SOLVED: 2.2.1 Upgrade breaks sudo



  • noticed that post upgrade.

    That ZMQ doesn't seem to be working

    
    Enter an option: 16
    
    >>> Killing php-fpm
    
    Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20121212/zmq.so' - Shared object "libpgm-5.2.so.0" not found, required by "libzmq.so.4" in Unknown on line 0
    
    

    and

    sudo doesn't work when run as normal user who is part of the admins group

    $sudo
    Shared object "libintl.so.9" not found, required by "sudo"
    
    

    Not sure if this is related.  Reverting to 2.2 everything works, the sudo stuff is correctly configred as it works on 2.2-RELEASE


  • Banned

    
    $ ls -l /usr/local/lib/php/20121212/zmq.so
    -r-xr-xr-x  1 root  wheel  66096 Mar 13 14:49 /usr/local/lib/php/20121212/zmq.so
    
    

    Plus, sudo (from the sudo package) does not link against libintl.so.9 at all…

    
    $ ldd `which sudo`
    /usr/local/bin/sudo:
            libc.so.7 => /lib/libc.so.7 (0x28091000)
    
    


  • well ldd isn't giving you the true story, not sure why maybe has to do w/ PBI or something (I am new to *BSD).

    it does depend on libintl.so.9, if looke in your pbi folder you do see them there.

    /usr/pbi/sudo-amd64/lib: ls -l
    total 7433
    drwxr-xr-x  2 root  wheel      512 Nov 28 04:28 gettext
    -rw-r--r--  1 root  wheel     7536 Nov 28 04:28 libasprintf.a
    -rwxr-xr-x  1 root  wheel      939 Nov 28 04:28 libasprintf.la
    lrwxr-xr-x  1 root  wheel       16 Nov 28 04:28 libasprintf.so -> libasprintf.so.0
    -rwxr-xr-x  1 root  wheel     7792 Nov 28 04:28 libasprintf.so.0
    -rwxr-xr-x  1 root  wheel  1289904 Nov 28 04:28 libgettextlib-0.18.3.so
    -rwxr-xr-x  1 root  wheel      970 Nov 28 04:28 libgettextlib.la
    lrwxr-xr-x  1 root  wheel       23 Nov 28 04:28 libgettextlib.so -> libgettextlib-0.18.3.so
    -rw-r--r--  1 root  wheel   634080 Nov 28 04:28 libgettextpo.a
    -rwxr-xr-x  1 root  wheel      946 Nov 28 04:28 libgettextpo.la
    lrwxr-xr-x  1 root  wheel       17 Nov 28 04:28 libgettextpo.so -> libgettextpo.so.5
    -rwxr-xr-x  1 root  wheel   321064 Nov 28 04:28 libgettextpo.so.5
    -rwxr-xr-x  1 root  wheel   270576 Nov 28 04:28 libgettextsrc-0.18.3.so
    -rwxr-xr-x  1 root  wheel      970 Nov 28 04:28 libgettextsrc.la
    lrwxr-xr-x  1 root  wheel       23 Nov 28 04:28 libgettextsrc.so -> libgettextsrc-0.18.3.so
    -rw-r--r--  1 root  wheel    96830 Nov 28 04:28 libintl.a
    -rw-r--r--  1 root  wheel      911 Nov 28 04:28 libintl.la
    lrwxr-xr-x  1 root  wheel       12 Nov 28 04:28 libintl.so -> libintl.so.9
    -rw-r--r--  1 root  wheel    50144 Nov 28 04:28 libintl.so.9
    -rw-r--r--  1 root  wheel  2994040 Nov 28 04:26 libpkg.a
    lrwxr-xr-x  1 root  wheel       15 Nov 28 04:26 libpkg.so -> libpkg.so.3.0.0
    lrwxr-xr-x  1 root  wheel       15 Nov 28 04:26 libpkg.so.3 -> libpkg.so.3.0.0
    -rwxr-xr-x  1 root  wheel  1884736 Nov 28 04:26 libpkg.so.3.0.0
    
    

    re: zmq it also exists, not sure what I am missing, is there way to force the ldconfig like in linux to rebuild the ld cache?


  • Banned

    What true story? sudo works just fine. No idea what's that listing supposed to mean.



  • the listing shows you the libintl.so.9 is present and is used by sudo, which is why its part of the sudo package. so that "true" stroy is what I am talking about.

    I am not sure why ldd sudo doesn't show that its linked.



  • sorry I should have added sudo works when run as root, but not when run as normal user.



  • I installed sudo package, like I normally do, then login as myself (that is in the admin group) and try to do my normal sudo to become root:

    [2.2.1-RELEASE][admin.phil@x.y.z.org]/home/admin.phil: sudo -s
    Shared object "libintl.so.9" not found, required by "sudo"
    [2.2.1-RELEASE][admin.phil@x.y.z.org]/home/admin.phil:
    
    

    Whatever the detail of the lib so stuff, it does not work.
    Tested on APU 4GB amd64 nanoBSD and Alix 2D13 2GB 32bit nanoBSD



  • @phil.davis:

    Whatever the detail of the lib so stuff, it does not work.
    Tested on APU 4GB amd64 nanoBSD and Alix 2D13 2GB 32bit nanoBSD

    Thanks for confirming.


  • Banned

    Executive summary: PBI == useless POS.



  • suspect this has something to do with the right permissions not being available. this is in the system log

     The command '/usr/sbin/pw groupadd admins -g 1999 -M '2000,2001' 2>&1' returned exit code '67', the output was 'pw: user `2000' does not exist'
    

    the admins group is not being created.



  • @vajonam:

    suspect this has something to do with the right permissions not being available. this is in the system log

     The command '/usr/sbin/pw groupadd admins -g 1999 -M '2000,2001' 2>&1' returned exit code '67', the output was 'pw: user `2000' does not exist'
    

    the admins group is not being created.

    The cause seems to be that the code tries to add group membership before adding the actual user. This fixes it for me:
    https://github.com/pfsense/pfsense/pull/1571

    It does not help the sudo lib so problem though. But at least it clears up some system log noise and lets you create a user and put them in a group in one action.



  • @phil.davis:

    It does not help the sudo lib so problem though. But at least it clears up some system log noise and lets you create a user and put them in a group in one action.

    yeah i sort of did the same thing and it seems to have fixed the groups and users , but just like you the sudo problem still exists. does sudo work for you as root? the fact that it works as root seems to point to some other groups its not a part of.

    even as root I cannot sudo some simple commands, something is really broken w/ sudo

    
    [2.2.1-RELEASE][admin@x.y.com]/etc: sudo /usr/local/sbin/pftop 
    sudo: /usr/local/sbin/pftop: command not found
    
    

    can assure you that command exists.



  • nrpe package is also giving this:

    [2.2.1-RELEASE][admin@bast.int.unixathome.org]/root: /usr/pbi/nrpe-amd64/local/libexec/nagios/check_tcp -H bast.int.unixathome.org -p 9102
    Shared object "libintl.so.9" not found, required by "check_tcp"
    

    Ref: https://forum.pfsense.org/index.php?topic=90704.0
    So sudo is not the only problem child package utility here.



  • can fix the sudo problem my linking by hand

    ln -s /usr/pbi/sudo-amd64/lib/libintl.so.9 /usr/local/lib
    

    stuff works then. not sure what happened to these links. i dont know enough about how an execute inside a pbi is jailed to its own env in *bsd.

    EDIT:
    Maybe to force a rebuild of the ldconfig caches?


  • Banned

    @vajonam:

    can fix the sudo problem my linking by hand

    ln -s /usr/pbi/sudo-amd64/lib/libintl.so.9 /usr/local/lib
    

    stuff works then. not sure what happened to these links. i dont know enough about how an execute inside a pbi is jailed to its own env in *bsd.

    EDIT:
    Maybe to force a rebuild of the ldconfig caches?

    sudo drops the envvars on its own in the first place… Other than that, you do NOT have libintl.so.9  inside /usr/pbi/sudo-amd64/lib? Perhaps, my suggestion to anyone here would be to uninstall the pbi nonsense and install sudo via pkg.



  • @doktornotor:

    sudo drops the envvars on its own in the first place… Other than that, you do NOT have libintl.so.9  inside /usr/pbi/sudo-amd64/lib? Perhaps, my suggestion to anyone here would be to uninstall the pbi nonsense and install sudo via pkg.

    think there was a typo, but I do have the required libs in /usr/pbi/sudo-amd64/lib

    re: you suggestion to move to pkg vs pbi, I can do that, but I am running on 4g  NanoBSD image, how will this work the space constrains, last time I tried something I ran out of /var space, I guess I can increase that. will pkg work with the NanoBSD images as well?


