diff --git a/anaconda.spec b/anaconda.spec index 112918da6839a39473954989de454781f206a76c..ecc56602173ed7fa6e8f2694c7e153600cc66621 100644 --- a/anaconda.spec +++ b/anaconda.spec @@ -4,7 +4,7 @@ %endif Name: anaconda Version: 33.19 -Release: 37 +Release: 38 Summary: Graphical system installer License: GPLv2+ and MIT URL: http://fedoraproject.org/wiki/Anaconda @@ -123,6 +123,7 @@ Patch9027: bugfix-remove-flatpack-support.patch Patch9028: Change-sidebar-background-size.patch Patch6078: bugfix-Cancel-planned-manual-update-of-system-time-on-turni.patch Patch9029: support-use-sm3-crypt-user-password.patch +Patch6079: backport-remove-authconfig-support.patch %define dbusver 1.2.3 %define dnfver 3.6.0 @@ -340,6 +341,12 @@ update-desktop-database &> /dev/null || : %{_datadir}/gtk-doc %changelog +* Sun Jan 30 2022 yanan - 33.19-38 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:remove authconfig support + * Wed Jan 26 2022 songnannan - 33.19-37 - Type:bugfix - ID:NA diff --git a/backport-remove-authconfig-support.patch b/backport-remove-authconfig-support.patch new file mode 100644 index 0000000000000000000000000000000000000000..0c752c7e10e9d278c572b9b6ae8d85c03b7433e0 --- /dev/null +++ b/backport-remove-authconfig-support.patch @@ -0,0 +1,423 @@ +From 17b8e2e895448aeae990b419036448011b6eb105 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pavel=20B=C5=99ezina?= +Date: Fri, 9 Jul 2021 12:51:07 +0200 +Subject: [PATCH] remove authconfig support + +Authconfig compatibility tool (from authselect-compat) will be removed from Fedora 35: +https://fedoraproject.org/wiki/Changes/RemoveAuthselectCompatPackage +--- + pyanaconda/core/kickstart/commands.py | 1 - + pyanaconda/modules/security/installation.py | 35 +------- + pyanaconda/modules/security/kickstart.py | 2 - + pyanaconda/modules/security/security.py | 44 +-------- + .../modules/security/security_interface.py | 23 ----- + .../modules/security/test_module_security.py | 89 +------------------ + 6 files changed, 6 insertions(+), 188 deletions(-) + +diff --git a/pyanaconda/core/kickstart/commands.py b/pyanaconda/core/kickstart/commands.py +index 3c3eed0..b3fbdff 100644 +--- a/pyanaconda/core/kickstart/commands.py ++++ b/pyanaconda/core/kickstart/commands.py +@@ -22,7 +22,6 @@ + # pylint:disable=unused-import + + # Supported kickstart commands. +-from pykickstart.commands.authconfig import F28_Authconfig as Authconfig + from pykickstart.commands.authselect import F28_Authselect as Authselect + from pykickstart.commands.autopart import F29_AutoPart as AutoPart + from pykickstart.commands.autostep import FC3_AutoStep as AutoStep + +diff --git a/pyanaconda/modules/security/installation.py b/pyanaconda/modules/security/installation.py +index 03badc1678..9d3369f737 100644 +--- a/pyanaconda/modules/security/installation.py ++++ b/pyanaconda/modules/security/installation.py +@@ -33,7 +33,6 @@ + + REALM_TOOL_NAME = "realm" + AUTHSELECT_TOOL_PATH = "/usr/bin/authselect" +-AUTHCONFIG_TOOL_PATH = "/usr/sbin/authconfig" + PAM_SO_PATH = "/lib/security/pam_fprintd.so" + PAM_SO_64_PATH = "/lib64/security/pam_fprintd.so" + +@@ -356,7 +355,7 @@ def run(self): + def run_auth_tool(cmd, args, root, required=True): + """Run an authentication related tool. + +- This generally means either authselect or the legacy authconfig tool. ++ This generally means authselect. + :param str cmd: path to the tool to be run + :param list(str) args: list of arguments passed to the tool + :param str root: a path to the root in which the tool should be run +@@ -443,35 +442,3 @@ def run(self): + self._authselect_options + ["--force"], + self._sysroot + ) +- +- +-class ConfigureAuthconfigTask(Task): +- """Installation task for Authconfig configuration. +- +- NOTE: Authconfig is deprecated, this is present temporarily +- as long as we want to provide backward compatibility +- for the authconfig command in kickstart. +- """ +- +- def __init__(self, sysroot, authconfig_options): +- """Create a new Authconfig configuration task. +- +- :param str sysroot: a path to the root of the target system +- :param list authconfig_options: options for authconfig +- """ +- super().