Le jeu. 5 sept. 2024 à 01:07, Peter Kjellerstedt < [email protected]> a écrit :
> > -----Original Message----- > > From: [email protected] < > [email protected]> On Behalf Of Yoann Congal via > lists.openembedded.org > > Sent: den 5 september 2024 00:54 > > To: [email protected] > > Cc: Yoann Congal <[email protected]> > > Subject: [oe] [meta-oe][PATCH 1/2] polkit: Switch PAM files to common-* > > > > From: Yoann Congal <[email protected]> > > > > Add a new OS option to polkit meson: "openembedded" and use this to > > set PAM include to common-* which matches OE-Core libpam. > > > > This also may fix a non-reproducibility since polkit meson system tried > > to detect the host (compiling) OS and changed PAM config from the > > detected value. > > > > Fixes: https://github.com/openembedded/meta-openembedded/issues/860 > > > > Signed-off-by: Yoann Congal <[email protected]> > > --- > > ...pport-openembedded-OS-for-PAM-config.patch | 48 +++++++++++++++++++ > > meta-oe/recipes-extended/polkit/polkit_125.bb | 8 +++- > > 2 files changed, 55 insertions(+), 1 deletion(-) > > create mode 100644 > meta-oe/recipes-extended/polkit/files/meson-build-Support-openembedded-OS-for-PAM-config.patch > > > > diff --git > a/meta-oe/recipes-extended/polkit/files/meson-build-Support-openembedded-OS-for-PAM-config.patch > b/meta-oe/recipes-extended/polkit/files/meson-build-Support-openembedded-OS-for-PAM-config.patch > > new file mode 100644 > > index 0000000000..e0ee8a309a > > --- /dev/null > > +++ > b/meta-oe/recipes-extended/polkit/files/meson-build-Support-openembedded-OS-for-PAM-config.patch > > @@ -0,0 +1,48 @@ > > +From 7c89b88f0f81ad220d08d69d212c14c6eeefb647 Mon Sep 17 00:00:00 2001 > > +From: Yoann Congal <[email protected]> > > +Date: Tue, 3 Sep 2024 12:17:42 +0200 > > +Subject: [PATCH] meson.build: Support "openembedded" OS for PAM config > > + > > +In Openembedded, same as Suse/Solaris: PAM files are common-*: > > +* PAM_FILE_INCLUDE_AUTH: common-auth > > +* PAM_FILE_INCLUDE_ACCOUNT: common-account > > +* PAM_FILE_INCLUDE_PASSWORD: common-password > > +* PAM_FILE_INCLUDE_SESSION: common-session > > +See OE-Core libpam recipe. > > + > > +NB: This is also the same config as Debian but its not mentioned in the > > +code. > > + > > +Signed-off-by: Yoann Congal <[email protected]> > > +Upstream-Status: Inappropriate [oe specific] > > +--- > > + meson.build | 2 +- > > + meson_options.txt | 2 +- > > + 2 files changed, 2 insertions(+), 2 deletions(-) > > + > > +diff --git a/meson.build b/meson.build > > +index 302c189..a55f2d6 100644 > > +--- a/meson.build > > ++++ b/meson.build > > +@@ -311,7 +311,7 @@ endif > > + > > + pam_include = get_option('pam_include') > > + if pam_include == '' > > +- if ['suse', 'solaris'].contains(os_type) > > ++ if ['suse', 'solaris', 'openembedded'].contains(os_type) > > + pam_conf = { > > + 'PAM_FILE_INCLUDE_AUTH': 'common-auth', > > + 'PAM_FILE_INCLUDE_ACCOUNT': 'common-account', > > +diff --git a/meson_options.txt b/meson_options.txt > > +index c2e4a6c..14d7a50 100644 > > +--- a/meson_options.txt > > ++++ b/meson_options.txt > > +@@ -6,7 +6,7 @@ option('polkitd_user', type: 'string', value: 'polkitd', > > description: 'User for > > + option('polkitd_uid', type: 'string', value: '-', description: 'Fixed > UID for user running polkitd (polkitd)') > > + > > + option('authfw', type: 'combo', choices: ['pam', 'shadow', 'bsdauth'], > value: 'pam', description: 'Authentication framework (pam/shadow)') > > +-option('os_type', type: 'combo', choices: ['redhat', 'suse', 'gentoo', > 'pardus', 'solaris', 'netbsd', 'lfs', ''], value: '', description: > 'distribution or OS') > > ++option('os_type', type: 'combo', choices: ['redhat', 'suse', 'gentoo', > 'pardus', 'solaris', 'netbsd', 'lfs', 'openembedded', ''], value: '', > description: 'distribution or OS') > > + > > + option('pam_include', type: 'string', value: '', description: 'pam > file to include') > > + option('pam_module_dir', type: 'string', value: '', description: > 'directory to install PAM security module') > > diff --git a/meta-oe/recipes-extended/polkit/polkit_125.bb > b/meta-oe/recipes-extended/polkit/polkit_125.bb > > index fe1ee467c3..2405ed6034 100644 > > --- a/meta-oe/recipes-extended/polkit/polkit_125.bb > > +++ b/meta-oe/recipes-extended/polkit/polkit_125.bb > > @@ -5,7 +5,9 @@ LICENSE = "LGPL-2.0-or-later" > > LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb" > > BUGTRACKER = "https://github.com/polkit-org/polkit/issues"; > > > > -SRC_URI = "git:// > github.com/polkit-org/polkit.git;protocol=https;branch=main" > > +SRC_URI = "git:// > github.com/polkit-org/polkit.git;protocol=https;branch=main \ > > + > file://meson-build-Support-openembedded-OS-for-PAM-config.patch \ > > + " > > > > S = "${WORKDIR}/git" > > SRCREV = "112752c12da812a163dac67d7f675b60de8f7d7b" > > @@ -16,6 +18,10 @@ inherit meson pkgconfig useradd systemd gettext > gobject-introspection features_c > > > > REQUIRED_DISTRO_FEATURES = "polkit" > > > > +# Prevent meson.build to try to autodetect host OS (which could lead to > > +# non-reproducibility) > > +EXTRA_OEMESON = "-Dos_type=openembedded" > > Why do you need the patch? Can't you just set: > > EXTRA_OEMESON = "-Dos_type=suse" > > and be done with it? > I wondered about using this but - the suze can change in the future and without the patch there won't be any warning - it felt weird (I'll admit this is not a strong argument... ;) ) I'll send a v2 without the patch and "-Dos_type=suse" so Khem may choose the one he prefers. Thanks! > > > + > > PACKAGECONFIG = " \ > > ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ > > ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', > 'consolekit', d)} \ > > //Peter > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#112097): https://lists.openembedded.org/g/openembedded-devel/message/112097 Mute This Topic: https://lists.openembedded.org/mt/108275520/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
