remove authconfig support

Signed-off-by: yanan-rock <yanan@huawei.com> (cherry picked from commit a28c47ae4e4d9df574e5e96a65931234c613cab0)
2022-01-29 04:52:03 -05:00 · 2022-01-29 04:52:03 -05:00 · 5d3c5dfaf5
commit 5d3c5dfaf5
parent 6e0d6b5a0d
2 changed files with 431 additions and 1 deletions
--- a/anaconda.spec
+++ b/anaconda.spec
@ -4,7 +4,7 @@
 %endif
 Name:    anaconda
 Version: 33.19
-Release: 38
+Release: 39
 Summary: Graphical system installer
 License: GPLv2+ and MIT
 URL:     http://fedoraproject.org/wiki/Anaconda
@ -123,6 +123,7 @@ Patch9027:    bugfix-remove-flatpack-support.patch
 Patch9028:    Change-sidebar-background-size.patch
 Patch6078:    bugfix-Cancel-planned-manual-update-of-system-time-on-turni.patch
 Patch9029:    support-use-sm3-crypt-user-password.patch
+Patch6079:    backport-remove-authconfig-support.patch

 %define dbusver 1.2.3
 %define dnfver 3.6.0
@ -340,6 +341,12 @@ update-desktop-database &> /dev/null || :
 %{_datadir}/gtk-doc

 %changelog
+* Sun Jan 30 2022 yanan <yanan@huawei.com> - 33.19-39
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:remove authconfig support
+
 * Thu Jan 27 2022 liufushou <liufushou@live.cn> - 33.19-38
 - Type:bugfix
 - CVE:NA
--- a/backport-remove-authconfig-support.patch
+++ b/backport-remove-authconfig-support.patch
@ -0,0 +1,423 @@
+From 17b8e2e895448aeae990b419036448011b6eb105 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
+Date: Fri, 9 Jul 2021 12:51:07 +0200
+Subject: [PATCH] remove authconfig support
+
+Authconfig compatibility tool (from authselect-compat) will be removed from Fedora 35:
+https://fedoraproject.org/wiki/Changes/RemoveAuthselectCompatPackage
+---
+ pyanaconda/core/kickstart/commands.py         |  1 -
+ pyanaconda/modules/security/installation.py   | 35 +-------
+ pyanaconda/modules/security/kickstart.py      |  2 -
+ pyanaconda/modules/security/security.py       | 44 +--------
+ .../modules/security/security_interface.py    | 23 -----
+ .../modules/security/test_module_security.py  | 89 +------------------
+ 6 files changed, 6 insertions(+), 188 deletions(-)
+
+diff --git a/pyanaconda/core/kickstart/commands.py b/pyanaconda/core/kickstart/commands.py
+index 3c3eed0..b3fbdff 100644
+--- a/pyanaconda/core/kickstart/commands.py
+++ b/pyanaconda/core/kickstart/commands.py
+@@ -22,7 +22,6 @@
+ # pylint:disable=unused-import
+
+ # Supported kickstart commands.
+-from pykickstart.commands.authconfig import F28_Authconfig as Authconfig
+ from pykickstart.commands.authselect import F28_Authselect as Authselect
+ from pykickstart.commands.autopart import F29_AutoPart as AutoPart
+ from pykickstart.commands.autostep import FC3_AutoStep as AutoStep
+
+diff --git a/pyanaconda/modules/security/installation.py b/pyanaconda/modules/security/installation.py
+index 03badc1678..9d3369f737 100644
+--- a/pyanaconda/modules/security/installation.py
+++ b/pyanaconda/modules/security/installation.py
+@@ -33,7 +33,6 @@
+ 
+ REALM_TOOL_NAME = "realm"
+ AUTHSELECT_TOOL_PATH = "/usr/bin/authselect"
+-AUTHCONFIG_TOOL_PATH = "/usr/sbin/authconfig"
+ PAM_SO_PATH = "/lib/security/pam_fprintd.so"
+ PAM_SO_64_PATH = "/lib64/security/pam_fprintd.so"
+ 
+@@ -356,7 +355,7 @@ def run(self):
+ def run_auth_tool(cmd, args, root, required=True):
+     """Run an authentication related tool.
+ 
+-    This generally means either authselect or the legacy authconfig tool.
+    This generally means authselect.
+     :param str cmd: path to the tool to be run
+     :param list(str) args: list of arguments passed to the tool
+     :param str root: a path to the root in which the tool should be run
+@@ -443,35 +442,3 @@ def run(self):
+                 self._authselect_options + ["--force"],
+                 self._sysroot
+             )
+-
+-
+-class ConfigureAuthconfigTask(Task):
+-    """Installation task for Authconfig configuration.
+-
+-    NOTE: Authconfig is deprecated, this is present temporarily
+-          as long as we want to provide backward compatibility
+-          for the authconfig command in kickstart.
+-    """
+-
+-    def __init__(self, sysroot, authconfig_options):
+-        """Create a new Authconfig configuration task.
+-
+-        :param str sysroot: a path to the root of the target system
+-        :param list authconfig_options: options for authconfig
+-        """
+-        super().__init__()
+-        self._sysroot = sysroot
+-        self._authconfig_options = authconfig_options
+-
+-    @property
+-    def name(self):
+-        return "Authconfig configuration"
+-
+-    def run(self):
+-        # Apply the authconfig options from the kickstart file (deprecated).
+-        if self._authconfig_options:
+-            run_auth_tool(
+-                AUTHCONFIG_TOOL_PATH,
+-                ["--update", "--nostart"] + self._authconfig_options,
+-                self._sysroot
+-            )
+diff --git a/pyanaconda/modules/security/kickstart.py b/pyanaconda/modules/security/kickstart.py
+index 1adbc72934..24cbb03253 100644
+--- a/pyanaconda/modules/security/kickstart.py
+++ b/pyanaconda/modules/security/kickstart.py
+@@ -23,8 +23,6 @@
+ class SecurityKickstartSpecification(KickstartSpecification):
+ 
+     commands = {
+-        "auth": COMMANDS.Authconfig,
+-        "authconfig": COMMANDS.Authconfig,
+         "authselect": COMMANDS.Authselect,
+         "selinux": COMMANDS.SELinux,
+         "realm": COMMANDS.Realm
+diff --git a/pyanaconda/modules/security/security.py b/pyanaconda/modules/security/security.py
+index b4e9f3f..de1b7f1 100644
+--- a/pyanaconda/modules/security/security.py
+++ b/pyanaconda/modules/security/security.py
+@@ -32,7 +32,7 @@ from pyanaconda.modules.security.kickstart import SecurityKickstartSpecification
+ from pyanaconda.modules.security.security_interface import SecurityInterface
+ from pyanaconda.modules.security.installation import ConfigureSELinuxTask, \
+     RealmDiscoverTask, RealmJoinTask, ConfigureAuthselectTask, \
+-    ConfigureAuthconfigTask, ConfigureFingerprintAuthTask
+    ConfigureFingerprintAuthTask
+
+ from pyanaconda.anaconda_loggers import get_module_logger
+ log = get_module_logger(__name__)
+@@ -50,9 +50,6 @@ class SecurityService(KickstartService):
+         self.authselect_changed = Signal()
+         self._authselect_args = []
+
+-        self.authconfig_changed = Signal()
+-        self._authconfig_args = []
+-
+         self.fingerprint_auth_enabled_changed = Signal()
+         self._fingerprint_auth_enabled = False
+
+@@ -78,9 +75,6 @@ class SecurityService(KickstartService):
+         if data.authselect.authselect:
+             self.set_authselect(shlex.split(data.authselect.authselect))
+
+-        if data.authconfig.authconfig:
+-            self.set_authconfig(shlex.split(data.authconfig.authconfig))
+-
+         if data.realm.join_realm:
+             realm = RealmData()
+             realm.name = data.realm.join_realm
+@@ -97,9 +91,6 @@ class SecurityService(KickstartService):
+         if self.authselect:
+             data.authselect.authselect = " ".join(self.authselect)
+
+-        if self.authconfig:
+-            data.authconfig.authconfig = " ".join(self.authconfig)
+-
+         if self.realm.name:
+             data.realm.join_realm = self.realm.name
+             data.realm.discover_options = self.realm.discover_options
+@@ -139,27 +130,6 @@ class SecurityService(KickstartService):
+         self.authselect_changed.emit()
+         log.debug("Authselect is set to %s.", args)
+
+-    @property
+-    def authconfig(self):
+-        """Arguments for the authconfig tool.
