PAM landed in Slackware today, also new Plasma5 packages available

OK folks, so today PAM finally landed in Slackware.

What does that mean? Not much actually. Your Slackware will keep functioning as before. The new functionality offered by the Pluggable Authentication Modules is not directly visible. Let me simply copy the ChangeLog.txt announcement verbatim:

Wed Feb 12 05:05:50 UTC 2020
Hey folks! PAM has finally landed in /testing. Some here wanted it to go
right into the main tree immediately, and in a more normal development cycle
I'd have been inclined to agree (it is -current, after all). But it's
probably better for it to appear in /testing first, to make sure we didn't
miss any bugs and also to serve as a warning shot that we'll be shaking up
the tree pretty good over the next few weeks. I'd like to see this merged
into the main tree in a day or two, so any testing is greatly appreciated.
Switching to the PAM packages (or reverting from them) is as easy as
installing all of them with upgradepkg --install-new, and if reverting then
remove the three leftover _pam packages. After reverting, a bit of residue
will remain in /etc/pam.d/ and /etc/security/ which can either be manually
deleted or simply ignored. While there are many more features available in
PAM compared with plain shadow, out of the box about the only noticable
change is the use of cracklib and libpwquality to check the quality of a
user-supplied password. Hopefully having PAM and krb5 will get us on track
to having proper Active Directory integration as well as using code paths
that are likely better audited these days. The attack surface *might* be
bigger, but it's also a lot better scrutinized.
Thanks to Robby Workman and Vincent Batts who did most of the initial heavy
lifting on the core PAM packages as a side project for many years. Thanks
also to Phantom X whose PAM related SlackBuilds were a valuable reference.
And thanks as well to ivandi - I learned a lot from the SlackMATE build
scripts and was even occasionally thankful for the amusing ways you would
kick my ass on LQ. ;-) You're more than welcome to let us know where we've
messed up this time.
The binutils and glibc packages in /testing were removed and are off the
table for now. I'm not seeing much upside to heading down that rabbit hole
at the moment. Next we need to be looking at Xfce 4.14 and Plasma 5.18 LTS
and some other things that have been held back since KDE4 couldn't use them.
Cheers! :-)

Also today, I uploaded a fresh batch of Plasma5 packages to my ‘ktown’ repository. This time, the ‘latest‘ and ‘testing‘ versions of the repository are different!
The regular aka ‘latest’ repository content is meant for an up-to-date Slackware-current without PAM. The ‘testing’ repository on the other hand is compiled against a pam-ified Slackware and can be used if you have added the new ‘testing’ PAM packages of Slackware-current to your system.
The packages that picked up PAM support are: kscreenlocker and plasma-workspace (in the ‘plasma’ directory),  and sddm-qt5 (in ‘plasma-extra’). A new package has been introduced as well: kwallet-pam (in the ‘plasma’ directory).

I expect that Plasma5 gets folded into the distro soon after PAM moves out of testing and into the core distro.

The new KDE-5_20.02 batch is now available for download from my ‘ktown‘ repository. As always, please remove KDE4 first (check the README for instructions if you still need those). These packages will not work on Slackware 14.2.

What else is new in the February 2020 release

This month’s KDE Plasma5 for Slackware contains the KDE Frameworks 5.67.0, Plasma 5.18.0 and Applications 19.12.2. All this on top of Qt 5.13.2.

Deps:
This month no updates to the ‘deps’ section (except in ‘testing’ where I removed cracklib and libpwquality since those are now part of the Slackware PAM related packages).

Frameworks:
Frameworks 5.67.0 is an incremental stability release, see: https://www.kde.org/announcements/kde-frameworks-5.67.0.php.

Plasma:
Plasma 5.18.0 is the first release of 5.18 LTS (Long Term Support). The focus for this new release cycle has been on improving the notification system, a much improved audio-volume systray widget, streamlining the desktop settings (no more ‘cashew’ menu in the top right) and a much better integration of GTK+ based applications with the Plasma desktop theme, through the use of client-side decorations. Also, the graphical performance has been tweaked with less graphical glitches and Nvidia GPU statistics displayed in KSysGuard.  See https://www.kde.org/announcements/plasma-5.18.0.php for the full announcement including several video’s portraying the strong points of KDE’s desktop environment.

