You are not logged in.

#1 2021-01-06 04:38:11

esuhl
Member
Registered: 2018-09-07
Posts: 16

[SOLVED] Building in chroot fails -- gpg? sudo?

I am learning how to maintain a broken, orphaned AUR package that I use on my Arch32 laptop.

It depends on xorg-apps, which no longer exists, having been broken down into multiple smaller xorg packages.

My first test was to simply remove the xorg-apps dependency from the PKGBUILD and build it again.  This was successful on both my Arch32 laptop and my Arch64 PC.

I then did the same using a clean chroot (which seems to be "best practise"):
https://wiki.archlinux.org/index.php/De … ean_chroot

This was successful on Arch64, but on Arch32 gives the following errors:

Full terminal output (pastebin).

...
==> Appending keys from archlinux32.gpg...
gpg: Warning: using insecure memory!
==> Appending keys from archlinux.gpg...
gpg: Warning: using insecure memory!
...
==> Importing owner trust values...
gpg: Warning: using insecure memory!
gpg: Warning: using insecure memory!
...
==> Updating trust database...
gpg: Warning: using insecure memory!
gpg: next trustdb check due at 2021-04-08
sudo: PAM account management error: Module is unknown
sudo: a password is required
==> ERROR: Build failed, check /home/tim/chroot/tim/build
[tim@eee901 acpi-eeepc-generic]$ 

=========================================================

I've checked that sudo is correctly (and identically) configured on both machines.  (The only change to the config was to add my username for privilege escalation).

The Arch32 laptop didn't have a ~/.gnupg/gpg.conf file.  I couldn't find a template for one, so I tried copying the one from the Arch64 PC.  The only uncommented lines it contains are below (and did not resolve the issue):

no-greeting
require-cross-certification
charset utf-8
no-mangle-dos-filenames

I successfully created a key pair with gpg, but again building in a chroot fails.

----

I'm not sure what else I can check to troubleshoot further.  Can anyone point me in the right direction?

Last edited by esuhl (2021-01-12 03:29:26)

Offline

#2 2021-01-06 09:33:03

levi
Moderator
From: Yorkshire, UK
Registered: 2018-06-16
Posts: 1,197

Re: [SOLVED] Building in chroot fails -- gpg? sudo?

Can you run sudo under the chroot, or does that fail with this PAM error? If if does fail you'll need to install a pam module to allow it to ask you for a sudo password.  If it works then I don't immediately know what's up and will need to consider further.


Architecture: pentium4, Testing repos: Yes, Hardware: EeePC 901+2GB RAM+OS half on the SD card.

Offline

#3 2021-01-07 21:07:42

esuhl
Member
Registered: 2018-09-07
Posts: 16

Re: [SOLVED] Building in chroot fails -- gpg? sudo?

levi wrote:

Can you run sudo under the chroot, or does that fail with this PAM error? If if does fail you'll need to install a pam module to allow it to ask you for a sudo password.

Thanks, levi.  :-)  I created a new chroot, entered it, did "sudo ls", and got the same PAM error:

# mkdir /mnt/chroot
# mkarchroot /mnt/chroot/root base-devel
...
# arch-chroot /mnt/chroot/root/
==> WARNING: /mnt/chroot/root/ is not a mountpoint. This may have undesirable effects.
# sudo ls
sudo: PAM account management error: Module is unknown
sudo: a password is required

-------

I compared the contents of my local /usr/lib/security directory with the one in the chroot.  The chroot is missing these files:

pam_systemd_home.so
pam_systemd.so

I tried copying these files from my local system (which has the same systemd version) to the chroot, rebooted, entered the chroot tried "sudo ls" again, and I get different errors:

# arch-chroot /mnt/chroot/root/
==> WARNING: /mnt/chroot/root/ is not a mountpoint. This may have undesirable effects.
# sudo ls
sudo: pam_open_session: Module is unknown
sudo: policy plugin failed session initialization
#

I'm not really sure what I'm doing or whether it's a good idea to be copying system files into a "clean" chroot... :-/

Any thoughts?  Cheers :-)

Offline

#4 2021-01-07 22:16:08

levi
Moderator
From: Yorkshire, UK
Registered: 2018-06-16
Posts: 1,197

Re: [SOLVED] Building in chroot fails -- gpg? sudo?

