From patchwork Fri Oct 25 08:22:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ga=C3=ABl_PORTAY?= X-Patchwork-Id: 51289 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57C5ED0BB56 for ; Fri, 25 Oct 2024 08:22:56 +0000 (UTC) Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com [209.85.221.48]) by mx.groups.io with SMTP id smtpd.web10.7374.1729844566097079136 for ; Fri, 25 Oct 2024 01:22:46 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=bKtmWB+Y; spf=pass (domain: gmail.com, ip: 209.85.221.48, mailfrom: gael.portay+rtone@gmail.com) Received: by mail-wr1-f48.google.com with SMTP id ffacd0b85a97d-37d5045987dso139500f8f.1 for ; Fri, 25 Oct 2024 01:22:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1729844564; x=1730449364; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:from:to:cc:subject:date :message-id:reply-to; bh=BWzzuPcq0E/NAMykXkim/3So1g4FXiBdN6f1GNwjT0I=; b=bKtmWB+Ymh4soVoc/WqoDEy5JYp4CQpL52EEAOhbW3b0dHhR0WmyKVjY1oMYQPq2kr B5pp9qzDWtAciOrO4CgrOdqs3jnkOMORIDEo0D7UXWkkaCro0Bn0M0OAc90Y+AxJ3wIT 5QpR451ovs/OTvCFHSIeyqNQcf4QqR2wbs4FWcbqy+w74KTkhGDFYPu0laDXwpzIrvRX ky7xC/BO1Rcr6S7q56gCwez0fpszsB7ADAtupsJdIQYsjhX0hXV67XsD4rwU/m2luw88 GDC4b3dgorCuX1UXMB+rrtL10chB2IOG2b55v9ezoN9K+1uFGdKwXnGxSjMRR7JmImZ1 i+hw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729844564; x=1730449364; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=BWzzuPcq0E/NAMykXkim/3So1g4FXiBdN6f1GNwjT0I=; b=HaTuSZmdKPKHOBed+ozoEDSP2wXIqQilCX1TQb0F4OLWkwOh3Jd/LBuIM0TkvXmGDJ Ew645OerU1bxsDyFb4ivdtfebccy7fYTLVOE7DagfSaUQJEu6h2W+B6DHkqM7O1sYhsw lcyB1rHL4CDuLnTIW+0ezy3y7Q7VbVSyRtJWilr5MDo5KeYTggozjpeOkpsiADB7iWnF 8M8PDU7E1rQiWEpPlxHSIlNyLOcNGdm6+p1Fmwi5F1AHfmwxy88pcgQnF5uO3htF9M0v 4o0R5Nz+PtYTtNT6nSQeozrwwShJLRt6kz4nX7Y72gaE+BRpXFzLBd9FWfgktUMlX/hR vAjw== X-Gm-Message-State: AOJu0YxukoSzKvTQ6lVI8tSdaaYjCzdVw2f3pQouoBRs2ECx6v9DihWY 14z/XBJTDcw72tunqfAq3zrkWsOMyXdc9EjLhUL11fvKEN06BCVEUdBTkEK3 X-Google-Smtp-Source: AGHT+IFcooI9/LEtpGnsoDFjyfacErK8h3GmisbJwg3PyzfkNWWr9h3vQ5IuncQm34o5aOMSI6RDIQ== X-Received: by 2002:a05:6000:2a1:b0:37c:f388:cd48 with SMTP id ffacd0b85a97d-3805b49e562mr255506f8f.8.1729844563558; Fri, 25 Oct 2024 01:22:43 -0700 (PDT) Received: from archlinux.. ([2a01:e0a:ce:f2f0:2a6b:35ff:feb8:77d9]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38058b70bc1sm907904f8f.70.2024.10.25.01.22.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Oct 2024 01:22:42 -0700 (PDT) Sender: =?utf-8?q?Ga=C3=ABl_PORTAY?= From: =?utf-8?q?Ga=C3=ABl_PORTAY?= To: yocto-patches@lists.yoctoproject.org Cc: =?utf-8?q?Ga=C3=ABl_PORTAY?= Subject: [meta-security][PATCH 01/10] sssd: add whitespace after ?= operator Date: Fri, 25 Oct 2024 10:22:30 +0200 Message-ID: <20241025082239.3468351-2-gael.portay+rtone@gmail.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241025082239.3468351-1-gael.portay+rtone@gmail.com> References: <20241025082239.3468351-1-gael.portay+rtone@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Oct 2024 08:22:56 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/749 This adds a whitespace after the operator ?= for the sake of consistency. Signed-off-by: Gaël PORTAY --- .../networking-layer/recipes-security/sssd/sssd_2.9.2.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb b/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb index f973ee1..fcf25bd 100644 --- a/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb +++ b/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb @@ -42,7 +42,7 @@ CACHED_CONFIGUREVARS = "ac_cv_member_struct_ldap_conncb_lc_arg=no \ ac_cv_prog_HAVE_PYTHON3=${PYTHON_DIR} \ " -PACKAGECONFIG ?="nss autofs sudo infopipe" +PACKAGECONFIG ?= "nss autofs sudo infopipe" PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}" PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}" From patchwork Fri Oct 25 08:22:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ga=C3=ABl_PORTAY?= X-Patchwork-Id: 51292 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6D2F6D0C5E4 for ; Fri, 25 Oct 2024 08:22:56 +0000 (UTC) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mx.groups.io with SMTP id smtpd.web10.7375.1729844567305149069 for ; Fri, 25 Oct 2024 01:22:47 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=CoARMUAH; spf=pass (domain: gmail.com, ip: 209.85.128.42, mailfrom: gael.portay+rtone@gmail.com) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-4315b0bd4ddso2595845e9.3 for ; Fri, 25 Oct 2024 01:22:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1729844565; x=1730449365; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:from:to:cc:subject:date :message-id:reply-to; bh=XVtLVEK95DnX+oAm+4xjFZf7+LiQCShoHQ7WPtiDrrw=; b=CoARMUAHaMnZB+CIFdLpTgBFAgaWLKIr9dZaL5vj1cm5nGjEYzUtjcXAbp6dbZ7VIT tyf08Qqrui7/V4OkyiVTHvlz8peTtdXl7iEZcK97L0QMu7Vwheast9zClCIMHVzberiM cGZbw/6svcGlHDuGcsQO/TYWdi8D1rPUGHkW2pvqmJZnMnr7/FjcmHifbqSurb/9PIos 0JypNQExM4pk5ji/cks9wyjyMaI0u3fN5Yt0jp+Ub3k1hxI4T6LN/TL00Em93+RN4DtC OLogPcsrng+uSJP9yiM9hpKbOg3EoFytZN5xT04T0CgExcXGzbdALFoXi/1rvxW4McJ7 VLBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729844565; x=1730449365; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=XVtLVEK95DnX+oAm+4xjFZf7+LiQCShoHQ7WPtiDrrw=; b=o1xH67/H36QPZsw1qfSgpBkWwgSOoR4wprDhvB9hQi/Yz5ieTFqQErC918UBLOULAE zVixqDD3JX8iXibiKam31KgHTdDPkUseBRpYLKq79iUUux58e+kKw7HbYVkQA9m6fgUV JBZvYkIYH+P+/h9qzQsZRH93D5hWmOKDdi5S5R5hwCmmJaTcC+PTObURFQD6EayLNKEc F3T1tDfFEX8XKloWpJLKIv+rUFTUyZxeMlZ1whom6HSlbVyCTEtTkGx8hG/et8gMLs/X aeIdiJ5fF84x17poIoNABGLsFnXFssJyVvxh9v2pACxkp3BaO86+7GVVrAgohjgmR/kV dLyg== X-Gm-Message-State: AOJu0YwdSxBK5AL3PUipiNqT3xjj1dvSjqnb/nOfeZUVx1WlqNMjXjte gYUBaiGHCxuOCcenUajpE6aw1WPWw3huEJWIQBGdNzxOuMtSNTlfJKy4JCEn X-Google-Smtp-Source: AGHT+IHUKjwC6Z1QD27dAbasHocxlXVUtVQyd2+NhZO6OQgBzsR/IdN9WGW4UitFNxzamgxy3/bi0g== X-Received: by 2002:a5d:6c64:0:b0:37d:487e:4d9d with SMTP id ffacd0b85a97d-3805b461465mr292578f8f.8.1729844565179; Fri, 25 Oct 2024 01:22:45 -0700 (PDT) Received: from archlinux.. ([2a01:e0a:ce:f2f0:2a6b:35ff:feb8:77d9]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38058b70bc1sm907904f8f.70.2024.10.25.01.22.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Oct 2024 01:22:43 -0700 (PDT) Sender: =?utf-8?q?Ga=C3=ABl_PORTAY?= From: =?utf-8?q?Ga=C3=ABl_PORTAY?= To: yocto-patches@lists.yoctoproject.org Cc: =?utf-8?q?Ga=C3=ABl_PORTAY?