Plasma-extra;
In plasma-extra I updated latte-dock and rebuilt sddm-qt5.

Applications;
Applications 19.12.2 is a stability and bugfix update for the 19.12 cycle. Remember that I still call this ‘Applications‘ but KDE folk prefer the new name ‘Releases‘. See https://kde.org/announcements/releases/2020-02-apps-update/

Applications-extra:
In applications-extra I updated kdevelop-pg-qt, kdevelop, kdev-php, and kdev-python..

Telepathy:
KDE Telepathy is no longer part of my ‘ktown’ distribution of KDE Plasma5.

Where to get it

Download the KDE-5_20.02 from the usual location at https://slackware.nl/alien-kde/current/ or one of its mirrors like http://slackware.uk/people/alien-kde/current/ .
Check out the README file in the root of the repository for detailed installation or upgrade instructions.

Development of Plasma5 is tracked in git: https://git.slackware.nl/ktown/ .

A new Plasma5 Live ISO is going to be available soon at https://slackware.nl/slackware-live/latest/ (rsync://slackware.nl/mirrors/slackware-live/latest/) with user/pass being “live/live” as always. I am still working on an improved ‘setup2hd‘ and depending on the amount of work (and setbacks) I may decide to leave the ‘old’ setup2hd script in the ISO for now.

Have fun! Eric

78 thoughts on “PAM landed in Slackware today, also new Plasma5 packages available


    1. I have examined the content of kwallet-pam and have noticed that it just contains the pam module for kwallet, so it’s an addition.


  1. I have now set up all necessary packages from the testing branch and installed kwallet-pam. My kwallet Password is the same as the login password. Still I am prompted for entering the password to unlock the wallet. Is there anything I have missed? Do I have to set up a completely new wallet in order to make it work?





  2. Thank you Eric! Everything runs great so far here.
    I just saw the font settings of my GTK look and feel setup changed. Now I cannot use a separate font setting for GTK apps. Progress, they call it.

    I’m using the PAM enabled (testing) version, and so far no problems and good functionality. Thanks!


    1. It seems that the GTK Theme settings are gone completely. Or have you find an alternative settings dialog? The font issue is a little bit ugly. E.g. if I am not able to change the font settings, Thunderbird cuts the lower part of the letters like ‘g’ or ‘y’ in message lists and displays them when you hover an entry with the mouse, which leads to continuous screen flickering. I think I am going to open an issue on that. In the meanwhile it would be good to know if there is still an alternative way to set fonts for GTK apps.



        1. Yes, and this is the part which does not really work. I have filed an issue on that: https://bugs.kde.org/show_bug.cgi?id=417568

          What’s even worse is that at least on my machine it’s no longer possible to change any KDE font settings at all. The apply button is always grayed out, even after changing some settings. If anyone else experiences this as well, I am willed to file another request on that as well.


          1. I can confirm that the Apply button in Font Settings remains greyed out. If I return to another tab in Systemsettings I also do not get asked what to do with my changes, and when I return to Font Settings I see the original configuration has been restored. My test system at the moment is a PAM-ified Slackware Live. Did you install the PAM packages Lioh?



          2. I am having the same issue (can’t change fonts in system settings) with the “latest” build of Plasma 5. Otherwise Plasma 5 is running great! Thank you Eric!


          3. The Thunderbird issue is gone after applying the fixed packages, changing one value in the fonts dialog and changing it back afterwards.



    1. Looks like the emoji popup requires ibus since the missing binary is called “ibus-ui-emojier-plasma”.
      I do not ship ibus since Slackware already has scim, but perhaps that needs some consideration.



  3. pam version installed here, without problem, for the moment, ‘sip’need update, (4.19.21 in current), ‘kpmcore’ and ‘partitionmanager’ are available in new (4.1.0) version.

    thanks, Eric. 😉


  4. Hi Eric, Just updated two machines with the non-PAM version (I’ll wait for Slackware for that!). All seems to be working, but both machines have flagged up a warning (Bell icon in the panel). Message reads:

    “Error loading QML file: file:///usr/share/plasma/plasmoids/org.kde.plasma.notifications/contents/ui/main.qml:108:37: Type CompactRepresentation unavailable
    file:///usr/share/plasma/plasmoids/org.kde.plasma.notifications/contents/ui/CompactRepresentation.qml:27:1: module “org.kde.quickcharts” is not installed”

    Quickcharts??? I thought I had everything installed!


    Pete



  5. I’m very happy to hear of PAM making it into Slackware. I’ve been maintaining PAM and related packages (e.g., shadow, openssh, etc.) for 14.2 in order support two-factor authentication. This will certainly help lower the maintenance burden for us in Slackware versions going forward.





  6. New Plasma5 update working fine. It may be a little quicker than before. I didnt try the PAM thing yet. Congratulations on Plasma5 getting embodied in Slackware. Thanks for your work and consideration. I notices you mentioned scim. I used scim a few years and although it can be irritating I was used to it. I had transitioned from scim to fcitx a few weeks ago. Fcitx works ok but is easily broken whereas scim was fairly robust to a changing environment. scim’s problem now is no qt5 support. There seems to be something wrong with the setup of fcitx and perhaps some changing of the environment keeps messing with fcitx. certainly the install instructions for fcitx are somewhat faulty but i can make it work. I will work on it more as time permits and will report back if i learn anything


  7. Pingback: Links 13/2/2020: Ubuntu 18.04.4 LTS, Septor 2020, Endless OS 3.7.7, Wayland 1.18.0, KDE Plasma 5.18 and GTK 3.98 Released | Techrights

  8. Thanks Eric for the new packages.
    I smoothly updated to ‘latest’ (no PAM testing). I do confirm that the “Apply” button is greyed out for Font configuration even in ‘latest’ (I couldn’t reply in the relevant thread as there was no “reply” button on the last two posts from you and Lioh).
    Cosmetic point: as of time of writing, this link is now working https://kde.org/announcements/releases/19.12.2/ (Not found)






        1. Thanks Eric for quick fix.
          I do confirm that the issue is solved with the updated package (using ‘latest’)
          When I make a change in any setting and don’t press the “Apply” button, I don’t have a warning message when I quit the setting. I can’t remember if there has ever been such a warning message in KDE 5. Anyway no big deal if I forget to apply a change, I can always come back and do it again.


          1. The warning that you’re about to discard your changes has always been there.
            I am now also going to upload the plasma-desktop fix package for the ‘testing’ repository.


        2. This is why most often, I wait at least a few days to allow others to walk on point during the patrol so others can do the heavy lifting wrt bugsquashing 😉

          I’m such a pussy sometimes lolz.


  9. I installed the PAM version. Great job!
    (I’m having problems with pam_limits, though: jack2 cannot be run in real time mode anymore, at least not locally — works over ssh; I’m trying to understand why)

    Just a note: maybe you should change the last two lines in /etc/pam.d/sddm-greeter (sddm-qt5) to:

    -session optional pam_systemd.so
    -session optional pam_elogind.so

    at least for the time being…;-)

    Thanks for your work!

    andrea


    1. Hi Andrea,

      may I ask you if you have been able to get kwallet/gnome-keyring to work with SDDM and PAM to automatically unlock the keyring on Login?

      Greets
      Lioh


      1. no, I didn’t even try, since I was busy with the pam_limits stuff (I found the problem and a fix, and posted on LQ).

        Just thinking aloud, but I wonder if it may be related to the fact the ConsoleKit is compiled without polkit support… I rebuilt it with that flag and I’m going to test it soon (but I’m not an expert on this stuff).

        andrea


      2. I had a closer look at pam_kwallet5 and it has a few issues:

        1. PAM is looking for modules in /lib/securty, whereas pam_kwallet sits in /usr/lib64/securitty (there is also pam_cifscreds.so from the cirs_utils package, sitting there);

        2. it requires socat: this is hidden in /usr/lib64/pam_kwallet_init, but without it there’s no way for kwalletd5 to get to know the password.