  • Banned

    @vajonam:

    think there was a typo, but I do have the required libs in /usr/pbi/sudo-amd64/lib

    I totally do not understand your fix in that case.

    P.S. No idea about pkg on nanobsd.



  • file exists under /urs/pbi/sudo-amd64/lib, I am cerating a link TO that file in the /usr/local/lib folder so it know to find it where its looking, for whatever reason sudo doesn't look in its own lib folders first

    ln -s SOURCE TARGET


  • Banned

    So you do not have that under /usr/local/lib?

    
    $ ls -l /usr/local/lib/libintl.*
    -rw-r--r--  1 root  wheel  57216 Aug 26  2013 /usr/local/lib/libintl.a
    -rw-r--r--  1 root  wheel    972 Aug 26  2013 /usr/local/lib/libintl.la
    lrwxr-xr-x  1 root  wheel     12 Sep  6  2013 /usr/local/lib/libintl.so -> libintl.so.9
    -rw-r--r--  1 root  wheel  45501 Mar 13 14:49 /usr/local/lib/libintl.so.8
    -rw-r--r--  1 root  wheel  45351 Feb 28 13:18 /usr/local/lib/libintl.so.9
    
    

    Dunno guys what's up with your boxes.


  • Rebel Alliance Developer Netgate

    sudo seems fine for me on My APU (Full install, amd64), though ALIX (NanoBSD, i386) does show the issue.

    I recompiled the package since there was an update to sudo anyhow, it should show up in 15-30 mins or so, give it another try then.

    Is everyone with this problem running NanoBSD? Or i386? There must be some common factor.



  • @jimp:

    sudo seems fine for me on My APU (Full install, amd64), though ALIX (NanoBSD, i386) does show the issue.

    I recompiled the package since there was an update to sudo anyhow, it should show up in 15-30 mins or so, give it another try then.

    Is everyone with this problem running NanoBSD? Or i386? There must be some common factor.

    I am on NanoBSD AMD64, on APU1D4.


  • Banned

    @jimp:

    Is everyone with this problem running NanoBSD? Or i386? There must be some common factor.

    I can see pretty much everyone here with the issue being on amd64, except Phil who reproduced it on i386 as well.

    (The common factor seems to be the PBI hardlinking clusterfuck, frankly…)



  • @doktornotor:

    (The common factor seems to be the PBI hardlinking clusterfuck, frankly…)

    :-)

    apart from the PBI :-),  the common factor is also NanoBSD, i think. jimp can you tell me if I should have libintl.so.9 lib in my default image? I didn't think so.



  • I'm offended by the term "PBI"


  • Rebel Alliance Developer Netgate

    The same binaries work on 2.2 but not 2.2.1 so there must be something that changed there.

    So far I can only reproduce it on NanoBSD/i386 but I don't have an amd64 NanoBSD install handy to test.

    On my full install I have a libintl.so.9 in /usr/local/lib/ dated Janurary (~2.2-RELEASE time) and it's not on i386.

    On your NanoBSD install, check the old slice:

    : mount -t ufs /dev/ufs/pfsense1 /mnt
    : ls -l /mnt/usr/local/lib/libintl*
    

    or use pfsense0 if that was your previous slice.

    The card I'm using started on 2.2.1 snapshots so I can't test that particular case quickly.


  • Banned

    @jimp:

    On my full install I have a libintl.so.9 in /usr/local/lib/ dated Janurary (~2.2-RELEASE time) and it's not on i386.

    i386 full install:

    
    $ ls -l /usr/local/lib/libintl.*
    -rw-r--r--  1 root  wheel  57216 Aug 26  2013 /usr/local/lib/libintl.a
    -rw-r--r--  1 root  wheel    972 Aug 26  2013 /usr/local/lib/libintl.la
    lrwxr-xr-x  1 root  wheel     12 Sep  6  2013 /usr/local/lib/libintl.so -> libintl.so.9
    -rw-r--r--  1 root  wheel  45501 Mar 13 14:49 /usr/local/lib/libintl.so.8
    -rw-r--r--  1 root  wheel  45351 Feb 28 13:18 /usr/local/lib/libintl.so.9
    
    

    libintl.so.9 would be the 2.2.1 snapshots, libintl.so.8 is the 2.2.1 release. The static junk, no idea.

    i386 nano:

    
    $ ls -l /usr/local/lib/libintl.*
    -rw-r--r--  1 root  wheel  45501 Mar 13 14:49 /usr/local/lib/libintl.so.8
    
    

    and nothing else. Dunno guys what are you doing with gettext there.



  • Found it

    2.2-RELEASE SLICE

    /mnt/usr/local/lib: ls -l libintl*
    -rw-r--r--  1 root  wheel  97760 Jan 28 00:32 libintl.a
    lrwxr-xr-x  1 root  wheel     16 Jan 28 00:32 libintl.so -> libintl.so.8.1.3
    lrwxr-xr-x  1 root  wheel     16 Jan 28 00:32 libintl.so.8 -> libintl.so.8.1.3
    -rw-r--r--  1 root  wheel  50998 Jan 28 00:32 libintl.so.8.1.3
    lrwxr-xr-x  1 root  wheel     12 Jan 28 00:32 libintl.so.9 -> libintl.so.8
    
    

    2.2.1-RELEASE SLICE

    /usr/local/lib: ls -l libintl*
    -rw-r--r--  1 root  wheel  55319 Mar 13 09:38 libintl.so.8
    lrwxr-xr-x  1 root  wheel     36 Mar 18 09:47 libintl.so.9 -> /usr/pbi/sudo-amd64/lib/libintl.so.9
    
    

    that last one is a symlink that I just created to get it to work.



  • just checked the upgrade log, looks like it was never in the file list for 2.2.1-RELEASE

    ...
    /tmp/pfSense1/usr/local/lib/libidn.so.11
    /tmp/pfSense1/usr/local/lib/libintl.so.8
    /tmp/pfSense1/usr/local/lib/libpdel.so.0
    /tmp/pfSense1/usr/local/lib/libexpat.so.1
    ...
    
    
    ln -s libintl.so.8 libintl.so.9 
    ```f
    
    fixes things as well.

  • Banned

    @jimp: When did you rebuild the gettext thing for the last time on nano?

    https://forums.freebsd.org/threads/shared-object-libintl-so-9-not-found.49320/


  • Rebel Alliance Developer Netgate

    Not sure, wasn't me so I couldn't say for certain.


  • Rebel Alliance Developer Netgate

    After looking things over, it really shouldn't have been working on 2.2-REL and was only doing so by accident apparently.

    The sudo PBI wrapper should be gathering its own libraries, but for some reason it is not.

    If you nudge it with ldconfig it should work (until reboot):

    ldconfig -m /usr/pbi/sudo-`uname -m`/local/lib/
    

    I can add that command to the package sync for sudo as an interim fix, other affected packages would need a similar fix. We're looking into a better long-term solution.



  • yup that is the command I was looking for an suspected the ld cache was not upto date! Thanks that works.

    will this survive a reboot in nanobsd? or does this need to happen on every reboot? no sure where the ld cache is stored. never mind re-read your post.


  • Rebel Alliance Developer Netgate

    Answered that in my previous post already. It will not stay across reboots, not until it gets added to the package.



  • I can add it by hand for now, which file does it go in? sudo.inc?


  • Banned

    Are you planning to reboot many times in next couple of hours?


  • Rebel Alliance Developer Netgate

    A new version of the package that contains the fix will be up in 15-45 mins or so, be patient and then update when it's available.



  • just tried out 0.2.5. sudo now works fine.

    I did notice this in the serial console after the uninstall/reinstall

    Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20121212/zmq.so' - Shared object "libpgm-5.2.so.0" not found, required by "libzmq.so.4" in Unknown on line 0
    

    after which everytime php-fpm restarted it showed up in the logs.

    i then did a

    ldconfig -m /usr/local/lib
    

    which seems to address it, again not sure if is a symptom of something else. but I suspect it is.


  • Rebel Alliance Developer Netgate

    That's something different, worthy of its own thread if there isn't one already.



  • Okay let me try to reproduce it consistently and will start a thread. thanks for your help w/ this.



  • sudo 0.2.5 working for me on 2.2.1 64 and 32 bit nanoBSD.
    Thanks JimP for a very useful little package.


Log in to reply