Bug #922279: pam_systemd automatically disabled on update

Thu Feb 14 06:11:36 GMT 2019

Hi systemd Maintainers,

I just reported a debconf bug which causes pam_systemd to be disabled
by pam-auth-update (run by libpam-cap package update) when using the
debconf dialog frontend with whiptail, even if it appears to be
enabled.  Since it affects libpam-systemd, I wanted to mention it here
as well.

Details below:

On Wed, 2019-02-13 at 22:51 -0700, Kevin Locke wrote:
> Package: debconf
> Version: 1.5.70
> Severity: normal
> Tags: patch
> 
> Dear Maintainer,
> 
> After upgrading libpam-cap, systemd user sessions stopped working.  I
> traced the problem to pam-auth-update, which uses debconf to manage the
> PAM configuration.  Using the dialog frontend with whiptail in a
> terminal that is 80 characters wide, it is not possible to enable the
> pam_systemd module, even if it is selected in whiptail.  To reproduce:
> 
> DEBIAN_FRONTEND=dialog DEBCONF_DEBUG=developer PERL_DL_NONLAZY=1 /usr/share/debconf/frontend sh -c '
> . /usr/share/debconf/confmodule
> db_x_loadtemplatefile /var/lib/dpkg/info/libpam-runtime.templates libpam-runtime
> db_subst libpam-runtime/profiles profile_names unix, systemd, mkhomedir, cgfs, capability
> db_subst libpam-runtime/profiles profiles Unix authentication, Register user sessions in the systemd control group hierarchy, Create home directory on login, Create cgroups for user login sessions, Inheritable Capabilities Management
> db_fset libpam-runtime/profiles seen false
> db_set libpam-runtime/profiles unix, systemd, cgfs, capability
> db_input critical libpam-runtime/profiles || echo $RET
> db_go
> db_get libpam-runtime/profiles
> echo "<$RET>"'
> 
> Which will produce output like the following:
> 
> debconf (developer): frontend started
> debconf (developer): Trying to find a templates file..
> debconf (developer): Trying sh.templates
> debconf (developer): Trying /usr/share/debconf/templates/sh.templates
> debconf (developer): Couldn't find a templates file.
> debconf (developer): frontend running, package name is 
> debconf (developer): starting sh -c 
> . /usr/share/debconf/confmodule
> db_x_loadtemplatefile /var/lib/dpkg/info/libpam-runtime.templates libpam-runtime
> db_subst libpam-runtime/profiles profile_names unix, systemd, mkhomedir, cgfs, capability
> db_subst libpam-runtime/profiles profiles Unix authentication, Register user sessions in the systemd control group hierarchy, Create home directory on login, Create cgroups for user login sessions, Inheritable Capabilities Management
> db_fset libpam-runtime/profiles seen false
> db_set libpam-runtime/profiles unix, systemd, cgfs, capability
> db_input critical libpam-runtime/profiles || echo $RET
> db_go
> db_get libpam-runtime/profiles
> echo "<$RET>"
> debconf (developer): <-- X_LOADTEMPLATEFILE /var/lib/dpkg/info/libpam-runtime.templates libpam-runtime
> debconf (developer): --> 0
> debconf (developer): <-- SUBST libpam-runtime/profiles profile_names unix, systemd, mkhomedir, cgfs, capability
> debconf (developer): --> 0
> debconf (developer): <-- SUBST libpam-runtime/profiles profiles Unix authentication, Register user sessions in the systemd control group hierarchy, Create home directory on login, Create cgroups for user login sessions, Inheritable Capabilities Management
> debconf (developer): --> 0
> debconf (developer): <-- FSET libpam-runtime/profiles seen false
> debconf (developer): --> 0 false
> debconf (developer): <-- SET libpam-runtime/profiles unix, systemd, cgfs, capability
> debconf (developer): --> 0 value set
> debconf (developer): <-- INPUT critical libpam-runtime/profiles
> debconf (developer): --> 0 question will be asked
> debconf (developer): <-- GO 
> debconf (developer): Input value, "Register user sessions in the systemd control group ..." not found in C choices! This should never happen. Perhaps the templates were incorrectly localized.
> debconf (developer): --> 0 ok
> debconf (developer): <-- GET libpam-runtime/profiles
> debconf (developer): --> 0 unix, cgfs, capability
> <unix, cgfs, capability>
> 
> Note that systemd does not appear in the output regardless of whether or
> not the option is selected.  The problem is that the ellipsized choice
> text can't be mapped back to the choice value.  I have attached a patch
> which adds this mapping.  It also handles the case that ellipsized
> options become ambiguous by allowing screen overflow instead of blindly
> mapping both to a single value.
> 
> Thanks for considering,
> Kevin
> 
> P.S.  I have set Severity: normal, but the systemd breakage was severe
> and difficult to track down without familiarity with systemd user
> sessions.  The issue may have significant impact.