From patchwork Wed Jun 26 13:39:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ga=C3=ABl_PORTAY?= X-Patchwork-Id: 45652 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 485AFC27C4F for ; Wed, 26 Jun 2024 13:40:01 +0000 (UTC) Received: from mail-lf1-f41.google.com (mail-lf1-f41.google.com [209.85.167.41]) by mx.groups.io with SMTP id smtpd.web10.26800.1719409192089884505 for ; Wed, 26 Jun 2024 06:39:52 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=QBcW4IHT; spf=pass (domain: gmail.com, ip: 209.85.167.41, mailfrom: gael.portay@gmail.com) Received: by mail-lf1-f41.google.com with SMTP id 2adb3069b0e04-52cdebf9f6fso5515198e87.0 for ; Wed, 26 Jun 2024 06:39:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1719409190; x=1720013990; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6I0NZefWHyvAccPNvrXbtSSO1i4rXYG/swMM4oXYm+Q=; b=QBcW4IHTnFsvP1KZKoTeqI4qrTGxmkbiqrmn/MpNVso91V85xGk4M2V0t/dL6OhJMj DqjDp88AX93zNF41vP1fwQy9RbE5t0tXVfec9a8CCPagfcLOunYudqEtrmpQOExVXgrr QPlaF6HLUfArgKOtOZ2m7wNMWpnUBUb5rADg2iWv0Te59HquMEqQ3VPVMy1W+vDuKcmV qmWD/dC9DtxFu4g0pHxIbjEdwA3OynDGzR0YLpE77+laIO0wTJHxydvQa3za75EiPqcd qUc70us2L1zgtoIcfDMc3Vx6tKWHgGWza/ZX7JXS2LPIjEccbVI5rqLJIvfcysFFjbD9 3+OA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719409190; x=1720013990; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6I0NZefWHyvAccPNvrXbtSSO1i4rXYG/swMM4oXYm+Q=; b=aZf9BPgpw2OHMzcnAzwXO4cDLCgFikVV4c/ROsYhYltHXlbc1TXcqqmw4Dbe7Y8Y8r Gj5+nSrvVpMG88xi8QYacx/kSzpO6ZriN/5bkkWR0RvfKuyjul/d2evivIgeoMkmUYCV 4fuIx4C/5fwvyLfGtUVT3q/w++Yv4bIJjzuYGveCZK1GBV5Cu+mGIoSKE5r2ChG/9Mqx nEL4IWZcvTrNPnsVcC5HluZD64KVjJagiqDyq3ENqE72rchc91eHqNt4wzGbYNq+j1RB dojrxPfqJoBedIUPQ0tmK8B3jTWaywVBi0ySBAV7bkzfEVLBL5o+iYQ75jqd5V9DE2Zp juiA== X-Gm-Message-State: AOJu0YyzJurjKXir7ql7oy+Oy0a/qzIG93ORURKYaQ9htasONk0nFr/5 YIzfDzRvDzgjvHDDkLJeA3MFuxavPyOLTdhDVUpHqgT6WZGZ6xOaTlyGYkis X-Google-Smtp-Source: AGHT+IGjz/68mYSyv1rVd46kmm6hof3+zezv3zlDpsp79fkvTw8MTyP1QCQ5HJMOIGbneD3zglr+wg== X-Received: by 2002:a05:6512:b0d:b0:52c:f3fa:86c with SMTP id 2adb3069b0e04-52cf3fa14famr4916294e87.18.1719409189494; Wed, 26 Jun 2024 06:39:49 -0700 (PDT) Received: from localhost.localdomain ([2a01:e0a:ce:f2f0:2a6b:35ff:feb8:77d9]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3663a8c7befsm15802533f8f.95.2024.06.26.06.39.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Jun 2024 06:39:47 -0700 (PDT) From: " =?utf-8?q?Ga=C3=ABl_PORTAY?= " X-Google-Original-From: =?utf-8?q?Ga=C3=ABl_PORTAY?= To: yocto-patches@lists.yoctoproject.org Cc: gael.portay+yocto@gmail.com, =?utf-8?q?Ga=C3=ABl_PORTAY?= Subject: [meta-security,kirkstone][PATCH 1/5] sssd: fix missing python3.X-config script Date: Wed, 26 Jun 2024 15:39:09 +0200 Message-ID: <20240626133913.790145-2-gael.portay@rtone.fr> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240626133913.790145-1-gael.portay@rtone.fr> References: <20240626133913.790145-1-gael.portay@rtone.fr> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 26 Jun 2024 13:40:01 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/375 