Message ID | 20240208185641.2969396-1-alex@linutronix.de |
---|---|
State | Accepted, archived |
Commit | df0a2575ec54dd20061092d0a8fba93de294da04 |
Headers | show |
Series | shadow: add a packageconfig for logind support | expand |
On Thu, Feb 8, 2024 at 10:56 AM Alexander Kanavin <alex.kanavin@gmail.com> wrote: > This was causing host contamination in particular, where > libsystemd was installed on the host. > > Signed-off-by: Alexander Kanavin <alex@linutronix.de> > --- > meta/recipes-extended/shadow/shadow.inc | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/meta/recipes-extended/shadow/shadow.inc > b/meta/recipes-extended/shadow/shadow.inc > index b8e5e285c45..16b99a0b60e 100644 > --- a/meta/recipes-extended/shadow/shadow.inc > +++ b/meta/recipes-extended/shadow/shadow.inc > @@ -74,6 +74,7 @@ PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl" > PACKAGECONFIG[audit] = "--with-audit,--without-audit,audit" > PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux > libsemanage" > PACKAGECONFIG[libbsd] = "--with-libbsd,--without-libbsd,libbsd" > +PACKAGECONFIG[logind] = "--enable-logind,--disable-logind,systemd" In general it’s ok I think there is elogind recipe somewhere which Will be at disadvantage since someone might be able to use logind with non-systemd system too > > > RDEPENDS:${PN} = "shadow-securetty \ > base-passwd \ > -- > 2.39.2 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#195172): > https://lists.openembedded.org/g/openembedded-core/message/195172 > Mute This Topic: https://lists.openembedded.org/mt/104244839/1997914 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > raj.khem@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
On 8 Feb 2024, at 18:56, Alexander Kanavin via lists.openembedded.org <alex.kanavin=gmail.com@lists.openembedded.org> wrote:
> +PACKAGECONFIG[logind] = "--enable-logind,--disable-logind,systemd”
Would we want to enable this in target builds by default if systemd is in DISTRO_FEATURES?
Ross
On Fri, 9 Feb 2024 at 13:33, Ross Burton <Ross.Burton@arm.com> wrote: > > +PACKAGECONFIG[logind] = "--enable-logind,--disable-logind,systemd” > > Would we want to enable this in target builds by default if systemd is in DISTRO_FEATURES? It's a new feature in 4.14. If someone wants it, they should find out what it does and whether we want it enabled in systemd builds. I'm only ensuring it's off by default and isn't floating like it was before (especially in native builds where hosts can contaminate it). Alex
On Fri, Feb 9 2024 at 12:33:39 PM +00:00:00, Ross Burton <ross.burton@arm.com> wrote: > Would we want to enable this in target builds by default if systemd > is in DISTRO_FEATURES? I wondered that myself. Maybe it would also be a good idea to rename the PACKAGECONFIG to 'systemd' ? This would allow to just add it to the bb.utils.filter line.
On Thu, Feb 8 2024 at 08:45:33 PM -08:00:00, Khem Raj <raj.khem@gmail.com> wrote: > Will be at disadvantage since someone might be able to use logind > with non-systemd system too If someone, for whatever reason wants to go that way, it might be possible to set elogind as provider for systemd.
