Re: [Buildroot] [PATCH] package/openssh: fix dependencies with refpolicy

From: Peter Korsgaard <peter@korsgaard.com>
To: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Adam Duskett <adam.duskett@amarulasolutions.com>,
	Fabrice Fontaine <fontaine.fabrice@gmail.com>,
	Thomas Petazzoni <thomas.petazzoni@bootlin.com>,
	buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH] package/openssh: fix dependencies with refpolicy
Date: Wed, 28 Feb 2024 12:25:17 +0100	[thread overview]
Message-ID: <87msrkrftu.fsf@48ers.dk> (raw)
In-Reply-To: <20240225092421.1468140-1-yann.morin.1998@free.fr> (Yann E. MORIN's message of "Sun, 25 Feb 2024 10:24:21 +0100")

>>>>> "Yann" == Yann E MORIN <yann.morin.1998@free.fr> writes:

 > Commit 2c5a82a29ceb (package/openssh: select linux-pam if refpolicy
 > upstream is selected) did not account for the linux-pam dependencies
 > before selecting it, causing unmet dependencies warnings (unfortunately,
 > not errors), such as:

 >     $ KCONFIG_SEED=0xCF227CF4 make randconfig
 >     WARNING: unmet direct dependencies detected for BR2_PACKAGE_LINUX_PAM
 >       Depends on [n]: BR2_ENABLE_LOCALE [=n] && BR2_USE_WCHAR [=n] && !BR2_STATIC_LIBS [=n] && BR2_USE_MMU [=y] && BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 [=y]
 >       Selected by [y]:
 >       - BR2_PACKAGE_OPENSSH [=y] && BR2_USE_MMU [=y] && BR2_PACKAGE_REFPOLICY_UPSTREAM_VERSION [=y]

 > 2c5a82a29ceb made the choice of having openssl bear the responsibility
 > to select linux-pam when the upstream refpolicy version was enabled.
 > Semantically however, the responsibility really lies within refpolicy
 > itself, since that's what imposes linux-pam to openssh.

 > Move the select to refpolicy and drop it from openssh. Then, ensure that
 > linux-pam is only selected when it is available.

 > That means that one may get an openssh that is not linked against
 > linux-pam, when the linux-pam dependencies are not met; refpolicy (by
 > way of libsepol) also has a more stringent requirement on gcc version
 > than linux-pam, so most probably the missing dependencies would be
 > locale, wchar, or a static build. We consider that situation to be a
 > corner case that we do not want to address.

 > In the future, we may have more similar situations, whereby refpolicy
 > would impose other packages be linked with otherwise optional
 > dependencies. If (when) that were (will be) the case, then the proposed
 > mechanism would quickly become ugly; we could then re-assess a nicer way
 > to do that. Until then, this is good ebough.

 > Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
 > Cc: Adam Duskett <adam.duskett@amarulasolutions.com>
 > Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 > Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>

 > ---
 > Changes v1 -> v2:
 >   - simplify the logic: have refpolicy bear the select

Committed, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot