shadow: add a packageconfig for logind support

This was causing host contamination in particular, where
libsystemd was installed on the host.

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
 meta/recipes-extended/shadow/shadow.inc | 1 +
 1 file changed, 1 insertion(+)

On Thu, Feb 8, 2024 at 10:56 AM Alexander Kanavin <alex.kanavin@gmail.com>
wrote:

> This was causing host contamination in particular, where
> libsystemd was installed on the host.
>
> Signed-off-by: Alexander Kanavin <alex@linutronix.de>
> ---
>  meta/recipes-extended/shadow/shadow.inc | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/meta/recipes-extended/shadow/shadow.inc
> b/meta/recipes-extended/shadow/shadow.inc
> index b8e5e285c45..16b99a0b60e 100644
> --- a/meta/recipes-extended/shadow/shadow.inc
> +++ b/meta/recipes-extended/shadow/shadow.inc
> @@ -74,6 +74,7 @@ PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl"
>  PACKAGECONFIG[audit] = "--with-audit,--without-audit,audit"
>  PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux
> libsemanage"
>  PACKAGECONFIG[libbsd] = "--with-libbsd,--without-libbsd,libbsd"
> +PACKAGECONFIG[logind] = "--enable-logind,--disable-logind,systemd"


In general it’s ok
I think there is elogind recipe somewhere which
Will be at disadvantage since someone might be able to use logind with
non-systemd system too

>
>
>  RDEPENDS:${PN} = "shadow-securetty \
>                    base-passwd \
> --
> 2.39.2
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#195172):
> https://lists.openembedded.org/g/openembedded-core/message/195172
> Mute This Topic: https://lists.openembedded.org/mt/104244839/1997914
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>

On 8 Feb 2024, at 18:56, Alexander Kanavin via lists.openembedded.org <alex.kanavin=gmail.com@lists.openembedded.org> wrote:
> +PACKAGECONFIG[logind] = "--enable-logind,--disable-logind,systemd”

Would we want to enable this in target builds by default if systemd is in DISTRO_FEATURES?

Ross

On Fri, 9 Feb 2024 at 13:33, Ross Burton <Ross.Burton@arm.com> wrote:
> > +PACKAGECONFIG[logind] = "--enable-logind,--disable-logind,systemd”
>
> Would we want to enable this in target builds by default if systemd is in DISTRO_FEATURES?

It's a new feature in 4.14. If someone wants it, they should find out
what it does and whether we want it enabled in systemd builds. I'm
only ensuring it's off by default and isn't floating like it was
before (especially in native builds where hosts can contaminate it).

Alex

On Fri, Feb 9 2024 at 12:33:39 PM +00:00:00, Ross Burton 
<ross.burton@arm.com> wrote:
> Would we want to enable this in target builds by default if systemd 
> is in DISTRO_FEATURES?

I wondered that myself. Maybe it would also be a good idea to rename 
the PACKAGECONFIG to 'systemd' ?
This would allow to just add it to the bb.utils.filter line.

On Thu, Feb 8 2024 at 08:45:33 PM -08:00:00, Khem Raj 
<raj.khem@gmail.com> wrote:
> Will be at disadvantage since someone might be able to use logind 
> with non-systemd system too

If someone, for whatever reason wants to go that way, it might be 
possible to set elogind as provider for systemd.

On Fri, Feb 9 2024 at 02:12:35 PM +01:00:00, Alexander Kanavin 
<alex.kanavin@gmail.com> wrote:
> It's a new feature in 4.14. If someone wants it, they should find out
> what it does and whether we want it enabled in systemd builds.

configure.ac states, that it is needed for systemd session support:
<https://github.com/shadow-maint/shadow/blob/3e59e9613ec40c51c19c7bb5c28468e33a4529d5/configure.ac#L403>

On Fri, 9 Feb 2024 at 14:59, <f_l_k@t-online.de> wrote:
> It's a new feature in 4.14. If someone wants it, they should find out what it does and whether we want it enabled in systemd builds.
>
>
> configure.ac states, that it is needed for systemd session support:
> https://github.com/shadow-maint/shadow/blob/3e59e9613ec40c51c19c7bb5c28468e33a4529d5/configure.ac#L403

You also need to check how it worked in previous versions. Why would
we want to enable it, if it wasn't even available previously, and
things were still working well?