On Fri, Feb 9 2024 at 02:12:35 PM +01:00:00, Alexander Kanavin <alex.kanavin@gmail.com> wrote: > It's a new feature in 4.14. If someone wants it, they should find out > what it does and whether we want it enabled in systemd builds. configure.ac states, that it is needed for systemd session support: <https://github.com/shadow-maint/shadow/blob/3e59e9613ec40c51c19c7bb5c28468e33a4529d5/configure.ac#L403>
On Fri, 9 Feb 2024 at 14:59, <f_l_k@t-online.de> wrote: > It's a new feature in 4.14. If someone wants it, they should find out what it does and whether we want it enabled in systemd builds. > > > configure.ac states, that it is needed for systemd session support: > https://github.com/shadow-maint/shadow/blob/3e59e9613ec40c51c19c7bb5c28468e33a4529d5/configure.ac#L403 You also need to check how it worked in previous versions. Why would we want to enable it, if it wasn't even available previously, and things were still working well? Alex
On Fri, Feb 9 2024 at 03:13:40 PM +01:00:00, Alexander Kanavin <alex.kanavin@gmail.com> wrote: > You also need to check how it worked in previous versions. Why would > we want to enable it, if it wasn't even available previously, and > things were still working well? According to the documentation it will read from logind instead of utmp if enabled. This is also set to be default. <https://github.com/shadow-maint/shadow/commit/fb35ad15aef6190914a939b299e10c343e3e4c2a> <https://github.com/shadow-maint/shadow/issues/674>
On Fri, 9 Feb 2024 at 15:39, <f_l_k@t-online.de> wrote: > > On Fri, Feb 9 2024 at 03:13:40 PM +01:00:00, Alexander Kanavin <alex.kanavin@gmail.com> wrote: > > You also need to check how it worked in previous versions. Why would we want to enable it, if it wasn't even available previously, and things were still working well? > > > According to the documentation it will read from logind instead of utmp if enabled. This is also set to be default. > https://github.com/shadow-maint/shadow/commit/fb35ad15aef6190914a939b299e10c343e3e4c2a > https://github.com/shadow-maint/shadow/issues/674 Thanks. RP already sent a patch. Alex
On Thu, Feb 8, 2024 at 10:56 AM Alexander Kanavin <alex.kanavin@gmail.com> wrote: > > This was causing host contamination in particular, where > libsystemd was installed on the host. > > Signed-off-by: Alexander Kanavin <alex@linutronix.de> > --- > meta/recipes-extended/shadow/shadow.inc | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc > index b8e5e285c45..16b99a0b60e 100644 > --- a/meta/recipes-extended/shadow/shadow.inc > +++ b/meta/recipes-extended/shadow/shadow.inc > @@ -74,6 +74,7 @@ PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl" > PACKAGECONFIG[audit] = "--with-audit,--without-audit,audit" > PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage" > PACKAGECONFIG[libbsd] = "--with-libbsd,--without-libbsd,libbsd" > +PACKAGECONFIG[logind] = "--enable-logind,--disable-logind,systemd" > have we tried it with systemd in distro features ? In my distro settings its causing a dependency loop. see https://snips.sh/f/GkrM4zsDk1 > RDEPENDS:${PN} = "shadow-securetty \ > base-passwd \ > -- > 2.39.2 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#195172): https://lists.openembedded.org/g/openembedded-core/message/195172 > Mute This Topic: https://lists.openembedded.org/mt/104244839/1997914 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [raj.khem@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On Fri, Feb 9, 2024 at 9:24 AM Khem Raj <raj.khem@gmail.com> wrote: > > On Thu, Feb 8, 2024 at 10:56 AM Alexander Kanavin > <alex.kanavin@gmail.com> wrote: > > > > This was causing host contamination in particular, where > > libsystemd was installed on the host. > > > > Signed-off-by: Alexander Kanavin <alex@linutronix.de> > > --- > > meta/recipes-extended/shadow/shadow.inc | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc > > index b8e5e285c45..16b99a0b60e 100644 > > --- a/meta/recipes-extended/shadow/shadow.inc > > +++ b/meta/recipes-extended/shadow/shadow.inc > > @@ -74,6 +74,7 @@ PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl" > > PACKAGECONFIG[audit] = "--with-audit,--without-audit,audit" > > PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage" > > PACKAGECONFIG[libbsd] = "--with-libbsd,--without-libbsd,libbsd" > > +PACKAGECONFIG[logind] = "--enable-logind,--disable-logind,systemd" > > > > have we tried it with systemd in distro features ? In my distro > settings its causing a dependency loop. see > https://snips.sh/f/GkrM4zsDk1 shadow is added to taget dependencies via useradd bbclass see https://git.yoctoproject.org/poky/tree/meta/classes/useradd.bbclass#n12 so a simple packageconfig with a dependency on systemd is not going to cut it it will work for non-systemd cases perhaps fine but not systemd based systems. > > > RDEPENDS:${PN} = "shadow-securetty \ > > base-passwd \ > > -- > > 2.39.2 > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#195172): https://lists.openembedded.org/g/openembedded-core/message/195172 > > Mute This Topic: https://lists.openembedded.org/mt/104244839/1997914 > > Group Owner: openembedded-core+owner@lists.openembedded.org > > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [raj.khem@gmail.com] > > -=-=-=-=-=-=-=-=-=-=-=- > >
