Message ID | 20240904225341.2699885-1-yoann.congal@smile.fr |
---|---|
State | New |
Headers | show |
Series | [meta-oe,1/2] polkit: Switch PAM files to common-* | expand |
> -----Original Message----- > From: openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org> On Behalf Of Yoann Congal via lists.openembedded.org > Sent: den 5 september 2024 00:54 > To: openembedded-devel@lists.openembedded.org > Cc: Yoann Congal <yoann.congal@smile.fr> > Subject: [oe] [meta-oe][PATCH 1/2] polkit: Switch PAM files to common-* > > From: Yoann Congal <yoann.congal@smile.fr> > > Add a new OS option to polkit meson: "openembedded" and use this to > set PAM include to common-* which matches OE-Core libpam. > > This also may fix a non-reproducibility since polkit meson system tried > to detect the host (compiling) OS and changed PAM config from the > detected value. > > Fixes: https://github.com/openembedded/meta-openembedded/issues/860 > > Signed-off-by: Yoann Congal <yoann.congal@smile.fr> > --- > ...pport-openembedded-OS-for-PAM-config.patch | 48 +++++++++++++++++++ > meta-oe/recipes-extended/polkit/polkit_125.bb | 8 +++- > 2 files changed, 55 insertions(+), 1 deletion(-) > create mode 100644 meta-oe/recipes-extended/polkit/files/meson-build-Support-openembedded-OS-for-PAM-config.patch > > diff --git a/meta-oe/recipes-extended/polkit/files/meson-build-Support-openembedded-OS-for-PAM-config.patch b/meta-oe/recipes-extended/polkit/files/meson-build-Support-openembedded-OS-for-PAM-config.patch > new file mode 100644 > index 0000000000..e0ee8a309a > --- /dev/null > +++ b/meta-oe/recipes-extended/polkit/files/meson-build-Support-openembedded-OS-for-PAM-config.patch > @@ -0,0 +1,48 @@ > +From 7c89b88f0f81ad220d08d69d212c14c6eeefb647 Mon Sep 17 00:00:00 2001 > +From: Yoann Congal <yoann.congal@smile.fr> > +Date: Tue, 3 Sep 2024 12:17:42 +0200 > +Subject: [PATCH] meson.build: Support "openembedded" OS for PAM config > + > +In Openembedded, same as Suse/Solaris: PAM files are common-*: > +* PAM_FILE_INCLUDE_AUTH: common-auth > +* PAM_FILE_INCLUDE_ACCOUNT: common-account > +* PAM_FILE_INCLUDE_PASSWORD: common-password > +* PAM_FILE_INCLUDE_SESSION: common-session > +See OE-Core libpam recipe. > + > +NB: This is also the same config as Debian but its not mentioned in the > +code. > + > +Signed-off-by: Yoann Congal <yoann.congal@smile.fr> > +Upstream-Status: Inappropriate [oe specific] > +--- > + meson.build | 2 +- > + meson_options.txt | 2 +- > + 2 files changed, 2 insertions(+), 2 deletions(-) > + > +diff --git a/meson.build b/meson.build > +index 302c189..a55f2d6 100644 > +--- a/meson.build > ++++ b/meson.build > +@@ -311,7 +311,7 @@ endif > + > + pam_include = get_option('pam_include') > + if pam_include == '' > +- if ['suse', 'solaris'].contains(os_type) > ++ if ['suse', 'solaris', 'openembedded'].contains(os_type) > + pam_conf = { > + 'PAM_FILE_INCLUDE_AUTH': 'common-auth', > + 'PAM_FILE_INCLUDE_ACCOUNT': 'common-account', > +diff --git a/meson_options.txt b/meson_options.txt > +index c2e4a6c..14d7a50 100644 > +--- a/meson_options.txt > ++++ b/meson_options.txt > +@@ -6,7 +6,7 @@ option('polkitd_user', type: 'string', value: 'polkitd', > description: 'User for > + option('polkitd_uid', type: 'string', value: '-', description: 'Fixed UID for user running polkitd (polkitd)') > + > + option('authfw', type: 'combo', choices: ['pam', 'shadow', 'bsdauth'], value: 'pam', description: 'Authentication framework (pam/shadow)') > +-option('os_type', type: 'combo', choices: ['redhat', 'suse', 'gentoo', 'pardus', 'solaris', 'netbsd', 'lfs', ''], value: '', description: 'distribution or OS') > ++option('os_type', type: 'combo', choices: ['redhat', 'suse', 