The configure script checks for the utility python3.X-config to be in $PATH; that script is shipped by the package python3-native. The recipe does not depend on the package python3-native which causes the task do_configure to fail. The recipe inherits from the bbclass python3-dir that does not install the required script to the sysroot. The bbclass python3native inherits from (the already inherited bbclass) python3-dir and it adds the missing dependency to python3-native. This fixes the configure error by "upgrading" the inherit bbclass from python3-dir to python3-native. Fixes: | checking for python3.10-config... no | configure: error: | The program python3.10-config was not found in search path. | Please ensure that it is installed and its directory is included in the search | path. If you want to build sssd without python3 bindings then specify | --without-python3-bindings when running configure. | NOTE: The following config.log files may provide further information. Signed-off-by: Gaël PORTAY --- recipes-security/sssd/sssd_2.5.2.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-security/sssd/sssd_2.5.2.bb b/recipes-security/sssd/sssd_2.5.2.bb index c07559c..fe82452 100644 --- a/recipes-security/sssd/sssd_2.5.2.bb +++ b/recipes-security/sssd/sssd_2.5.2.bb @@ -33,7 +33,7 @@ CVE_CHECK_IGNORE += "\ CVE-2018-16838 \ " -inherit autotools pkgconfig gettext python3-dir features_check systemd +inherit autotools pkgconfig gettext python3native features_check systemd REQUIRED_DISTRO_FEATURES = "pam" From patchwork Wed Jun 26 13:39:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ga=C3=ABl_PORTAY?= X-Patchwork-Id: 45649 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3FDE4C30658 for ; Wed, 26 Jun 2024 13:40:00 +0000 (UTC) Received: from mail-wr1-f50.google.com (mail-wr1-f50.google.com [209.85.221.50]) by mx.groups.io with SMTP id smtpd.web11.27016.1719409192502485226 for ; Wed, 26 Jun 2024 06:39:52 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=UrtGkrTK; spf=pass (domain: gmail.com, ip: 209.85.221.50, mailfrom: gael.portay@gmail.com) Received: by mail-wr1-f50.google.com with SMTP id ffacd0b85a97d-364b2f92388so4694242f8f.2 for ; Wed, 26 Jun 2024 06:39:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1719409190; x=1720013990; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Ka+pJarKervW2AtnHXeJZbg0IoJ/xsW80I5D8DKSJR4=; b=UrtGkrTKNOrdQ90m4NVLUUMWOAhGTbKIGUIiDTWrZRWdd1loSkiMKvbOwEa8c3zriH 8I+vcedZbeg1bisy0IDsZIUwy2GzOin+oM+lLb0gp+U3HuDn5UIZutAycJsIomvNGX/Y GF9V0IGTb1lOmNKTVFiuopdi07gtspXez3/NdIzK+HZYuPkGP47K1sDkgyNGg3OM5xd3 ZwEXng8Zbh7nrQUYP8P2WxvTZnomePLDBATLkhg6bS2GbO6z59P3BeXLBEG9PCkdV0mY mnnJhQdJiy3DZlQEZg5KO/1CdWWtdkAYy2VuqctPeMWlFc3BrBOvCWlNzmP8vX1aK2u4 DWZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719409190; x=1720013990; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Ka+pJarKervW2AtnHXeJZbg0IoJ/xsW80I5D8DKSJR4=; b=UCrOuC83HTe6FBJNkYNZrA9lU5gbSO76SxGfjpAzPFzg8B8hP8C+UcV7UQPevay4c6 uinL3YluDKNfMnlYvov3yhvrc42bNOwCkxvW05YmsmgpeuY9KswnS0FToMNkvftVdoPC