[bitbake-devel,1/3] fetch2: Fix fetching of git repositories with kerberos authentication

Submitted by Stefan Klug on March 18, 2019, 1:58 p.m. | Patch ID: 159635

Details

Message ID 20190318135820.7344-2-stefan.klug@baslerweb.com
State New
Headers show

Commit Message

Stefan Klug March 18, 2019, 1:58 p.m.
When using pam_krb to login to a system KRB5CCNAME is set to the
corresponding kerberos auth cache file. The bitbake fetcher removes
this variable from the environment leading to a git authentication failure.
Also the fetcher ignores the normally used BB_ENV_[EXTRA_]WHITE
variables and relies on a hardcoded list.
Therefore it is impossible to fix this issue outside of bitbake.

Signed-off-by: Stefan Klug <stefan.klug@baslerweb.com>
---
 lib/bb/fetch2/__init__.py | 1 +
 1 file changed, 1 insertion(+)

Patch hide | download patch | download mbox

diff --git a/lib/bb/fetch2/__init__.py b/lib/bb/fetch2/__init__.py
index f112067d..df8e83e7 100644
--- a/lib/bb/fetch2/__init__.py
+++ b/lib/bb/fetch2/__init__.py
@@ -830,6 +830,7 @@  def runfetchcmd(cmd, d, quiet=False, cleanup=None, log=None, workdir=None):
                   'GIT_SSH',
                   'GIT_SSL_CAINFO',
                   'GIT_SMART_HTTP',
+                  'KRB5CCNAME',
                   'SSH_AUTH_SOCK', 'SSH_AGENT_PID',
                   'SOCKS5_USER', 'SOCKS5_PASSWD',
                   'DBUS_SESSION_BUS_ADDRESS',

Comments

Richard Purdie March 18, 2019, 11:44 p.m.
On Mon, 2019-03-18 at 14:58 +0100, Stefan Klug wrote:
> When using pam_krb to login to a system KRB5CCNAME is set to the
> corresponding kerberos auth cache file. The bitbake fetcher removes
> this variable from the environment leading to a git authentication
> failure.
> Also the fetcher ignores the normally used BB_ENV_[EXTRA_]WHITE
> variables and relies on a hardcoded list.

This code should probably include the BB_ENV_[EXTRA_]WHITE list
variables...

That doesn't invalidate this patch but does suggest we have a bigger
problem.

Cheers,

Richard

> Therefore it is impossible to fix this issue outside of bitbake.
> 
> Signed-off-by: Stefan Klug <stefan.klug@baslerweb.com>
> ---
>  lib/bb/fetch2/__init__.py | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/lib/bb/fetch2/__init__.py b/lib/bb/fetch2/__init__.py
> index f112067d..df8e83e7 100644
> --- a/lib/bb/fetch2/__init__.py
> +++ b/lib/bb/fetch2/__init__.py
> @@ -830,6 +830,7 @@ def runfetchcmd(cmd, d, quiet=False,
> cleanup=None, log=None, workdir=None):
>                    'GIT_SSH',
>                    'GIT_SSL_CAINFO',
>                    'GIT_SMART_HTTP',
> +                  'KRB5CCNAME',
>                    'SSH_AUTH_SOCK', 'SSH_AGENT_PID',
>                    'SOCKS5_USER', 'SOCKS5_PASSWD',
>                    'DBUS_SESSION_BUS_ADDRESS',
> -- 
> 
>