        3. on my system it keeps failing with ” pam_kwallet5: open_session called without kwallet5_key”

        I tried to force it to launch kalletd5 but it didn’t unlock the wallet… I’ll try to have a closer look and see if I can find a fix (my daughter is using it, but not me)…

        Best,
        andrea





          1. I have suggested Pat that he changes /lib/security to /lib64/security for 64bit Slackware. Distros like Fedora and Arch also make this directory architecture dependent.
            And indeed I will also have to build a ‘socat’ package.


          2. Dear Andrea, Dear Eric,

            thanks for taking care about this. I can confirm that everything now works as expected.

            Greets
            Lioh



      1. I just did not have the time to check all the packages depending on Qt5 to see if they are compatible with 5.14. In the beginning there was a lot of breakage. Pat is assimilating the ktown repository ‘as-is’ because it works. Going forward, I expect he will adopt his own update policy which will certainly be different from mine.
        And wayland? You have to ask Pat about that, I do not think he wants to go there.




      1. This should come as a welcome announcement to KikiNovak, who lamented his migration to CentOS because of difficulties of not having PAM rolled into the distro. Maybe he’ll come back in full force and migrate everything back to Slackware once again 🙂

        Sometimes Slackware is the very very first (MariaDB, followed by SuSE’s adoption as the default), and sometimes it lags (to the chagrin of some), but when it’s soup, it is served and always stable. What bothers me are the snipes by some who are always publicly and sometimes vitriolically disgruntled because they feel they can’t have it their way, yet truth be told, nothing has prevented anyone from integrating PAM or anything else in their own installed boxes if it was something they really wanted.

        Can’t say I was ever disatisfied with Slackware since I adopted it in the early nineties. Well, yah, I was stubborn at one point when so-called standards for multi-media PCs was a big thing and CDROM players were tied to soundblaster 16 cards, and Patrick started releasing Slackware on CDs, but that’s on me for being stubborn, and like anything else, wouldn’t want to ever go back to making and swapping out boot/root/and disks for SCSI drivers in the days of old lolz…

        Great work on everything you do for the community Eric, and although I don’t do much with bleeding edge WM/DEs I know all the hoops you jump through to bring your Ktown rolls to everyone and endure complaints from ungrateful folks who just like to complain about things only shows what an asset you truly are to Patrick and our community.

        Thank you for all you do, all you’ve endured, and your commitment to excellence!

        Kindest regards,

        Bradley

        .



    1. I do not like systemd.
      But I do think pam is a welcome and useful enhancement for Slackware. I have not been outspoken in public about pam, because if I would share my opinion, that could have beeen seen as authoritative for Slackware’s future direction. And I really needed Pat to make that call in public.
      In my work I have been using PAM for 18 years now, and the only times that PAM did not work was when I had made a configuration error.
      As Pat said, the code paths involving shadow and/or pam will nowadays be better audited when pam is involved. You will have to look hard to find modern environments that do not use pam, so regression tests of new code is pretty hard if developers do not have ready access to non-pam systems.



    1. I will find out myself soon, because I have removed the SDL_sound, OpenAL, libxkbcommon and qt5 packages from ktown locally and will update my slackware64-current installation today.
      Do not forget to install all the new packages in Slackware -current, that includes openal-soft which is the new name in Slackware for my OpenAL package.





          1. LoneStar, the ‘testing’ repository of ktown does not contain cracklib or libpwquality packages. The ones in Slackware’s /testing area should be used instead.


  10. My issues with fcitx were fixed by rebuilding and reinstalling it . Now it looks different than before but has full function. Unrelated is that sometimes plasma5 gets confused about what open windows should be displayed in the panel Shift-Alt-F12 resets it and puts every thing back right. Sometimes the clock also gets stuck and the same Shift-Alt-F12 refreshes everything back to ok again.


  11. I have added a ‘socat’ package to my ‘ktown’ repository and Pat has moved /lib/security to /lib64/security in Slackware-current. That hopefully helps getting the KDE Wallet system to work with PAM as intended.


