell, this doesn't solve the issue. Here is the issue: + gnome-keyring-pam and gnome-keyring-pam-32bit both get installed + gnome-keyring-pam is installed before gnome-keyring-pam-32bit, so the pam-config call in the gnome-keyring-pam scriptlet fails (pam-config checks if the 32bit package is installed) + apparently (see comment 11), adding a pam-config call in the gnome-keyring-pam-32bit scriptlet is not the right way The possible solutions I see: a) make sure that gnome-keyring-pam-32bit is installed before gnome-keyring-pam if pam-32bit is installed. b) change pam-config to not fail if pam-32bit is installed, but the 32bit version of a module is not there. c) add scriptlets to gnome-keyring-pam-32bit. I have no idea how to do option a (not even sure it's possible). I don't think option b is correct. And option c is not what is desired, according to Thorsten. Is there any other solution? :-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=728586 https://bugzilla.novell.com/show_bug.cgi?id=728586#c17 --- Comment #17 from Thorsten Kukuk <kukuk@suse.com> 2011-11-07 16:08:31 UTC --- (In reply to comment #16)
(sorry, clicked commit by accident)
(In reply to comment #14)
There are many comments there, so I might have missed something. But from what I can tell, this doesn't solve the issue. Here is the issue: [...] Is there any other solution? :-)
If you have made sure, that both packages will be installed, fix the pam-config call. man pam-config => --force -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=728586 https://bugzilla.novell.com/show_bug.cgi?id=728586#c18 --- Comment #18 from Vincent Untz <vuntz@suse.com> 2011-11-07 16:16:16 UTC --- (In reply to comment #17)
(In reply to comment #16)
(sorry, clicked commit by accident)
(In reply to comment #14)
There are many comments there, so I might have missed something. But from what I can tell, this doesn't solve the issue. Here is the issue: [...] Is there any other solution? :-)
If you have made sure, that both packages will be installed, fix the pam-config call. man pam-config => --force
We can't be 100% sure, as the 32bit package gets installed with a Supplements :/ -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=728586 https://bugzilla.novell.com/show_bug.cgi?id=728586#c19 --- Comment #19 from Thorsten Kukuk <kukuk@suse.com> 2011-11-07 16:34:33 UTC --- (In reply to comment #18)
(In reply to comment #17)
(In reply to comment #16)
(sorry, clicked commit by accident)
(In reply to comment #14)
There are many comments there, so I might have missed something. But from what I can tell, this doesn't solve the issue. Here is the issue: [...] Is there any other solution? :-)
If you have made sure, that both packages will be installed, fix the pam-config call. man pam-config => --force
We can't be 100% sure, as the 32bit package gets installed with a Supplements :/
If it will not get installed, it is not needed, means no problem. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=728586 https://bugzilla.novell.com/show_bug.cgi?id=728586#c20 --- Comment #20 from Vincent Untz <vuntz@suse.com> 2011-11-07 16:46:29 UTC --- Thorsten: I'm confused: why does pam-config check this, then? From what you tell here, it seems it could just always print a warning instead of failing with an error if the 32bit module is not existing. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=728586 https://bugzilla.novell.com/show_bug.cgi?id=728586#c21 --- Comment #21 from Thorsten Kukuk <kukuk@suse.com> 2011-11-07 18:21:21 UTC --- (In reply to comment #20)
Thorsten: I'm confused: why does pam-config check this, then?
To make sure that you can always login.
From what you tell here, it seems it could just always print a warning instead of failing with an error if the 32bit module is not existing.
No. But if pam-config will print an error, the -32bit should have been selected by YaST2/zypper. If it is not selected, it isn't necessary and pam-config will not print an error. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=728586 https://bugzilla.novell.com/show_bug.cgi?id=728586#c22 Vincent Untz <vuntz@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|kkaempf@suse.com | Flag| |SHIP_STOPPER?(coolo@suse.co | |m) --- Comment #22 from Vincent Untz <vuntz@suse.com> 2011-11-08 09:43:03 UTC --- I've submitted a fix (sr#90522), that I think we'd like to have in GM. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=728586 https://bugzilla.novell.com/show_bug.cgi?id=728586#c23 --- Comment #23 from Bernhard Wiedemann <bwiedemann@suse.com> 2011-11-08 11:00:30 CET --- This is an autogenerated message for OBS integration: This bug (728586) was mentioned in https://build.opensuse.org/request/show/90522 Factory / gnome-keyring -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=728586 https://bugzilla.novell.com/show_bug.cgi?id=728586#c24 Vincent Untz <vuntz@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #24 from Vincent Untz <vuntz@suse.com> 2011-11-09 08:44:49 UTC --- Fix got in 12.1. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com