GX3S7qQV9ONAudaLL3bbWqEIW3qyavbwFxhaUCtiD8knckVptwgTBVGV/2T/5LZT6V6V LeAIjI6PsJw0GlPwBS4/i4BrY2Dq2bLBunxsLGGMAMgWyjVbDt/yYwS0fVJToa7BvKiP zCORhCdf7Ux7B7Hsid+nvlUg2JENndYiVhH/k8sBEtmilkomI2ZIvrGvQIPn7gkzvm65 5+aQ== X-Gm-Message-State: AOJu0Yx0M2RKu/eXbJRkkKUwLewpHYJJtOMWzuo1vf7wk+bswpSNGf0w b1qyj6ImEdChUVo5Knb/oODKodhW+I35ipn7gXAWWQn2KHct65/JCukv8UV4 X-Google-Smtp-Source: AGHT+IHD1eHBOp870y87GEEUD6G+vj7lniPm3rdl7JIT5XsJiXSnJCKEW+Y5S36X3TrNujTiHw9Ucg== X-Received: by 2002:a5d:5f8e:0:b0:366:ebf5:c6cc with SMTP id ffacd0b85a97d-366ebf5c746mr8267556f8f.50.1719409190249; Wed, 26 Jun 2024 06:39:50 -0700 (PDT) Received: from localhost.localdomain ([2a01:e0a:ce:f2f0:2a6b:35ff:feb8:77d9]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3663a8c7befsm15802533f8f.95.2024.06.26.06.39.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Jun 2024 06:39:49 -0700 (PDT) From: " =?utf-8?q?Ga=C3=ABl_PORTAY?= " X-Google-Original-From: =?utf-8?q?Ga=C3=ABl_PORTAY?= To: yocto-patches@lists.yoctoproject.org Cc: gael.portay+yocto@gmail.com, =?utf-8?q?Ga=C3=ABl_PORTAY?= Subject: [meta-security,kirkstone][PATCH 2/5] sssd: fix ac_cv_prog_HAVE_PYTHON3 value Date: Wed, 26 Jun 2024 15:39:10 +0200 Message-ID: <20240626133913.790145-3-gael.portay@rtone.fr> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240626133913.790145-1-gael.portay@rtone.fr> References: <20240626133913.790145-1-gael.portay@rtone.fr> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 26 Jun 2024 13:40:00 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/376 The variable HAVE_PYTHON3 expects a boolean value[1] and the configure script raises an error if the option --with-python3-bindings is set and if the value HAVE_PYTHON3 is not "yes"[2]. The recipe sets a non-boolean value to ac_cv_prog_HAVE_PYTHON3 and thus causes the task do_configure to fail. This fixes the value set to ac_cv_prog_HAVE_PYTHON3 by setting it to yes instead of $(PYTHON_DIR). Fixes: | checking for python3... (cached) python3.10 | configure: error: | The program python3 was not found in search path. | Please ensure that it is installed and its directory is included in the search | path. It is required for building python3 bindings. If you do not want to build | them please use argument --without-python3-bindings when running configure. | NOTE: The following config.log files may provide further information. [1]: https://github.com/SSSD/sssd/blob/2.5.2/configure.ac#L323-L325 [2]: https://github.com/SSSD/sssd/blob/2.5.2/configure.ac#L353-L377 Signed-off-by: Gaël PORTAY --- recipes-security/sssd/sssd_2.5.2.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-security/sssd/sssd_2.5.2.bb b/recipes-security/sssd/sssd_2.5.2.bb index fe82452..98a4b5e 100644 --- a/recipes-security/sssd/sssd_2.5.2.bb +++ b/recipes-security/sssd/sssd_2.5.2.bb @@ -41,7 +41,7 @@ SSSD_UID ?= "root" SSSD_GID ?= "root" CACHED_CONFIGUREVARS = "ac_cv_member_struct_ldap_conncb_lc_arg=no \ - ac_cv_prog_HAVE_PYTHON3=${PYTHON_DIR} \ + ac_cv_prog_HAVE_PYTHON3=yes \ " PACKAGECONFIG ?