| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
The unprivileged service user feature has been improved in 2.10 to allow
running the sssd service as an unprivileged user [1]. So enable this
feature, and then we can run the service as the unprivileged user sssd.
[1] https://github.com/SSSD/sssd/releases/tag/2.10.0
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
ChangeLog:
https://github.com/SSSD/sssd/releases/tag/2.10.2
* Drop backport patches.
* Update sssd.conf and volatile files.
* Drop PACKAGECONFIG[infopipe] as it has been removed upstream.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Release note:
Enhancements:
The MergerConfig class now accepts overrides for config values as "keys" and
"rules" keyword arguments to the constructor.
Credit and my thanks go to https://github.com/leviem1!
BREAKING CHANGES:
Support for Python 3.6 has been dropped. This is forced by incompatibilities
discovered with the latest version of pytest and because dependencies like
dateutil and ruamel-yaml-clib no longer support Python 3.6. Support for
Python 3.7 is tepid. While pytest is still working with Python 3.7, other
dependencies are no longer supporting Python 3.7; however, the extensive
tests for yamlpath show no issues with them, so far. For now, Python 3.12
support is pending, waiting for the dateutil library to resolve a
DeprecationWarning regarding its use of datetime.datetime.utcfromtimestamp().
Refer:
https://pypi.org/project/yamlpath/3.8.2/
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes:
2.7.0 (2024-05-13)
* Changed the comparison to make accurate and standard more accurate, although fast gets less accurate as a result.
* Changed usage of deprecated pkg_resources package to importlib.metadata.
* A use_replace flag was added to the XMLFormatter by Thomas Pfitzinger. It changes text replacement from delete and insert tags to a replace tag. It’s not currently accessaible thtough the CLI, the question is it is better to add a new formatter name, or an option to pass in formatter flags.
- Added option to XMLFormatter to use replace tags
- in _make_diff_tags after diffing, neighboring delete/insert diffs are joined to a replace tag
- the deleted text is added as an attribute (“old-text”)
- the inserted text is the element’s text
Refer:
https://pypi.org/project/xmldiff/2.7.0/
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The project uses /usr/bin/python as the path to the python3 interpreter
in the shebang of the python3 script /usr/sbin/sss_obfuscate[1].
OpenEmbedded uses /usr/bin/python3, and thus, it causes bitbake to raise
the QA issue attached below.
This fixes the path to the python3 interpreter by sed'ing the shebang at
do_install if the python3 is set in the PACKAGECONFIG.
Fixes:
NOTE: Executing Tasks
ERROR: sssd-2.9.2-r0 do_package_qa: QA Issue: /usr/sbin/sss_obfuscate contained in package sssd-python requires /usr/bin/python, but no providers found in RDEPENDS:sssd-python? [file-rdeps]
ERROR: sssd-2.9.2-r0 do_package_qa: Fatal QA errors were found, failing task.
[1]: https://github.com/SSSD/sssd/blob/2.5.2/src/tools/sss_obfuscate#L1
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The project installs the python script sss_obfuscate to the /usr/sbin
directory and the modules to the /usr/lib/python3.X directory.
The recipe does not ship the python modules to the package sssd, and
thus, it raises the QA issue attached below.
This adds the python artifacts (sss_obfuscate script and module files)
to the dedicated package sssd-python.
Fixes:
NOTE: Executing Tasks
ERROR: sssd-2.9.2-r0 do_package: QA Issue: sssd: Files/directories were installed but not shipped in any package:
/usr/lib/python3.12/site-packages/pysss.so
/usr/lib/python3.12/site-packages/pyhbac.so
/usr/lib/python3.12/site-packages/pysss_murmur.so
/usr/lib/python3.12/site-packages/pysss_nss_idmap.so
/usr/lib/python3.12/site-packages/SSSDConfig
/usr/lib/python3.12/site-packages/SSSDConfig-2.9.2-py3.12.egg-info
/usr/lib/python3.12/site-packages/SSSDConfig/__init__.py
/usr/lib/python3.12/site-packages/SSSDConfig/ipachangeconf.py
/usr/lib/python3.12/site-packages/SSSDConfig/sssdoptions.py
/usr/lib/python3.12/site-packages/SSSDConfig/__pycache__
/usr/lib/python3.12/site-packages/SSSDConfig/__pycache__/__init__.cpython-312.pyc
/usr/lib/python3.12/site-packages/SSSDConfig/__pycache__/ipachangeconf.cpython-312.pyc
/usr/lib/python3.12/site-packages/SSSDConfig/__pycache__/sssdoptions.cpython-312.pyc
/usr/lib/python3.12/site-packages/SSSDConfig-2.9.2-py3.12.egg-info/dependency_links.txt
/usr/lib/python3.12/site-packages/SSSDConfig-2.9.2-py3.12.egg-info/top_level.txt
/usr/lib/python3.12/site-packages/SSSDConfig-2.9.2-py3.12.egg-info/SOURCES.txt
/usr/lib/python3.12/site-packages/SSSDConfig-2.9.2-py3.12.egg-info/PKG-INFO
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
sssd: 17 installed and not shipped files. [installed-vs-shipped]
ERROR: sssd-2.9.2-r0 do_package: Fatal QA errors were found, failing task.
