[solved] sudo error caused by makepkg call to pacman

binhex · 2015-11-12 13:18:49

Hi all, im seeing a strange issue related to sudo when attempting to compile a package from AUR (packer-color). From what i can work out it looks like makepkg calls pacman in order to resolve dependancies (using -s flag), in order to run pacman it then calls sudo, it is this call to sudo thats causing me issues.

Things i have tried so far, full upgrade of the system using pacman -Syu, re-install pacman keys, verifying my sudoers file is ok, checking the user i'm compiling with is in the sudoers list, re-installing sudo, uninstalling sudo, deleting /etc/sudoers and then installing sudo, none of this has got me any further.

One thing i have noted is that this issue didn't occur up until the new version of sudo was released (1.8.15) prior to that sudo was working fine, no doubt this is coincidental though and the problem will be mine :-). The other twist to this story is that this is being built as a docker image, but again this has been running for months with no issue.

Here is the console output snipet:- (full console output can be found here http://pastebin.com/fXG9aeN9

installing sudo...
Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
makepkg-user ALL=(ALL) NOPASSWD: ALL
check sudo file is ok still...
/etc/sudoers: parsed OK
check user is in sudoers
User makepkg-user may run the following commands on 509d4c98a5ed:
    (ALL) NOPASSWD: ALL
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   881    0   881    0     0   1679      0 --:--:-- --:--:-- --:--:--  1684
packer/
packer/.AURINFO
packer/.SRCINFO
packer/PKGBUILD
==> Making package: packer 20150808-1 (Thu Nov 12 12:17:54 UTC 2015)
==> Checking runtime dependencies...
==> Installing missing dependencies...
sudo: policy plugin failed session initialization
==> ERROR: 'pacman' failed to install missing dependencies.
The command '/bin/sh -c chmod +x /root/*.sh &&  /bin/bash /root/install.sh' returned a non-zero code: 1

Last edited by binhex (2015-11-17 22:37:54)

Scimmia · 2015-11-12 14:42:47

What version of pam?

PhilippD · 2015-11-12 15:34:15

binhex wrote:

One thing i have noted is that this issue didn't occur up until the new version of sudo was released (1.8.15) prior to that sudo was working fine, no doubt this is coincidental though and the problem will be mine :-). The other twist to this story is that this is being built as a docker image, but again this has been running for months with no issue.

You can confirm this by downgrading sudo with the command below.

pacman -U /var/cache/pacman/pkg/sudo-...

binhex · 2015-11-12 15:41:20

Scimmia wrote:

What version of pam?

pam-1.2.1-2

binhex · 2015-11-12 15:43:41

PhilippD wrote:

binhex wrote:
One thing i have noted is that this issue didn't occur up until the new version of sudo was released (1.8.15) prior to that sudo was working fine, no doubt this is coincidental though and the problem will be mine :-). The other twist to this story is that this is being built as a docker image, but again this has been running for months with no issue.
You can confirm this by downgrading sudo with the command below.
pacman -U /var/cache/pacman/pkg/sudo-...

i would try this but as this is a docker image i clean down the pacman cache to keep size to a minimum, but i can def try this by pulling down the compiled package from here http://seblu.net/a/archive/packages/s/sudo/

binhex · 2015-11-12 16:06:04

binhex wrote:

PhilippD wrote:
binhex wrote:
One thing i have noted is that this issue didn't occur up until the new version of sudo was released (1.8.15) prior to that sudo was working fine, no doubt this is coincidental though and the problem will be mine :-). The other twist to this story is that this is being built as a docker image, but again this has been running for months with no issue.
You can confirm this by downgrading sudo with the command below.
pacman -U /var/cache/pacman/pkg/sudo-...
i would try this but as this is a docker image i clean down the pacman cache to keep size to a minimum, but i can def try this by pulling down the compiled package from here http://seblu.net/a/archive/packages/s/sudo/

my suspicions are confirmed, if i manually install the previous version of sudo then the issue goes away, so its def linked to sudo in some manner, i included the following lines after the install of base-devel to force the downgrade of sudo:-

curl -o /tmp/sudo-1.8.14.p3-2-x86_64.pkg.tar.xz -L http://seblu.net/a/archive/packages/s/sudo/sudo-1.8.14.p3-2-x86_64.pkg.tar.xz
pacman -U --force /tmp/sudo-1.8.14.p3-2-x86_64.pkg.tar.xz --noconfirm

This then successfully built the docker image, any thoughts on how i can go forward with this, i obviously don't want to be stuck on an older version of sudo.

WorMzy · 2015-11-12 16:14:44

Why --force? Were you having trouble downgrading? If so, perhaps the update didn't work correctly in the first place, which may be why you were having problems.

binhex · 2015-11-12 16:22:20

WorMzy wrote:

Why --force? Were you having trouble downgrading? If so, perhaps the update didn't work correctly in the first place, which may be why you were having problems.

sorry my mistake, i thought i read that the --force was required in order to downgrade to an earlier version, looks like it isnt, ive re-run without the --force flag and confirmed it is still working with the older version of sudo.

Any thoughts on where i go from here?

Last edited by binhex (2015-11-12 16:23:32)

justin-8 · 2015-11-12 21:06:07

I'm also seeing this same issue in a clean build inside of a docker image.

I made a bug report here since I'm not the only one seeing this: https://bugs.archlinux.org/task/47052

I thought I must've been going crazy

I've just repushed my images with the old sudo for now. But it's a pain.

Last edited by justin-8 (2015-11-12 21:15:23)

loqs · 2015-11-12 21:48:00

http://www.sudo.ws/stable.html#1.8.15 release notes include the following:

Sudo now refuses to run a command if the PAM session module returns an error.

Which does seem to match the error message

sudo: policy plugin failed session initialization

Scimmia · 2015-11-12 23:29:16

What version of libtirpc? And what does the log say?

Last edited by Scimmia (2015-11-13 05:26:58)

binhex · 2015-11-13 11:02:59

Scimmia wrote:

What version of libtirpc? And what does the log say?

libtirpc-1.0.1-2 - just to be clear i issue a pacman -Syu before i then proceed to install the base-devel package so it should be bang up to date for all packages.

Not sure what log you want, (syslog?), but here is the output of the docker build of the image http://pastebin.com/fXG9aeN9

binhex · 2015-11-13 11:05:26

justin-8 wrote:

I'm also seeing this same issue in a clean build inside of a docker image.
I made a bug report here since I'm not the only one seeing this: https://bugs.archlinux.org/task/47052
I thought I must've been going crazy
I've just repushed my images with the old sudo for now. But it's a pain.

Many thanks for posting Justin-8, its nice to know im not alone with this issue, im going to follow the bug report you made.

justin-8 · 2015-11-13 14:19:02

Yeah, I use docker for makepkg builds on a jenkins server, and they all suddenly failed after a 'successful' build of my container. One of the best thing about Arch is the fast response by everyone when something breaks.

binhex · 2015-11-17 22:43:31

issue was solved, this was a bug in pam caused by insufficient privileges in a docker env and thus sudo wouldnt run, a much better explanation by developer:-

The relevant change sudo 1.8.15 is: "Sudo now refuses to run a command if the PAM session module returns an error."
The issue is that pam_limits.so fails to apply the rules found in /etc/security/limits.conf due to insufficient privileges (the "* - nice 0" line in particular).

im now seeing successful builds in docker once more with the latest version of sudo, very pleased to say this is now marked as solved.

Arch Linux

#1 2015-11-12 13:18:49

[solved] sudo error caused by makepkg call to pacman

#2 2015-11-12 14:42:47

Re: [solved] sudo error caused by makepkg call to pacman

#3 2015-11-12 15:34:15

Re: [solved] sudo error caused by makepkg call to pacman

#4 2015-11-12 15:41:20

Re: [solved] sudo error caused by makepkg call to pacman

#5 2015-11-12 15:43:41

Re: [solved] sudo error caused by makepkg call to pacman

#6 2015-11-12 16:06:04

Re: [solved] sudo error caused by makepkg call to pacman

#7 2015-11-12 16:14:44

Re: [solved] sudo error caused by makepkg call to pacman

#8 2015-11-12 16:22:20

Re: [solved] sudo error caused by makepkg call to pacman

#9 2015-11-12 21:06:07

Re: [solved] sudo error caused by makepkg call to pacman

#10 2015-11-12 21:48:00

Re: [solved] sudo error caused by makepkg call to pacman

#11 2015-11-12 23:29:16

Re: [solved] sudo error caused by makepkg call to pacman

#12 2015-11-13 11:02:59

Re: [solved] sudo error caused by makepkg call to pacman

#13 2015-11-13 11:05:26

Re: [solved] sudo error caused by makepkg call to pacman

#14 2015-11-13 14:19:02

Re: [solved] sudo error caused by makepkg call to pacman

#15 2015-11-17 22:43:31

Re: [solved] sudo error caused by makepkg call to pacman

Board footer