Alex

On Fri, Feb 9 2024 at 03:13:40 PM +01:00:00, Alexander Kanavin 
<alex.kanavin@gmail.com> wrote:
> You also need to check how it worked in previous versions. Why would
> we want to enable it, if it wasn't even available previously, and
> things were still working well?

According to the documentation it will read from logind instead of utmp 
if enabled.  This is also set to be default.
<https://github.com/shadow-maint/shadow/commit/fb35ad15aef6190914a939b299e10c343e3e4c2a>
<https://github.com/shadow-maint/shadow/issues/674>

On Fri, 9 Feb 2024 at 15:39, <f_l_k@t-online.de> wrote:
>
> On Fri, Feb 9 2024 at 03:13:40 PM +01:00:00, Alexander Kanavin <alex.kanavin@gmail.com> wrote:
>
> You also need to check how it worked in previous versions. Why would we want to enable it, if it wasn't even available previously, and things were still working well?
>
>
> According to the documentation it will read from logind instead of utmp if enabled.  This is also set to be default.
> https://github.com/shadow-maint/shadow/commit/fb35ad15aef6190914a939b299e10c343e3e4c2a
> https://github.com/shadow-maint/shadow/issues/674

Thanks. RP already sent a patch.

Alex

On Thu, Feb 8, 2024 at 10:56 AM Alexander Kanavin
<alex.kanavin@gmail.com> wrote:
>
> This was causing host contamination in particular, where
> libsystemd was installed on the host.
>
> Signed-off-by: Alexander Kanavin <alex@linutronix.de>
> ---
>  meta/recipes-extended/shadow/shadow.inc | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
> index b8e5e285c45..16b99a0b60e 100644
> --- a/meta/recipes-extended/shadow/shadow.inc
> +++ b/meta/recipes-extended/shadow/shadow.inc
> @@ -74,6 +74,7 @@ PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl"
>  PACKAGECONFIG[audit] = "--with-audit,--without-audit,audit"
>  PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage"
>  PACKAGECONFIG[libbsd] = "--with-libbsd,--without-libbsd,libbsd"
> +PACKAGECONFIG[logind] = "--enable-logind,--disable-logind,systemd"
>

have we tried it with systemd in distro features ? In my distro
settings its causing a dependency loop. see
https://snips.sh/f/GkrM4zsDk1

>  RDEPENDS:${PN} = "shadow-securetty \
>                    base-passwd \
> --
> 2.39.2
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#195172): https://lists.openembedded.org/g/openembedded-core/message/195172
> Mute This Topic: https://lists.openembedded.org/mt/104244839/1997914
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

On Fri, Feb 9, 2024 at 9:24 AM Khem Raj <raj.khem@gmail.com> wrote:
>
> On Thu, Feb 8, 2024 at 10:56 AM Alexander Kanavin
> <alex.kanavin@gmail.com> wrote:
> >
> > This was causing host contamination in particular, where
> > libsystemd was installed on the host.
> >
> > Signed-off-by: Alexander Kanavin <alex@linutronix.de>
> > ---
> >  meta/recipes-extended/shadow/shadow.inc | 1 +
> >  1 file changed, 1 insertion(+)
> >
> > diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
> > index b8e5e285c45..16b99a0b60e 100644
> > --- a/meta/recipes-extended/shadow/shadow.inc
> > +++ b/meta/recipes-extended/shadow/shadow.inc
> > @@ -74,6 +74,7 @@ PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl"
> >  PACKAGECONFIG[audit] = "--with-audit,--without-audit,audit"
> >  PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage"
> >  PACKAGECONFIG[libbsd] = "--with-libbsd,--without-libbsd,libbsd"
> > +PACKAGECONFIG[logind] = "--enable-logind,--disable-logind,systemd"
> >
>
> have we tried it with systemd in distro features ? In my distro
> settings its causing a dependency loop. see
> https://snips.sh/f/GkrM4zsDk1

shadow is added to taget dependencies via useradd bbclass see

https://git.yoctoproject.org/poky/tree/meta/classes/useradd.bbclass#n12

so a simple packageconfig with a dependency on systemd is not going to cut it
it will work for non-systemd cases perhaps fine but not systemd based systems.