= Subject: [meta-security][PATCH 02/10] sssd: fix missing python3-core run-time dependency Date: Fri, 25 Oct 2024 10:22:31 +0200 Message-ID: <20241025082239.3468351-3-gael.portay+rtone@gmail.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241025082239.3468351-1-gael.portay+rtone@gmail.com> References: <20241025082239.3468351-1-gael.portay+rtone@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Oct 2024 08:22:56 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/750 The internal tool sss_analyze is a python script run by the sssctl command analyze. The script sss_analyze is shipped by the package sssd since 2.6.0. However, the package sssd lacks installing the python interpreter that is required to run the script. This adds the missing run-time dependency python3-core to ensure the interpreter python3 comes along the package sssd. Fixes: root@qemux86-64:~# sssctl analyze env: can't execute 'python3': No such file or directory Command '/usr/libexec/sssd/sss_analyze' failed with [127] Signed-off-by: Gaël PORTAY --- .../networking-layer/recipes-security/sssd/sssd_2.9.2.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb b/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb index fcf25bd..f6bbac3 100644 --- a/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb +++ b/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb @@ -156,4 +156,4 @@ FILES:${PN} += "${base_libdir}/security/pam_sss*.so \ FILES:libsss-sudo = "${libdir}/libsss_sudo.so" -RDEPENDS:${PN} = "bind bind-utils dbus libldb libpam libsss-sudo" +RDEPENDS:${PN} = "bind bind-utils dbus libldb libpam libsss-sudo python3-core" From patchwork Fri Oct 25 08:22:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ga=C3=ABl_PORTAY?= X-Patchwork-Id: 51294 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8E0D7D0C5E8 for ; Fri, 25 Oct 2024 08:22:56 +0000 (UTC) Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.web10.7376.1729844569032579393 for ; Fri, 25 Oct 2024 01:22:49 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=ejLBKKGv; spf=pass (domain: gmail.com, ip: 209.85.128.43, mailfrom: gael.portay+rtone@gmail.com) Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-43160c5bad8so2284555e9.3 for ; Fri, 25 Oct 2024 01:22:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1729844566; x=1730449366; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:from:to:cc:subject:date :message-id:reply-to; bh=XJiDyb7y08ZD9dtuF18zy9lt6+qGojlyvNXzQn11cMA=; b=ejLBKKGv6IRUGWrC+NUdcYH7uVc1uS4SIaxmk+39DLtDzGNdg7Qu2SPmnmNulHK1Mb HyRGcCBBkPVFxC03x6t7HRCot1vhTgmUOBA36D+3jGhRpzqy9uwO7sDhG19H21WuEJwp fs3b5cJxDeqCu4NvWeYsChPJXmomGYWExVQoPbb/UBxtKppq4Jne/FfFMdCn2X2xaDlb 6NuKZMZ+lOBgOTZNHGsMMT2DGdSEpRxbMXOQxGMVDrLrnTaj9zGpVIgSWz7eNkzyygU3 iPdTW3VhcHySwDIwuqOuTMWjn3ZTaEjDb2vO6Rla11xBWHEwykTpRim7AhtXn2oN+dAN Mwlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729844566; x=1730449366; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=XJiDyb7y08ZD9dtuF18zy9lt6+qGojlyvNXzQn11cMA=; b=kWP0iBV1cEJP7RAW6Dld2rDvdmZTJCgt/y/gJRn/hgPNKeekTI4fZlemL85DKVV9Mj oHHJD9yu7muVm2IKReCRasHgi6gEH7rl4Idy1iQWMQdtm9jK+ISLu17Z4HrNPo+PWcIL LdXhAZiCwNKSvR+qHPWkE4Kkhkpim3fWb7NQiHyXMpp9fenqEiHeLvHLIWWiE/fJbbBc 5eV24sH1XG3qc2cBb9enUdFok4SBbzAK5D2LVoMUT6D/E47NTgzOKi9ewv4BJNYrARl5 +dYDZQNkOBOT5+ON6DGCorVzKmhRSoAwmC42H8kIOTKA+dwSZPlLAZYoIbd4LRTaT/qd bnBA== X-Gm-Message-State: AOJu0Yw0FBXUI2LQYfMudcOwBle6wXzGQjOtvwPqxzUyZzOAw0J/8+gE sVd0lplQlN6zjayzYBLjCs0e1uALYRKKB78Cn4FeuUCK5iznpsjO6GWRQ/ld X-Google-Smtp-Source: AGHT+IEcndjYT8ClWyg2Y7LxKm7HjJl5IM+8fbKXLnZfO6Z4TEIGAdhuIr82wxrDJybgy3SzcSK9kA== X-Received: by 2002:a5d:64e5:0:b0:37d:4864:39a2 with SMTP id ffacd0b85a97d-3805b3fd077mr244283f8f.7.1729844566379; Fri, 25 Oct 2024 01:22:46 -0700 (PDT) Received: from archlinux.. ([2a01:e0a:ce:f2f0:2a6b:35ff:feb8:77d9]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38058b70bc1sm907904f8f.70.2024.10.25.01.22.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Oct 2024 01:22:45 -0700 (PDT) Sender: =?utf-8?q?Ga=C3=ABl_PORTAY?= From: =?utf-8?q?Ga=C3=ABl_PORTAY?= To: yocto-patches@lists.yoctoproject.org Cc: =?utf-8?q?Ga=C3=ABl_PORTAY?= Subject: [meta-security][PATCH 03/10] sssd: fix missing python3-logging run-time dependency Date: Fri, 25 Oct 2024 10:22:32 +0200 Message-ID: <20241025082239.3468351-4-gael.portay+rtone@gmail.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241025082239.3468351-1-gael.portay+rtone@gmail.com> References: <20241025082239.3468351-1-gael.portay+rtone@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Oct 2024 08:22:56 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/751 The internal tool sss_analyze is a python script run by the sssctl command analyze. The script sss_analyze imports the python module logging[1]. However, the package sssd lacks installing this python module that is required to run the script. This adds the missing run-time dependency python3-logging to ensure this module comes along the package sssd. Fixes: root@qemux86-64:~# sssctl analyze Traceback (most recent call last): File "/usr/libexec/sssd/sss_analyze", line 3, in from sssd import sss_analyze File "/usr/lib/python3.12/site-packages/sssd/sss_analyze.py", line 3, in from sssd.modules import request File "/usr/lib/python3.12/site-packages/sssd/modules/request.py", line 2, in import logging ModuleNotFoundError: No module named 'logging' [1]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/analyzer/source_files.py#L2 Signed-off-by: Gaël PORTAY --- .../recipes-security/sssd/sssd_2.9.2.bb | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb b/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb index f6bbac3..e8f3031 100644 --- a/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb +++ b/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb @@ -156,4 +156,12 @@ FILES:${PN} += "${base_libdir}/security/pam_sss*.so \ FILES:libsss-sudo = "${libdir}/libsss_sudo.so" -RDEPENDS:${PN} = "bind bind-utils dbus libldb libpam libsss-sudo python3-core" +RDEPENDS:${PN} = "bind \ + bind-utils \ + dbus \ + libldb \ + libpam \ + libsss-sudo \ + python3-core \ + python3-logging \ + " From patchwork Fri Oct 25 08:22:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ga=C3=ABl_PORTAY?