Bugzilla – Bug 1222329
AUDIT-WHITELIST: util-linux: pam_lastlog2.so got moved from lastlog2
Last modified: 2024-04-17 17:24:14 UTC
The lastlog2 package got merged into util-linux. As result, pam_lastlog2.so is now part of util-linux-systemd. Packages can be found at: https://build.opensuse.org/package/show/home:kukuk:cleanup/util-linux
Thank you for raising the bug. We will take care of adjusting our records.
I checked the changes since the last review and the differences between standalong lastlog2 and the version now found in util-linux. It all seems all right. Do you need the whitelisting for the lastlog2 package in Factory any longer, or can we drop that one now?
(In reply to Matthias Gerstner from comment #2) > Do you need the whitelisting for the lastlog2 package in Factory any longer, > or can we drop that one now? The standalone lastlog2 package will stay in ALP for longer, as util-linux 2.40 did come too late for this. I don't know how you share the rpmlint checks between Factory and ALP, but ALP will continue to get updates from Factory, so a rpmlint update there should not break lastlog2 in ALP.
Up to now we are syncing ALP with Factory, but this would be a case for creating a dedicated ALP branch for the whitelistings. In any case I guess I leave the old whitelisting around a bit longer, once the package is removed from Factory anyway.
This is an autogenerated message for OBS integration: This bug (1222329) was mentioned in https://build.opensuse.org/request/show/1165682 Factory / rpmlint
This is an autogenerated message for OBS integration: This bug (1222329) was mentioned in https://build.opensuse.org/request/show/1166154 Factory / rpmlint
(In reply to Matthias Gerstner from comment #4) > Up to now we are syncing ALP with Factory, but this would be a case for > creating a dedicated ALP branch for the whitelistings. > > In any case I guess I leave the old whitelisting around a bit longer, once > the > package is removed from Factory anyway. For migration reasons we had to make further changes: util-linux will now create a sub-package with the old name "lastlog2" which contains the pam_lastlog2.so file, else it is not possible with RPM to keep the user made config changes during migration/update. So the name of the RPM will stay the same, but only build from another source. Sorry, but we found only out today that our first approach did not work correct.
Okay we will revert the change and I'm closing this bug.
Thorsten Kukuk, comment 7: There is a solution outside RPM without splitting the package using dedicated scriplets in the new package. User made configs are moved to rpmsave during the old package removal. The new package scriptlet will pick the rpmsave files and put the to its original place (for noreplace config files) or to rpmnew (for standard config files).
(In reply to Stanislav Brabec from comment #9) > Thorsten Kukuk, comment 7: > > There is a solution outside RPM without splitting the package using > dedicated scriplets in the new package. > > User made configs are moved to rpmsave during the old package removal. > The new package scriptlet will pick the rpmsave files and put the to its > original place (for noreplace config files) or to rpmnew (for standard > config files). pam-config files are no %config files, they are %ghost files for historical reasons due to the wrong %ghost policy in openSUSE :( The admin made changes are really lost in this special case.
This is an autogenerated message for OBS integration: This bug (1222329) was mentioned in https://build.opensuse.org/request/show/1168340 Factory / rpmlint
Thorsten Kukuk, comment 10: As the new version did not reach SLE15 SP6 and ALP 1.0, what do you think about adding an upgrade protection scriptlets to lastlog2 in SLE15 SP6 and ALP 1.0? Something that will save these pam config files on removal? Once in future, when everything < SLE15 SP5 and < ALP 1.0 will go outside the upgrade protection, util-linux could merge lastlog2 back to util-linux.
(In reply to Stanislav Brabec from comment #12) > Thorsten Kukuk, comment 10: As the new version did not reach SLE15 SP6 and > ALP 1.0, what do you think about adding an upgrade protection scriptlets to > lastlog2 in SLE15 SP6 and ALP 1.0? Something that will save these pam config > files on removal? The pam-config files are generated on the fly if you call pam-config. You cannot save them. If you copy the old versions away and later back, you could miss other changes done in between by other packages (and would revert them) which means you can end up with either a non-working or an insecure setup. The only scriplet called from util-linux after the lastlog2 %postun (and thus the config entry get's removed) is %posttrans, and this is far, far too late. I discussed this with my team over several days: there is with the current RPM behavior and pam-config design no other solution.