="nss nscd autofs sudo infopipe" From patchwork Wed Jun 26 13:39:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ga=C3=ABl_PORTAY?= X-Patchwork-Id: 45651 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5043FC41513 for ; Wed, 26 Jun 2024 13:40:00 +0000 (UTC) Received: from mail-lf1-f53.google.com (mail-lf1-f53.google.com [209.85.167.53]) by mx.groups.io with SMTP id smtpd.web10.26803.1719409193971081300 for ; Wed, 26 Jun 2024 06:39:54 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=kuoneWNw; spf=pass (domain: gmail.com, ip: 209.85.167.53, mailfrom: gael.portay@gmail.com) Received: by mail-lf1-f53.google.com with SMTP id 2adb3069b0e04-52ce01403f6so4048979e87.0 for ; Wed, 26 Jun 2024 06:39:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1719409192; x=1720013992; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nDZpnszQ2LqFoGieADXDq5MVS5vEWsmeErLhwQGFBZA=; b=kuoneWNwMWC5DTj5cowlEIwrjmgLao0DU0CXdvDJ2eKs2EsJ2eGxKjwc4rrSKdW/X3 RgT2NERGzRcxORYuABblqORi9ar0pMIjR50Qt83gYhdsb32HMRtWgHg/ZiGwBY40YjlW NAaCJQYm0EbaaPLHdvsY5cFa7FrQf4x6ZWu+y6snpDG9txuq04iAiZ1ZSJE4ur7p72ZA xa3WZn8uWh+BGiy7Qn7gBgcL0Q4q8o2RngmZA6GQ9FG/HN+xJSkB2uNUpHZbjGR1nFXM FnVsRNDM80i0FmpskZh3QoTf8hx3Q17xTH2HUix/bd55BwZhL3+mKGm0icTMP2RDQwWB N7Hw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719409192; x=1720013992; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nDZpnszQ2LqFoGieADXDq5MVS5vEWsmeErLhwQGFBZA=; b=RuZo8e70tChjbLSJXcVjHubmcqJAbON62GAdEoq0nuC7vVcOF3KB1kvCztjnJLdq6N nd8+xgMpvOeTg2By/lrhCN2GgfhEVxzionhAH5MUp+sOmBVlPvROCRQoamG+LOKZG9Dq 5ZQvGXBd5mEHptRSawRDdklxvKKg2Q0cUigMH7c882I30bkVyJ4Ax3DJ3WnEELxv/GJn L/InBvKeQRc7Qw79S8J5qnZSuXIkzTDXAraou8tMo+KHuXyP/wLo+EMhhbjQ7mRqIDJt uDNCFnpEoZIC0dpFkZe05xCCv5AwA5XeY3PK/wolX2ZTpeeh9J3YYv7i6TjnSfi+LCD9 jRvA== X-Gm-Message-State: AOJu0YzHRC2Em2Oh47fQdRFBXBVNPYNPV9UhInaxRHrOa3iyLjXBxFV0 OLS9XkP/7x7En1DDR8wAtvyOFoVIbtIlVIavLc++qif11IrN+40VO73IK7+F X-Google-Smtp-Source: AGHT+IF8qtSAdskP0QC2ymnD7FIOO0qPBfGgyTJW46k1RvLQUhP38iIrQvtzVfsU1hGlGmQJJ5uCxA== X-Received: by 2002:ac2:4a78:0:b0:52c:da77:d71c with SMTP id 2adb3069b0e04-52ce185ecb4mr6187694e87.54.1719409191610; Wed, 26 Jun 2024 06:39:51 -0700 (PDT) Received: from localhost.localdomain ([2a01:e0a:ce:f2f0:2a6b:35ff:feb8:77d9]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3663a8c7befsm15802533f8f.95.2024.06.26.06.39.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Jun 2024 06:39:50 -0700 (PDT) From: " =?utf-8?q?Ga=C3=ABl_PORTAY?= " X-Google-Original-From: =?utf-8?q?Ga=C3=ABl_PORTAY?= To: yocto-patches@lists.yoctoproject.org Cc: gael.portay+yocto@gmail.com, =?utf-8?q?Ga=C3=ABl_PORTAY?= Subject: [meta-security,kirkstone][PATCH 3/5] sssd: fix issue if build machine is Debian Date: Wed, 26 Jun 2024 15:39:11 +0200 Message-ID: <20240626133913.790145-4-gael.portay@rtone.fr> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240626133913.790145-1-gael.portay@rtone.fr> References: <20240626133913.790145-1-gael.portay@rtone.fr> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 26 Jun 2024 13:40:00 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/377 