= X-Patchwork-Id: 51293 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 83AD6D0C5E5 for ; Fri, 25 Oct 2024 08:22:56 +0000 (UTC) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by mx.groups.io with SMTP id smtpd.web11.7394.1729844570653067891 for ; Fri, 25 Oct 2024 01:22:50 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=HRYmszUW; spf=pass (domain: gmail.com, ip: 209.85.128.41, mailfrom: gael.portay+rtone@gmail.com) Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-4315b0bd4ddso2595955e9.3 for ; Fri, 25 Oct 2024 01:22:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1729844569; x=1730449369; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:from:to:cc:subject:date :message-id:reply-to; bh=j6VdBHnb5CKD1AfTY2gxXaX1I1R3P3rf4TrdTQZy+4E=; b=HRYmszUWEmm3iikKUDHMcn7gCGbrxewwK94CFwRGpDhks8NL5cpS9/uDM0WO9ZtY5a sncecFOHC/WAjPhE9y7ypkfu8643OM3ioEaa8nVwIuuhSbHbYGb/sQIsB/y9aGK2x7TS 9uAVdX9QpED0bi4LLpn9Yf95Oi2o2TrffmVN6ZulyQr5xWski5B2nhY0bTdt44c2cnz4 U1uPgdHc5nWg26krvvOVlk79L4THTu/56TKXayvbbJnmSOzzQYfGmsB47tpYBo4vpubj Ki1HKC5Zq+K71whmCWwdaQL95U7i8y8l+Izz+H/N499E7kHhLzxl1tMEVCQwMArIVbMB hFyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729844569; x=1730449369; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=j6VdBHnb5CKD1AfTY2gxXaX1I1R3P3rf4TrdTQZy+4E=; b=MvifPpJJ3xO2nzfb+Qd35J+cHaw4aN0NXXZvtW6H+6SAuQO2wqUyzM1HBBFHGDpkxz xckD6TYxHsbUTHKKCeTj9Q882zgx7XW5T8x3qhAMhTcMiY+7RnL8nN9KRh8uRYqZPgFR w+x26hAyLDqrDaJnAD3reLZUkUdZYZ9wxhPOSKWJZx2aShUyVYFVxMwNibU8tjCQCI+v kF+4yUlu+AjH6C/RlksYUUvS30Ve/+WnB7bLB4vNM84Rp9EIoFBgtayHacKwwISp5V/Y ubKTUPPr5TFdciHXmHg16eMvi8IamBdFBTE4Wlzjji3/NPeaZ3SVy1BkN8k0afTyyaRD v5Vw== X-Gm-Message-State: AOJu0YypsbTiCeYBiMV8e+LC4jMgob8N9wTB5qDhGtlk8E1sl1ZUCGvm +4bJ7BuoBpKd2dCSMg2pt2lSFBjBywuL0aH2obRJ6VfraR5PQozT67RPTJeX X-Google-Smtp-Source: AGHT+IH3rehyyeUe3LbBY1LtaPfmPOfSi/VXDeMu88ExheS4lpAIqK4KDEimD66mmr3BRLLDeOBavA== X-Received: by 2002:a05:6000:1f8f:b0:37d:4548:2d70 with SMTP id ffacd0b85a97d-3805b4ab1d9mr259558f8f.11.1729844568450; Fri, 25 Oct 2024 01:22:48 -0700 (PDT) Received: from archlinux.. ([2a01:e0a:ce:f2f0:2a6b:35ff:feb8:77d9]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38058b70bc1sm907904f8f.70.2024.10.25.01.22.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Oct 2024 01:22:46 -0700 (PDT) Sender: =?utf-8?q?Ga=C3=ABl_PORTAY?= From: =?utf-8?q?Ga=C3=ABl_PORTAY?= To: yocto-patches@lists.yoctoproject.org Cc: =?utf-8?q?Ga=C3=ABl_PORTAY?= Subject: [meta-security][PATCH 04/10] sssd: fix installation sss_analyze python3 files Date: Fri, 25 Oct 2024 10:22:33 +0200 Message-ID: <20241025082239.3468351-5-gael.portay+rtone@gmail.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241025082239.3468351-1-gael.portay+rtone@gmail.com> References: <20241025082239.3468351-1-gael.portay+rtone@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Oct 2024 08:22:56 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/752 SSSD has introduced the internal tool sss_analyze since 2.6.0[1]. Add log parsing tool which can be used to track requests across responder and backend logs. sss_analyze is a python3 script[2] with modules[3] that is run by the sssctl command analyze[4][5][6]. The autotools installs the files to ${libexec} and ${python3dir}[7]. The latter is set if the configure option --with-python3-bindings is set only. As a consequence, the Makefile installs the python3 files to /sssd instead of /usr/lib/python3.12/site-packages/sssd if the option --with-python3-bindings is unset: gportay@archlinux ~/src $ find build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/modules build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/modules/__init__.py build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/modules/request.py build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/modules/error.py build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/__init__.py build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/source_files.py build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/source_journald.py build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/source_reader.py build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/parser.py build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/sss_analyze.py build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/util.py The sss_analyze tool is unrelated to the python3 bindings; the sssctl does not condition its code if the python3 bindings are unset. Therefore, sss_analyze has to be installed even if the python3 bindings are unset. This ensures the variable python3dir is set to the expected location by adding it to --without-python3-bindings if the python3 feature is disabled. gportay@archlinux ~/src $ find build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12 build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12 build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/modules build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/modules/__init__.py build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/modules/request.py build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/modules/error.py build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/__init__.py build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/source_files.py build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/source_journald.py build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/source_reader.py build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/parser.py build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/sss_analyze.py build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/util.py [1]: https://github.com/SSSD/sssd/commit/82e051e1f15060554ecacc07107c82675369e0bb [2]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/analyzer/sss_analyze#L1 [3]: https://github.com/SSSD/sssd/tree/2.9.2/src/tools/analyzer [4]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/sssctl/sssctl_logs.c#L47 [5]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/sssctl/sssctl_logs.c#L605 [6]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/sssctl/sssctl.c#L337 [7]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/analyzer/Makefile.am#L7 [8]: https://github.com/SSSD/sssd/blob/2.9.2/configure.ac#L394 Signed-off-by: Gaël PORTAY --- .../networking-layer/recipes-security/sssd/sssd_2.9.2.bb | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb b/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb index e8f3031..2035cd0 100644 --- a/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb +++ b/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb @@ -54,7 +54,7 @@ PACKAGECONFIG[manpages] = "--with-manpages, --with-manpages=no, libxslt-native d PACKAGECONFIG[nl] = "--with-libnl, --with-libnl=no, libnl" PACKAGECONFIG[nss] = ", ,nss," PACKAGECONFIG[oidc_child] = "--with-oidc-child, --without-oidc-child" -PACKAGECONFIG[python3] = "--with-python3-bindings, --without-python3-bindings" +PACKAGECONFIG[python3] = "--with-python3-bindings, --without-python3-bindings python3dir=${PYTHON_SITEPACKAGES_DIR}" PACKAGECONFIG[samba] = "--with-samba, --with-samba=no, samba" PACKAGECONFIG[selinux] = "--with-selinux, --with-selinux=no --with-semanage=no, libselinux" PACKAGECONFIG[ssh] = "--with-ssh, --with-ssh=no, " @@ -88,9 +88,6 @@ do_install () { rmdir --ignore-fail-on-non-empty "${D}/${bindir}" install -d ${D}/${sysconfdir}/${BPN} - install -d ${D}/${PYTHON_SITEPACKAGES_DIR} - mv ${D}/${BPN} ${D}/${PYTHON_SITEPACKAGES_DIR} - install -m 600 ${UNPACKDIR}/${BPN}.conf ${D}/${sysconfdir}/${BPN} # /var/log/sssd needs to be created in runtime. Use rmdir to catch if @@ -112,7 +109,6 @@ do_install () { # Remove /run as it is created on startup rm -rf ${D}/run -# rm -fr ${D}/sssd rm -f ${D}${systemd_system_unitdir}/sssd-secrets.* } From patchwork Fri Oct 25 08:22:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ga=C3=ABl_PORTAY?= X-Patchwork-Id: 51291 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 65064D0C5E0 for ; Fri, 25 Oct 2024 08:22:56 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.web11.7396.1729844571827448695 for ; Fri, 25 Oct 2024 01:22:52 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=L+M/rnDW; spf=pass (domain: gmail.com, ip: 209.85.128.54, mailfrom: gael.portay+rtone@gmail.com) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-43152fa76aaso1696815e9.1 for ; Fri, 25 Oct 2024 01:22:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1729844570; x=1730449370; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:from:to:cc:subject:date :message-id:reply-to; bh=29fBmAmNDh6174whbVpxpcipTREYv++TD4sf/MESwQk=; b=L+M/rnDWsspnVfkCHNMa3JqrAHksAprTx5uUChtYzKwXUglHXfuTC+4NGeFEZPgB3C z3lxKS8nM6Qzgns9hTbacPP3wF4MvvftLX/f86pflH6Rop8IJZ8mVTcZNWLZq3iuRnHW vK8nS9NQeQL3rpDQs6fHEC1yYUiV/TWlOVFfiD0m3RpysFwXNps0rZP/55HSWnMjWKvy h2tx1jl7OMSjGVXRTtssUmu8fUqiDxH1Tj1XY/ul2eMYGOpkvPmU0fV7Xol7Hjxhuwx3 A4fEeIhOkvurtxrTq9oeCkM+xSidcg1hEkpydvh1DE/+VFInzLJjrCAHHHgJ/QUn4sl5 5UBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729844570; x=1730449370; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=29fBmAmNDh6174whbVpxpcipTREYv++TD4sf/MESwQk=; b=AFWKUdEjfmoJh0Zcqb4aYujkx1+Zph/s6T6JAOS6KcCpor8VmUrZCooIANo7uBoAVa Er2IvKMmOOwUQhA/it3wBavtfX9AZyf/JdnBXSGMoGpT17AZVrfkFlkYAQiPX7YklDWu a9SfQwIjilin+V7/Pcthii66TM5X16BYeTF8RFpD0URQeT9KDAQPAz7QBZFTIjY46VCH /978dWazVKtay4fROrZo004dCjoagrVbzWEQJKGjapof0etfmgX1UDLREoSyGiRF57sK fU3TXh5lpROIF4lwVT7BVFDh1ghewT0oglt7eFPr5MLowLFrrjGuLn9P9A+O/vLM6fx9 LD9Q== X-Gm-Message-State: AOJu0YyagkLr+/WWQqaDWYWCAu6RCRRucKGVTvl2SfZ4JbgGYR4uABhw 6B66Dg185JtrPCJAXzRnlTMPQGUUMnZzJ8xeyzzsVbbo6Gz1E/rCf3CMtwOF X-Google-Smtp-Source: AGHT+IF798tgOVeewQLQ3+o0z7fUkw7nAlBZM9GR4qtHHonnXpvY5cZ8L9mNCABZSTc9Tcau5YQ6CA== X-Received: by 2002:a5d:5f94:0:b0:37c:df55:c1a5 with SMTP id ffacd0b85a97d-37efcf49d6cmr3222492f8f.6.1729844569719; Fri, 25 Oct 2024 01:22:49 -0700 (PDT) Received: from archlinux.. ([2a01:e0a:ce:f2f0:2a6b:35ff:feb8:77d9]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38058b70bc1sm907904f8f.70.2024.10.25.01.22.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Oct 2024 01:22:48 -0700 (PDT) Sender: =?utf-8?q?Ga=C3=ABl_PORTAY?= From: =?utf-8?q?Ga=C3=ABl_PORTAY?= To: yocto-patches@lists.yoctoproject.org Cc: =?utf-8?q?Ga=C3=ABl_PORTAY?= Subject: [meta-security][PATCH 05/10] sssd: fix ac_cv_prog_HAVE_PYTHON3 value Date: Fri, 25 Oct 2024 10:22:34 +0200 Message-ID: <20241025082239.3468351-6-gael.portay+rtone@gmail.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241025082239.3468351-1-gael.portay+rtone@gmail.com> References: <20241025082239.3468351-1-gael.portay+rtone@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Oct 2024 08:22:56 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/753 The variable HAVE_PYTHON3 expects a boolean value[1] and the configure script raises an error if the option --with-python3-bindings is set and if the value HAVE_PYTHON3 is not "yes"[2]. The recipe sets a non-boolean value to ac_cv_prog_HAVE_PYTHON3 and thus causes the task do_configure to fail. This fixes the value set to ac_cv_prog_HAVE_PYTHON3 by setting it to yes instead of $(PYTHON_DIR). Fixes: | checking for python3... (cached) python3.12 | configure: error: | The program python3 was not found in search path. | Please ensure that it is installed and its directory is included in the search | path. It is required for building python3 bindings. If you do not want to build | them please use argument --without-python3-bindings when running configure. | NOTE: The following config.log files may provide further information. [1]: https://github.com/SSSD/sssd/blob/2.5.2/configure.ac#L323-L325 [2]: https://github.com/SSSD/sssd/blob/2.5.2/configure.ac#L353-L377 Signed-off-by: Gaël PORTAY --- .../networking-layer/recipes-security/sssd/sssd_2.9.2.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb b/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb index 2035cd0..2717e4e 100644 --- a/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb +++ b/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb @@ -39,7 +39,7 @@ SSSD_UID ?= "root" SSSD_GID ?= "root" CACHED_CONFIGUREVARS = "ac_cv_member_struct_ldap_conncb_lc_arg=no \ - ac_cv_prog_HAVE_PYTHON3=${PYTHON_DIR} \ + ac_cv_prog_HAVE_PYTHON3=yes \ " PACKAGECONFIG ?= "nss autofs sudo infopipe" From patchwork Fri Oct 25 08:22:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ga=C3=ABl_PORTAY?