Sync Updates for Week 46, 2023

TraceyC

Heya folks! This sync brings an updated and reworked PAM stack, as well as a change to the jack audio server package.

Jack server users will now need to install the jack-audio-connection-kit-server package to run the full server.

@ReillyBrogan has updated our PAM stack, a critical set of packages which helps with authentication. There are a few things to be aware of when updating:

If you have any custom PAM configuration in /etc/pam.d, they will likely need to be modified.
/etc/environment must be in a key=value format, or else Bad Things:tm: will happen! export key=value (Shell form) is invalid and will result in services failing to start with a critical PAM error.
Sudo will print the administrator admonition message the first time it is ran after the update.

When eopkg updates some PAM related packages, you will see messages about file conflicts for the libeconf, pam, and shadow packages. This is normal and expected. For example, here is what those messages look like for libeconf:

Installing libeconf, version 0.6.0, release 4
Upgrading to new upstream version
Extracting the files of libeconf
Upgraded libeconf
Installing 2 / 33
pam-1.5.3-27-1-x86_64.eopkg [cached]
Installing pam, version 1.5.3, release 27
File conflicts:
/usr/share/defaults/etc/pam.d/other from shadow gets replaced by pam package
/usr/share/defaults/etc/pam.d/system-auth from shadow gets replaced by pam package

This also brings an updated libeconf, which includes built-in support for hermetic-usr configuration, a concept that Solus calls "stateless" configuration. If you aren't familiar with hermetic /usr/ or Statelessness, it largely boils down to this: All vendor files (files provided by the distribution, i.e. Solus) should live in the /usr/ file tree, including configuration defaults that can then be overridden by files in /etc/ or the user's home directory. This last bit is the tricky part; a lot of software doesn't support this concept, requiring us to patch their source code so that they do. The support introduced in libeconf will hopefully make this easier because software that uses it for configuration file management will gain this support out of the box.

In case you haven't seen it, we are looking for your input on what your devices support when it comes to BIOS and UEFI. This will help inform us on where and what technologies we should focus on when it comes to the bootloader. Check out this thread by @TraceyC for more information, as well as the poll.

Other updates this sync include: https://pastes.io/y8lr6cvoh9
(There were so many updated packages, the forum won't let me post them all!)

That’s all for this time, folks! Check back next time for another round of sync news!

brent

"This also brings an updated libeconf, which includes built-in support for hermetic-usr configuration, a concept that Solus calls "stateless" configuration. If you aren't familiar with hermetic /usr/ or Statelessness, it largely boils down to this: All vendor files (files provided by the distribution, i.e. Solus) should live in the /usr/ file tree, including configuration defaults that can then be overridden by files in /etc/ or the user's home directory. This last bit is the tricky part; a lot of software doesn't support this concept, requiring us to patch their source code so that they do."

that's interesting ^ and a layer of what you do I did not know about. for updates (early!). 95 packages installing now.

File conflicts:
/usr/share/defaults/etc/pam.d/other from shadow gets replaced by pam package
/usr/share/defaults/etc/pam.d/system-auth from shadow gets replaced by pam package

I'm pretty sure that is normal

ReillyBrogan

New pam who dis

Downsite

After the update, my password is no longer accepted, neither in TTY or the graphical interface.

Could this be connected ?

ReillyBrogan

Downsite do you have any files in /etc/pam.d, a /etc/environment, /etc/environment.d/*, ~/.config/environment, or ~/.config/environment.d?

Downsite

ReillyBrogan

I did not find any of these files or folders.
To verify, I put the output of ls -a here https://pastes.io/7smsiripk9.

(See further down for the ~/.config output).

The output of journalctl -b-1 are posted here

alfisya

ReillyBrogan ~/.config/environment, or ~/.config/environment.d

@Downsite You only show /etc/, What about these^? You can also go to live enviroment and chroot to your system with this guide, then show us journalctl -b-1. Also fee free to jump on matrix support channel for little bit more flowy conversation. Cheers!

LarsImNetz

Is there a way to export the DISPLAY variable to the root user again?