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Makefile runs setup.py on the target all-local[1].
The file setup.py uses the deprecated module distutils[2]; sssd-2.10.0
has moved to setuptools[3].
This installs python3-setuptools-native to fix the do_compile issue
below:
Fixes:
| Traceback (most recent call last):
| File "/home/gportay/src/build/tmp/work/core2-64-poky-linux/sssd/2.9.2/build/src/config/setup.py", line 25, in <module>
| from distutils.core import setup
| ModuleNotFoundError: No module named 'distutils'
[1]: https://github.com/SSSD/sssd/blob/2.9.2/Makefile.am#L5462
[2]: https://github.com/SSSD/sssd/blob/2.9.2/src/config/setup.py.in#L25
[3]: https://github.com/SSSD/sssd/commit/9efd79b010dbb46d9968c3d3ab073b8e585cb2ad
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The configure script guesses the target system from the host if no
--with-os= is set[1]. It is untrue if cross-compiling.
The guessed host operating system is used then to do specific things
fort target build.
The commit[2] passes the downstream debian option --install-layout=deb
to setup.py[3] if the host system is debian based, and thus, it raises
the error attached below as that debian-specific option[4] is not part
of the openembedded[5] world.
This sets the Fedora operating system thanks to the existing configure
option --with-os=fedora, that is relatively sain operating system for
the needs of openembedded.
Fixes:
| (...)/build/tmp/work/aarch64-poky-linux/sssd/2.5.2-r0/build/src/config/setup.py:25: DeprecationWarning: The distutils package is deprecated and slated for removal in Python 3.12. Use setuptools or check PEP 632 for potential alternatives
| from distutils.core import setup
| usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
| or: setup.py --help [cmd1 cmd2 ...]
| or: setup.py --help-commands
| or: setup.py cmd --help
|
| error: option --install-layout not recognized
| Traceback (most recent call last):
| File "/home/gportay/src/openembedded-tests/build/tmp/work/core2-64-poky-linux/sssd/2.9.2/build/src/config/setup.py", line 25, in <module>
| from distutils.core import setup
| ModuleNotFoundError: No module named 'distutils'
Note: Upstream has introduced the "unknown" operating systemd with the
upcoming version 2.10.0[6][7]. The change can be backported.
[1]: https://github.com/SSSD/sssd/blob/2.5.2/src/external/platform.m4#L1-L31
[2]: https://github.com/SSSD/sssd/commit/e6ae55d5423434d5dc6c236e8647b33610d30e2e
[3]: https://github.com/SSSD/sssd/blob/2.5.2/Makefile.am#L32-L35
[4]: https://sources.debian.org/patches/setuptools/68.1.2-2/install-layout.diff/#L7
[5]: https://git.openembedded.org/openembedded-core/tree/meta/recipes-devtools/python/python3-setuptools_59.5.0.bb?h=kirkstone
[6]: https://github.com/SSSD/sssd/commit/7b32dc0ab877a9061b52868b8efe6866c3144b63
[7]: https://github.com/SSSD/sssd/pull/7398
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The configure script checks for the utility python3.X-config to be in
$PATH; that script is shipped by the package python3-native.
The recipe does not depend on the package python3-native which causes
the task do_configure to fail.
The recipe inherits from the bbclass python3-dir that does not install
the required script to the sysroot. The bbclass python3native inherits
from (the already inherited bbclass) python3-dir and it adds the missing
dependency to python3-native.
This fixes the configure error by "upgrading" the inherit bbclass from
python3-dir to python3-native.
Fixes:
| checking for python3.12-config... no
| configure: error:
| The program python3.12-config was not found in search path.
| Please ensure that it is installed and its directory is included in the search
| path. If you want to build sssd without python3 bindings then specify
| --without-python3-bindings when running configure.
| NOTE: The following config.log files may provide further information.
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The variable HAVE_PYTHON3 expects a boolean value[1] and the configure
script raises an error if the option --with-python3-bindings is set and
if the value HAVE_PYTHON3 is not "yes"[2].
The recipe sets a non-boolean value to ac_cv_prog_HAVE_PYTHON3 and thus
causes the task do_configure to fail.
This fixes the value set to ac_cv_prog_HAVE_PYTHON3 by setting it to yes
instead of $(PYTHON_DIR).