All of the files in /usr/lib/security seem to be owned by package pam.  Try installing that.

I note the pam package is a depencency of the base package, but those instructions you posted to building in a chroot never actually suggested installing base.  I'm not quite sure what to make of that.


Architecture: pentium4, Testing repos: Yes, Hardware: EeePC 901+2GB RAM+OS half on the SD card.

Offline

#5 2021-01-08 04:28:52

esuhl
Member
Registered: 2018-09-07
Posts: 16

Re: [SOLVED] Building in chroot fails -- gpg? sudo?

levi wrote:

I note the pam package is a depencency of the base package, but those instructions you posted to building in a chroot never actually suggested installing base.  I'm not quite sure what to make of that.

Ah yes!  I tried again, specifying the base group as well as base-devel, and this time the two previously missing files were created.  :-)

So now I get the same errors that I did previously, without having to copy across any files:

# sudo ls
sudo: pam_open_session: Module is unknown
sudo: policy plugin failed session initialization
#

-------

levi wrote:

All of the files in /usr/lib/security seem to be owned by package pam.  Try installing that.

I did a pacman -Qi pam inside the chroot, and it seems that pam was successfully installed.  I tried to reinstall pam anyway, but got this response:

error: could not determine cachedir mount point /var/cache/pacman/pkg
error: failed to commit transaction (not enough free disk space)
Errors occurred, no packages were upgraded.

Yet I have at least 1GB of space on every drive. :-/

-----------------------------------

This is useful troubleshooting, but I wonder if we're barking up the wrong tree in trying to get chroot to work this way.  I posted a thread on the main Arch forums about how chrooting works and...  that seemed to be the consensus.  :-/

https://bbs.archlinux.org/viewtopic.php … 9#p1948229

----

But I'm not sure where to go from here... :-/

Offline

#6 2021-01-08 08:23:29

levi
Moderator
From: Yorkshire, UK
Registered: 2018-06-16
Posts: 1,197

Re: [SOLVED] Building in chroot fails -- gpg? sudo?

Pacman reporting insufficent space that way normally means you've run out of space in your /var partition, if you partition that off separately.

I think you have to edit /etc/sudoers (using visudo) before sudo's meant to work, but I wouldn't expect that particular error if it's unconfigured.


Architecture: pentium4, Testing repos: Yes, Hardware: EeePC 901+2GB RAM+OS half on the SD card.

Offline

#7 2021-01-08 08:31:52

deep42thought
Administrator
From: Jena, Germany
Registered: 2017-06-17
Posts: 617

Re: [SOLVED] Building in chroot fails -- gpg? sudo?

esuhl: I would recommend using the "convenience" way: install devtools and build with extra-$ARCH-build. If you depend on other AUR packages being installed in the chroot, I recommend putting those into a local repository (from where you can install them on your host, too) and creating your own whateveryoureponameis-$ARCH-build command. If you need any suggestions regarding the latter, have a look at my devtools fork.

Offline

#8 2021-01-12 03:28:44

esuhl
Member
Registered: 2018-09-07
Posts: 16

Re: [SOLVED] Building in chroot fails -- gpg? sudo?

Thank you, both!

I reset pacman's gpg keys:

$ sudo rm -r /etc/pacman.d/gnupg
$ sudo pacman-key --init
$ sudo pacman-key --populate archlinux
$ sudo pacman-key --populate archlinux32

And I no longer get the sudo/PAM errors!  The build process actually completes!

--------

I still get repeated "insecure memory" warnings when building in a chroot (either the "classic" or "convenience" ways):

gpg: Warning: using insecure memory!

But, having read man gpg, it seems the warning relates to the security risks of caching of gpg keys on disk.  The "BUGS" section seems to explain why this might be occurring:

man gpg wrote:

Note also that some systems (especially laptops) have the ability to ``suspend to disk'' (also known as ``safe sleep'' or ``hibernate'').  This writes all memory to disk before going into a low power or even powered off mode.  Unless measures are taken in the operating system to protect the saved memory, passphrases or other sensitive material may be recoverable from it later.

In any case, I (think I) understand the "insecure memory" warning enough to now know that it's not particularly important (to me) and won't affect my ability to build.

So... thanks again! :-)

Offline

Board footer

Powered by FluxBB