    1. you also have to change kwallet-pam so that it will drop pam_kwallet5.so in /lib64/security (and not in /usr/lib64/security as it presently does), and change /etc/pam.d/sddm in sddm-qt5 so that the first line is:

      auth substack login

      this is crucial: without substack pam_kwallet5 and pam_gnome_keyring will not run during the authorization process and will not set some data. this is the reason why you would get a /var/log/secure error otherwise:

      “pam_kwallet5: open_session called without kwallet5_key”

      by doing so both kwallet and gnome-keyring work smoothly here… (and my daughter is very happy not to have to type her password three times before getting plasma, skype and chromium started….;-).

      andrea


      1. In my desktop, after login I still have to type the kdewallet password once (for the first application that wants to open the wallet) after each login. After that all other applications won’t ask again for a password.
        Is this different in your case? I.e. after login, do you no longer get a “enter password for wallet ‘kdewallet'”?


        1. In my daughter’s desktop she types the login password in sddm and then kwallet will get unlocked by pam_kwallet5: no need to type a password when the first application wants to open the wallet, since it is already opened during login (before switching to PAM chromium would ask for the kde wallet password at the first start — not anymore).

          in your desktop pam_kwallet5 is not working.








  12. hi,

    wayland is out in slackware-current

    Any updates on how to install plasma, I am sure some commands have to be changed.

    Cheers
    Pritvi


    1. Why do you think it changes the way you install Plasma5? It changes nothing,
      Wayland will do nothing for Plasma5 until I recompile the packages and explicitly enable Wayland support.


      1. Thanks for the info.
        I did not test wayland + plasma5 + slackware-current.
        I thought it was just removing or adding some other/new packages.


        1. Wayland support in Plasma 5 (basically in kwin_wayland) seems to be only possible if Slackware would add systemd-logind or else elogind (which is the standalone logind component of the systemd code but without any dependency on systemd).

          It’s going to be a journey to get this done, but it starts with having Wayland in Slackware and the core packages (mesa, xorg-server and qt5) compiled with Wayland support. Luckily Pat Volkerding did just that.


          1. Hi Eric,
            I’m not familiar with Wayland and I’m in no hurry to get into it. But when I wanted to add the new Slackware packages wayland and wayland-protocols, I found out that these packages were already installed via ktown repository (/deps). Shouldn’t those packages be now removed from ktown repository?



  13. Hi Eric,
    I installed Plasma 5.18.1 available today and noticed the system tray is throwing an error: Error loading QML file: file:///usr/share/ Is there something I can do to regenerate the system tray entries or is it best to wait for a Plasma update?

    Thanks!


    1. Same here, getting
      “Error loading QML file: file:///usr/share/plasma/plasmoids/org.kde.plasma.private.systemtray/contents/ui/main.qml:386:19: Type ExpandedRepresentation unavailable file:///usr/share/plasma/plasmoids/org.kde.plasma.private.systemtray/contents/ui/ExpandedRepresentation.qml:134:9: PlasmoidPopupsContainer is not a type”


  14. Same question as here: https://www.linuxquestions.org/questions/slackware-14/all-things-kde5-plasma-for-slackware-users-4175670109/#post6093321
    The cause is that I re-packaged the plasma-workspace package (explodepkg, followed by an edit of the ‘startkwayland’ script, followed by makepkg) and since I did that on my Slackware 14.2 server I ran into a tar bug. Due to the bug, files in the tarball get truncated to 100 characters if they are 101 characters long.
    I was bitten by this last year as well. Back then I noticed before uploading the affected package.
    I need to run the explodepkg/makepkg on a -current computer where the bug does not occur.
    I am currently rebuilding that package and will upload the fixed version later today.

    The quick fix if you do not want to wait for the new package:
    # mv /usr/share/plasma/plasmoids/org.kde.plasma.private.systemtray/contents/ui/PlasmoidPopupsContainer.qm{,l}
    This other file is affected as well, so not just the one above:
    /usr/share/plasma/look-and-feel/org.kde.breeze.desktop/contents/windowdecoration/WindowDecoration.qm is missing the “l” at the end.



    1. The answer was already given a bit higher up:
      Emoji popup selector requires ibus. I do not ship ibus with my ‘ktown’ packages because Slackware already has scim,


Leave a Reply to Stu Miller, aka chuck56 Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.