Fixes:
| checking for python3... (cached) python3.12
| configure: error:
| The program python3 was not found in search path.
| Please ensure that it is installed and its directory is included in the search
| path. It is required for building python3 bindings. If you do not want to build
| them please use argument --without-python3-bindings when running configure.
| NOTE: The following config.log files may provide further information.
[1]: https://github.com/SSSD/sssd/blob/2.5.2/configure.ac#L323-L325
[2]: https://github.com/SSSD/sssd/blob/2.5.2/configure.ac#L353-L377
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SSSD has introduced the internal tool sss_analyze since 2.6.0[1].
Add log parsing tool which can be used to track requests across
responder and backend logs.
sss_analyze is a python3 script[2] with modules[3] that is run by the
sssctl command analyze[4][5][6].
The autotools installs the files to ${libexec} and ${python3dir}[7]. The
latter is set if the configure option --with-python3-bindings is set
only.
As a consequence, the Makefile installs the python3 files to /sssd
instead of /usr/lib/python3.12/site-packages/sssd if the option
--with-python3-bindings is unset:
gportay@archlinux ~/src $ find build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/modules
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/modules/__init__.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/modules/request.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/modules/error.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/__init__.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/source_files.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/source_journald.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/source_reader.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/parser.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/sss_analyze.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/util.py
The sss_analyze tool is unrelated to the python3 bindings; the sssctl
does not condition its code if the python3 bindings are unset.
Therefore, sss_analyze has to be installed even if the python3 bindings
are unset.
This ensures the variable python3dir is set to the expected location by
adding it to --without-python3-bindings if the python3 feature is
disabled.
gportay@archlinux ~/src $ find build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/modules
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/modules/__init__.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/modules/request.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/modules/error.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/__init__.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/source_files.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/source_journald.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/source_reader.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/parser.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/sss_analyze.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/util.py
[1]: https://github.com/SSSD/sssd/commit/82e051e1f15060554ecacc07107c82675369e0bb
[2]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/analyzer/sss_analyze#L1
[3]: https://github.com/SSSD/sssd/tree/2.9.2/src/tools/analyzer
[4]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/sssctl/sssctl_logs.c#L47
[5]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/sssctl/sssctl_logs.c#L605
[6]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/sssctl/sssctl.c#L337
[7]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/analyzer/Makefile.am#L7
[8]: https://github.com/SSSD/sssd/blob/2.9.2/configure.ac#L394
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The internal tool sss_analyze is a python script run by the sssctl
command analyze.
The script sss_analyze imports the python module logging[1].
However, the package sssd lacks installing this python module that is
required to run the script.
This adds the missing run-time dependency python3-logging to ensure this
module comes along the package sssd.
Fixes:
root@qemux86-64:~# sssctl analyze
Traceback (most recent call last):
File "/usr/libexec/sssd/sss_analyze", line 3, in <module>
from sssd import sss_analyze
File "/usr/lib/python3.12/site-packages/sssd/sss_analyze.py", line 3, in <module>
from sssd.modules import request
File "/usr/lib/python3.12/site-packages/sssd/modules/request.py", line 2, in <module>
import logging
ModuleNotFoundError: No module named 'logging'
[1]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/analyzer/source_files.py#L2
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The internal tool sss_analyze is a python script run by the sssctl
command analyze.
The script sss_analyze is shipped by the package sssd since 2.6.0.
However, the package sssd lacks installing the python interpreter that
is required to run the script.
This adds the missing run-time dependency python3-core to ensure the
interpreter python3 comes along the package sssd.
Fixes:
root@qemux86-64:~# sssctl analyze
env: can't execute 'python3': No such file or directory
Command '/usr/libexec/sssd/sss_analyze' failed with [127]
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
This adds a whitespace after the operator ?= for the sake of
consistency.
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Current 1.0.2 version does not work with scarthgap or later releases,
as the asynchat module has been removed (as scheduled) from python's
stdlib as of v3.12.
fail2ban 1.1.0 also does not work out-of-the-box, as the distutils
module which the pyinotify and systemd backends depend has also been
removed.
So update the recipe to point at commit ac62658c10f4, which fixes
those two backends to no longer depend on distutils.
Upstream's out-of-the-box ban action now uses the 'nft'
command. People can still override and customize that in
jail.conf/jail.local, but to make the recipe useful without
customizing things back to use iptables, change the dependency
iptables->nftables.
Since 1.1.0, fail2ban has been python3-only, so the recipe becomes
somewhat simpler since the whole do_compile preparation step can be
removed.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
New poky version uses UNPACKDIR instead of WORKDIR
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A race condition flaw was found in sssd where the GPO policy is
not consistently applied for authenticated users. This may lead
to improper authorization issues, granting or denying access to
resources inappropriately.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-3758
Upstream-patch:
https://github.com/SSSD/sssd/commit/f4ebe1408e0bc67abfbfb5f0ca2ea13803b36726
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
* WORKDIR -> UNPACKDIR transition
* Switch away from S = WORKDIR
Signed-off-by: Changqing Li <changqing.li@windriver.com>
[Fixed up the smack changes due to prior patch]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The option --without-python2-bindings was added twice, by the commit
4375507f39ed4bc62e1304838870be65f3a81460, and then after python2 was
deprecated with the commit 96737082ad20eabcbbaa82b0cacee0d05d50eaab.
