From patchwork Sat Nov 12 13:10:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Kjellerstedt X-Patchwork-Id: 15365 X-Patchwork-Delegate: akuster808@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 58A8BC43217 for ; Sat, 12 Nov 2022 13:10:39 +0000 (UTC) Received: from smtp2.axis.com (smtp2.axis.com [195.60.68.18]) by mx.groups.io with SMTP id smtpd.web12.2324.1668258634190410906 for ; Sat, 12 Nov 2022 05:10:34 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@axis.com header.s=axis-central1 header.b=jH0AqCTv; spf=pass (domain: axis.com, ip: 195.60.68.18, mailfrom: peter.kjellerstedt@axis.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axis.com; q=dns/txt; s=axis-central1; t=1668258635; x=1699794635; h=from:to:subject:date:message-id:mime-version: content-transfer-encoding; bh=75fbKO+G589kv9KkJGoJihmBduI2r5maVYIyCa73SSc=; b=jH0AqCTvapGJXoFPVVb7F4ImoV+oeeA7mmMPn29lL32rdN6ufGwCQ5P8 XKstz3di1T848FUc9NMQyC1HX2Zas+lFqCsE6Gq+gkGAHvwD/VQ7sPb+N 296vSgXaPTo/Bgu6eu1zwFeb9cK4aUoTlGKF4G8yNgB/nq54C0rLSBsL/ jxwLY7vKCrF11QRMfLgaldFrdGAZSiQcOnkpXURsd0sDDAZBChLjJPFKk eNSiV3R9RhSbvEaaPuA92aAQECyvpqB28uzJDywHchfcJGQGcuGu71AnR XwBggddRAnYCRmHzi5UMK2Bn1IH2cg+ZzI53b/eOwAMjxsvKljZLRgD2L w==; From: Peter Kjellerstedt To: Subject: [meta-networking][kirkstone][PATCH 1/2] chrony: Remove the readline PACKAGECONFIG Date: Sat, 12 Nov 2022 14:10:27 +0100 Message-ID: <20221112131028.2261126-1-pkj@axis.com> X-Mailer: git-send-email 2.38.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 12 Nov 2022 13:10:39 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/99565 Support for readline was dropped in Chrony 4.2. Enabling the readline PACKAGECONFIG would result in no suppport for command line editing as only editline is supported and it would be disabled. Signed-off-by: Peter Kjellerstedt --- This is similar to the corresponding patches for Langdale and master. However, since the readline config in Kirkstone didn't break editline, the commit message is different. .../recipes-support/chrony/chrony_4.2.bb | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/meta-networking/recipes-support/chrony/chrony_4.2.bb b/meta-networking/recipes-support/chrony/chrony_4.2.bb index 8ce9e1db5..dfa1ed86f 100644 --- a/meta-networking/recipes-support/chrony/chrony_4.2.bb +++ b/meta-networking/recipes-support/chrony/chrony_4.2.bb @@ -53,14 +53,6 @@ USERADD_PACKAGES = "${@bb.utils.contains('PACKAGECONFIG', 'privdrop', '${PN}', ' USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'privdrop', '--system -d / -M --shell /bin/nologin chronyd;', '', d)}" # Configuration options: -# - For command line editing support in chronyc, you may specify either -# 'editline' or 'readline' but not both. editline is smaller, but -# many systems already have readline for other purposes so you might want -# to choose that instead. However, beware license incompatibility -# since chrony is GPLv2 and readline versions after 6.0 are GPLv3+. -# You can of course choose neither, but if you're that tight on space -# consider dropping chronyc entirely (you can use it remotely with -# appropriate chrony.conf options). # - Security-related: # - 'sechash' is omitted by default because it pulls in nss which is huge. # - 'privdrop' allows chronyd to run as non-root; would need changes to @@ -70,7 +62,6 @@ USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'privdrop', '--sys PACKAGECONFIG ??