I need the cisco vpnui start as root and now without DISPLAY variable I can't start this tool. :-(
Also I like to start the emacs as root in a X Window.

If I try it via hardcore:

root@phoebe ~ # export DISPLAY=:0
root@phoebe ~ # emacs
Authorization required, but no authorization protocol specified

Display :0 unavailable, simulating -nw

ReillyBrogan

LarsImNetz Do you mean because of the changes to /etc/environment? You can still use that file, you just need to have it in the following format instead:

DISPLAY=:0

The file is read by pam_env, not by shells so it doesn't use export.

fernkaufmann

I have a file called vlock in my /etc/pam.d folder.

It contains these lines:

#%PAM-1.0
auth     include	system-auth
account  include	system-auth
password include	system-auth

Do I have to do anything after upgrade?

ReillyBrogan

fernkaufmann That one is fine. Should be safe to ignore it.

Patrice

Hi all,
After this update, something went wrong with Evolution.
When I click to see a message, I have a notification saying that :

A process WebKitWebProcess stopped suddenly when printing message.

Some other messages are just empty with the same notification on top of it.
I can file a bug if you need, unless someone already got the solution. Let me know.

I found some kind of same bug here :
https://gitlab.gnome.org/GNOME/evolution/-/issues/1854
And here :
https://discuss.getsol.us/d/8613-evolution-webkitwebprocess-problem

MetaNorm

Patrice
I can confirm that.

Sebastian

Patrice A downgrade of libwebkit-gtk41 seems to solve the issue:

sudo eopkg install https://packages.getsol.us/shannon/libw/libwebkit-gtk41/libwebkit-gtk41-2.42.1-15-1-x86_64.eopkg

Though as the noob that I am, I can't tell if it is advisable to do so. But you can always reverse it by just updating again with sudo eopkg up

I filed an issue on our bug tracker.

synth-ruiner

Patrice my Evolution won't connect to my mail server now. Just hangs on "Scanning folders in IMAP server..." and keeps prompting me for my password. I even changed the password just to make sure, but no luck. I can get to it via Thunderbird with the same config and credentials so I think this is specifically an Evolution problem.

LarsImNetz

One very important information:
If you create a /etc/pam.d directory after the Update (copy from /usr/share/defaults/etc/pam.d)
and then downgrade to the old history (eopkg history -t <old>)
REMOVE the /etc/pam.d before reboot, or you will NOT be able to login any longer.

I need to boot from an old install USB Stick and remove the directory by hand.

Just a hint from me.

Solarmass

Love those detailed notes with examples!

Patrice

@MetaNorm, I think problem comes from libwebkit-gtk that has been updated.
Maybe a downgrade will solve the problem. I just don't want to try.

Patrice

Sebastian , thanks, it works.
I'll wait for the next update to see if problem is solved.

brent

Updated 95 packages, desktop computer, budgie, last night and went to bed. Now home from work I've had 1 hour of uptime and every file, app, folder and menu functions as per normal. The rig is fine, thank you.

Postscript: a pam update usually means back to a virgin terminal with the 'great responsibility' dialogue that greets a first-timer...(I'm assuming pam update does that..)

WetGeek

I'm having some problems with the version of Telegram installed from the repository. I use it every day to keep in touch with friend from LA tp France. This problem has never occurred before today's update.

It seems to time out after a while, and the UI closes. If I restart it from the Latte dock, it's as if nothing happened. A message I started to write will be intact up to the character I typed just before the UI closed. The above is the notification that occurs a while before the error occurs.

This is not keeping me from using Telegram. Just making it damned inconvenient, requiring frequent restarts. I have performed a clean new installation--reading the PC version's QR code from the mobile--and that appears not to change anything. The same behavior soon begins.

I ran eopkg check | grep Broken and the update was clean.

ReillyBrogan

WetGeek I've noticed some similar behavior and I think it might have to do with having Telegram autostart or start minimized to the tray. I'm hoping that an update to qt6 that I'm planning to do in the next week or so might help.

It's just annoying, it's not like it's not usable though which is why I decided to keep the update. We'd been stuck on 4.8.4 for so long due to dependency issues that I figured more users would appreciate the new version.