The configure script guesses the target system from the host if no --with-os= is set[1]. It is untrue if cross-compiling. The guessed host operating system is used then to do specific things fort target build. The commit[2] passes the downstream debian option --install-layout=deb to setup.py[3] if the host system is debian based, and thus, it raises the error attached below as that debian-specific option[4] is not part of the openembedded[5] world. This sets the Fedora operating system thanks to the existing configure option --with-os=fedora, that is relatively sain operating system for the needs of openembedded. Fixes: | (...)/build/tmp/work/aarch64-poky-linux/sssd/2.5.2-r0/build/src/config/setup.py:25: DeprecationWarning: The distutils package is deprecated and slated for removal in Python 3.12. Use setuptools or check PEP 632 for potential alternatives | from distutils.core import setup | usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...] | or: setup.py --help [cmd1 cmd2 ...] | or: setup.py --help-commands | or: setup.py cmd --help | | error: option --install-layout not recognized Note: Upstream has introduced the "unknown" operating systemd with the upcoming version 2.10.0[6][7]. The change can be backported. [1]: https://github.com/SSSD/sssd/blob/2.5.2/src/external/platform.m4#L1-L31 [2]: https://github.com/SSSD/sssd/commit/e6ae55d5423434d5dc6c236e8647b33610d30e2e [3]: https://github.com/SSSD/sssd/blob/2.5.2/Makefile.am#L32-L35 [4]: https://sources.debian.org/patches/setuptools/68.1.2-2/install-layout.diff/#L7 [5]: https://git.openembedded.org/openembedded-core/tree/meta/recipes-devtools/python/python3-setuptools_59.5.0.bb?h=kirkstone [6]: https://github.com/SSSD/sssd/commit/7b32dc0ab877a9061b52868b8efe6866c3144b63 [7]: https://github.com/SSSD/sssd/pull/7398 Signed-off-by: Gaël PORTAY --- recipes-security/sssd/sssd_2.5.2.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/recipes-security/sssd/sssd_2.5.2.bb b/recipes-security/sssd/sssd_2.5.2.bb index 98a4b5e..9991667 100644 --- a/recipes-security/sssd/sssd_2.5.2.bb +++ b/recipes-security/sssd/sssd_2.5.2.bb @@ -73,6 +73,7 @@ EXTRA_OECONF += " \ --without-secrets \ --with-xml-catalog-path=${STAGING_ETCDIR_NATIVE}/xml/catalog \ --with-pid-path=/run \ + --with-os=fedora \ " do_configure:prepend() { From patchwork Wed Jun 26 13:39:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ga=C3=ABl_PORTAY?= X-Patchwork-Id: 45650 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2BF46C3065B for ; Wed, 26 Jun 2024 13:40:01 +0000 (UTC) Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com [209.85.221.48]) by mx.groups.io with SMTP id smtpd.web11.27019.1719409194721140707 for ; Wed, 26 Jun 2024 06:39:55 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=CqyGj+kb; spf=pass (domain: gmail.com, ip: 209.85.221.48, mailfrom: gael.portay@gmail.com) Received: by mail-wr1-f48.google.com with SMTP id ffacd0b85a97d-35f090093d8so4386068f8f.0 for ; Wed, 26 Jun 2024 