'gentoo', 'pardus', 'solaris', 'netbsd', 'lfs', 'openembedded', ''], value: '', description: 'distribution or OS') > + > + option('pam_include', type: 'string', value: '', description: 'pam file to include') > + option('pam_module_dir', type: 'string', value: '', description: 'directory to install PAM security module') > diff --git a/meta-oe/recipes-extended/polkit/polkit_125.bb b/meta-oe/recipes-extended/polkit/polkit_125.bb > index fe1ee467c3..2405ed6034 100644 > --- a/meta-oe/recipes-extended/polkit/polkit_125.bb > +++ b/meta-oe/recipes-extended/polkit/polkit_125.bb > @@ -5,7 +5,9 @@ LICENSE = "LGPL-2.0-or-later" > LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb" > BUGTRACKER = "https://github.com/polkit-org/polkit/issues" > > -SRC_URI = "git://github.com/polkit-org/polkit.git;protocol=https;branch=main" > +SRC_URI = "git://github.com/polkit-org/polkit.git;protocol=https;branch=main \ > + file://meson-build-Support-openembedded-OS-for-PAM-config.patch \ > + " > > S = "${WORKDIR}/git" > SRCREV = "112752c12da812a163dac67d7f675b60de8f7d7b" > @@ -16,6 +18,10 @@ inherit meson pkgconfig useradd systemd gettext gobject-introspection features_c > > REQUIRED_DISTRO_FEATURES = "polkit" > > +# Prevent meson.build to try to autodetect host OS (which could lead to > +# non-reproducibility) > +EXTRA_OEMESON = "-Dos_type=openembedded" Why do you need the patch? Can't you just set: EXTRA_OEMESON = "-Dos_type=suse" and be done with it? > + > PACKAGECONFIG = " \ > ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ > ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', 'consolekit', d)} \ //Peter
Le jeu. 5 sept. 2024 à 01:07, Peter Kjellerstedt < peter.kjellerstedt@axis.com> a écrit : > > -----Original Message----- > > From: openembedded-devel@lists.openembedded.org < > openembedded-devel@lists.openembedded.org> On Behalf Of Yoann Congal via > lists.openembedded.org > > Sent: den 5 september 2024 00:54 > > To: openembedded-devel@lists.openembedded.org > > Cc: Yoann Congal <yoann.congal@smile.fr> > > Subject: [oe] [meta-oe][PATCH 1/2] polkit: Switch PAM files to common-* > > > > From: Yoann Congal <yoann.congal@smile.fr> > > > > Add a new OS option to polkit meson: "openembedded" and use this to > > set PAM include to common-* which matches OE-Core libpam. > > > > This also may fix a non-reproducibility since polkit meson system tried > > to detect the host (compiling) OS and changed PAM config from the > > detected value. > > > > Fixes: https://github.com/openembedded/meta-openembedded/issues/860 > > > > Signed-off-by: Yoann Congal <yoann.congal@smile.fr> > > --- > > ...pport-openembedded-OS-for-PAM-config.patch | 48 +++++++++++++++++++ > > meta-oe/recipes-extended/polkit/polkit_125.bb | 8 +++- > > 2 files changed, 55 insertions(+), 1 deletion(-) > > create mode 100644 > meta-oe/recipes-extended/polkit/files/meson-build-Support-openembedded-OS-for-PAM-config.patch > > > > diff --git > a/meta-oe/recipes-extended/polkit/files/meson-build-Support-openembedded-OS-for-PAM-config.patch > b/meta-oe/recipes-extended/polkit/files/meson-build-Support-openembedded-OS-for-PAM-config.patch > > new file mode 100644 > > index 0000000000..e0ee8a309a > > --- /dev/null > > +++ > b/meta-oe/recipes-extended/polkit/files/meson-build-Support-openembedded-OS-for-PAM-config.patch > > @@ -0,0 +1,48 @@ > > +From 7c89b88f0f81ad220d08d69d212c14c6eeefb647 Mon Sep 17 00:00:00 2001 > > +From: Yoann Congal <yoann.congal@smile.fr> > > +Date: Tue, 3 Sep 2024 12:17:42 +0200 > > +Subject: [PATCH] meson.build: Support "openembedded" OS for PAM config > > + > > +In Openembedded, same as Suse/Solaris: PAM files are common-*: > > +* PAM_FILE_INCLUDE_AUTH: common-auth > > +* PAM_FILE_INCLUDE_ACCOUNT: common-account > > +* PAM_FILE_INCLUDE_PASSWORD: common-password > > +* PAM_FILE_INCLUDE_SESSION: common-session > > +See OE-Core libpam recipe. > > + > > +NB: This is also the same config as Debian but its not mentioned in the > > +code. > > + > > +Signed-off-by: Yoann Congal <yoann.congal@smile.fr> > > +Upstream-Status: Inappropriate [oe specific] > > +--- > > + meson.build | 2 +- > > + meson_options.txt | 2 +- > > + 2 files changed, 2 insertions(+), 2 deletions(-) > > + > > +diff --git a/meson.build b/meson.build > > +index 302c189..a55f2d6 100644 > > +--- a/meson.build > > ++++ b/meson.build > > +@@ -311,7 +311,7 @@ endif > > + > > + pam_include = get_option('pam_include') > > + if pam_include == '' > > +- if ['suse', 'solaris'].contains(os_type) > > ++ if ['suse', 'solaris', 'openembedded'].contains(os_type) > > + pam_conf = { > > + 'PAM_FILE_INCLUDE_AUTH': 'common-auth', > > + 'PAM_FILE_INCLUDE_ACCOUNT': 'common-account', > > +diff --git a/meson_options.txt b/meson_options.txt > > +index c2e4a6c..14d7a50 100644 > > +--- a/meson_options.txt > > ++++ b/meson_options.txt > > +@@ -6,7 +6,7 @@ option('polkitd_user', type: 'string', value: 'polkitd', > > description: 'User for > > + option('polkitd_uid', type: 'string', value: '-', description: 'Fixed > UID for user running polkitd (polkitd)') > > + > > + option('authfw', type: 'combo', choices: ['pam', 'shadow', 'bsdauth'], > value: 'pam', description: 'Authentication framework (pam/shadow)') > > +-option('os_type', type: 'combo', choices: ['redhat', 'suse', 'gentoo', > 'pardus', 'solaris', 'netbsd', 'lfs', ''], value: '', description: > 'distribution or OS') > > ++option('os_type', type: 'combo', choices: ['redhat', 'suse', 'gentoo', > 'pardus', 'solaris', 'netbsd', 'lfs', 'openembedded', ''], value: '', > description: 'distribution or OS') > > + > > + option('pam_include', type: 'string', value: '', description: 'pam > file to include') > > + option('pam_module_dir', type: 'string', value: '', description: > 'directory to install PAM security module') > > diff --git a/meta-oe/recipes-extended/polkit/polkit_125.bb > b/meta-oe/recipes-extended/polkit/polkit_125.bb > > index fe1ee467c3..2405ed6034 100644 > > --- a/meta-oe/recipes-extended/polkit/polkit_125.bb > > +++ b/meta-oe/recipes-extended/polkit/polkit_125.bb > > @@ -5,7 +5,9 @@ LICENSE = "LGPL-2.0-or-later" > > LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb" > > BUGTRACKER = "https://github.com/polkit-org/polkit/issues" > > > > -SRC_URI = "git:// > github.com/polkit-org/polkit.git;protocol=https;branch=main" > > +SRC_URI = "git:// > github.com/polkit-org/polkit.git;protocol=https;branch=main \ > > + > file://meson-build-Support-openembedded-OS-for-PAM-config.patch \ > > + " > > > > S = "${WORKDIR}/git" > > SRCREV = "112752c12da812a163dac67d7f675b60de8f7d7b" > > @@ -16,6 +18,10 @@ inherit meson pkgconfig useradd systemd gettext > gobject-introspection features_c > > > > REQUIRED_DISTRO_FEATURES = "polkit" > > > > +# Prevent meson.build to try to autodetect host OS (which could lead to > > +# non-reproducibility) > > +EXTRA_OEMESON = "-Dos_type=openembedded" > > Why do you need the patch? Can't you just set: > > EXTRA_OEMESON = "-Dos_type=suse" > > and be done with it? > I wondered about using this but - the suze can change in the future and without the patch there won't be any warning - it felt weird (I'll admit this is not a strong argument... ;) ) I'll send a v2 without the patch and "-Dos_type=suse" so Khem may choose the one he prefers. Thanks! > > > + > > PACKAGECONFIG = " \ > > ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ > > ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', > 'consolekit', d)} \ > > //Peter > >