On Fri, 2024-02-09 at 09:50 -0800, Khem Raj wrote: > On Fri, Feb 9, 2024 at 9:24 AM Khem Raj <raj.khem@gmail.com> wrote: > > > > On Thu, Feb 8, 2024 at 10:56 AM Alexander Kanavin > > <alex.kanavin@gmail.com> wrote: > > > > > > This was causing host contamination in particular, where > > > libsystemd was installed on the host. > > > > > > Signed-off-by: Alexander Kanavin <alex@linutronix.de> > > > --- > > > meta/recipes-extended/shadow/shadow.inc | 1 + > > > 1 file changed, 1 insertion(+) > > > > > > diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc > > > index b8e5e285c45..16b99a0b60e 100644 > > > --- a/meta/recipes-extended/shadow/shadow.inc > > > +++ b/meta/recipes-extended/shadow/shadow.inc > > > @@ -74,6 +74,7 @@ PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl" > > > PACKAGECONFIG[audit] = "--with-audit,--without-audit,audit" > > > PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage" > > > PACKAGECONFIG[libbsd] = "--with-libbsd,--without-libbsd,libbsd" > > > +PACKAGECONFIG[logind] = "--enable-logind,--disable-logind,systemd" > > > > > > > have we tried it with systemd in distro features ? In my distro > > settings its causing a dependency loop. see > > https://snips.sh/f/GkrM4zsDk1 > > shadow is added to taget dependencies via useradd bbclass see > > https://git.yoctoproject.org/poky/tree/meta/classes/useradd.bbclass#n12 > > so a simple packageconfig with a dependency on systemd is not going to cut it > it will work for non-systemd cases perhaps fine but not systemd based systems. > > I've dropped that patch due to that issue. If someone wants to resolve this they can do but I've no pressing need. My main concern was fixing the determinism issue which we have done. Cheers, Richard
On Fri, Feb 9 2024 at 09:24:11 AM -08:00:00, Khem Raj <raj.khem@gmail.com> wrote: > In my distro > settings its causing a dependency loop. see I also had dependency loop with systemd enabled and was able to fix it by editing the PACKAGECONFIG like this: PACKAGECONFIG[systemd] = "--enable-logind,--disable-logind" Does this fix the issue for you too? There is no real need to add systemd to the depends field, because if DISTRO_FEATURE 'systemd' is set, it will be added anyway, right?
On Fri, Feb 9 2024 at 07:47:38 PM +01:00:00, Markus Volk <f_l_k@t-online.de> wrote: > because if DISTRO_FEATURE 'systemd' is set, it will be added anyway, > right? no,it's not
On Fri, 2024-02-09 at 19:47 +0100, Markus Volk wrote: > On Fri, Feb 9 2024 at 09:24:11 AM -08:00:00, Khem Raj <raj.khem@gmail.com> wrote: > > In my distro > > settings its causing a dependency loop. see > > > I also had dependency loop with systemd enabled and was able to fix it by editing the PACKAGECONFIG like this: > PACKAGECONFIG[systemd] = "--enable-logind,--disable-logind" > > Does this fix the issue for you too? There is no real need to add systemd to > the depends field, because if DISTRO_FEATURE 'systemd' is set, it will be > added anyway, right? This won't work. The addition to DEPENDS comes from the PACKAGECONFIG entry. The issue that that adduser needs shadow, systemd needs adduser and shadow now needs systemd so it is a true circular dependency issue which is hard to solve :/ Cheers, Richard
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index b8e5e285c45..16b99a0b60e 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -74,6 +74,7 @@ PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl" PACKAGECONFIG[audit] = "--with-audit,--without-audit,audit" PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage" PACKAGECONFIG[libbsd] = "--with-libbsd,--without-libbsd,libbsd" +PACKAGECONFIG[logind] = "--enable-logind,--disable-logind,systemd" RDEPENDS:${PN} = "shadow-securetty \ base-passwd \
This was causing host contamination in particular, where libsystemd was installed on the host. Signed-off-by: Alexander Kanavin <alex@linutronix.de> --- meta/recipes-extended/shadow/shadow.inc | 1 + 1 file changed, 1 insertion(+)