06:39:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1719409192; x=1720013992; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qc5D7bOsvUuGZPpCKj60c9MPLqRCK0Q4SvpwoQxkCko=; b=CqyGj+kbq8GE5mb6j7gsRNn3LHhfmKONMbzVltlREooASygBGXtaCQJvOdCSAeYKB/ ob3BuH6AmW0FldrbzdvX6E2Fn1oauwTS+A5Kh4Nx8G9nK9qe3cH59IwuI+QCB5hZ5voz ip9uMOI5OtW7TA1D3ODW9sWm8cFtzIikRNSfqY3WWQjtF45l9q7khnZl9Z6kw2y9TtYw j3QYExgJVrK0KSR+4s+9eDqWjtCNFFLv4rm89dXV/jH0lmxa4O5NPF+k9Z11IjoVuhwb e3T+D7IzRiOdpwas9GcAdYH4lSUoWlDCJRutT4pW1Qplr8Ijrc3NCIu/woWgFCak9P1h F7qw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719409192; x=1720013992; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qc5D7bOsvUuGZPpCKj60c9MPLqRCK0Q4SvpwoQxkCko=; b=JSm37VSVGJEInFDLQ83os7GSIRf1s44y7m01FZe8pDFCYRwTGvSn3I7SGjdCYtxGG2 h2IIkPSablf4vweBBwEhRBOKb9hq86v1DzYTc75NmVRhWZZGaMP8TlhkjBJnAn8tRcUK RLqlnVy5ga4JTlIW3ynZLFOMe9whqOxCTW4JnU5jh62U3CreW5Bg62r7ApZU0CeRKiM5 1qmyhp9GdW4PB32ETjQut3IzrwXMCy7Iq1mlTF0ae2wE2nCoBfVUG1utADjJ8I7S1Uxb MR1PnAFUtBcMCmvPIK4dSIE9y+B36mKh8anDaCeUfBJ5pH8A27TYaq/TAhqcnxGYb0Rh hBvg== X-Gm-Message-State: AOJu0Yzwub84c+oI6Uj7+GzXZdPseoLxcbo0lGKhHj0qU3PrxjqVkDeK o6fdZfcExs0yeeSIJvIgYvK+NPndaQHqjROY36j+3v9Q6Y6YAgqD7lFfQexI X-Google-Smtp-Source: AGHT+IG4z7URqu4ck9pnh7WDIvRm+duNAIeGgN/cC0AwlhbVu9ov25bJFgOGw7ZWwEcEj5jzDjNBLA== X-Received: by 2002:a5d:4985:0:b0:354:fc65:39d6 with SMTP id ffacd0b85a97d-366e7a1bfbdmr7405586f8f.26.1719409192293; Wed, 26 Jun 2024 06:39:52 -0700 (PDT) Received: from localhost.localdomain ([2a01:e0a:ce:f2f0:2a6b:35ff:feb8:77d9]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3663a8c7befsm15802533f8f.95.2024.06.26.06.39.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Jun 2024 06:39:51 -0700 (PDT) From: " =?utf-8?q?Ga=C3=ABl_PORTAY?= " X-Google-Original-From: =?utf-8?q?Ga=C3=ABl_PORTAY?= To: yocto-patches@lists.yoctoproject.org Cc: gael.portay+yocto@gmail.com, =?utf-8?q?Ga=C3=ABl_PORTAY?= Subject: [meta-security,kirkstone][PATCH 4/5] sssd: fix shipping python script and modules Date: Wed, 26 Jun 2024 15:39:12 +0200 Message-ID: <20240626133913.790145-5-gael.portay@rtone.fr> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240626133913.790145-1-gael.portay@rtone.fr> References: <20240626133913.790145-1-gael.portay@rtone.fr> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 26 Jun 2024 13:40:01 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/378 The project installs the python script sss_obfuscate to the /usr/sbin directory and the modules to the /usr/lib/python3.X directory. The recipe does not ship the python modules to the package sssd, and thus, it raises the QA issue attached below. This adds the python artifacts (sss_obfuscate script and module files) to the dedicated package sssd-python. Fixes: NOTE: Executing Tasks ERROR: sssd-2.5.2-r0 do_package: QA Issue: sssd: Files/directories were installed but not shipped in any package: /usr/lib/python3.10 /usr/lib/python3.10/site-packages /usr/lib/python3.10/site-packages/SSSDConfig-2.5.2-py3.10.egg-info /usr/lib/python3.10/site-packages/pysss_nss_idmap.so /usr/lib/python3.10/site-packages/pyhbac.so /usr/lib/python3.10/site-packages/pysss.so /usr/lib/python3.10/site-packages/pysss_murmur.so /usr/lib/python3.10/site-packages/SSSDConfig /usr/lib/python3.10/site-packages/SSSDConfig/sssdoptions.py /usr/lib/python3.10/site-packages/SSSDConfig/ipachangeconf.py /usr/lib/python3.10/site-packages/SSSDConfig/__init__.py /usr/lib/python3.10/site-packages/SSSDConfig/__pycache__ /usr/lib/python3.10/site-packages/SSSDConfig/__pycache__/ipachangeconf.cpython-310.pyc /usr/lib/python3.10/site-packages/SSSDConfig/__pycache__/__init__.cpython-310.pyc /usr/lib/python3.10/site-packages/SSSDConfig/__pycache__/sssdoptions.cpython-310.pyc Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install. sssd: 15 installed and not shipped files. [installed-vs-shipped] ERROR: sssd-2.5.2-r0 do_package: Fatal QA errors were found, failing task. Signed-off-by: Gaël PORTAY --- recipes-security/sssd/sssd_2.5.2.bb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/recipes-security/sssd/sssd_2.5.2.bb b/recipes-security/sssd/sssd_2.5.2.bb index 9991667..4084d07 100644 --- a/recipes-security/sssd/sssd_2.5.2.bb +++ b/recipes-security/sssd/sssd_2.5.2.bb @@ -143,6 +143,7 @@ SYSTEMD_SERVICE:${PN} = " \ " SYSTEMD_AUTO_ENABLE = "disable" +PACKAGE_BEFORE_PN =+ "${PN}-python" PACKAGES =+ "libsss-sudo" ALLOW_EMPTY:libsss-sudo = "1" @@ -151,6 +152,10 @@ FILES:${PN} += "${base_libdir}/security/pam_sss*.so \ ${libdir}/krb5/* \ ${libdir}/ldb/* \ " +FILES:${PN}-python = "${sbindir}/sss_obfuscate \ + ${PYTHON_SITEPACKAGES_DIR} \ + " FILES:libsss-sudo = "${libdir}/libsss_sudo.so" RDEPENDS:${PN} = "bind bind-utils dbus libldb libpam libsss-sudo" +RDEPENDS:${PN}-python = "python3-core" From patchwork Wed Jun 26 13:39:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ga=C3=ABl_PORTAY?= X-Patchwork-Id: 45653 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2BF1CC30659 for ; Wed, 26 Jun 2024 13:40:01 +0000 (UTC) Received: from mail-wr1-f44.google.com (mail-wr1-f44.google.com [209.85.221.44]) by mx.groups.io with SMTP id smtpd.web11.27021.1719409196215474174 for ; Wed, 26 Jun 2024 06:39:56 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=mtir9GPX; spf=pass (domain: gmail.com, ip: 209.85.221.44, mailfrom: gael.portay@gmail.com) Received: by mail-wr1-f44.google.com with SMTP id ffacd0b85a97d-364a3d5d901so4566491f8f.0 for ; Wed, 26 Jun 2024 06:39:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1719409194; x=1720013994; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GrWsSMLSc57sTZxFc1FJtgniB+QwqRbXWCAf0m+0r+E=; b=mtir9GPXP9FRnpSAJP8jrLzwVco7M5nZWuuFGUU24yT2ZkmbdOeTYFYX3ILoNwLIvh OriEBOLAsqX3Hm1thMmzb89P2yQ1BoskxiTH5zUOk5YFHvm7Ul8fox/bLMtk8QEX3o2l JRxVenP/q29t/sKC2P2eXZZpn9La5WSx9GsjyiF9iqd9V/CZAeyUIpRTzI3Q2WQu5557 mFtz91ZAv3+NU0R/yPtkh3+RCtTNFgEIC/w1PU8gPdE8ASycpaham1vBFwge7qH4VSGy hUvKQFNXPR7f4Ms29/vY2C3jghwPxLrdRHg2GhDVCxNznSypyE9BEzAeHSwM2ZjMfrUk tjgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719409194; x=1720013994; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GrWsSMLSc57sTZxFc1FJtgniB+QwqRbXWCAf0m+0r+E=; b=Tiwp2no2fjK5iR0vHWli7CcogpuEu84E+BBWAtaQvHdId3gk53Yajlk+yneIJkZevW