= "editline \ ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ " -PACKAGECONFIG[readline] = "--without-editline,--without-readline,readline" PACKAGECONFIG[editline] = ",--without-editline,libedit" PACKAGECONFIG[sechash] = "--without-tomcrypt,--disable-sechash,nss" PACKAGECONFIG[privdrop] = "--with-libcap,--disable-privdrop --without-libcap,libcap" @@ -79,6 +70,10 @@ PACKAGECONFIG[ipv6] = ",--disable-ipv6," PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss" PACKAGECONFIG[libcap] = "--with-libcap,--without-libcap,libcap" +# This is left for backwards compatibility, to avoid breaking existing +# configurations. +PACKAGECONFIG[readline] = "" + # --disable-static isn't supported by chrony's configure script. DISABLE_STATIC = "" From patchwork Sat Nov 12 13:10:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Kjellerstedt X-Patchwork-Id: 15366 X-Patchwork-Delegate: akuster808@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 58A36C4332F for ; Sat, 12 Nov 2022 13:10:39 +0000 (UTC) Received: from smtp1.axis.com (smtp1.axis.com [195.60.68.17]) by mx.groups.io with SMTP id smtpd.web08.2388.1668258634004989568 for ; Sat, 12 Nov 2022 05:10:34 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@axis.com header.s=axis-central1 header.b=cepkPaQb; spf=pass (domain: axis.com, ip: 195.60.68.17, mailfrom: peter.kjellerstedt@axis.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axis.com; q=dns/txt; s=axis-central1; t=1668258634; x=1699794634; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=Rai9PdGV97lS0xHtnggDfcK8bP4L51Wq9pg3iIvttn4=; b=cepkPaQbgRIw5IQi+syb4gkVozimZnxXSXlX2zGmNonAuAbLM6XPV2fk z5co11C+eP+W+r6t9mh6b6SkgzftHHDaiRrXKBu/SAmnD+ptHRC6nBUT2 qF2sjmqpZtFTTzmvmS1NBixrRIkqYj7opw6gIHJOnFR1GOEJ+gOvlpBby YFuftNxAvhRUOeCEJx2m43kQ1OYF3XVB3NuwO88qHerlXIp/H4p7r7y4p wyx8T96cX3Hqxe36Cq8nVJRR3KnjxiXcORALVVgG6Ak1DWnXiUBU0HsbP NZquk3T8zogTSmE9vy+ful7oVn1Mg4d0FD2ATufthPLJpT3gMG3zxjMBU w==; From: Peter Kjellerstedt To: Subject: [meta-networking][kirkstone][PATCH 2/2] chrony: Remove the libcap and nss PACKAGECONFIGs Date: Sat, 12 Nov 2022 14:10:28 +0100 Message-ID: <20221112131028.2261126-2-pkj@axis.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221112131028.2261126-1-pkj@axis.com> References: <20221112131028.2261126-1-pkj@axis.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 12 Nov 2022 13:10:39 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/99564 There is no need for these configs on their own and they would only mess up the sechash and privdrop configs. To actually enable sechash one also had to enable nss, and to enable privdrop one also had to enable libcap. This also avoids passing --with-libcap if privdrop is enabled since the option does not exist. Signed-off-by: Peter Kjellerstedt --- meta-networking/recipes-support/chrony/chrony_4.2.bb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/meta-networking/recipes-support/chrony/chrony_4.2.bb b/meta-networking/recipes-support/chrony/chrony_4.2.bb index dfa1ed86f..8d12cc75e 100644 --- a/meta-networking/recipes-support/chrony/chrony_4.2.bb +++ b/meta-networking/recipes-support/chrony/chrony_4.2.bb @@ -64,14 +64,14 @@ PACKAGECONFIG ??= "editline \ " PACKAGECONFIG[editline] = ",--without-editline,libedit" PACKAGECONFIG[sechash] = "--without-tomcrypt,--disable-sechash,nss" -PACKAGECONFIG[privdrop] = "--with-libcap,--disable-privdrop --without-libcap,libcap" +PACKAGECONFIG[privdrop] = ",--disable-privdrop,libcap" PACKAGECONFIG[scfilter] = "--enable-scfilter,--without-seccomp,libseccomp" PACKAGECONFIG[ipv6] = ",--disable-ipv6," -PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss" -PACKAGECONFIG[libcap] = "--with-libcap,--without-libcap,libcap" -# This is left for backwards compatibility, to avoid breaking existing +# These are left for backwards compatibility, to avoid breaking existing # configurations. +PACKAGECONFIG[libcap] = "" +PACKAGECONFIG[nss] = "" PACKAGECONFIG[readline] = "" # --disable-static isn't supported by chrony's configure script.