I had an upgrade failure where pam itself was blocked:
Problem: cannot install both libnsl2-2.0.0-3.fc36.x86_64 and libnsl2-1.3.0-4.fc35.x86_64
- package pam-1.5.2-11.fc36.x86_64 requires libnsl.so.3()(64bit), but none of the providers can be installed
- package pam-1.5.2-11.fc36.x86_64 requires libnsl.so.3(LIBNSL_2.0)(64bit), but none of the providers can be installed
- package python26-2.6.9-21.fc31.x86_64 requires libnsl.so.2()(64bit), but none of the providers can be installed
- package python26-2.6.9-21.fc31.x86_64 requires libnsl.so.2(LIBNSL_1.0)(64bit), but none of the providers can be installed
- cannot install the best update candidate for package pam-1.5.2-7.fc35.x86_64
- problem with installed package python26-2.6.9-21.fc31.x86_64
So dnf would try to just install pam-libs, and that failed in the transaction
test after downloading all the packages. Let's try to fail early in such a case.
With the Conflicts:
Problem 1: cannot install both libnsl2-2.0.0-3.fc36.x86_64 and libnsl2-1.3.0-4.fc35.x86_64
- package pam-1.5.2-12.fc36.x86_64 requires libnsl.so.3()(64bit), but none of the providers can be installed
- package pam-1.5.2-12.fc36.x86_64 requires libnsl.so.3(LIBNSL_2.0)(64bit), but none of the providers can be installed
- package python26-2.6.9-21.fc31.x86_64 requires libnsl.so.2()(64bit), but none of the providers can be installed
- package python26-2.6.9-21.fc31.x86_64 requires libnsl.so.2(LIBNSL_1.0)(64bit), but none of the providers can be installed
- cannot install the best update candidate for package pam-1.5.2-7.fc35.x86_64
- problem with installed package python26-2.6.9-21.fc31.x86_64
Problem 2: problem with installed package pam-devel-1.5.2-7.fc35.i686
- pam-devel-1.5.2-7.fc35.i686 has inferior architecture
- pam-devel-1.5.2-11.fc36.i686 has inferior architecture
- cannot install both pam-devel-1.5.2-12.fc36.x86_64 and pam-devel-1.5.2-7.fc35.x86_64
- cannot install both pam-devel-1.5.2-12.fc36.x86_64 and pam-devel-1.5.2-11.fc36.x86_64
- cannot install the best update candidate for package pam-devel-1.5.2-7.fc35.x86_64
===========================================================================================
Package Architecture Version Repository Size
===========================================================================================
Skipping packages with conflicts:
(add '--best --allowerasing' to command line to force their upgrade):
libnsl2 x86_64 2.0.0-3.fc36 fedora 30 k
pam-devel x86_64 1.5.2-11.fc36 fedora 97 k
pam-devel x86_64 1.5.2-12.fc36 @commandline 97 k
Skipping packages with broken dependencies:
pam x86_64 1.5.2-12.fc36 @commandline 519 k
They are owned by the `setup` package [1], which `pam` requires, so
owning these directories by `pam` is wrong and unnecessary.
Also remove the /run/motd.d line from pamtmp.conf, which is also already
present in the `setup` package's tmpfiles config file.
Should fix warnings like this during package updates:
```
Running scriptlet: libsepol-3.3-2.fc35.x86_64 16/16
/usr/lib/tmpfiles.d/pam.conf:4: Duplicate line for path "/run/motd.d", ignoring.
/usr/lib/tmpfiles.d/setup.conf:2: Duplicate line for path "/run/motd.d", ignoring.
```
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Related to: https://fedoraproject.org/wiki/Changes/Make_Authselect_Mandatory
system-auth, smartcard-auth, fingerprint-auth, password-auth and
postlogin are now owned by authselect. Authselect is now a hard
dependency for pam. Users are now expected to use authselect to
configure the system and packages should no longer support
non-authselect configurations.
Resolves: rhbz#2023738
GDM/gnome-shell expects being able to tell apart various failure modes
from the pam_fprintd.so. However, using "sufficient" means that the
generic error code from pam_deny.so will be returned.
Use default=bad, to ensure that the failing error code from
pam_fprintd.so is correctly exposed to GDM.