= X-Patchwork-Id: 51290 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 68068D0C5E3 for ; Fri, 25 Oct 2024 08:22:56 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.web11.7397.1729844573042529200 for ; Fri, 25 Oct 2024 01:22:53 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=ciEtk/bl; spf=pass (domain: gmail.com, ip: 209.85.128.54, mailfrom: gael.portay+rtone@gmail.com) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-4315549c4d5so2623825e9.0 for ; Fri, 25 Oct 2024 01:22:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1729844571; x=1730449371; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:from:to:cc:subject:date :message-id:reply-to; bh=m1AP4gcWy6KMj/mrX6sWpKYQXadpf1z7Mq3kc514bSU=; b=ciEtk/blRlVS0Y9BMaq/wrCjrGy1mw6UishYL/GSHX9XYi/lf8YkPVhwyGlY3pJVOJ p0aHAPRtKB/ec0mdKhSIFo/XCRzfKY8GIFT6NzojVHs0BuEhrrpH3cbYzzzhkWPL0Mm1 MvE9Zkgc+ackeQIQWoFLMWvm3YqtWQF6C9+BdIwYDZgUYce4pZ+dqAe64WZH/cGf9wAr g+ZNzB0yMq4EgnSQ9N8vkgUg9Ghup5+UbeQci7yemzxcBuCapiAGXPgcbReQei8VxbVX jV5vHbwEyx+O3dxBQwmWkDkNJhNwX6qRvAoqIV9CT4aoaaIekzgS4727E8enC7vpyYfc JWfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729844571; x=1730449371; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=m1AP4gcWy6KMj/mrX6sWpKYQXadpf1z7Mq3kc514bSU=; b=Q6/4+BHypN1Iff3QDo7nHlhLN8YX1qJAvMvsXO+ssbV0dfnrBVCjKBraNU7J3peDzp kxEuEsfurPxprPrD/QGfgHeL+mBi+fatZTB10N3QNvHDsRWfjvor+HL6U2798BZ0SF0Z u6XYVfHMLq6yDGTW4YPxlt+k0/8tLPGovP+jGZ6qeN22HzBc4+ZLRlnbk5mxQbIfDvsl 7J2noe9f7QvYTI369IcPTsmumiKYP8kBUxWm+IVuGAHt3kEGH4X8lY33l9jFlCrmNTVY dnlKH0MWUk8GxS0JGyBiEGNU6Bze520CXgDIsFrN6mWQgVnuql9A/maiQ1Sgt9LpUxUg dxIQ== X-Gm-Message-State: AOJu0YwZBFkXCYIhO08govwOhyeAtwWDhNCoTuDNpjkcP5OErXsVa98o 3GeRjzTrtO0DMGRMVaITar0xZ9YEDjgbt7oNEllQzllEyT/mvT3tIR7XKosM X-Google-Smtp-Source: AGHT+IH9Lpoyq8MimM1YdDJqyaruw5fxDhBK9/Pc+LOAI/fWbjDrPLpiKh6owKaHn1h7zJY+Z0Ygnw== X-Received: by 2002:a5d:6da5:0:b0:37d:4517:acd0 with SMTP id ffacd0b85a97d-3805b4ab13bmr273105f8f.9.1729844570901; Fri, 25 Oct 2024 01:22:50 -0700 (PDT) Received: from archlinux.. ([2a01:e0a:ce:f2f0:2a6b:35ff:feb8:77d9]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38058b70bc1sm907904f8f.70.2024.10.25.01.22.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Oct 2024 01:22:49 -0700 (PDT) Sender: =?utf-8?q?Ga=C3=ABl_PORTAY?= From: =?utf-8?q?Ga=C3=ABl_PORTAY?= To: yocto-patches@lists.yoctoproject.org Cc: =?utf-8?q?Ga=C3=ABl_PORTAY?= Subject: [meta-security][PATCH 06/10] sssd: fix missing python3.X-config script Date: Fri, 25 Oct 2024 10:22:35 +0200 Message-ID: <20241025082239.3468351-7-gael.portay+rtone@gmail.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241025082239.3468351-1-gael.portay+rtone@gmail.com> References: <20241025082239.3468351-1-gael.portay+rtone@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Oct 2024 08:22:56 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/754 The configure script checks for the utility python3.X-config to be in $PATH; that script is shipped by the package python3-native. The recipe does not depend on the package python3-native which causes the task do_configure to fail. The recipe inherits from the bbclass python3-dir that does not install the required script to the sysroot. The bbclass python3native inherits from (the already inherited bbclass) python3-dir and it adds the missing dependency to python3-native. This fixes the configure error by "upgrading" the inherit bbclass from python3-dir to python3-native. Fixes: | checking for python3.12-config... no | configure: error: | The program python3.12-config was not found in search path. | Please ensure that it is installed and its directory is included in the search | path. If you want to build sssd without python3 bindings then specify | --without-python3-bindings when running configure. | NOTE: The following config.log files may provide further information. Signed-off-by: Gaël PORTAY --- .../networking-layer/recipes-security/sssd/sssd_2.9.2.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb b/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb index 2717e4e..16e1c24 100644 --- a/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb +++ b/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb @@ -31,7 +31,7 @@ SRC_URI[sha256sum] = "827bc65d64132410e6dd3df003f04829d60387ec30e72b2d4e22d93bb6 UPSTREAM_CHECK_URI = "https://github.com/SSSD/${BPN}/releases" -inherit autotools pkgconfig gettext python3-dir features_check systemd +inherit autotools pkgconfig gettext python3native features_check systemd REQUIRED_DISTRO_FEATURES = "pam" From patchwork Fri Oct 25 08:22:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ga=C3=ABl_PORTAY?= X-Patchwork-Id: 51288 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5DD7DD1039D for ; Fri, 25 Oct 2024 08:22:56 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.web11.7398.1729844574192050179 for ; Fri, 25 Oct 2024 01:22:54 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=OqzbY74+; spf=pass (domain: gmail.com, ip: 209.85.128.54, mailfrom: gael.portay+rtone@gmail.com) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-43158124a54so2501925e9.3 for ; Fri, 25 Oct 2024 01:22:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1729844572; x=1730449372; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:from:to:cc:subject:date :message-id:reply-to; bh=nFxYzpa4BhKxqab45ynZXcXPb3S5mzOjWmA69N8mguU=; b=OqzbY74+2Zo9FUn7Y48SE76cF1X2ly4sw2SWih8jAld27Ko4/bL/+qbBDownm9NHPP /fF4tX8FfZvLyeMR830WpTI0rR/wDd5FL8vgTWfUeX95eW68Yo36pz2Ai0KCdDbYWO1l eNP7ymE/TJjKaYKbq9FU3+nbbeZlABCIJl4b4SjvRL72mjup+4pDschEzIgZdzPeuOSY W6vhPS0RpqC9sw4om7/k3x6LM5rCbF/n3B6E48QBEBJZSElSDIDcolgZn9zQ/dQBxbvP 1HI/+wbY2nZMjGyzejl9B3CyaRQ1d3mfBYfTmEqLr2ipCLEY5ZrePxAYJWMoKEI8Gicf JHMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729844572; x=1730449372; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=nFxYzpa4BhKxqab45ynZXcXPb3S5mzOjWmA69N8mguU=; b=Jo/RXYYIjLXHdL9TDm8e1udgFic40cvlaj+pw0t+FgVCoxsASKLkfi566JJWNpWAIc YcBy3rF4dSS+kVCQEKLUwCq3ciaqxii/MYtR+MvikatMP+XwqD+7hRV1rpOk0Qm1G/1R EcAsSvr13Y5zVtFPnXILBq4cWBZs2rFPj2BGc74Y3A+0chmfg4TwaTkT3i0pV5f5MJJi MeL4rG3ZqhVFwZC6KkejNm1/Augucgg/K+daklRqLy7cJ2ydW3yp2CjalQzC9wRMxphO 2NveBRYnxWAMAy4aogWBw0jYKntfWgN7gGU9edmC0hg+RAujxN5ce7yUkdwvonXN6AX/ jtWQ== X-Gm-Message-State: AOJu0YxLaVrO0RTmG3ywUFGRqDszq3SAOoycFtJBIoZd7IpRgs0Dc8Mh 7U+aXfGr0DUV+qmms8RQZWQAcAQ+mTWaQAnlUuhk2mkbC4lYyKEsIVvWdC2+ X-Google-Smtp-Source: AGHT+IF5MKOBO2uVKAvoprm+W07GWcMuYVhLL4ih7ufAy3neYPoAPFQipyFaO1IqyBhs8MB+98Zilw== X-Received: by 2002:a5d:648c:0:b0:37c:cf75:3945 with SMTP id ffacd0b85a97d-3805b4ad8c2mr262625f8f.13.1729844572116; Fri, 25 Oct 2024 01:22:52 -0700 (PDT) Received: from archlinux.. ([2a01:e0a:ce:f2f0:2a6b:35ff:feb8:77d9]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38058b70bc1sm907904f8f.70.2024.10.25.01.22.