Add script to avoid fingerprint-auth issues for long term Fedora users
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2021-48ca6e6b86
Please login to add feedback.
This update has been submitted for testing by ipedrosa.
This update's test gating status has been changed to 'ignored'.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
This update has been pushed to testing.
Freezes the system once the scriptlet starts. To make sure it wasn't an accident, I restored a clonezilla image.
Same results ... system freezes.
Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.
I've tested it with a freshly installed Fedora 34 VM and the update seems to work under several circumstances. So, can you provide some feedback from your system? Which version of Fedora are you using? What's the output of "ls -l /etc/pam.d/fingerprint-auth"? Does "/etc/pam.d/fingerprint-auth" contain "auth sufficient pam_fprintd.so" or something similar?
$ cat /etc/os-release
NAME=Fedora
VERSION="34 (Workstation Edition)"
ID=fedora
VERSION_ID=34
VERSION_CODENAME=""
PLATFORM_ID="platform:f34"
PRETTY_NAME="Fedora 34 (Workstation Edition)"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:34"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/34/system-administrators-guide/"
SUPPORT_URL="https://fedoraproject.org/wiki/Communicating_and_getting_help"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=34
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=34
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
VARIANT="Workstation Edition"
VARIANT_ID=workstation
$ ls -l /etc/pam.d/fingerprint-auth
lrwxrwxrwx. 1 root root 32 8. Apr 11:03 /etc/pam.d/fingerprint-auth -> /etc/authselect/fingerprint-auth
Update @ipedrosa - I restored the image again and this time I updated all other packages before upgrading pam :
sudo dnf upgrade --enablerepo=updates-testing --exclude=pam
sudo dnf upgrade --enablerepo=updates-testing pam
Now it worked as expected, no system freeze. So it must have been an interference with another package update.
This update can be pushed to stable now if the maintainer wishes
Thanks for verifying that! Not sure how a freeze might occur, but the PAM scriptlet really shouldn't be causing any issues.
This fixes BZ#1942443 for me on Silverblue 34, upgraded from 33.
@clnetbox thanks for verifying it again!
You're welcome @benzea and @ipedrosa ! :)
@clnetbox the hang you hit may have been this one, if you have ibus packages installed: https://bugzilla.redhat.com/show_bug.cgi?id=1948197
openQA tests look good.
BTW, can we have this change on Rawhide too?
Do we have rawhide users with the problem?
In principle we should only need to run the added script once during the F33 -> F34 upgrade process. So my take was to not add the scriptlet to F35.
We explicitly allow and support upgrades across two release versions, for people who don't want to upgrade every six months. So F33 direct to F35 upgrade is a supported/release blocking operation. There will be people out there who expect to be able to upgrade from F33 to F35.
One thing I note about the scriptlet, BTW, is it doesn't check whether the symlink target actually exists. If I make
/etc/pam.d/fingerprint-autha dangling symlink, I do get an error during update:I don't think it's a big issue, though.
This update has been submitted for stable by adamwill.
I'll port the change to rawhide as proposed by @adamwill
This update has been pushed to stable.