On Thu 30 Dec 2021 at 19:41:13 +0100, Rhialto wrote: > I am puzzled. Of course, a few minutes later I discovered console messages that weren't copied to authlog: Dec 30 19:35:29 murthe sshd: in openpam_check_path_owner_perms(): /usr/pkg/lib/: insecure ownership or permissions Dec 30 19:35:29 murthe sshd: in try_module(): /usr/pkg/lib/security/pam_af.so: Operation not permitted Dec 30 19:35:29 murthe sshd: in openpam_load_module(): no /usr/pkg/lib/security/pam_af.so found Dec 30 19:35:29 murthe sshd[3176]: fatal: PAM: initialisation failed which explains this particular error. Indeed /usr/lib/lib somehow had gotten a wrong owner. After fixing that, the original package changed its errors into the more expected ones: Dec 30 20:01:22 murthe sshd: in openpam_dispatch(): /usr/pkg/lib/security/pam_af.so: no pam_sm_setcred() Dec 30 20:01:22 murthe sshd: in openpam_check_error_code(): pam_sm_setcred(): unexpected return value 2 So I went back to the altered package with MKPIE_SUPPORTED=NO, and it worked. However, there is probably some more subtle way to prevent the wrappers from adding -pie in that one ld command. It isn't even linking an executable (but the command line comes from the package's Makefile). For the actual executable it creates later (pam_af_tool), -pie is fine. -Olaf. -- ___ "Buying carbon credits is a bit like a serial killer paying someone else to \X/ have kids to make his activity cost neutral." -The BOFH falu.nl@rhialto
Attachment:
signature.asc
Description: PGP signature