__init__() +- self._sysroot = sysroot +- self._authconfig_options = authconfig_options +- +- @property +- def name(self): +- return "Authconfig configuration" +- +- def run(self): +- # Apply the authconfig options from the kickstart file (deprecated). +- if self._authconfig_options: +- run_auth_tool( +- AUTHCONFIG_TOOL_PATH, +- ["--update", "--nostart"] + self._authconfig_options, +- self._sysroot +- ) +diff --git a/pyanaconda/modules/security/kickstart.py b/pyanaconda/modules/security/kickstart.py +index 1adbc72934..24cbb03253 100644 +--- a/pyanaconda/modules/security/kickstart.py ++++ b/pyanaconda/modules/security/kickstart.py +@@ -23,8 +23,6 @@ + class SecurityKickstartSpecification(KickstartSpecification): + + commands = { +- "auth": COMMANDS.Authconfig, +- "authconfig": COMMANDS.Authconfig, + "authselect": COMMANDS.Authselect, + "selinux": COMMANDS.SELinux, + "realm": COMMANDS.Realm +diff --git a/pyanaconda/modules/security/security.py b/pyanaconda/modules/security/security.py +index b4e9f3f..de1b7f1 100644 +--- a/pyanaconda/modules/security/security.py ++++ b/pyanaconda/modules/security/security.py +@@ -32,7 +32,7 @@ from pyanaconda.modules.security.kickstart import SecurityKickstartSpecification + from pyanaconda.modules.security.security_interface import SecurityInterface + from pyanaconda.modules.security.installation import ConfigureSELinuxTask, \ + RealmDiscoverTask, RealmJoinTask, ConfigureAuthselectTask, \ +- ConfigureAuthconfigTask, ConfigureFingerprintAuthTask ++ ConfigureFingerprintAuthTask + + from pyanaconda.anaconda_loggers import get_module_logger + log = get_module_logger(__name__) +@@ -50,9 +50,6 @@ class SecurityService(KickstartService): + self.authselect_changed = Signal() + self._authselect_args = [] + +- self.authconfig_changed = Signal() +- self._authconfig_args = [] +- + self.fingerprint_auth_enabled_changed = Signal() + self._fingerprint_auth_enabled = False + +@@ -78,9 +75,6 @@ class SecurityService(KickstartService): + if data.authselect.authselect: + self.set_authselect(shlex.split(data.authselect.authselect)) + +- if data.authconfig.authconfig: +- self.set_authconfig(shlex.split(data.authconfig.authconfig)) +- + if data.realm.join_realm: + realm = RealmData() + realm.name = data.realm.join_realm +@@ -97,9 +91,6 @@ class SecurityService(KickstartService): + if self.authselect: + data.authselect.authselect = " ".join(self.authselect) + +- if self.authconfig: +- data.authconfig.authconfig = " ".join(self.authconfig) +- + if self.realm.name: + data.realm.join_realm = self.realm.name + data.realm.discover_options = self.realm.discover_options +@@ -139,27 +130,6 @@ class SecurityService(KickstartService): + self.authselect_changed.emit() + log.debug("Authselect is set to %s.", args) + +- @property +- def authconfig(self): +- """Arguments for the authconfig tool. +- +- Authconfig is deprecated, use authselect. +- +- :return: a list of arguments +- """ +- return self._authconfig_args +- +- def set_authconfig(self, args): +- """Set the arguments for the authconfig tool. +- +- Authconfig is deprecated, use authselect. +- +- :param args: a list of arguments +- """ +- self._authconfig_args = args +- self.authconfig_changed.emit() +- log.debug("Authconfig is set to %s.", args) +- + @property + def fingerprint_auth_enabled(self): + """Specifies if fingerprint authentication should be enabled. +@@ -216,7 +186,7 @@ class SecurityService(KickstartService): + for name in self.realm.required_packages: + requirements.append(Requirement.for_package(name, reason="Needed to join a realm.")) + +- # Add authselect / authconfig requirements ++ # Add authselect requirements + if self.authselect or self.fingerprint_auth_enabled: + # we need the authselect package in two cases: + # - autselect command is used in kickstart +@@ -227,12 +197,6 @@ class SecurityService(KickstartService): + "for fingerprint authentication support." + )) + +- if self.authconfig: +- requirements.append(Requirement.for_package( +- "authselect-compat", +- reason="Needed to support legacy authconfig kickstart command." +- )) +- + return requirements + + def discover_realm_with_task(self): +@@ -271,9 +235,5 @@ class SecurityService(KickstartService): + ConfigureAuthselectTask( + sysroot=conf.target.system_root, + authselect_options=self.authselect +- ), +- ConfigureAuthconfigTask( +- sysroot=conf.target.system_root, +- authconfig_options=self.authconfig + ) + ] +diff --git a/pyanaconda/modules/security/security_interface.py b/pyanaconda/modules/security/security_interface.py +index 5191b39..537b972 100644 +--- a/pyanaconda/modules/security/security_interface.py ++++ b/pyanaconda/modules/security/security_interface.py +@@ -35,7 +35,6 @@ class SecurityInterface(KickstartModuleInterface): + super().connect_signals() + self.watch_property("SELinux", self.implementation.selinux_changed) + self.watch_property("Authselect", self.implementation.authselect_changed) +- self.watch_property("Authconfig", self.implementation.authconfig_changed) + self.watch_property( + "FingerprintAuthEnabled", self.implementation.fingerprint_auth_enabled_changed + ) +@@ -83,28 +82,6 @@ class SecurityInterface(KickstartModuleInterface): + """ + self.implementation.set_authselect(args) + +- @property +- def Authconfig(self) -> List[Str]: +- """Arguments for the authconfig tool. +- +- Authconfig is deprecated, use authselect. +- +- :return: a list of arguments +- """ +- return self.implementation.authconfig +- +- @emits_properties_changed +- def SetAuthconfig(self, args: List[Str]): +- """Set the arguments for the authconfig tool. +- +- Authconfig is deprecated, use authselect. +- +- Example: ['--passalgo=sha512', '--useshadow'] +- +- :param args: a list of arguments +- """ +- self.implementation.set_authconfig(args) +- + @property + def Realm(self) -> Structure: + """Specification of the enrollment in a realm. +diff --git a/tests/nosetests/pyanaconda_tests/module_security_test.py b/tests/nosetests/pyanaconda_tests/module_security_test.py +index 9ea41ec..9fe23e9 100644 +--- a/tests/nosetests/pyanaconda_tests/module_security_test.py ++++ b/tests/nosetests/pyanaconda_tests/module_security_test.py +@@ -33,8 +33,8 @@ from pyanaconda.modules.security.security_interface import SecurityInterface + from pyanaconda.modules.security.constants import SELinuxMode + from pyanaconda.modules.security.installation import ConfigureSELinuxTask, \ + RealmDiscoverTask, RealmJoinTask, ConfigureFingerprintAuthTask, \ +- ConfigureAuthselectTask, ConfigureAuthconfigTask, AUTHSELECT_TOOL_PATH, \ +- AUTHCONFIG_TOOL_PATH, PAM_SO_64_PATH, PAM_SO_PATH ++ ConfigureAuthselectTask, AUTHSELECT_TOOL_PATH, \ ++ PAM_SO_64_PATH, PAM_SO_PATH + from tests.nosetests.pyanaconda_tests import patch_dbus_publish_object, check_kickstart_interface, \ + check_task_creation, check_task_creation_list, PropertiesChangedCallback, check_dbus_property + from pyanaconda.modules.common.structures.requirement import Requirement +@@ -64,7 +64,7 @@ class SecurityInterfaceTestCase(unittest.TestCase): + def kickstart_properties_test(self): + """Test kickstart properties.""" + self.assertEqual(self.security_interface.KickstartCommands, +- ["auth", "authconfig", "authselect", "selinux", "realm"]) ++ ["authselect", "selinux", "realm"]) + self.assertEqual(self.security_interface.KickstartSections, []) + self.assertEqual(self.security_interface.KickstartAddons, []) + self.callback.assert_not_called() +@@ -83,13 +83,6 @@ class SecurityInterfaceTestCase(unittest.TestCase): + ["sssd", "with-mkhomedir"] + ) + +- def authconfig_property_test(self): +- """Test the authconfig property.""" +- self._check_dbus_property( +- "Authconfig", +- ["--passalgo=sha512", "--useshadow"] +- ) +- + def fingerprint_auth_enabled_test(self): + """Test the fingerprint_auth_enabled property.""" + self._check_dbus_property( +@@ -137,28 +130,6 @@ class SecurityInterfaceTestCase(unittest.TestCase): + """ + self._test_kickstart(ks_in, ks_out) + +- def auth_kickstart_test(self): +- """Test the auth command.""" +- ks_in = """ +- auth --passalgo=sha512 --useshadow +- """ +- ks_out = """ +- # System authorization information +- auth --passalgo=sha512 --useshadow +- """ +- self._test_kickstart(ks_in, ks_out) +- +- def authconfig_kickstart_test(self): +- """Test the authconfig command.""" +- ks_in = """ +- authconfig --passalgo=sha512 --useshadow +- """ +- ks_out = """ +- # System authorization information +- auth --passalgo=sha512 --useshadow +- """ +- self._test_kickstart(ks_in, ks_out) +- + def authselect_kickstart_test(self): + """Test the authselect command.""" + ks_in = """ +@@ -210,7 +181,6 @@ class SecurityInterfaceTestCase(unittest.TestCase): + ConfigureSELinuxTask, + ConfigureFingerprintAuthTask, + ConfigureAuthselectTask, +- ConfigureAuthconfigTask, + ] + task_paths = self.security_interface.InstallWithTasks() + task_objs = check_task_creation_list(self, task_paths, publisher, task_classes) +@@ -224,9 +194,6 @@ class SecurityInterfaceTestCase(unittest.TestCase): + # ConfigureAuthselectTask + obj = task_objs[2] + self.assertEqual(obj.implementation._authselect_options, []) +- # ConfigureAuthconfigTask +- obj = task_objs[3] +- self.assertEqual(obj.implementation._authconfig_options, []) + + @patch_dbus_publish_object + def realm_join_default_test(self, publisher): +@@ -247,20 +214,17 @@ class SecurityInterfaceTestCase(unittest.TestCase): + realm.discovered = True + + authselect = ['select', 'sssd'] +- authconfig = ['--passalgo=sha512', '--useshadow'] + fingerprint = True + + self.security_interface.SetRealm(RealmData.to_structure(realm)) + self.security_interface.SetSELinux(SELINUX_PERMISSIVE) + self.security_interface.SetAuthselect(authselect) +- self.security_interface.SetAuthconfig(authconfig) + self.security_interface.SetFingerprintAuthEnabled(fingerprint) + + task_classes = [ + ConfigureSELinuxTask, + ConfigureFingerprintAuthTask, + ConfigureAuthselectTask, +- ConfigureAuthconfigTask, + ] + task_paths = self.security_interface.InstallWithTasks() + task_objs = check_task_creation_list(self, task_paths, publisher, task_classes) +@@ -274,9 +238,6 @@ class SecurityInterfaceTestCase(unittest.TestCase): + # ConfigureAuthselectTask + obj = task_objs[2] + self.assertEqual(obj.implementation._authselect_options, authselect) +- # ConfigureAuthconfigTask +- obj = task_objs[3] +- self.assertEqual(obj.implementation._authconfig_options, authconfig) + + @patch_dbus_publish_object + def realm_join_configured_test(self, publisher): +@@ -366,15 +327,6 @@ class SecurityInterfaceTestCase(unittest.TestCase): + def authselect_requirements_test(self): + """Test that package requirements for authselect propagate correctly.""" + +- self.security_interface.SetAuthconfig(['--passalgo=sha512', '--useshadow']) +- requirements = Requirement.from_structure_list( +- self.security_interface.CollectRequirements() +- ) +- self.assertEqual(len(requirements), 1) +- self.assertEqual(requirements[0].type, "package") +- self.assertEqual(requirements[0].name, "authselect-compat") +- +- self.security_interface.SetAuthconfig([]) + self.security_interface.SetAuthselect(['select', 'sssd']) + requirements = Requirement.from_structure_list( + self.security_interface.CollectRequirements() +@@ -383,7 +335,6 @@ class SecurityInterfaceTestCase(unittest.TestCase): + self.assertEqual(requirements[0].type, "package") + self.assertEqual(requirements[0].name, "authselect") + +- self.security_interface.SetAuthconfig([]) + self.security_interface.SetAuthselect([]) + self.security_interface.SetFingerprintAuthEnabled(True) + requirements = Requirement.from_structure_list( +@@ -860,37 +811,3 @@ class SecurityTasksTestCase(unittest.TestCase): + root=sysroot + ) + os.remove(authselect_path) +- +- @patch('pyanaconda.core.util.execWithRedirect') +- def configure_authconfig_task_test(self, execWithRedirect): +- """Test the configure authconfig task.""" +- with tempfile.TemporaryDirectory() as sysroot: +- +- authconfig_dir = os.path.normpath(sysroot + os.path.dirname(AUTHCONFIG_TOOL_PATH)) +- authconfig_path = os.path.normpath(sysroot + AUTHCONFIG_TOOL_PATH) +- os.makedirs(authconfig_dir) +- +- # The authconfig command is missing +- execWithRedirect.reset_mock() +- task = ConfigureAuthconfigTask( +- sysroot=sysroot, +- authconfig_options=["--passalgo=sha512", "--useshadow"] +- ) +- with self.assertRaises(SecurityInstallationError): +- task.run() +- execWithRedirect.assert_not_called() +- +- # The authconfig command is there +- execWithRedirect.reset_mock() +- os.mknod(authconfig_path) +- task = ConfigureAuthconfigTask( +- sysroot=sysroot, +- authconfig_options=["--passalgo=sha512", "--useshadow"] +- ) +- task.run() +- execWithRedirect.assert_called_once_with( +- AUTHCONFIG_TOOL_PATH, +- ["--update", "--nostart", "--passalgo=sha512", "--useshadow"], +- root=sysroot +- ) +- os.remove(authconfig_path) +-- +2.27.0