| commit | 9bc4c5961d2d9b7e947d560f1eb2619c7ea082ab | |
| author | zrj <rimvydas.jasinskas@gmail.com> | |
| Fri, 10 Nov 2017 18:30:05 +0000 (10 20:30 +0200) | ||
| committer | zrj <zrj@dragonflybsd.org> | |
| Sat, 11 Nov 2017 07:35:19 +0000 (11 09:35 +0200) | ||
| tree | 15eceee68c9a5e8e3b98d0e06131cf3cd6687946 | treesnapshot (tar.gz zip) |
| parent | e28b0d0868e783c86e2ba09af7163d4a2ae8db61 | commitdiff |
world: Attempt to fix NOSHARED MINUSLPAM handling.
* Add missing LIBYPCLNT as a dependency. TODO: NO_NIS handling.
* Add missing LIBSSH (only needed in case of pam_ssh module).
* Add missing LIBRECRYPTO too.
* Introduce LDFLAGSPAM helper for priv libs.
Now NOSHARED=yes buildworld is possible and it is usable. Dynamic .so libraries
are still built, just not used during linking of executables (with exceptions).
There should be no issues building standard buildworld over static one.
Keep in mind that static built utilities like su(1), login(1) will still try to
dlopen() the shared pam modules (and fail with sorry "Service unavailable")
followed by fallback case of loading static modules through openpam_static().
Because of that syslog and console will get spammed on any login attempts with:
_ login: in try_dlopen(): /usr/lib/security/pam_opie.so.2: Service unavailable
_ login: in try_dlopen(): /usr/lib/security/pam_unix.so.2: Service unavailable
...
_ su: in try_dlopen(): /usr/lib/security/pam_rootok.so.2: Service unavailable
_ su: in try_dlopen(): /usr/lib/security/pam_self.so.2: Service unavailable
Because libpam.a can still be linked in dynamic exec, not disabling warnings.
Currently used OpenPAM Micrampelis is quite stale (at the moment newest release
is Resedacea). Also with OpenSSH update there might be an API issue.
Please report any breakages on master.
* Add missing LIBYPCLNT as a dependency. TODO: NO_NIS handling.
* Add missing LIBSSH (only needed in case of pam_ssh module).
* Add missing LIBRECRYPTO too.
* Introduce LDFLAGSPAM helper for priv libs.
Now NOSHARED=yes buildworld is possible and it is usable. Dynamic .so libraries
are still built, just not used during linking of executables (with exceptions).
There should be no issues building standard buildworld over static one.
Keep in mind that static built utilities like su(1), login(1) will still try to
dlopen() the shared pam modules (and fail with sorry "Service unavailable")
followed by fallback case of loading static modules through openpam_static().
Because of that syslog and console will get spammed on any login attempts with:
_ login: in try_dlopen(): /usr/lib/security/pam_opie.so.2: Service unavailable
_ login: in try_dlopen(): /usr/lib/security/pam_unix.so.2: Service unavailable
...
_ su: in try_dlopen(): /usr/lib/security/pam_rootok.so.2: Service unavailable
_ su: in try_dlopen(): /usr/lib/security/pam_self.so.2: Service unavailable
Because libpam.a can still be linked in dynamic exec, not disabling warnings.
Currently used OpenPAM Micrampelis is quite stale (at the moment newest release
is Resedacea). Also with OpenSSH update there might be an API issue.
Please report any breakages on master.