After the make installworld of a 4.6.1-RELEASE-p3 upgrade the machine will stop accepting incoming ssh connections due to loadable module mismatches: Jul 31 15:34:58 istlab sshd[11976]: unable to dlopen(/usr/lib/pam_skey.so) Jul 31 15:34:58 istlab sshd[11976]: [dlerror: /usr/lib/pam_skey.so: Undefined symbol "pam_set_option"] Fix: A reboot fixes this problem. It might be worthwhile to notify potential upgraders. Those performing a remote upgrade will want to keep their ssh terminal session open and execute a reboot after the installworld, otherwise they will have to get local access to the machine's console.
On Wed, 31 Jul 2002 06:18:16 -0700 (PDT) Diomidis Spinellis wrote: > >Fix: > A reboot fixes this problem. It might be worthwhile to notify > potential upgraders. > Those performing a remote upgrade will want to keep their ssh terminal > session open and execute a reboot after the installworld, otherwise > they will have to get local access to the machine's console. as the handbook states in 19.4: 19.4.8 Reboot into Single User Mode [...] 19.4.9 Install the New System Binaries [i.e. installworld] you should do an installworld only while running the system in single user mode. this way no collisions happen with network, pam, .so's or whatever. -- /"\ http://corecode.ath.cx/#donate \ / \ ASCII Ribbon Campaign / \ Against HTML Mail and News
On Wed, Jul 31, 2002 at 08:00:17AM -0700, Simon 'corecode' Schubert wrote: > On Wed, 31 Jul 2002 06:18:16 -0700 (PDT) Diomidis Spinellis wrote: > > > >Fix: > > A reboot fixes this problem. It might be worthwhile to notify > > potential upgraders. > > Those performing a remote upgrade will want to keep their ssh terminal > > session open and execute a reboot after the installworld, otherwise > > they will have to get local access to the machine's console. > > as the handbook states in 19.4: > > 19.4.8 Reboot into Single User Mode > [...] > 19.4.9 Install the New System Binaries [i.e. installworld] > > you should do an installworld only while running the system in single > user mode. this way no collisions happen with network, pam, .so's or > whatever. This advice may often be disregarded, *BUT* not lightly! One must always be aware of the changes made to the system between rebuilds, if one chooses not to install in single user mode, or not to reboot after the installation is complete. The only ways I can think of to "always be aware" is to either track the changes via cvsweb or something similar, or read the src/UPDATING and similar files, *or* run the 'periodic security' command after the installation and take a good look at the differences it encounters. Special care should be taken with programs that change, and especially long-running daemons that have changed, such as sshd, or libraries that long-running daemons use. If such a daemon or a library should change during an installworld, it is almost certain that you have to restart the daemon to make sure that you are really running the latest version. I wonder if some of the information in what I just said should not go into the handbook.. I just might write something up and post it to -doc for review soonish :) If you are wondering what should be a legitimate reason not to go down into single-user mode, here's a hint - colocation :) G'luck, Peter -- Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If wishes were fishes, the antecedent of this conditional would be true.
State Changed From-To: open->closed This is expected behaviour