So it seems like PAM maintenance is giving me more headaches by the day. Although I was able to make PAM 0.99 stable on most architectures, there’s one not-so-little problem: it requires glibc 2.4, which drops out all of hardened profiles, and some old deprecated alpha/hppa profiles. I’ll ignore the problem of still not having ~mips on it.
I’m now looking to find time and a stage3 to start testing on glibc 2.3 so that I can get PAM 0.99 working for them, too, and finally get rid of 0.78 for everyone but MIPS.
Then today I decided to take a loop at pam_userdb, just to make sure everything works fine, and I noticed that we allow using newer versions of BDB at runtime, even if the one used at buildtime is an old one (4.3 vs 4.5), and I wanted to ensure that the tools for 4.5 produced working databases for 4.3. They do, which is nice, but it took me quite some time to find a way to properly test pam_userdb, which was boring, and I’ll probably forget. Especially since there are a few glitches between man page and error messages, that I’ll have to submit to upstream.
So what I have now in my TODO list is writing down something along the lines of what the emacs team have, with the tests to do to make sure that the modules work. I’ll try to start writing such documentation today or tomorrow, and so I’ll see to complete the documentation I started writing months ago before the hospital chapter.
I start to think I really should get myself a Wii to relieve the stress, because I feel like PAM is going to bring me to the same level I had before, and now I do have proof that stress is bad for the health.
The good news is that the fruits of your labor have already paid off. The items on your todo list are minor and should not justify stress. The real question is why doesn’t hardened bump its version of glibc (and a multitude of other packages..).
@Kevin:In part because upstream toolchain code is shite. Case in point: hardened is also stuck with gcc 3.4, 4.x won’t build. The whole toolchain is behind, since, well, it doesn’t look like the code is working out right.Believe me, the hardened developers want to get the stuff up to date with the rest of the tree and the non-hardened package versions, but they’re hampered by external factors.
Uhm… AFAICT hardened profiles no longer force glibc-2.3, except for ppc/ppc64 (where a masked gcc is required to compile >=glibc-2.5)
>glibc-2.3 have been stable for months new. The version I run on my fully stable amd64 hardened is 2.6.1.@nightmorph: after having watched the long marathon of getting gcc 4.x to hardened, the hardened developers have finished their work like half a year ago, so it is really up to these “external factors”….