SOLVED: 2.2.1 Upgrade breaks sudo
-
noticed that post upgrade.
That ZMQ doesn't seem to be working
Enter an option: 16 >>> Killing php-fpm Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20121212/zmq.so' - Shared object "libpgm-5.2.so.0" not found, required by "libzmq.so.4" in Unknown on line 0and
sudo doesn't work when run as normal user who is part of the admins group
$sudo Shared object "libintl.so.9" not found, required by "sudo"Not sure if this is related. Reverting to 2.2 everything works, the sudo stuff is correctly configred as it works on 2.2-RELEASE
-
$ ls -l /usr/local/lib/php/20121212/zmq.so -r-xr-xr-x 1 root wheel 66096 Mar 13 14:49 /usr/local/lib/php/20121212/zmq.soPlus, sudo (from the sudo package) does not link against libintl.so.9 at all…
$ ldd `which sudo` /usr/local/bin/sudo: libc.so.7 => /lib/libc.so.7 (0x28091000) -
well ldd isn't giving you the true story, not sure why maybe has to do w/ PBI or something (I am new to *BSD).
it does depend on libintl.so.9, if looke in your pbi folder you do see them there.
/usr/pbi/sudo-amd64/lib: ls -l total 7433 drwxr-xr-x 2 root wheel 512 Nov 28 04:28 gettext -rw-r--r-- 1 root wheel 7536 Nov 28 04:28 libasprintf.a -rwxr-xr-x 1 root wheel 939 Nov 28 04:28 libasprintf.la lrwxr-xr-x 1 root wheel 16 Nov 28 04:28 libasprintf.so -> libasprintf.so.0 -rwxr-xr-x 1 root wheel 7792 Nov 28 04:28 libasprintf.so.0 -rwxr-xr-x 1 root wheel 1289904 Nov 28 04:28 libgettextlib-0.18.3.so -rwxr-xr-x 1 root wheel 970 Nov 28 04:28 libgettextlib.la lrwxr-xr-x 1 root wheel 23 Nov 28 04:28 libgettextlib.so -> libgettextlib-0.18.3.so -rw-r--r-- 1 root wheel 634080 Nov 28 04:28 libgettextpo.a -rwxr-xr-x 1 root wheel 946 Nov 28 04:28 libgettextpo.la lrwxr-xr-x 1 root wheel 17 Nov 28 04:28 libgettextpo.so -> libgettextpo.so.5 -rwxr-xr-x 1 root wheel 321064 Nov 28 04:28 libgettextpo.so.5 -rwxr-xr-x 1 root wheel 270576 Nov 28 04:28 libgettextsrc-0.18.3.so -rwxr-xr-x 1 root wheel 970 Nov 28 04:28 libgettextsrc.la lrwxr-xr-x 1 root wheel 23 Nov 28 04:28 libgettextsrc.so -> libgettextsrc-0.18.3.so -rw-r--r-- 1 root wheel 96830 Nov 28 04:28 libintl.a -rw-r--r-- 1 root wheel 911 Nov 28 04:28 libintl.la lrwxr-xr-x 1 root wheel 12 Nov 28 04:28 libintl.so -> libintl.so.9 -rw-r--r-- 1 root wheel 50144 Nov 28 04:28 libintl.so.9 -rw-r--r-- 1 root wheel 2994040 Nov 28 04:26 libpkg.a lrwxr-xr-x 1 root wheel 15 Nov 28 04:26 libpkg.so -> libpkg.so.3.0.0 lrwxr-xr-x 1 root wheel 15 Nov 28 04:26 libpkg.so.3 -> libpkg.so.3.0.0 -rwxr-xr-x 1 root wheel 1884736 Nov 28 04:26 libpkg.so.3.0.0re: zmq it also exists, not sure what I am missing, is there way to force the ldconfig like in linux to rebuild the ld cache?
-
What true story? sudo works just fine. No idea what's that listing supposed to mean.