b/+WvAyIuvyJ7H4aHA7GLMwbQwfgO6eD5t6IlF1zHK5pUogRw33CXVfaLNXRf0zoBo3E 3mEqhgTvUjQRBORmZJ0LIYzN/1wTawX+OLyracwOsChYHVVi0vJeVnUBtGhLVWU1dXUg HNVp3ykx6DZjNSar1gM/NeBGvZhlKUfaPePSTX9MNoD2sHsnyV66rufKG/ubRb6zkf5e 4zAGtrtnJokWfiNQX2dptVQ0LeA1Yd863vZjeufBZCKoyTIrTMKAwH5cbAVw0y/FnrOq KMUA== X-Gm-Message-State: AOJu0YyyDGNlZRMN7EvXNsjHzEk/SPLWqV4/4VuClQQybQPVnriXj0BN IAIZVPiMvjX9JrkX5gFYblTvYo494A88wokp3XWIC7atGzP+nRF7ZSpxjPip X-Google-Smtp-Source: AGHT+IGapkMY2v/0BjzTZTkySDCBA0EKw/JFlIebKbMBwxNGASrIOwlG0YOGwCNzJGmPv1kRTvc1JA== X-Received: by 2002:a05:6000:2c2:b0:366:ef25:de51 with SMTP id ffacd0b85a97d-366ef25df70mr8031075f8f.49.1719409193838; Wed, 26 Jun 2024 06:39:53 -0700 (PDT) Received: from localhost.localdomain ([2a01:e0a:ce:f2f0:2a6b:35ff:feb8:77d9]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3663a8c7befsm15802533f8f.95.2024.06.26.06.39.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Jun 2024 06:39:52 -0700 (PDT) From: " =?utf-8?q?Ga=C3=ABl_PORTAY?= " X-Google-Original-From: =?utf-8?q?Ga=C3=ABl_PORTAY?= To: yocto-patches@lists.yoctoproject.org Cc: gael.portay+yocto@gmail.com, =?utf-8?q?Ga=C3=ABl_PORTAY?= Subject: [meta-security,kirkstone][PATCH 5/5] sssd: fix path to python3 interpreter Date: Wed, 26 Jun 2024 15:39:13 +0200 Message-ID: <20240626133913.790145-6-gael.portay@rtone.fr> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240626133913.790145-1-gael.portay@rtone.fr> References: <20240626133913.790145-1-gael.portay@rtone.fr> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 26 Jun 2024 13:40:01 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/379 The project uses /usr/bin/python as the path to the python3 interpreter in the shebang of the python3 script /usr/sbin/sss_obfuscate[1]. OpenEmbedded uses /usr/bin/python3, and thus, it causes bitbake to raise the QA issue attached below. This fixes the path to the python3 interpreter by sed'ing the shebang at do_install if the python3 is set in the PACKAGECONFIG. Fixes: ERROR: sssd-2.5.2-r0 do_package_qa: QA Issue: /usr/sbin/sss_obfuscate contained in package sssd-python requires /usr/bin/python, but no providers found in RDEPENDS:sssd-python? [file-rdeps] ERROR: sssd-2.5.2-r0 do_package_qa: Fatal QA errors were found, failing task. [1]: https://github.com/SSSD/sssd/blob/2.5.2/src/tools/sss_obfuscate#L1 Signed-off-by: Gaël PORTAY --- recipes-security/sssd/sssd_2.5.2.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/recipes-security/sssd/sssd_2.5.2.bb b/recipes-security/sssd/sssd_2.5.2.bb index 4084d07..92e339a 100644 --- a/recipes-security/sssd/sssd_2.5.2.bb +++ b/recipes-security/sssd/sssd_2.5.2.bb @@ -109,6 +109,10 @@ do_install () { echo "d ${SSSD_UID}:${SSSD_GID} 0755 ${localstatedir}/log/${BPN} none" > ${D}${sysconfdir}/default/volatiles/99_${BPN} fi + if ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'true', 'false', d)}; then + sed '1s,/usr/bin/python,/usr/bin/python3,' -i ${D}${sbindir}/sss_obfuscate + fi + # Remove /run as it is created on startup rm -rf ${D}/run