+-
+-        Authconfig is deprecated, use authselect.
+-
+-        :return: a list of arguments
+-        """
+-        return self._authconfig_args
+-
+-    def set_authconfig(self, args):
+-        """Set the arguments for the authconfig tool.
+-
+-        Authconfig is deprecated, use authselect.
+-
+-        :param args: a list of arguments
+-        """
+-        self._authconfig_args = args
+-        self.authconfig_changed.emit()
+-        log.debug("Authconfig is set to %s.", args)
+-
+     @property
+     def fingerprint_auth_enabled(self):
+         """Specifies if fingerprint authentication should be enabled.
+@@ -216,7 +186,7 @@ class SecurityService(KickstartService):
+         for name in self.realm.required_packages:
+             requirements.append(Requirement.for_package(name, reason="Needed to join a realm."))
+
+-        # Add authselect / authconfig requirements
+        # Add authselect requirements
+         if self.authselect or self.fingerprint_auth_enabled:
+             # we need the authselect package in two cases:
+             # - autselect command is used in kickstart
+@@ -227,12 +197,6 @@ class SecurityService(KickstartService):
+                 "for fingerprint authentication support."
+             ))
+
+-        if self.authconfig:
+-            requirements.append(Requirement.for_package(
+-                "authselect-compat",
+-                reason="Needed to support legacy authconfig kickstart command."
+-            ))
+-
+         return requirements
+
+     def discover_realm_with_task(self):
+@@ -271,9 +235,5 @@ class SecurityService(KickstartService):
+             ConfigureAuthselectTask(
+                 sysroot=conf.target.system_root,
+                 authselect_options=self.authselect
+-            ),
+-            ConfigureAuthconfigTask(
+-                sysroot=conf.target.system_root,
+-                authconfig_options=self.authconfig
+             )
+         ]
+diff --git a/pyanaconda/modules/security/security_interface.py b/pyanaconda/modules/security/security_interface.py
+index 5191b39..537b972 100644
+--- a/pyanaconda/modules/security/security_interface.py
+++ b/pyanaconda/modules/security/security_interface.py
+@@ -35,7 +35,6 @@ class SecurityInterface(KickstartModuleInterface):
+         super().connect_signals()
+         self.watch_property("SELinux", self.implementation.selinux_changed)
+         self.watch_property("Authselect", self.implementation.authselect_changed)
+-        self.watch_property("Authconfig", self.implementation.authconfig_changed)
+         self.watch_property(
+             "FingerprintAuthEnabled", self.implementation.fingerprint_auth_enabled_changed
+         )
+@@ -83,28 +82,6 @@ class SecurityInterface(KickstartModuleInterface):
+         """
+         self.implementation.set_authselect(args)
+
+-    @property
+-    def Authconfig(self) -> List[Str]:
+-        """Arguments for the authconfig tool.
+-
+-        Authconfig is deprecated, use authselect.
+-
+-        :return: a list of arguments
+-        """
+-        return self.implementation.authconfig
+-
+-    @emits_properties_changed
+-    def SetAuthconfig(self, args: List[Str]):
+-        """Set the arguments for the authconfig tool.
+-
+-        Authconfig is deprecated, use authselect.
+-
+-        Example: ['--passalgo=sha512', '--useshadow']
+-
+-        :param args: a list of arguments
+-        """
+-        self.implementation.set_authconfig(args)
+-
+     @property
+     def Realm(self) -> Structure:
+         """Specification of the enrollment in a realm.