This removes the latter.
Signed-off-by: Gaël PORTAY <gael.portay@rtone.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Simple fix for Python 3.12 since it dropped asyncore. Catches the import
error instead of using a version check so that the user can install the
compatibility package for any uses that can't be upgraded to asyncio or
similar immediately.
Fixes:
# python3
Python 3.12.1 (main, Dec 7 2023, 20:45:44) [GCC 13.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pyinotify
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python3.12/site-packages/pyinotify.py", line 71, in <module>
import asyncore
ModuleNotFoundError: No module named 'asyncore'
>>>
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
V2] Fix typo in python3-pyinotify changes
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
It's not mentioned anywhere in source code, and python 3.12
has removed it.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
On a systemd-based system, one is likely to make use of
'backend=systemd', which requires the systemd module.
Both the pyinotify and systemd backends require the distutils module.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, one gets
Unable to import fail2ban database module as sqlite is not available
So we need to ensure the sqlite3 python module is available. That will
automatically pull in libsqlite3.
Since fail2ban does not actually depend on the the CLI which the
sqlite3 package provides, drop that dependency.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
fail2ban ships with a suitable .service file, so install that if
systemd is in DISTRO_FEATURES. The logic in rm_sysvinit_initddir in
systemd.bbclass will then take care of removing the sysvinit script if
sysvinit is not in DISTRO_FEATURES.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
fixes musl build regarding time structs.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Update sssd from 2.7.4 to 2.9.1.
* backport patch to fix interpreter of script sss_analyze
* add runtime dependency python3-systemd when systemd is enabled
* update FILES
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There could be some false possitives (the script is far from perfect), so please
test it on your QA, I've only double checked with "git grep" (the script looks
only in parent directory).
@ ~/layers/meta-security $ /OE/extra-layers/meta-ros/scripts/check-patch-files.sh .
./recipes-ids/tripwire/files/add_armeb_arch.patch: not used in any recipe
./dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-To-fix-build-error-of-xrang.patch: not used in any recipe
./recipes-scanners/clamav/files/fix2_libcurl_check.patch: not used in any recipe
./recipes-scanners/arpwatch/files/postfix_workaround.patch: not used in any recipe
./meta-tpm/recipes-tpm/libtpm/files/Use-format-s-for-call-to-dprintf.patch: not used in any recipe
./meta-tpm/recipes-tpm/libtpm/files/fix_signed_issue.patch: not used in any recipe
./meta-tpm/recipes-tpm/libtpm/files/Convert-another-vdprintf-to-dprintf.patch: not used in any recipe
./meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch: not used in any recipe
./meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch: not used in any recipe
./recipes-mac/AppArmor/files/disable_perl_h_check.patch: not used in any recipe
@ ~/layers/meta-security $ git grep add_armeb_arch.patch
@ ~/layers/meta-security $ git grep 0001-To-fix-build-error-of-xrang.patch
@ ~/layers/meta-security $ git grep fix2_libcurl_check.patch
@ ~/layers/meta-security $ git grep postfix_workaround.patch
@ ~/layers/meta-security $ git grep Use-format-s-for-call-to-dprintf.patch
@ ~/layers/meta-security $ git grep fix_signed_issue.patch
@ ~/layers/meta-security $ git grep Convert-another-vdprintf-to-dprintf.patch
@ ~/layers/meta-security $ git grep fix_lib_search_path.patch
@ ~/layers/meta-security $ git grep fix_fcntl_h.patch
@ ~/layers/meta-security $ git grep disable_perl_h_check.patch
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* as reported by openembedded-core/scripts/contrib/patchreview.py -v .
Missing Upstream-Status tag (dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/check-setuid-use-more-portable-find-args.patch)
Missing Upstream-Status tag (dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-To-fix-build-error-of-xrang.patch)
Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/accept_os_flag_in_backend.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/allow_os_with_assess.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/call_output_config.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/do_not_apply_config.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/edit_usage_message.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/find_existing_config.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/fix_missing_use_directives.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/fix_number_of_modules.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/fix_version_parse.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/fixed_defined_warnings.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/organize_distro_discovery.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/remove_questions_text_file_references.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/simplify_B_place.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/bastille/files/upgrade_options_processing.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch dynamic-layers/meta-perl/recipes-security/nikto/files/location.patch
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Drop setuid-log-folder.patch, using sed instead.
Refresh patch check-setuid-use-more-portable-find-args.patch
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