>
> >  RDEPENDS:${PN} = "shadow-securetty \
> >                    base-passwd \
> > --
> > 2.39.2
> >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#195172): https://lists.openembedded.org/g/openembedded-core/message/195172
> > Mute This Topic: https://lists.openembedded.org/mt/104244839/1997914
> > Group Owner: openembedded-core+owner@lists.openembedded.org
> > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [raj.khem@gmail.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >

On Fri, 2024-02-09 at 09:50 -0800, Khem Raj wrote:
> On Fri, Feb 9, 2024 at 9:24 AM Khem Raj <raj.khem@gmail.com> wrote:
> > 
> > On Thu, Feb 8, 2024 at 10:56 AM Alexander Kanavin
> > <alex.kanavin@gmail.com> wrote:
> > > 
> > > This was causing host contamination in particular, where
> > > libsystemd was installed on the host.
> > > 
> > > Signed-off-by: Alexander Kanavin <alex@linutronix.de>
> > > ---
> > >  meta/recipes-extended/shadow/shadow.inc | 1 +
> > >  1 file changed, 1 insertion(+)
> > > 
> > > diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
> > > index b8e5e285c45..16b99a0b60e 100644
> > > --- a/meta/recipes-extended/shadow/shadow.inc
> > > +++ b/meta/recipes-extended/shadow/shadow.inc
> > > @@ -74,6 +74,7 @@ PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl"
> > >  PACKAGECONFIG[audit] = "--with-audit,--without-audit,audit"
> > >  PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage"
> > >  PACKAGECONFIG[libbsd] = "--with-libbsd,--without-libbsd,libbsd"
> > > +PACKAGECONFIG[logind] = "--enable-logind,--disable-logind,systemd"
> > > 
> > 
> > have we tried it with systemd in distro features ? In my distro
> > settings its causing a dependency loop. see
> > https://snips.sh/f/GkrM4zsDk1
> 
> shadow is added to taget dependencies via useradd bbclass see
> 
> https://git.yoctoproject.org/poky/tree/meta/classes/useradd.bbclass#n12
> 
> so a simple packageconfig with a dependency on systemd is not going to cut it
> it will work for non-systemd cases perhaps fine but not systemd based systems.
> 
> 

I've dropped that patch due to that issue. If someone wants to resolve
this they can do but I've no pressing need. My main concern was fixing
the determinism issue which we have done.

Cheers,

Richard

On Fri, Feb 9 2024 at 09:24:11 AM -08:00:00, Khem Raj 
<raj.khem@gmail.com> wrote:
> In my distro
> settings its causing a dependency loop. see

I also had dependency loop with systemd enabled and was able to fix it 
by editing the PACKAGECONFIG like this:
PACKAGECONFIG[systemd] = "--enable-logind,--disable-logind"

Does this fix the issue for you too? There is no real need to add 
systemd to the depends field, because if DISTRO_FEATURE 'systemd' is 
set, it will be added anyway, right?

On Fri, Feb 9 2024 at 07:47:38 PM +01:00:00, Markus Volk 
<f_l_k@t-online.de> wrote:
> because if DISTRO_FEATURE 'systemd' is set, it will be added anyway, 
> right?

no,it's not

On Fri, 2024-02-09 at 19:47 +0100, Markus Volk wrote:
> On Fri, Feb 9 2024 at 09:24:11 AM -08:00:00, Khem Raj <raj.khem@gmail.com> wrote:
> > In my distro
> > settings its causing a dependency loop. see
> 
> 
> I also had dependency loop with systemd enabled and was able to fix it by editing the PACKAGECONFIG like this:
> PACKAGECONFIG[systemd] = "--enable-logind,--disable-logind"
> 
> Does this fix the issue for you too? There is no real need to add systemd to 
> the depends field, because if DISTRO_FEATURE 'systemd' is set, it will be 
> added anyway, right?

This won't work. The addition to DEPENDS comes from the PACKAGECONFIG
entry.

The issue that that adduser needs shadow, systemd needs adduser and
shadow now needs systemd so it is a true circular dependency issue
which is hard to solve :/

Cheers,

Richard