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Oct 2024 01:22:51 -0700 (PDT) Sender: =?utf-8?q?Ga=C3=ABl_PORTAY?= From: =?utf-8?q?Ga=C3=ABl_PORTAY?= To: yocto-patches@lists.yoctoproject.org Cc: =?utf-8?q?Ga=C3=ABl_PORTAY?= , =?utf-8?q?Ga=C3=ABl?= =?utf-8?q?_PORTAY?= Subject: [meta-security][PATCH 07/10] sssd: fix issue if build machine is Debian Date: Fri, 25 Oct 2024 10:22:36 +0200 Message-ID: <20241025082239.3468351-8-gael.portay+rtone@gmail.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241025082239.3468351-1-gael.portay+rtone@gmail.com> References: <20241025082239.3468351-1-gael.portay+rtone@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Oct 2024 08:22:56 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/755 From: Gaël PORTAY The configure script guesses the target system from the host if no --with-os= is set[1]. It is untrue if cross-compiling. The guessed host operating system is used then to do specific things fort target build. The commit[2] passes the downstream debian option --install-layout=deb to setup.py[3] if the host system is debian based, and thus, it raises the error attached below as that debian-specific option[4] is not part of the openembedded[5] world. This sets the Fedora operating system thanks to the existing configure option --with-os=fedora, that is relatively sain operating system for the needs of openembedded. Fixes: | (...)/build/tmp/work/aarch64-poky-linux/sssd/2.5.2-r0/build/src/config/setup.py:25: DeprecationWarning: The distutils package is deprecated and slated for removal in Python 3.12. Use setuptools or check PEP 632 for potential alternatives | from distutils.core import setup | usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...] | or: setup.py --help [cmd1 cmd2 ...] | or: setup.py --help-commands | or: setup.py cmd --help | | error: option --install-layout not recognized | Traceback (most recent call last): | File "/home/gportay/src/openembedded-tests/build/tmp/work/core2-64-poky-linux/sssd/2.9.2/build/src/config/setup.py", line 25, in | from distutils.core import setup | ModuleNotFoundError: No module named 'distutils' Note: Upstream has introduced the "unknown" operating systemd with the upcoming version 2.10.0[6][7]. The change can be backported. [1]: https://github.com/SSSD/sssd/blob/2.5.2/src/external/platform.m4#L1-L31 [2]: https://github.com/SSSD/sssd/commit/e6ae55d5423434d5dc6c236e8647b33610d30e2e [3]: https://github.com/SSSD/sssd/blob/2.5.2/Makefile.am#L32-L35 [4]: https://sources.debian.org/patches/setuptools/68.1.2-2/install-layout.diff/#L7 [5]: https://git.openembedded.org/openembedded-core/tree/meta/recipes-devtools/python/python3-setuptools_59.5.0.bb?h=kirkstone [6]: https://github.com/SSSD/sssd/commit/7b32dc0ab877a9061b52868b8efe6866c3144b63 [7]: https://github.com/SSSD/sssd/pull/7398 Signed-off-by: Gaël PORTAY --- .../networking-layer/recipes-security/sssd/sssd_2.9.2.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb b/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb index 16e1c24..6a74a51 100644 --- a/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb +++ b/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb @@ -69,6 +69,7 @@ EXTRA_OECONF += " \ --enable-pammoddir=${base_libdir}/security \ --with-xml-catalog-path=${STAGING_ETCDIR_NATIVE}/xml/catalog \ --with-pid-path=/run \ + --with-os=fedora \ " do_configure:prepend() { From patchwork Fri Oct 25 08:22:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ga=C3=ABl_PORTAY?= X-Patchwork-Id: 51287 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 563EED1039A for ; Fri, 25 Oct 2024 08:22:56 +0000 (UTC) Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com [209.85.221.53]) by mx.groups.io with SMTP id smtpd.web10.7377.1729844575346223846 for ; Fri, 25 Oct 2024 01:22:55 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=cVkMNKgF; spf=pass (domain: gmail.com, ip: 209.85.221.53, mailfrom: gael.portay+rtone@gmail.com) Received: by mail-wr1-f53.google.com with SMTP id ffacd0b85a97d-37d6716e200so256051f8f.3 for ; Fri, 25 Oct 2024 01:22:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1729844573; x=1730449373; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:from:to:cc:subject:date :message-id:reply-to; bh=hFiqJV8QVG9O9oQY2zf8U65kMnCKN0YO3DPRA8684cI=; b=cVkMNKgFWlsWUT9lg9VNch/Foe+XtQthafZ8YBAOiaTZ/ENlvb75X1BXp5NpakgbmV bNl87xbwReHFHm3cMoH977NUGO5KN42LhFd+umdvVuVyy7eqdpr7ktuvoRirUgg+XeAp BbHn1nobSDlhgFlkqEsbzxwUcylMDMRrxAXePRxDG2zG/eo0Yw3XrTfJ2eBaLtHayuzn J7d4rnfHxWfrdqonr9jLYxbvR3SSccOzWCRXoLUT7GUxNnwSiSliRWucORKz5nXCjs6J gPq5gb0ulapFRDxwpBFcP1vPNy2iKESBrag4xSf8xaMiHQYSOxLjMLcKR7/YgONFq9fx QNfQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729844573; x=1730449373; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=hFiqJV8QVG9O9oQY2zf8U65kMnCKN0YO3DPRA8684cI=; b=HJGW04Ft1Bse02+k+lh7LMzRZKuM+OuEWJMxxBUdEUZea7T6lots2/2+H0+VGYAA/x IWwaftvb5tI2sEMUXjYwzyRQahxDMxnW/QY8xQEBdz+J+roBQJo1QY8NRo9H8HJ+fOgh LNgqBmz4XTVXXrRoEgWQ+MRmsWVRJbS5eMFwOB9RipgYKF7q+5E33dNan4sKYRTF6pcF dzd8di8kEK6xIh06LKCyZPRFk+2cpaOlBsw88jWjT0Z0DMxpyg7z/zMjWhnWj5OEcxj1 azbRafgCVOWdSIH8DhVGbcWCwsbtAQE/e2rZyAA8Q7oIX+HvxKBOK1DFbhoeggl5X4YP Wrmw== X-Gm-Message-State: AOJu0YzP/IEFgdQ/OJnBSaZ6dAPptkpgCCbF38WPY0V5ibuqcouVCpWD oLtjpJiQY8ekGKd37Bux8casl/bCv1+V49+0kTlEjvCSpbuQ8ReLMI/Lhh/b X-Google-Smtp-Source: AGHT+IG3eXFgF24xX8xoul4Hj6ExKeQNTPX/aLQafe0GA3PZru1OW3sYqNyBiFYwjqpDt8KPfn29TA== X-Received: by 2002:a5d:6d04:0:b0:37d:47f6:6fda with SMTP id ffacd0b85a97d-37efcf636bbmr3163192f8f.7.1729844573246; Fri, 25 Oct 2024 01:22:53 -0700 (PDT) Received: from archlinux.. ([2a01:e0a:ce:f2f0:2a6b:35ff:feb8:77d9]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38058b70bc1sm907904f8f.70.2024.10.25.01.22.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Oct 2024 01:22:52 -0700 (PDT) Sender: =?utf-8?q?Ga=C3=ABl_PORTAY?= From: =?utf-8?q?Ga=C3=ABl_PORTAY?= To: yocto-patches@lists.yoctoproject.org Cc: =?utf-8?q?Ga=C3=ABl_PORTAY?