+diff --git a/tests/nosetests/pyanaconda_tests/module_security_test.py b/tests/nosetests/pyanaconda_tests/module_security_test.py
+index 9ea41ec..9fe23e9 100644
+--- a/tests/nosetests/pyanaconda_tests/module_security_test.py
+++ b/tests/nosetests/pyanaconda_tests/module_security_test.py
+@@ -33,8 +33,8 @@ from pyanaconda.modules.security.security_interface import SecurityInterface
+ from pyanaconda.modules.security.constants import SELinuxMode
+ from pyanaconda.modules.security.installation import ConfigureSELinuxTask, \
+     RealmDiscoverTask, RealmJoinTask, ConfigureFingerprintAuthTask, \
+-    ConfigureAuthselectTask, ConfigureAuthconfigTask, AUTHSELECT_TOOL_PATH, \
+-    AUTHCONFIG_TOOL_PATH, PAM_SO_64_PATH, PAM_SO_PATH
+    ConfigureAuthselectTask, AUTHSELECT_TOOL_PATH, \
+    PAM_SO_64_PATH, PAM_SO_PATH
+ from tests.nosetests.pyanaconda_tests import patch_dbus_publish_object, check_kickstart_interface, \
+     check_task_creation, check_task_creation_list, PropertiesChangedCallback, check_dbus_property
+ from pyanaconda.modules.common.structures.requirement import Requirement
+@@ -64,7 +64,7 @@ class SecurityInterfaceTestCase(unittest.TestCase):
+     def kickstart_properties_test(self):
+         """Test kickstart properties."""
+         self.assertEqual(self.security_interface.KickstartCommands,
+-                         ["auth", "authconfig", "authselect", "selinux", "realm"])
+                         ["authselect", "selinux", "realm"])
+         self.assertEqual(self.security_interface.KickstartSections, [])
+         self.assertEqual(self.security_interface.KickstartAddons, [])
+         self.callback.assert_not_called()
+@@ -83,13 +83,6 @@ class SecurityInterfaceTestCase(unittest.TestCase):
+             ["sssd", "with-mkhomedir"]
+         )
+
+-    def authconfig_property_test(self):
+-        """Test the authconfig property."""
+-        self._check_dbus_property(
+-            "Authconfig",
+-            ["--passalgo=sha512", "--useshadow"]
+-        )
+-
+     def fingerprint_auth_enabled_test(self):
+         """Test the fingerprint_auth_enabled property."""
+         self._check_dbus_property(
+@@ -137,28 +130,6 @@ class SecurityInterfaceTestCase(unittest.TestCase):
+         """
+         self._test_kickstart(ks_in, ks_out)
+
+-    def auth_kickstart_test(self):
+-        """Test the auth command."""
+-        ks_in = """
+-        auth --passalgo=sha512 --useshadow
+-        """
+-        ks_out = """
+-        # System authorization information
+-        auth --passalgo=sha512 --useshadow
+-        """
+-        self._test_kickstart(ks_in, ks_out)
+-
+-    def authconfig_kickstart_test(self):
+-        """Test the authconfig command."""
+-        ks_in = """
+-        authconfig --passalgo=sha512 --useshadow
+-        """
+-        ks_out = """
+-        # System authorization information
+-        auth --passalgo=sha512 --useshadow
+-        """
+-        self._test_kickstart(ks_in, ks_out)
+-
+     def authselect_kickstart_test(self):
+         """Test the authselect command."""