diff --git a/meta-oe/recipes-extended/polkit/files/meson-build-Support-openembedded-OS-for-PAM-config.patch b/meta-oe/recipes-extended/polkit/files/meson-build-Support-openembedded-OS-for-PAM-config.patch new file mode 100644 index 0000000000..e0ee8a309a --- /dev/null +++ b/meta-oe/recipes-extended/polkit/files/meson-build-Support-openembedded-OS-for-PAM-config.patch @@ -0,0 +1,48 @@ +From 7c89b88f0f81ad220d08d69d212c14c6eeefb647 Mon Sep 17 00:00:00 2001 +From: Yoann Congal <yoann.congal@smile.fr> +Date: Tue, 3 Sep 2024 12:17:42 +0200 +Subject: [PATCH] meson.build: Support "openembedded" OS for PAM config + +In Openembedded, same as Suse/Solaris: PAM files are common-*: +* PAM_FILE_INCLUDE_AUTH: common-auth +* PAM_FILE_INCLUDE_ACCOUNT: common-account +* PAM_FILE_INCLUDE_PASSWORD: common-password +* PAM_FILE_INCLUDE_SESSION: common-session +See OE-Core libpam recipe. + +NB: This is also the same config as Debian but its not mentioned in the +code. + +Signed-off-by: Yoann Congal <yoann.congal@smile.fr> +Upstream-Status: Inappropriate [oe specific] +--- + meson.build | 2 +- + meson_options.txt | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/meson.build b/meson.build +index 302c189..a55f2d6 100644 +--- a/meson.build ++++ b/meson.build +@@ -311,7 +311,7 @@ endif + + pam_include = get_option('pam_include') + if pam_include == '' +- if ['suse', 'solaris'].contains(os_type) ++ if ['suse', 'solaris', 'openembedded'].contains(os_type) + pam_conf = { + 'PAM_FILE_INCLUDE_AUTH': 'common-auth', + 'PAM_FILE_INCLUDE_ACCOUNT': 'common-account', +diff --git a/meson_options.txt b/meson_options.txt +index c2e4a6c..14d7a50 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -6,7 +6,7 @@ option('polkitd_user', type: 'string', value: 'polkitd', description: 'User for + option('polkitd_uid', type: 'string', value: '-', description: 'Fixed UID for user running polkitd (polkitd)') + + option('authfw', type: 'combo', choices: ['pam', 'shadow', 'bsdauth'], value: 'pam', description: 'Authentication framework (pam/shadow)') +-option('os_type', type: 'combo', choices: ['redhat', 'suse', 'gentoo', 'pardus', 'solaris', 'netbsd', 'lfs', ''], value: '', description: 'distribution or OS') ++option('os_type', type: 'combo', choices: ['redhat', 'suse', 'gentoo', 'pardus', 'solaris', 'netbsd', 'lfs', 'openembedded', ''], value: '', description: 'distribution or OS') + + option('pam_include', type: 'string', value: '', description: 'pam file to include') + option('pam_module_dir', type: 'string', value: '', description: 'directory to install PAM security module') diff --git a/meta-oe/recipes-extended/polkit/polkit_125.bb b/meta-oe/recipes-extended/polkit/polkit_125.bb index fe1ee467c3..2405ed6034 100644 --- a/meta-oe/recipes-extended/polkit/polkit_125.bb +++ b/meta-oe/recipes-extended/polkit/polkit_125.bb @@ -5,7 +5,9 @@ LICENSE = "LGPL-2.0-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb" BUGTRACKER = "https://github.com/polkit-org/polkit/issues" -SRC_URI = "git://github.com/polkit-org/polkit.git;protocol=https;branch=main" +SRC_URI = "git://github.com/polkit-org/polkit.git;protocol=https;branch=main \ + file://meson-build-Support-openembedded-OS-for-PAM-config.patch \ + " S = "${WORKDIR}/git" SRCREV = "112752c12da812a163dac67d7f675b60de8f7d7b" @@ -16,6 +18,10 @@ inherit meson pkgconfig useradd systemd gettext gobject-introspection features_c REQUIRED_DISTRO_FEATURES = "polkit" +# Prevent meson.build to try to autodetect host OS (which could lead to +# non-reproducibility) +EXTRA_OEMESON = "-Dos_type=openembedded" + PACKAGECONFIG = " \ ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', 'consolekit', d)} \