sudo breaks due to update of libldap to 2.6.0

Question

sudo breaks due to update of libldap to 2.6.0

Closed this issue 3 years ago · 5 comments

kistlin commented 3 years ago

Arch updated libldap to 2.6.0, which is a dependency of sudo.

Arch package sudo 1.9.8.p2-3 was recompile against libldap 2.6.0.

Now sudo-selinux 1.9.8.p2-1 no longer works because it expects libldap 2.4.x.

Downgrade of libldap (2.6.0-2 => 2.4.59-2) helps.

The error looks like this

sudo: error in /etc/sudo.conf, line 0 while loading plugin "sudoers_policy"
sudo: unable to load /usr/lib/sudo/sudoers.so: libldap-2.4.so.2: cannot open shared object file: No such file or directory
sudo: fatal error, unable to load plugins

Answer 1 · 2021-11-21T11:54:24.000Z

I bumped the pkgrel of sudo-selinux in 2c2eb6d. Thanks for the report!

Answer 2 · 2021-11-21T12:02:40.000Z

Users of makechrootpkg are still stuck in a catch-22 here. In order to link against the new libldap, you want your chroot to be fully updated, but the build script depends on sudo. I had to temporarily replace sudo-selinux with core/sudo in order to rebuild.

Answer 3 · 2021-11-21T12:49:11.000Z

Users of makechrootpkg are still stuck in a catch-22 here. In order to link against the new libldap, you want your chroot to be fully updated, but the build script depends on sudo. I had to temporarily replace sudo-selinux with core/sudo in order to rebuild.

I do not understand your issue. If I understand correctly how makechrootpkg works, it runs makepkg in an environment using base packages (and in a chroot). To build sudo-selinux, this environment only needs the base packages and sudo-selinux dependencies (so libselinux too). In what way is sudo-selinux also part of this environment? I am not very familiar with makechrootpkg, so it is possible that I missed something obvious.

By the way, if it can help you, thanks to an integration with GitHub Actions which automatically builds SELinux packages in a container, the up-to-date sudo-selinux package is now available on https://github.com/fishilico/arch-selinux/releases/tag/ArchLinux-SELinux

Answer 4 · 2021-11-21T13:16:00.000Z

The makechrootpkg script calls sudo in several places https://github.com/archlinux/devtools/blob/master/makechrootpkg.in

Answer 5 · 2021-11-21T15:19:12.000Z

The makechrootpkg script calls sudo in several places https://github.com/archlinux/devtools/blob/master/makechrootpkg.in

When you have a working sudo on your system (for example from sudo-selinux with libldap 2.4) and an up-to-date chroot (for example with sudo from sudo with libldap 2.6), this is not an issue. If sudo is broken on your system, you can fix this in at least two ways:

either by downgrading libldap (like the initial message said),
or by building sudo-selinux with makepkg and installing it from a root shell with pacman -U sudo-selinux-1.9.8.p2-3-x86_64.pkg.tar.zst (obtaining a root shell through su, root SSH login, reboot in rescue mode, or whatever works to repair a broken system).