+         ks_in = """
+@@ -210,7 +181,6 @@ class SecurityInterfaceTestCase(unittest.TestCase):
+             ConfigureSELinuxTask,
+             ConfigureFingerprintAuthTask,
+             ConfigureAuthselectTask,
+-            ConfigureAuthconfigTask,
+         ]
+         task_paths = self.security_interface.InstallWithTasks()
+         task_objs = check_task_creation_list(self, task_paths, publisher, task_classes)
+@@ -224,9 +194,6 @@ class SecurityInterfaceTestCase(unittest.TestCase):
+         # ConfigureAuthselectTask
+         obj = task_objs[2]
+         self.assertEqual(obj.implementation._authselect_options, [])
+-        # ConfigureAuthconfigTask
+-        obj = task_objs[3]
+-        self.assertEqual(obj.implementation._authconfig_options, [])
+
+     @patch_dbus_publish_object
+     def realm_join_default_test(self, publisher):
+@@ -247,20 +214,17 @@ class SecurityInterfaceTestCase(unittest.TestCase):
+         realm.discovered = True
+
+         authselect = ['select', 'sssd']
+-        authconfig = ['--passalgo=sha512', '--useshadow']
+         fingerprint = True
+
+         self.security_interface.SetRealm(RealmData.to_structure(realm))
+         self.security_interface.SetSELinux(SELINUX_PERMISSIVE)
+         self.security_interface.SetAuthselect(authselect)
+-        self.security_interface.SetAuthconfig(authconfig)
+         self.security_interface.SetFingerprintAuthEnabled(fingerprint)
+
+         task_classes = [
+             ConfigureSELinuxTask,
+             ConfigureFingerprintAuthTask,
+             ConfigureAuthselectTask,
+-            ConfigureAuthconfigTask,
+         ]
+         task_paths = self.security_interface.InstallWithTasks()
+         task_objs = check_task_creation_list(self, task_paths, publisher, task_classes)
+@@ -274,9 +238,6 @@ class SecurityInterfaceTestCase(unittest.TestCase):
+         # ConfigureAuthselectTask
+         obj = task_objs[2]
+         self.assertEqual(obj.implementation._authselect_options, authselect)
+-        # ConfigureAuthconfigTask
+-        obj = task_objs[3]
+-        self.assertEqual(obj.implementation._authconfig_options, authconfig)
+
+     @patch_dbus_publish_object
+     def realm_join_configured_test(self, publisher):
+@@ -366,15 +327,6 @@ class SecurityInterfaceTestCase(unittest.TestCase):
+     def authselect_requirements_test(self):
+         """Test that package requirements for authselect propagate correctly."""
+
+-        self.security_interface.SetAuthconfig(['--passalgo=sha512', '--useshadow'])
+-        requirements = Requirement.from_structure_list(
+-            self.security_interface.CollectRequirements()
+-        )
+-        self.assertEqual(len(requirements), 1)
+-        self.assertEqual(requirements[0].type, "package")
+-        self.assertEqual(requirements[0].name, "authselect-compat")
+-
+-        self.security_interface.SetAuthconfig([])
+         self.security_interface.SetAuthselect(['select', 'sssd'])
+         requirements = Requirement.from_structure_list(
+             self.security_interface.CollectRequirements()
+@@ -383,7 +335,6 @@ class SecurityInterfaceTestCase(unittest.TestCase):
+         self.assertEqual(requirements[0].type, "package")
+         self.assertEqual(requirements[0].name, "authselect")
+
+-        self.security_interface.SetAuthconfig([])
+         self.security_interface.SetAuthselect([])
+         self.security_interface.SetFingerprintAuthEnabled(True)
+         requirements = Requirement.from_structure_list(
+@@ -860,37 +811,3 @@ class SecurityTasksTestCase(unittest.TestCase):
+                 root=sysroot
+             )
+             os.remove(authselect_path)
+-
+-    @patch('pyanaconda.core.util.execWithRedirect')
+-    def configure_authconfig_task_test(self, execWithRedirect):
+-        """Test the configure authconfig task."""
+-        with tempfile.TemporaryDirectory() as sysroot:
+-
+-            authconfig_dir = os.path.normpath(sysroot + os.path.dirname(AUTHCONFIG_TOOL_PATH))
+-            authconfig_path = os.path.normpath(sysroot + AUTHCONFIG_TOOL_PATH)
+-            os.makedirs(authconfig_dir)
+-
+-            # The authconfig command is missing
+-            execWithRedirect.reset_mock()
+-            task = ConfigureAuthconfigTask(
+-                sysroot=sysroot,
+-                authconfig_options=["--passalgo=sha512", "--useshadow"]
+-            )
+-            with self.assertRaises(SecurityInstallationError):
+-                task.run()
+-            execWithRedirect.assert_not_called()
+-
+-            # The authconfig command is there
+-            execWithRedirect.reset_mock()
+-            os.mknod(authconfig_path)
+-            task = ConfigureAuthconfigTask(
+-                sysroot=sysroot,
+-                authconfig_options=["--passalgo=sha512", "--useshadow"]
+-            )
+-            task.run()
+-            execWithRedirect.assert_called_once_with(
+-                AUTHCONFIG_TOOL_PATH,
+-                ["--update", "--nostart", "--passalgo=sha512", "--useshadow"],
+-                root=sysroot
+-            )
+-            os.remove(authconfig_path)
+--
+2.27.0