-
the listing shows you the libintl.so.9 is present and is used by sudo, which is why its part of the sudo package. so that "true" stroy is what I am talking about.
I am not sure why ldd sudo doesn't show that its linked.
-
sorry I should have added sudo works when run as root, but not when run as normal user.
-
I installed sudo package, like I normally do, then login as myself (that is in the admin group) and try to do my normal sudo to become root:
[2.2.1-RELEASE][admin.phil@x.y.z.org]/home/admin.phil: sudo -s Shared object "libintl.so.9" not found, required by "sudo" [2.2.1-RELEASE][admin.phil@x.y.z.org]/home/admin.phil:Whatever the detail of the lib so stuff, it does not work.
Tested on APU 4GB amd64 nanoBSD and Alix 2D13 2GB 32bit nanoBSD -
Whatever the detail of the lib so stuff, it does not work.
Tested on APU 4GB amd64 nanoBSD and Alix 2D13 2GB 32bit nanoBSDThanks for confirming.
-
Executive summary: PBI == useless POS.
-
suspect this has something to do with the right permissions not being available. this is in the system log
The command '/usr/sbin/pw groupadd admins -g 1999 -M '2000,2001' 2>&1' returned exit code '67', the output was 'pw: user `2000' does not exist'the admins group is not being created.
-
suspect this has something to do with the right permissions not being available. this is in the system log
The command '/usr/sbin/pw groupadd admins -g 1999 -M '2000,2001' 2>&1' returned exit code '67', the output was 'pw: user `2000' does not exist'the admins group is not being created.
The cause seems to be that the code tries to add group membership before adding the actual user. This fixes it for me:
https://github.com/pfsense/pfsense/pull/1571It does not help the sudo lib so problem though. But at least it clears up some system log noise and lets you create a user and put them in a group in one action.
-
It does not help the sudo lib so problem though. But at least it clears up some system log noise and lets you create a user and put them in a group in one action.
yeah i sort of did the same thing and it seems to have fixed the groups and users , but just like you the sudo problem still exists. does sudo work for you as root? the fact that it works as root seems to point to some other groups its not a part of.
even as root I cannot sudo some simple commands, something is really broken w/ sudo
[2.2.1-RELEASE][admin@x.y.com]/etc: sudo /usr/local/sbin/pftop sudo: /usr/local/sbin/pftop: command not foundcan assure you that command exists.
-
nrpe package is also giving this:
[2.2.1-RELEASE][admin@bast.int.unixathome.org]/root: /usr/pbi/nrpe-amd64/local/libexec/nagios/check_tcp -H bast.int.unixathome.org -p 9102 Shared object "libintl.so.9" not found, required by "check_tcp"Ref: https://forum.pfsense.org/index.php?topic=90704.0
So sudo is not the only problem child package utility here. -
can fix the sudo problem my linking by hand
ln -s /usr/pbi/sudo-amd64/lib/libintl.so.9 /usr/local/libstuff works then. not sure what happened to these links. i dont know enough about how an execute inside a pbi is jailed to its own env in *bsd.
EDIT:
Maybe to force a rebuild of the ldconfig caches? -
can fix the sudo problem my linking by hand
ln -s /usr/pbi/sudo-amd64/lib/libintl.so.9 /usr/local/libstuff works then. not sure what happened to these links. i dont know enough about how an execute inside a pbi is jailed to its own env in *bsd.
EDIT:
Maybe to force a rebuild of the ldconfig caches?sudo drops the envvars on its own in the first place… Other than that, you do NOT have libintl.so.9 inside /usr/pbi/sudo-amd64/lib? Perhaps, my suggestion to anyone here would be to uninstall the pbi nonsense and install sudo via pkg.
-
sudo drops the envvars on its own in the first place… Other than that, you do NOT have libintl.so.9 inside /usr/pbi/sudo-amd64/lib? Perhaps, my suggestion to anyone here would be to uninstall the pbi nonsense and install sudo via pkg.
think there was a typo, but I do have the required libs in /usr/pbi/sudo-amd64/lib
re: you suggestion to move to pkg vs pbi, I can do that, but I am running on 4g NanoBSD image, how will this work the space constrains, last time I tried something I ran out of /var space, I guess I can increase that. will pkg work with the NanoBSD images as well?
-
think there was a typo, but I do have the required libs in /usr/pbi/sudo-amd64/lib
I totally do not understand your fix in that case.
P.S. No idea about pkg on nanobsd.
-
file exists under /urs/pbi/sudo-amd64/lib, I am cerating a link TO that file in the /usr/local/lib folder so it know to find it where its looking, for whatever reason sudo doesn't look in its own lib folders first
ln -s SOURCE TARGET
-
So you do not have that under /usr/local/lib?
$ ls -l /usr/local/lib/libintl.* -rw-r--r-- 1 root wheel 57216 Aug 26 2013 /usr/local/lib/libintl.a -rw-r--r-- 1 root wheel 972 Aug 26 2013 /usr/local/lib/libintl.la lrwxr-xr-x 1 root wheel 12 Sep 6 2013 /usr/local/lib/libintl.so -> libintl.so.9 -rw-r--r-- 1 root wheel 45501 Mar 13 14:49 /usr/local/lib/libintl.so.8 -rw-r--r-- 1 root wheel 45351 Feb 28 13:18 /usr/local/lib/libintl.so.9Dunno guys what's up with your boxes.
-
sudo seems fine for me on My APU (Full install, amd64), though ALIX (NanoBSD, i386) does show the issue.
I recompiled the package since there was an update to sudo anyhow, it should show up in 15-30 mins or so, give it another try then.
Is everyone with this problem running NanoBSD? Or i386? There must be some common factor.
-
sudo seems fine for me on My APU (Full install, amd64), though ALIX (NanoBSD, i386) does show the issue.
I recompiled the package since there was an update to sudo anyhow, it should show up in 15-30 mins or so, give it another try then.
Is everyone with this problem running NanoBSD? Or i386? There must be some common factor.
I am on NanoBSD AMD64, on APU1D4.
-
Is everyone with this problem running NanoBSD? Or i386? There must be some common factor.
I can see pretty much everyone here with the issue being on amd64, except Phil who reproduced it on i386 as well.
(The common factor seems to be the PBI hardlinking clusterfuck, frankly…)
-
(The common factor seems to be the PBI hardlinking clusterfuck, frankly…)
:-)
apart from the PBI :-), the common factor is also NanoBSD, i think. jimp can you tell me if I should have libintl.so.9 lib in my default image? I didn't think so.
-
I'm offended by the term "PBI"
-
The same binaries work on 2.2 but not 2.2.1 so there must be something that changed there.
So far I can only reproduce it on NanoBSD/i386 but I don't have an amd64 NanoBSD install handy to test.
On my full install I have a libintl.so.9 in /usr/local/lib/ dated Janurary (~2.2-RELEASE time) and it's not on i386.
On your NanoBSD install, check the old slice:
: mount -t ufs /dev/ufs/pfsense1 /mnt : ls -l /mnt/usr/local/lib/libintl*or use pfsense0 if that was your previous slice.
The card I'm using started on 2.2.1 snapshots so I can't test that particular case quickly.
-
On my full install I have a libintl.so.9 in /usr/local/lib/ dated Janurary (~2.2-RELEASE time) and it's not on i386.
i386 full install:
$ ls -l /usr/local/lib/libintl.* -rw-r--r-- 1 root wheel 57216 Aug 26 2013 /usr/local/lib/libintl.a -rw-r--r-- 1 root wheel 972 Aug 26 2013 /usr/local/lib/libintl.la lrwxr-xr-x 1 root wheel 12 Sep 6 2013 /usr/local/lib/libintl.so -> libintl.so.9 -rw-r--r-- 1 root wheel 45501 Mar 13 14:49 /usr/local/lib/libintl.so.8 -rw-r--r-- 1 root wheel 45351 Feb 28 13:18 /usr/local/lib/libintl.so.9libintl.so.9 would be the 2.2.1 snapshots, libintl.so.8 is the 2.2.1 release. The static junk, no idea.
i386 nano:
$ ls -l /usr/local/lib/libintl.* -rw-r--r-- 1 root wheel 45501 Mar 13 14:49 /usr/local/lib/libintl.so.8and nothing else. Dunno guys what are you doing with gettext there.
-
Found it
2.2-RELEASE SLICE
/mnt/usr/local/lib: ls -l libintl* -rw-r--r-- 1 root wheel 97760 Jan 28 00:32 libintl.a lrwxr-xr-x 1 root wheel 16 Jan 28 00:32 libintl.so -> libintl.so.8.1.3 lrwxr-xr-x 1 root wheel 16 Jan 28 00:32 libintl.so.8 -> libintl.so.8.1.3 -rw-r--r-- 1 root wheel 50998 Jan 28 00:32 libintl.so.8.1.3 lrwxr-xr-x 1 root wheel 12 Jan 28 00:32 libintl.so.9 -> libintl.so.82.2.1-RELEASE SLICE
/usr/local/lib: ls -l libintl* -rw-r--r-- 1 root wheel 55319 Mar 13 09:38 libintl.so.8 lrwxr-xr-x 1 root wheel 36 Mar 18 09:47 libintl.so.9 -> /usr/pbi/sudo-amd64/lib/libintl.so.9that last one is a symlink that I just created to get it to work.
-
just checked the upgrade log, looks like it was never in the file list for 2.2.1-RELEASE
... /tmp/pfSense1/usr/local/lib/libidn.so.11 /tmp/pfSense1/usr/local/lib/libintl.so.8 /tmp/pfSense1/usr/local/lib/libpdel.so.0 /tmp/pfSense1/usr/local/lib/libexpat.so.1 ...ln -s libintl.so.8 libintl.so.9 ```f fixes things as well. -
@jimp: When did you rebuild the gettext thing for the last time on nano?
https://forums.freebsd.org/threads/shared-object-libintl-so-9-not-found.49320/
-
Not sure, wasn't me so I couldn't say for certain.
-
After looking things over, it really shouldn't have been working on 2.2-REL and was only doing so by accident apparently.
The sudo PBI wrapper should be gathering its own libraries, but for some reason it is not.
If you nudge it with ldconfig it should work (until reboot):
ldconfig -m /usr/pbi/sudo-`uname -m`/local/lib/I can add that command to the package sync for sudo as an interim fix, other affected packages would need a similar fix. We're looking into a better long-term solution.
-
yup that is the command I was looking for an suspected the ld cache was not upto date! Thanks that works.
will this survive a reboot in nanobsd? or does this need to happen on every reboot? no sure where the ld cache is stored.never mind re-read your post. -
Answered that in my previous post already. It will not stay across reboots, not until it gets added to the package.
-
I can add it by hand for now, which file does it go in? sudo.inc?
-
Are you planning to reboot many times in next couple of hours?
-
A new version of the package that contains the fix will be up in 15-45 mins or so, be patient and then update when it's available.
-
just tried out 0.2.5. sudo now works fine.
I did notice this in the serial console after the uninstall/reinstall
Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20121212/zmq.so' - Shared object "libpgm-5.2.so.0" not found, required by "libzmq.so.4" in Unknown on line 0after which everytime php-fpm restarted it showed up in the logs.
i then did a
ldconfig -m /usr/local/libwhich seems to address it, again not sure if is a symptom of something else. but I suspect it is.
-
That's something different, worthy of its own thread if there isn't one already.
-
Okay let me try to reproduce it consistently and will start a thread. thanks for your help w/ this.
-
sudo 0.2.5 working for me on 2.2.1 64 and 32 bit nanoBSD.
Thanks JimP for a very useful little package.
