From nobody@FreeBSD.org Wed Jul 31 06:18:16 2002 Return-Path: Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EBB5537B400 for ; Wed, 31 Jul 2002 06:18:16 -0700 (PDT) Received: from www.freebsd.org (www.FreeBSD.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id AF0AE43E3B for ; Wed, 31 Jul 2002 06:18:16 -0700 (PDT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.12.4/8.12.4) with ESMTP id g6VDIGOT056015 for ; Wed, 31 Jul 2002 06:18:16 -0700 (PDT) (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.12.4/8.12.4/Submit) id g6VDIGSL056014; Wed, 31 Jul 2002 06:18:16 -0700 (PDT) Message-Id: <200207311318.g6VDIGSL056014@www.freebsd.org> Date: Wed, 31 Jul 2002 06:18:16 -0700 (PDT) From: Diomidis Spinellis To: freebsd-gnats-submit@FreeBSD.org Subject: Upgrade to 4.6.1-RELEASE-p3 breaks remote ssh login until the next reboot X-Send-Pr-Version: www-1.0 >Number: 41202 >Category: misc >Synopsis: Upgrade to 4.6.1-RELEASE-p3 breaks remote ssh login until the next reboot >Confidential: no >Severity: non-critical >Priority: high >Responsible: freebsd-bugs >State: closed >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Wed Jul 31 06:20:01 PDT 2002 >Closed-Date: Sat Jul 12 17:30:39 PDT 2003 >Last-Modified: Sat Jul 12 17:30:39 PDT 2003 >Originator: Diomidis Spinellis >Release: 4.6.1-RELEASE-p3 >Organization: Athens University of Economics and Business >Environment: >Description: After the make installworld of a 4.6.1-RELEASE-p3 upgrade the machine will stop accepting incoming ssh connections due to loadable module mismatches: Jul 31 15:34:58 istlab sshd[11976]: unable to dlopen(/usr/lib/pam_skey.so) Jul 31 15:34:58 istlab sshd[11976]: [dlerror: /usr/lib/pam_skey.so: Undefined symbol "pam_set_option"] >How-To-Repeat: >Fix: A reboot fixes this problem. It might be worthwhile to notify potential upgraders. Those performing a remote upgrade will want to keep their ssh terminal session open and execute a reboot after the installworld, otherwise they will have to get local access to the machine's console. >Release-Note: >Audit-Trail: From: "Simon 'corecode' Schubert" To: Diomidis Spinellis Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: Re: misc/41202: Upgrade to 4.6.1-RELEASE-p3 breaks remote ssh login until the next reboot Date: Wed, 31 Jul 2002 16:58:45 +0200 --=.dYxDWm(zshZBOq Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Wed, 31 Jul 2002 06:18:16 -0700 (PDT) Diomidis Spinellis wrote: > >Fix: > A reboot fixes this problem. It might be worthwhile to notify > potential upgraders. > Those performing a remote upgrade will want to keep their ssh terminal > session open and execute a reboot after the installworld, otherwise > they will have to get local access to the machine's console. as the handbook states in 19.4: 19.4.8 Reboot into Single User Mode [...] 19.4.9 Install the New System Binaries [i.e. installworld] you should do an installworld only while running the system in single user mode. this way no collisions happen with network, pam, .so's or whatever. -- /"\ http://corecode.ath.cx/#donate \ / \ ASCII Ribbon Campaign / \ Against HTML Mail and News --=.dYxDWm(zshZBOq Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9R/sor5S+dk6z85oRArpKAJ4rj9rzx/Cn9vB8xfKpi289kjFZBwCgjlEg rnJznNz6XcD31rlMxVW+2Dw= =mVzY -----END PGP SIGNATURE----- --=.dYxDWm(zshZBOq-- From: Peter Pentchev To: Simon 'corecode' Schubert Cc: bug-followup@FreeBSD.org Subject: Re: misc/41202: Upgrade to 4.6.1-RELEASE-p3 breaks remote ssh login until the next reboot Date: Wed, 31 Jul 2002 18:38:10 +0300 On Wed, Jul 31, 2002 at 08:00:17AM -0700, Simon 'corecode' Schubert wrote: > On Wed, 31 Jul 2002 06:18:16 -0700 (PDT) Diomidis Spinellis wrote: > > > >Fix: > > A reboot fixes this problem. It might be worthwhile to notify > > potential upgraders. > > Those performing a remote upgrade will want to keep their ssh terminal > > session open and execute a reboot after the installworld, otherwise > > they will have to get local access to the machine's console. > > as the handbook states in 19.4: > > 19.4.8 Reboot into Single User Mode > [...] > 19.4.9 Install the New System Binaries [i.e. installworld] > > you should do an installworld only while running the system in single > user mode. this way no collisions happen with network, pam, .so's or > whatever. This advice may often be disregarded, *BUT* not lightly! One must always be aware of the changes made to the system between rebuilds, if one chooses not to install in single user mode, or not to reboot after the installation is complete. The only ways I can think of to "always be aware" is to either track the changes via cvsweb or something similar, or read the src/UPDATING and similar files, *or* run the 'periodic security' command after the installation and take a good look at the differences it encounters. Special care should be taken with programs that change, and especially long-running daemons that have changed, such as sshd, or libraries that long-running daemons use. If such a daemon or a library should change during an installworld, it is almost certain that you have to restart the daemon to make sure that you are really running the latest version. I wonder if some of the information in what I just said should not go into the handbook.. I just might write something up and post it to -doc for review soonish :) If you are wondering what should be a legitimate reason not to go down into single-user mode, here's a hint - colocation :) G'luck, Peter -- Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If wishes were fishes, the antecedent of this conditional would be true. State-Changed-From-To: open->closed State-Changed-By: kris State-Changed-When: Sat Jul 12 17:30:15 PDT 2003 State-Changed-Why: This is expected behaviour http://www.freebsd.org/cgi/query-pr.cgi?pr=41202 >Unformatted: