[meta-security][PATCH 1/2] keyutils: fix pulling in glibc when musl enabled

[meta-security][PATCH 1/2] keyutils: fix pulling in glibc when musl enabled

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 recipes-security/keyutils/keyutils_1.6.bb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/recipes-security/keyutils/keyutils_1.6.bb b/recipes-security/keyutils/keyutils_1.6.bb
index 054e0c1..c961fa2 100644
--- a/recipes-security/keyutils/keyutils_1.6.bb
+++ b/recipes-security/keyutils/keyutils_1.6.bb
@@ -46,4 +46,6 @@ do_install_ptest () {
 
 FILES_${PN}-dev += "${nonarch_base_libdir}/pkgconfig/libkeyutils.pc"
 
-RDEPENDS_${PN}-ptest += "glibc-utils lsb"
+RDEPENDS_${PN}-ptest += "lsb"
+RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-utils"
+RDEPENDS_${PN}-ptest_append_libc-musl = " musl-utils"
-- 
2.17.1

[meta-security][PATCH 2/2] sssd: fix libcrypto version used

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 recipes-security/sssd/sssd_1.16.3.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/sssd/sssd_1.16.3.bb b/recipes-security/sssd/sssd_1.16.3.bb
index 8f7f805..d39fa23 100644
--- a/recipes-security/sssd/sssd_1.16.3.bb
+++ b/recipes-security/sssd/sssd_1.16.3.bb
@@ -33,7 +33,7 @@ PACKAGECONFIG[manpages] = "--with-manpages, --with-manpages=no"
 PACKAGECONFIG[python2] = "--with-python2-bindings, --without-python2-bindings"
 PACKAGECONFIG[python3] = "--with-python3-bindings, --without-python3-bindings"
 PACKAGECONFIG[nss] = "--with-crypto=nss, ,nss,"
-PACKAGECONFIG[cyrpto] = "--with-crypto=libcrypto, , libcrypto"
+PACKAGECONFIG[cyrpto] = "--with-crypto=libcrypto, , libcrypto10"
 PACKAGECONFIG[nscd] = "--with-nscd=${sbindir}, --with-nscd=no "
 PACKAGECONFIG[nl] = "--with-libnl, --with-libnl=no, libnl"
 PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/, --with-systemdunitdir="
-- 
2.17.1

Re: [meta-security][PATCH 2/2] sssd: fix libcrypto version used

[Adrian Bunk]

On Mon, Mar 25, 2019 at 09:58:55AM -0700, Armin Kuster wrote:
> Signed-off-by: Armin Kuster <akuster808@gmail.com>
> ---
>  recipes-security/sssd/sssd_1.16.3.bb | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/recipes-security/sssd/sssd_1.16.3.bb b/recipes-security/sssd/sssd_1.16.3.bb
> index 8f7f805..d39fa23 100644
> --- a/recipes-security/sssd/sssd_1.16.3.bb
> +++ b/recipes-security/sssd/sssd_1.16.3.bb
> @@ -33,7 +33,7 @@ PACKAGECONFIG[manpages] = "--with-manpages, --with-manpages=no"
>  PACKAGECONFIG[python2] = "--with-python2-bindings, --without-python2-bindings"
>  PACKAGECONFIG[python3] = "--with-python3-bindings, --without-python3-bindings"
>  PACKAGECONFIG[nss] = "--with-crypto=nss, ,nss,"
> -PACKAGECONFIG[cyrpto] = "--with-crypto=libcrypto, , libcrypto"
> +PACKAGECONFIG[cyrpto] = "--with-crypto=libcrypto, , libcrypto10"
>...

This looks wrong for multiple reasons, and it still gave the same error 
when I tried it.

How has this change been tested?

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

Re: [meta-security][PATCH 2/2] sssd: fix libcrypto version used

[akuster808]

On 3/26/19 3:24 AM, Adrian Bunk wrote:
> On Mon, Mar 25, 2019 at 09:58:55AM -0700, Armin Kuster wrote:
>> Signed-off-by: Armin Kuster <akuster808@gmail.com>
>> ---
>>  recipes-security/sssd/sssd_1.16.3.bb | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/recipes-security/sssd/sssd_1.16.3.bb b/recipes-security/sssd/sssd_1.16.3.bb
>> index 8f7f805..d39fa23 100644
>> --- a/recipes-security/sssd/sssd_1.16.3.bb
>> +++ b/recipes-security/sssd/sssd_1.16.3.bb
>> @@ -33,7 +33,7 @@ PACKAGECONFIG[manpages] = "--with-manpages, --with-manpages=no"
>>  PACKAGECONFIG[python2] = "--with-python2-bindings, --without-python2-bindings"
>>  PACKAGECONFIG[python3] = "--with-python3-bindings, --without-python3-bindings"
>>  PACKAGECONFIG[nss] = "--with-crypto=nss, ,nss,"
>> -PACKAGECONFIG[cyrpto] = "--with-crypto=libcrypto, , libcrypto"
>> +PACKAGECONFIG[cyrpto] = "--with-crypto=libcrypto, , libcrypto10"
>> ...
> This looks wrong for multiple reasons, and it still gave the same error 
> when I tried it.
That is troubling. I don't see any errors here. Thanks for the feed
back. I will have to dig at this a bit more.

Can you provide some build detail so that I can reproduce it?

>
> How has this change been tested?
Not for this change.

Which reminds me I should automate some testing for this package.

regards,
Armin
>
> cu
> Adrian
>

Re: [meta-security][PATCH 2/2] sssd: fix libcrypto version used

[Adrian Bunk]

On Tue, Mar 26, 2019 at 03:52:39PM -0700, akuster808 wrote:
> 
> 
> On 3/26/19 3:24 AM, Adrian Bunk wrote:
> > On Mon, Mar 25, 2019 at 09:58:55AM -0700, Armin Kuster wrote:
> >> Signed-off-by: Armin Kuster <akuster808@gmail.com>
> >> ---
> >>  recipes-security/sssd/sssd_1.16.3.bb | 2 +-
> >>  1 file changed, 1 insertion(+), 1 deletion(-)
> >>
> >> diff --git a/recipes-security/sssd/sssd_1.16.3.bb b/recipes-security/sssd/sssd_1.16.3.bb
> >> index 8f7f805..d39fa23 100644
> >> --- a/recipes-security/sssd/sssd_1.16.3.bb
> >> +++ b/recipes-security/sssd/sssd_1.16.3.bb
> >> @@ -33,7 +33,7 @@ PACKAGECONFIG[manpages] = "--with-manpages, --with-manpages=no"
> >>  PACKAGECONFIG[python2] = "--with-python2-bindings, --without-python2-bindings"
> >>  PACKAGECONFIG[python3] = "--with-python3-bindings, --without-python3-bindings"
> >>  PACKAGECONFIG[nss] = "--with-crypto=nss, ,nss,"
> >> -PACKAGECONFIG[cyrpto] = "--with-crypto=libcrypto, , libcrypto"
> >> +PACKAGECONFIG[cyrpto] = "--with-crypto=libcrypto, , libcrypto10"
> >> ...
> > This looks wrong for multiple reasons, and it still gave the same error 
> > when I tried it.
> That is troubling. I don't see any errors here. Thanks for the feed
> back. I will have to dig at this a bit more.
> 
> Can you provide some build detail so that I can reproduce it?

Try building the package without nss but with cyrpto (sic) in PACKAGECONFIG.

> > How has this change been tested?
> Not for this change.
> 
> Which reminds me I should automate some testing for this package.

This is not about automating testing.

This is about first reproducing the problem you are trying to fix,
and then verifying that your fix actually fixes this problem.

Which is the fundamental way to do any kind of bugfixing.[1]

This one line already contained two bugs,[2] and the commit added a 
third problem (usage of OpenSSL 1.0) without fixing any of these bugs.

The commit message not stating any reason why this change was done only 
adds to the confusion.
I thought originally this was a workaround for code not building with 
OpenSSL 1.1, which would then also be required for thud.

> regards,
> Armin

cu
Adrian

[1] this is not one of the harder cases where reproducing the problem
    would be a problem
[2] "cyrpto", and "libcrypto" instead of "openssl p11-kit"

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

Re: [meta-security][PATCH 2/2] sssd: fix libcrypto version used

[akuster808]

On 3/27/19 12:16 AM, Adrian Bunk wrote:
> On Tue, Mar 26, 2019 at 03:52:39PM -0700, akuster808 wrote:
>>
>> On 3/26/19 3:24 AM, Adrian Bunk wrote:
>>> On Mon, Mar 25, 2019 at 09:58:55AM -0700, Armin Kuster wrote:
>>>> Signed-off-by: Armin Kuster <akuster808@gmail.com>
>>>> ---
>>>>  recipes-security/sssd/sssd_1.16.3.bb | 2 +-
>>>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>>>
>>>> diff --git a/recipes-security/sssd/sssd_1.16.3.bb b/recipes-security/sssd/sssd_1.16.3.bb
>>>> index 8f7f805..d39fa23 100644
>>>> --- a/recipes-security/sssd/sssd_1.16.3.bb
>>>> +++ b/recipes-security/sssd/sssd_1.16.3.bb
>>>> @@ -33,7 +33,7 @@ PACKAGECONFIG[manpages] = "--with-manpages, --with-manpages=no"
>>>>  PACKAGECONFIG[python2] = "--with-python2-bindings, --without-python2-bindings"
>>>>  PACKAGECONFIG[python3] = "--with-python3-bindings, --without-python3-bindings"
>>>>  PACKAGECONFIG[nss] = "--with-crypto=nss, ,nss,"
>>>> -PACKAGECONFIG[cyrpto] = "--with-crypto=libcrypto, , libcrypto"
>>>> +PACKAGECONFIG[cyrpto] = "--with-crypto=libcrypto, , libcrypto10"
>>>> ...
>>> This looks wrong for multiple reasons, and it still gave the same error 
>>> when I tried it.
>> That is troubling. I don't see any errors here. Thanks for the feed
>> back. I will have to dig at this a bit more.
>>
>> Can you provide some build detail so that I can reproduce it?
> Try building the package without nss but with cyrpto (sic) in PACKAGECONFIG.
Ok. I see it now.
>
>>> How has this change been tested?
>> Not for this change.
>>
>> Which reminds me I should automate some testing for this package.
> This is not about automating testing.
>
> This is about first reproducing the problem you are trying to fix,
> and then verifying that your fix actually fixes this problem.
And that is what i thought I was doing.

>
> Which is the fundamental way to do any kind of bugfixing.[1]
Thanks for the reminder.
>
> This one line already contained two bugs,[2] and the commit added a 
> third problem (usage of OpenSSL 1.0) without fixing any of these bugs.
>
> The commit message not stating any reason why this change was done only 
> adds to the confusion.
> I thought originally this was a workaround for code not building with 
> OpenSSL 1.1, which would then also be required for thud.
I will keep that in mind.

thanks,
Armin
>
>> regards,
>> Armin
> cu
> Adrian
>
> [1] this is not one of the harder cases where reproducing the problem
>     would be a problem
> [2] "cyrpto", and "libcrypto" instead of "openssl p11-kit"
>