Bug#184036: libc6: xscreensaver can no longer authenticate me
At Mon, 10 Mar 2003 11:37:29 -0500,
Anthony DeRobertis wrote:
> On Monday, March 10, 2003, at 10:23 AM, GOTO Masanori wrote:
> > At Mon, 10 Mar 2003 08:17:08 -0500,
> > Anthony DeRobertis wrote:
> >> On Sunday, March 9, 2003, at 07:09 PM, GOTO Masanori wrote:
> >>>> Everything that does authentication needs to be restarted after the
> >>>> glibc upgrade, correct?
> >>>
> >>> I think "yes".
> >>>
> >>> So we're warning with libc6 upgrade in postinst. Moreover, upgrading
> >>> libc6 from 2.2 to 2.3 (or upgrade everytime, ideally) should need
> >>> system restart. Unfortunately, there is no way to fix it.
> >>
> >> There probably is a way to fix it, or at least I hope there is!
> >> Otherwise, upgrading from woody to sarge is going to be a real mess.
> >
> > Well, I also would like to know the better answer...
>
> Early in #165358, in <80smz1vkq2.wl@oris.opensource.jp>, you (GOTO
> Masanori) mentioned bumping the libnss* versions up:
>
> "IMHO, one way to fix it is bumping up glibc nss version,
> because breaking ABI back compatibility always change its
> lib.so version (Of course, it needs upstream decision).
> Thus, libnss_files.so.3 -> libnss_files-2.3.1.so (Don't
> test unless you know what is occured)."
>
> I haven't been able to find anything more about this; is there some
> reason it wouldn't work? (if both versions of the libnss stuff were
> kept around, of course)
I'm afraid to lose some compatibilities - before we bump up the libnss
version, we have to clear and investigate what is the problem. If
someone try to do it, I would like to know the result.
> > Bug#165258: libc6: Should restart services when upgrading from
> > versions prior to 2.3
> > Bug#165358: libc6 2.3.1-1 breaks fetchmail/exim (and others?)
>
> And I participated in those two threads, and couldn't find them...
>
> > Bug#165375: libc6: cannot login using ssh
>
> Hmmm, bug number typo...
Err, I'm sorry.
> > BTW, do you think adding some warning for libc6 postinst as follows
> > until we have a right fix:
>
> s/postinst/preinst/ (I assume that's what you meant)
Oh, yes.
> > "Note that you should not upgrade glibc if your display shows xdm,
> > kdm or xscreensaver. Upgrading causes you not to login at all. If
> > you force to update, please restart them."
>
> Same problem with gdm. I ran into it, and didn't file that bug because
> someone else already had. I bet xlock has the same problem as well.
> Probably vlock, too. So, the warning needs to be pretty broad. Also,
> it's a tad bit awkward, maybe:
>
> "Please note that any program that does lookups through the name
> service switch (usernames, passwords, groups, hostnames, etc.) will
> need to be restarted after this upgrade. You will be prompted to
> restart some of them, but there are many others.
>
> "Some programs which you must handle manually include X display
> managers such as xdm, kdm, and gdm; X screen savers (if set to lock the
> display); and console locking programs like vlock. To be on the
^ If you want to be...
> absolute safe side, you should reboot after installing this upgrade.
>
> "If you do not restart these programs, you won't be able to log in
> through or unlock them.
It seems fine. I agree. It may need below modification to glibc:
* postinst restart script is moved to preinst
* Some message are added
Jeff (he made this restarting script), is it OK? I plan to work it.
> Do you wish to continue? (N/y)"
Hmm, it's conservative. Hitting enter key fails upgrade. If user
wants to stop their xdm or kdm, s/he hits "N". But in many case user
does not need to restart them (because they login to their machine via
network). I believe a lot of users are not stupid. So I think [Y/n]
makes sense further.
> Yes, it's a rather long note, and I'm sure I've missed a few programs.
> I wonder if it breaks Mozilla; due to my X-death I didn't get to find
> out. If it does, I guess web browsers should be added. And if it does,
> then I'm sure things like squid and privoxy are in trouble too. And I
> guess I left out samba...
Well, if we start to argue such things, we have to care about a bunch
of programs using libc6 - it's hard. I think if we can achieve
"workaround", we can say it's ok.
Regards,
-- gotom
Reply to: