Evaluate if fix_pam_bug is still needed #404
Comments
|
I agree, some research will be required to determine if this is necessary or not. |
|
I worked on a related issue and I believe that PAM version has not changed in 16.04 since the issue was first identified. I honestly have no idea what the original PAM bug encountered was, but there is a documentation chain that you can follow to hopefully try and reproduce the original issue. I second the idea of fixing the gross dependency blob, the original package version of PAM has not changed, but it has moved from one Ubuntu repository to another and it is likely that second order build dependencies have changed (and will change again.) This is an incredibly complicated build because of dependencies, there is no denying it. I would suggest making the fix optional with a flag set at build time in the Dockerfile. Having no concept of the severity or impact of the bug, I can't really make a judgement about whether it's a good idea to remove the build. If you're not using SSH it probably won't affect you at all (other than making the build take longer.) But since SSH is one of the key features of Baseimage, that's not at all convincing to me... Git blame shows the issue came from #181 and was fixed in 3edd5d1 and affects users of chpasswd among probably some other PAM consumers, and possibly also isolated to particular version of Docker. |
|
The PAM bug seems to have been fixed in 2014 moby/moby#7179. Why #181 had it come up again might be due to that user having an older host kernel (3.15) and an out-of-date docker version. From what I can see this build step could be safely removed. |
|
Wow, that's great news! So let's remove it.
…On 2017. Jul 12., Wed at 7:52, mrmagooey ***@***.***> wrote:
The PAM bug seems to have been fixed in 2014 moby/moby#7179
<moby/moby#7179>. Why #181
<#181> had it come up
again might be due to that user having an older host kernel (3.15) and an
out-of-date docker version. From what I can see this build step could be
safely removed.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#404 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAeKj2v3VO4ZAv4Dz1sGfMrc1yMPznmbks5sNF8ZgaJpZM4NVAyQ>
.
|
|
PR: #431 |
|
Looks like this may be closed now. |
Can someone look into why was this needed back then and if we still need this now? I am not using this, nor I'm using SSH so I have no idea what does it fix.
This introduces a crazy amount of apt-get dependencies, some of which are not removed by that hack of a remove list (still made for 14.04) and the
autoremovecommand.A better approach would be to save a
dpkg -llist before and after and make a loop ofapt-get purgecommands to make sure there are no leftover dependencies and config files after this script.Actually this is one of the reasons why I've started my fork, so that I can avoid using this monster of build process, and if it's not needed anymore I'd recommend removing it.
The text was updated successfully, but these errors were encountered: