search

lima-vm / alpine-lima

Create an alpine based image for lima
Apache License 2.0
40 stars 26 forks source link

Bump to Alpine 3.19 #116

Closed jandubois closed 8 months ago

jandubois commented 8 months ago

Alpine 3.19 has been released earlier this month and includes newer versions of containerd and docker.

This should be a minimal change:

--- Makefile
+++ Makefile
@@ -1,4 +1,4 @@
-ALPINE_VERSION ?= 3.18.0
+ALPINE_VERSION ?= 3.19.0
 REPO_VERSION ?= $(shell echo "$(ALPINE_VERSION)" | sed -E 's/^([0-9]+\.[0-9]+).*/v\1/')

Unfortunately this breaks ssh support in Lima:

$ make EDITION=std lima
ALPINE_VERSION=3.19.0 EDITION=std ARCH=x86_64 ./lima.sh
WARN[0000] Ignoring non-existent instance "std"
[...]
INFO[0001] SSH Local Port: 40022
INFO[0001] [hostagent] Waiting for the essential requirement 1 of 4: "ssh"
INFO[0029] [hostagent] Waiting for the essential requirement 1 of 4: "ssh"
INFO[0039] [hostagent] Waiting for the essential requirement 1 of 4: "ssh"
INFO[0049] [hostagent] Waiting for the essential requirement 1 of 4: "ssh"
INFO[0059] [hostagent] Waiting for the essential requirement 1 of 4: "ssh"

Using the QEMU display running ssh -vvvv localhost from inside the VM works just fine (I think, I didn't actually generate a key to login, but I see all the ssh logging and eventually the password prompt).

afbjorklund commented 8 months ago

I get: unable to open config for system login, from PAM (_pam_load_conf_file) in syslog

https://github.com/alpinelinux/aports/commit/bb00d972ea71fb52f3486df0badb475de6160404 removed /etc/pam.d/system-login

https://github.com/alpinelinux/aports/commit/8bc65a7e38eb29e22cb07f2f896b6ea290b18834 added /etc/pam.d/sshd

--- src/aports/main/openssh/sshd.pam    2023-05-31 17:45:35.071520775 +0200
+++ sshd.pam    2021-11-23 18:52:53.532695291 +0100
@@ -1,6 +1,4 @@
-#%PAM-1.0
-
-auth      include   base-auth
-account   include   base-account
-password  include   base-password
-session   include   base-session
+auth      include   system-login
+account   include   system-login
+password  include   system-login
+session   include   system-login

958fd40045b7854b2a8a921356bdedcd30a04a04

afbjorklund commented 8 months ago

Linking system-login to login makes the ssh connection work, not sure what you need?

Requires a special build with pam compiled in. Using the system-login pam configuration as Alpine doesn't have system-remote-login.

For openssh-server-pam

jandubois commented 8 months ago

alpinelinux/aports@bb00d97 removed /etc/pam.d/system-login

alpinelinux/aports@8bc65a7 added /etc/pam.d/sshd

Thanks for the research! Looks like PAM configuration works now out-of-the-box.