= Subject: [meta-security][PATCH 08/10] sssd: fix missing python3-setuptools-native dependency Date: Fri, 25 Oct 2024 10:22:37 +0200 Message-ID: <20241025082239.3468351-9-gael.portay+rtone@gmail.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241025082239.3468351-1-gael.portay+rtone@gmail.com> References: <20241025082239.3468351-1-gael.portay+rtone@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Oct 2024 08:22:56 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/756 The Makefile runs setup.py on the target all-local[1]. The file setup.py uses the deprecated module distutils[2]; sssd-2.10.0 has moved to setuptools[3]. This installs python3-setuptools-native to fix the do_compile issue below: Fixes: | Traceback (most recent call last): | File "/home/gportay/src/build/tmp/work/core2-64-poky-linux/sssd/2.9.2/build/src/config/setup.py", line 25, in | from distutils.core import setup | ModuleNotFoundError: No module named 'distutils' [1]: https://github.com/SSSD/sssd/blob/2.9.2/Makefile.am#L5462 [2]: https://github.com/SSSD/sssd/blob/2.9.2/src/config/setup.py.in#L25 [3]: https://github.com/SSSD/sssd/commit/9efd79b010dbb46d9968c3d3ab073b8e585cb2ad Signed-off-by: Gaël PORTAY --- .../networking-layer/recipes-security/sssd/sssd_2.9.2.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb b/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb index 6a74a51..a3b1659 100644 --- a/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb +++ b/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb @@ -54,7 +54,7 @@ PACKAGECONFIG[manpages] = "--with-manpages, --with-manpages=no, libxslt-native d PACKAGECONFIG[nl] = "--with-libnl, --with-libnl=no, libnl" PACKAGECONFIG[nss] = ", ,nss," PACKAGECONFIG[oidc_child] = "--with-oidc-child, --without-oidc-child" -PACKAGECONFIG[python3] = "--with-python3-bindings, --without-python3-bindings python3dir=${PYTHON_SITEPACKAGES_DIR}" +PACKAGECONFIG[python3] = "--with-python3-bindings, --without-python3-bindings python3dir=${PYTHON_SITEPACKAGES_DIR}, python3-setuptools-native" PACKAGECONFIG[samba] = "--with-samba, --with-samba=no, samba" PACKAGECONFIG[selinux] = "--with-selinux, --with-selinux=no --with-semanage=no, libselinux" PACKAGECONFIG[ssh] = "--with-ssh, --with-ssh=no, " From patchwork Fri Oct 25 08:22:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ga=C3=ABl_PORTAY?= X-Patchwork-Id: 51296 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8757AD0C5E3 for ; Fri, 25 Oct 2024 08:23:06 +0000 (UTC) Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com [209.85.128.51]) by mx.groups.io with SMTP id smtpd.web11.7400.1729844576536733764 for ; Fri, 25 Oct 2024 01:22:56 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Rpgm6T3E; spf=pass (domain: gmail.com, ip: 209.85.128.51, mailfrom: gael.portay+rtone@gmail.com) Received: by mail-wm1-f51.google.com with SMTP id 5b1f17b1804b1-4315b957ae8so2296085e9.1 for ; Fri, 25 Oct 2024 01:22:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1729844574; x=1730449374; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:from:to:cc:subject:date :message-id:reply-to; bh=ADahBH2a9jmL6wWgGmLVa2bh23t+gUfsvyzgcPdkuUM=; b=Rpgm6T3ExenXhbFLrpU9tm687tI7X87qWFDr+A0VvOvVktaBj7rP6hfJhLvkROVPyS N+uxFaNBUFgzn/Qn0wnE4XBR4u4YrUzmTAgO7lDApF918R2N03/3cubVoSfpN4fmtuvd 7SPpFNHUbv5nvqbS35MyWUAHbb+O4adInthjMmzxCzzdm2NO/+WBykG6Ei3i/z4V3UXp ma4YWi7LlqXZUTbH6CeGIQeq6XTl6OBIYSiL2DylVVl5H71T36M/Cl7PPD5HVicWFmeW V9co11m4A6bFBtA4keJniPt/cG9k+4OZm8f5NS+/AqcY+WaL7Dq7/O3sIsDPP/Ax9uyY zA5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729844574; x=1730449374; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=ADahBH2a9jmL6wWgGmLVa2bh23t+gUfsvyzgcPdkuUM=; b=dU/nfpT+Qfd9CfhNPSBhyqjn9e8seDKsI88JvXZMqti2ZXqXECBl4FhhxeUyYMy+oL 07GESfy5trXViUmuY8LjjNVi85DAhIRuKhYkmKkX62wvq1Ki/wr2S9XS9N11MdD2z92x H036XG3zbSigiN47X52jUe8SuJL2amCpqWkNBvDLPBohJ9V61pfMKXeE5KJZPoM/rmcB T0VPGNzD55SyF+zaX2WkwWmuWl+83qUsZI9Ml355CVpV0xG1/zQlmvlDUR953T81FLQo vPHkSpjeyCOQWm7cj7jsx+oXAs6vdgf2yDSPAqZw2CrE6C/Ds7bOCD6igQy49tpjPSCF nC0A== X-Gm-Message-State: AOJu0YzxZUqxsdMHsn1roA1AhByyEaJes8UV6xlu2Onl+dbFGK0jjbNW 1PT06a/O+zYgQagCDZToFjqZYtewNY/pynCogYbWfFZdb2A5nDuyV+kOB3A2 X-Google-Smtp-Source: AGHT+IFy5DDgX5eVRvIoFO+RYYt5r3yg3BW1VEMz901Stt/4WYiHwRMZRNpW0J1u77dBJaShMZ8AEQ== X-Received: by 2002:a5d:64e5:0:b0:37d:4864:39a2 with SMTP id ffacd0b85a97d-3805b3fd077mr244415f8f.7.1729844574448; Fri, 25 Oct 2024 01:22:54 -0700 (PDT) Received: from archlinux.. ([2a01:e0a:ce:f2f0:2a6b:35ff:feb8:77d9]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38058b70bc1sm907904f8f.70.2024.10.25.01.22.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Oct 2024 01:22:53 -0700 (PDT) Sender: =?utf-8?q?Ga=C3=ABl_PORTAY?= From: =?utf-8?q?Ga=C3=ABl_PORTAY?= To: yocto-patches@lists.yoctoproject.org Cc: =?utf-8?q?Ga=C3=ABl_PORTAY?= Subject: [meta-security][PATCH 09/10] sssd: fix shipping python script and modules Date: Fri, 25 Oct 2024 10:22:38 +0200 Message-ID: <20241025082239.3468351-10-gael.portay+rtone@gmail.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241025082239.3468351-1-gael.portay+rtone@gmail.com> References: <20241025082239.3468351-1-gael.portay+rtone@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Oct 2024 08:23:06 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/757 The project installs the python script sss_obfuscate to the /usr/sbin directory and the modules to the /usr/lib/python3.X directory. The recipe does not ship the python modules to the package sssd, and thus, it raises the QA issue attached below. This adds the python artifacts (sss_obfuscate script and module files) to the dedicated package sssd-python. Fixes: NOTE: Executing Tasks ERROR: sssd-2.9.2-r0 do_package: QA Issue: sssd: Files/directories were installed but not shipped in any package: /usr/lib/python3.12/site-packages/pysss.so /usr/lib/python3.12/site-packages/pyhbac.so /usr/lib/python3.12/site-packages/pysss_murmur.so /usr/lib/python3.12/site-packages/pysss_nss_idmap.so /usr/lib/python3.12/site-packages/SSSDConfig /usr/lib/python3.12/site-packages/SSSDConfig-2.9.2-py3.12.egg-info /usr/lib/python3.12/site-packages/SSSDConfig/__init__.py /usr/lib/python3.12/site-packages/SSSDConfig/ipachangeconf.py /usr/lib/python3.12/site-packages/SSSDConfig/sssdoptions.py /usr/lib/python3.12/site-packages/SSSDConfig/__pycache__ /usr/lib/python3.12/site-packages/SSSDConfig/__pycache__/__init__.cpython-312.pyc /usr/lib/python3.12/site-packages/SSSDConfig/__pycache__/ipachangeconf.cpython-312.pyc /usr/lib/python3.12/site-packages/SSSDConfig/__pycache__/sssdoptions.cpython-312.pyc /usr/lib/python3.12/site-packages/SSSDConfig-2.9.2-py3.12.egg-info/dependency_links.txt /usr/lib/python3.12/site-packages/SSSDConfig-2.9.2-py3.12.egg-info/top_level.txt /usr/lib/python3.12/site-packages/SSSDConfig-2.9.2-py3.12.egg-info/SOURCES.txt /usr/lib/python3.12/site-packages/SSSDConfig-2.9.2-py3.12.egg-info/PKG-INFO Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install. sssd: 17 installed and not shipped files. [installed-vs-shipped] ERROR: sssd-2.9.2-r0 do_package: Fatal QA errors were found, failing task. Signed-off-by: Gaël PORTAY --- .../networking-layer/recipes-security/sssd/sssd_2.9.2.bb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb b/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb index a3b1659..e5cd4d8 100644 --- a/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb +++ b/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb @@ -139,7 +139,7 @@ SYSTEMD_SERVICE:${PN} = " \ " SYSTEMD_AUTO_ENABLE = "disable" -PACKAGES =+ "libsss-sudo" +PACKAGES =+ "sssd-python libsss-sudo" ALLOW_EMPTY:libsss-sudo = "1" FILES:${PN} += "${base_libdir}/security/pam_sss*.so \ @@ -151,6 +151,9 @@ FILES:${PN} += "${base_libdir}/security/pam_sss*.so \ ${PYTHON_SITEPACKAGES_DIR}/sssd \ " +FILES:${PN}-python = "${sbindir}/sss_obfuscate \ + ${PYTHON_SITEPACKAGES_DIR} \ + " FILES:libsss-sudo = "${libdir}/libsss_sudo.so" RDEPENDS:${PN} = "bind \ @@ -162,3 +165,4 @@ RDEPENDS:${PN} = "bind \ python3-core \ python3-logging \ " +RDEPENDS:${PN}-python = "python3-core" From patchwork Fri Oct 25 08:22:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ga=C3=ABl_PORTAY?= X-Patchwork-Id: 51295 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8749BD0C5E6 for ; Fri, 25 Oct 2024 08:23:06 +0000 (UTC) Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com [209.85.221.53]) by mx.groups.io with SMTP id smtpd.web11.7401.1729844577702748101 for ; Fri, 25 Oct 2024 01:22:58 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=ZRRm32iz; spf=pass (domain: gmail.com, ip: 209.85.221.53, mailfrom: gael.portay+rtone@gmail.com) Received: by mail-wr1-f53.google.com with SMTP id ffacd0b85a97d-37d432f9f5aso114145f8f.3 for ; Fri, 25 Oct 2024 01:22:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1729844576; x=1730449376; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:from:to:cc:subject:date :message-id:reply-to; bh=BgtlTAmnZRtvp4WNHffm0Nog7RLEQvl16WAMsVBqhe8=; b=ZRRm32izdECo9NIEhq2d2ugPPnlt1Rcst8yKzJ+WhRvb0TJ87o/tcl2zfsjXxSDKX6 o6lsYOsrN+KaEO7r9coUzxOIyHWele+ALS1FfaRASuGwJaxElXzZeG+oCfCY1cEO+VJp pugg8LBjYS527xcnMz5v5F+aiDlMFDhBGurF20/Hn9BJ0MQUbrXB4Ol495s2C6kyEuCQ ntBGMAyzgh1r2hhZExzzTbyOjeMrGRCzK8touKPgEe9OOLz4Tz8P9MVJYtqay5bubHcw JXJnnwboGREQd8nCBDH/jFC0jZmY/0oYoOXv1uwPygl4xo1h7byucJT9YiyFHE5sA3HP 8/qw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729844576; x=1730449376; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=BgtlTAmnZRtvp4WNHffm0Nog7RLEQvl16WAMsVBqhe8=; b=UaENWoM/uauvTk4Xw+iDfmuyJmq/djTDaiTlRY9kJrg+dRFzGlnELsiWvYZ9PyW8Lw BNQmvWGZhayI5bVFrgdEvsJPsiesVBqDTMi+b/awf0hIqPYgxHjBWFvxal7VqJj+53Hb jtZ9v/n9LNjR/HNUI1XMJsdZv1PXMTVnwYKmHw5m9qppIo5RLkm/I+1ZBNw0R8RkMZ3Z YIYuzXBHPO/iIttb4UapC/s4mZ65rABhnv7F3nvJ/hxlN2b85VxFClEkuKrOAvGOeqIv MRPjZfIT4EZZL0pdYgQokt7z/Gv7lCKMPyTyGXuU8NTkkKkpEH3Z1MqLfYowXdct0UGl KZrQ== X-Gm-Message-State: AOJu0YxUoAT95XGGRgjqBFq00nEV0Sy6ZwAmwocJiv0CWto9XeviQgFu 798bdXogazJwtjrsdTZvb1/seQzx9BSv/uEoiUBhXyMEHxxsxbKnUuJCtU9c X-Google-Smtp-Source: AGHT+IE1J6xY8+ZUbOseYW4r8qXGLWXr1NfLAvCaV44K5R0iYfj1B6Yq9uq6YYdLZYryvGzH8dtnRg== X-Received: by 2002:a5d:64e2:0:b0:37d:4aa2:5ce8 with SMTP id ffacd0b85a97d-3805b4357ebmr225201f8f.5.1729844575593; Fri, 25 Oct 2024 01:22:55 -0700 (PDT) Received: from archlinux.. ([2a01:e0a:ce:f2f0:2a6b:35ff:feb8:77d9]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38058b70bc1sm907904f8f.70.2024.10.25.01.22.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Oct 2024 01:22:54 -0700 (PDT) Sender: =?utf-8?q?Ga=C3=ABl_PORTAY?= From: =?utf-8?q?Ga=C3=ABl_PORTAY?= To: yocto-patches@lists.yoctoproject.org Cc: =?utf-8?q?Ga=C3=ABl_PORTAY?= Subject: [meta-security][PATCH 10/10] sssd: fix path to python3 interpreter Date: Fri, 25 Oct 2024 10:22:39 +0200 Message-ID: <20241025082239.3468351-11-gael.portay+rtone@gmail.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241025082239.3468351-1-gael.portay+rtone@gmail.com> References: <20241025082239.3468351-1-gael.portay+rtone@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Oct 2024 08:23:06 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/758 The project uses /usr/bin/python as the path to the python3 interpreter in the shebang of the python3 script /usr/sbin/sss_obfuscate[1]. OpenEmbedded uses /usr/bin/python3, and thus, it causes bitbake to raise the QA issue attached below. This fixes the path to the python3 interpreter by sed'ing the shebang at do_install if the python3 is set in the PACKAGECONFIG. Fixes: NOTE: Executing Tasks ERROR: sssd-2.9.2-r0 do_package_qa: QA Issue: /usr/sbin/sss_obfuscate contained in package sssd-python requires /usr/bin/python, but no providers found in RDEPENDS:sssd-python? [file-rdeps] ERROR: sssd-2.9.2-r0 do_package_qa: Fatal QA errors were found, failing task. [1]: https://github.com/SSSD/sssd/blob/2.5.2/src/tools/sss_obfuscate#L1 Signed-off-by: Gaël PORTAY --- .../networking-layer/recipes-security/sssd/sssd_2.9.2.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb b/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb index e5cd4d8..f35d0c8 100644 --- a/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb +++ b/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb @@ -107,6 +107,10 @@ do_install () { echo "d ${SSSD_UID}:${SSSD_GID} 0755 ${localstatedir}/log/${BPN} none" > ${D}${sysconfdir}/default/volatiles/99_${BPN} fi + if ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'true', 'false', d)}; then + sed '1s,/usr/bin/python,/usr/bin/python3,' -i ${D}${sbindir}/sss_obfuscate + fi + # Remove /run as it is created on startup rm -rf ${D}/run