Heya folks! This sync brings an updated and reworked PAM stack, as well as a change to the jack audio server package.

Jack server users will now need to install the jack-audio-connection-kit-server package to run the full server.

@ReillyBrogan has updated our PAM stack, a critical set of packages which helps with authentication. There are a few things to be aware of when updating:

  • If you have any custom PAM configuration in /etc/pam.d, they will likely need to be modified.
  • /etc/environment must be in a key=value format, or else Bad Things:tm: will happen! export key=value (Shell form) is invalid and will result in services failing to start with a critical PAM error.
  • Sudo will print the administrator admonition message the first time it is ran after the update.

When eopkg updates some PAM related packages, you will see messages about file conflicts for the libeconf, pam, and shadow packages. This is normal and expected. For example, here is what those messages look like for libeconf:

Installing libeconf, version 0.6.0, release 4
Upgrading to new upstream version
Extracting the files of libeconf
Upgraded libeconf
Installing 2 / 33
pam-1.5.3-27-1-x86_64.eopkg [cached]
Installing pam, version 1.5.3, release 27
File conflicts:
/usr/share/defaults/etc/pam.d/other from shadow gets replaced by pam package
/usr/share/defaults/etc/pam.d/system-auth from shadow gets replaced by pam package

This also brings an updated libeconf, which includes built-in support for hermetic-usr configuration, a concept that Solus calls "stateless" configuration. If you aren't familiar with hermetic /usr/ or Statelessness, it largely boils down to this: All vendor files (files provided by the distribution, i.e. Solus) should live in the /usr/ file tree, including configuration defaults that can then be overridden by files in /etc/ or the user's home directory. This last bit is the tricky part; a lot of software doesn't support this concept, requiring us to patch their source code so that they do. The support introduced in libeconf will hopefully make this easier because software that uses it for configuration file management will gain this support out of the box.

In case you haven't seen it, we are looking for your input on what your devices support when it comes to BIOS and UEFI. This will help inform us on where and what technologies we should focus on when it comes to the bootloader. Check out this thread by @TraceyC for more information, as well as the poll.

Other updates this sync include: https://pastes.io/y8lr6cvoh9
(There were so many updated packages, the forum won't let me post them all!)

That’s all for this time, folks! Check back next time for another round of sync news!

How did the sync go for you?

This poll has ended.
TraceyC stickied the discussion .

"This also brings an updated libeconf, which includes built-in support for hermetic-usr configuration, a concept that Solus calls "stateless" configuration. If you aren't familiar with hermetic /usr/ or Statelessness, it largely boils down to this: All vendor files (files provided by the distribution, i.e. Solus) should live in the /usr/ file tree, including configuration defaults that can then be overridden by files in /etc/ or the user's home directory. This last bit is the tricky part; a lot of software doesn't support this concept, requiring us to patch their source code so that they do."

that's interesting ^ and a layer of what you do I did not know about. for updates (early!). 95 packages installing now.

File conflicts:
/usr/share/defaults/etc/pam.d/other from shadow gets replaced by pam package
/usr/share/defaults/etc/pam.d/system-auth from shadow gets replaced by pam package

I'm pretty sure that is normal

After the update, my password is no longer accepted, neither in TTY or the graphical interface.

Could this be connected ?

    Downsite do you have any files in /etc/pam.d, a /etc/environment, /etc/environment.d/*, ~/.config/environment, or ~/.config/environment.d?

        ReillyBrogan ~/.config/environment, or ~/.config/environment.d

        @Downsite You only show /etc/, What about these^? You can also go to live enviroment and chroot to your system with this guide, then show us journalctl -b-1. Also fee free to jump on matrix support channel for little bit more flowy conversation. Cheers!

          Is there a way to export the DISPLAY variable to the root user again?

          I need the cisco vpnui start as root and now without DISPLAY variable I can't start this tool. :-(
          Also I like to start the emacs as root in a X Window.

          If I try it via hardcore:

          root@phoebe ~ # export DISPLAY=:0
root@phoebe ~ # emacs
Authorization required, but no authorization protocol specified

Display :0 unavailable, simulating -nw

            I have a file called vlock in my /etc/pam.d folder.

            It contains these lines:

            #%PAM-1.0
auth     include	system-auth
account  include	system-auth
password include	system-auth

            Do I have to do anything after upgrade?

              Hi all,
              After this update, something went wrong with Evolution.
              When I click to see a message, I have a notification saying that :

              A process WebKitWebProcess stopped suddenly when printing message.

              Some other messages are just empty with the same notification on top of it.
              I can file a bug if you need, unless someone already got the solution. Let me know.

              I found some kind of same bug here :
              https://gitlab.gnome.org/GNOME/evolution/-/issues/1854
              And here :
              https://discuss.getsol.us/d/8613-evolution-webkitwebprocess-problem

                One very important information:
                If you create a /etc/pam.d directory after the Update (copy from /usr/share/defaults/etc/pam.d)
                and then downgrade to the old history (eopkg history -t <old>)
                REMOVE the /etc/pam.d before reboot, or you will NOT be able to login any longer.

                I need to boot from an old install USB Stick and remove the directory by hand.

                Just a hint from me.

                Love those detailed notes with examples!

                LarsImNetz Do you mean because of the changes to /etc/environment? You can still use that file, you just need to have it in the following format instead:

                DISPLAY=:0

                The file is read by pam_env, not by shells so it doesn't use export.

                  @MetaNorm, I think problem comes from libwebkit-gtk that has been updated.
                  Maybe a downgrade will solve the problem. I just don't want to try.

                  Patrice A downgrade of libwebkit-gtk41 seems to solve the issue:

                  sudo eopkg install https://packages.getsol.us/shannon/libw/libwebkit-gtk41/libwebkit-gtk41-2.42.1-15-1-x86_64.eopkg

                  Though as the noob that I am, I can't tell if it is advisable to do so. But you can always reverse it by just updating again with sudo eopkg up

                  I filed an issue on our bug tracker.

                      Updated 95 packages, desktop computer, budgie, last night and went to bed. Now home from work I've had 1 hour of uptime and every file, app, folder and menu functions as per normal. The rig is fine, thank you.

                      Postscript: a pam update usually means back to a virgin terminal with the 'great responsibility' dialogue that greets a first-timer...(I'm assuming pam update does that..)

                      I'm having some problems with the version of Telegram installed from the repository. I use it every day to keep in touch with friend from LA tp France. This problem has never occurred before today's update.

                      It seems to time out after a while, and the UI closes. If I restart it from the Latte dock, it's as if nothing happened. A message I started to write will be intact up to the character I typed just before the UI closed. The above is the notification that occurs a while before the error occurs.

                      This is not keeping me from using Telegram. Just making it damned inconvenient, requiring frequent restarts. I have performed a clean new installation--reading the PC version's QR code from the mobile--and that appears not to change anything. The same behavior soon begins.

                      I ran eopkg check | grep Broken and the update was clean.