Bug 54200

Summary: Генерируются зависимости на опциональные PAM-модули
Product: Sisyphus Reporter: Антон Мидюков <antohami>
Component: rpm-buildAssignee: placeholder <placeholder>
Status: RESOLVED NOTABUG QA Contact: qa-sisyphus
Severity: normal    
Priority: P5 CC: arseny, glebfm, imz, ldv, placeholder, vt
Version: unstable   
Hardware: all   
OS: Linux   
See Also: https://bugzilla.altlinux.org/show_bug.cgi?id=54211
https://bugzilla.altlinux.org/show_bug.cgi?id=54212
https://bugzilla.altlinux.org/show_bug.cgi?id=54214
https://bugzilla.altlinux.org/show_bug.cgi?id=54215

Description Антон Мидюков 2025-05-08 16:22:28 MSK 
Генерируются зависимости на опциональные PAM-модули.
Например, пакет gdm-data имеет зависимости на:
PAM(pam_console.so)
PAM(pam_gnome_keyring.so)

При том, что они опциональные:
# grep pam_console.so $(rpm -ql gdm-data |grep pam)
/etc/pam.d/gdm-autologin:session		optional	pam_console.so
/etc/pam.d/gdm-fingerprint:session		optional	pam_console.so
/etc/pam.d/gdm-password:session		optional	pam_console.so
/etc/pam.d/gdm-smartcard:session		optional	pam_console.so

# grep pam_gnome_keyring.so $(rpm -ql gdm-data |grep pam)
/etc/pam.d/gdm-autologin:session		optional	pam_gnome_keyring.so auto_start
/etc/pam.d/gdm-fingerprint:auth		optional	pam_gnome_keyring.so
/etc/pam.d/gdm-fingerprint:password	optional	pam_gnome_keyring.so use_authtok
/etc/pam.d/gdm-fingerprint:session		optional	pam_gnome_keyring.so auto_start
/etc/pam.d/gdm-password:auth		optional	pam_gnome_keyring.so
/etc/pam.d/gdm-password:password	optional	pam_gnome_keyring.so use_authtok
/etc/pam.d/gdm-password:session		optional	pam_gnome_keyring.so auto_start
/etc/pam.d/gdm-smartcard:auth		optional	pam_gnome_keyring.so
/etc/pam.d/gdm-smartcard:password	optional	pam_gnome_keyring.so use_authtok
/etc/pam.d/gdm-smartcard:session		optional	pam_gnome_keyring.so auto_start
Comment 1 Dmitry V. Levin 2025-05-09 01:45:06 MSK 
$ grep ^- /etc/pam.d/common-login
-session	optional	pam_systemd.so

$ man pam.conf
If the type value from the list above is prepended with a - character the PAM library will not log to the system log if it is not possible to load the module because it is missing in the system. This can be useful especially for modules which are not always installed on the system and are not required for correct authentication and authorization of the login session.
Comment 2 Антон Мидюков 2025-05-10 10:04:50 MSK 
(Ответ для Dmitry V. Levin на комментарий #1)
> $ grep ^- /etc/pam.d/common-login
> -session	optional	pam_systemd.so
> 
> $ man pam.conf
> If the type value from the list above is prepended with a - character the
> PAM library will not log to the system log if it is not possible to load the
> module because it is missing in the system. This can be useful especially
> for modules which are not always installed on the system and are not
> required for correct authentication and authorization of the login session.

Спасибо за разъяснение. Нужно исправлять пакеты.