From 17b8e2e895448aeae990b419036448011b6eb105 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Fri, 9 Jul 2021 12:51:07 +0200 Subject: [PATCH] remove authconfig support Authconfig compatibility tool (from authselect-compat) will be removed from Fedora 35: https://fedoraproject.org/wiki/Changes/RemoveAuthselectCompatPackage --- pyanaconda/core/kickstart/commands.py | 1 - pyanaconda/modules/security/installation.py | 35 +------- pyanaconda/modules/security/kickstart.py | 2 - pyanaconda/modules/security/security.py | 44 +-------- .../modules/security/security_interface.py | 23 ----- .../modules/security/test_module_security.py | 89 +------------------ 6 files changed, 6 insertions(+), 188 deletions(-) diff --git a/pyanaconda/core/kickstart/commands.py b/pyanaconda/core/kickstart/commands.py index 3c3eed0..b3fbdff 100644 --- a/pyanaconda/core/kickstart/commands.py +++ b/pyanaconda/core/kickstart/commands.py @@ -22,7 +22,6 @@ # pylint:disable=unused-import # Supported kickstart commands. -from pykickstart.commands.authconfig import F28_Authconfig as Authconfig from pykickstart.commands.authselect import F28_Authselect as Authselect from pykickstart.commands.autopart import F29_AutoPart as AutoPart from pykickstart.commands.autostep import FC3_AutoStep as AutoStep diff --git a/pyanaconda/modules/security/installation.py b/pyanaconda/modules/security/installation.py index 03badc1678..9d3369f737 100644 --- a/pyanaconda/modules/security/installation.py +++ b/pyanaconda/modules/security/installation.py @@ -33,7 +33,6 @@ REALM_TOOL_NAME = "realm" AUTHSELECT_TOOL_PATH = "/usr/bin/authselect" -AUTHCONFIG_TOOL_PATH = "/usr/sbin/authconfig" PAM_SO_PATH = "/lib/security/pam_fprintd.so" PAM_SO_64_PATH = "/lib64/security/pam_fprintd.so" @@ -356,7 +355,7 @@ def run(self): def run_auth_tool(cmd, args, root, required=True): """Run an authentication related tool. - This generally means either authselect or the legacy authconfig tool. + This generally means authselect. :param str cmd: path to the tool to be run :param list(str) args: list of arguments passed to the tool :param str root: a path to the root in which the tool should be run @@ -443,35 +442,3 @@ def run(self): self._authselect_options + ["--force"], self._sysroot ) - - -class ConfigureAuthconfigTask(Task): - """Installation task for Authconfig configuration. - - NOTE: Authconfig is deprecated, this is present temporarily - as long as we want to provide backward compatibility - for the authconfig command in kickstart. - """ - - def __init__(self, sysroot, authconfig_options): - """Create a new Authconfig configuration task. - - :param str sysroot: a path to the root of the target system - :param list authconfig_options: options for authconfig - """ - super().__init__() - self._sysroot = sysroot - self._authconfig_options = authconfig_options - - @property - def name(self): - return "Authconfig configuration" - - def run(self): - # Apply the authconfig options from the kickstart file (deprecated). - if self._authconfig_options: - run_auth_tool( - AUTHCONFIG_TOOL_PATH, - ["--update", "--nostart"] + self._authconfig_options, - self._sysroot - ) diff --git a/pyanaconda/modules/security/kickstart.py b/pyanaconda/modules/security/kickstart.py index 1adbc72934..24cbb03253 100644 --- a/pyanaconda/modules/security/kickstart.py +++ b/pyanaconda/modules/security/kickstart.py @@ -23,8 +23,6 @@ class SecurityKickstartSpecification(KickstartSpecification): commands = { - "auth": COMMANDS.Authconfig, - "authconfig": COMMANDS.Authconfig, "authselect": COMMANDS.Authselect, "selinux": COMMANDS.SELinux, "realm": COMMANDS.Realm diff --git a/pyanaconda/modules/security/security.py b/pyanaconda/modules/security/security.py index b4e9f3f..de1b7f1 100644 --- a/pyanaconda/modules/security/security.py +++ b/pyanaconda/modules/security/security.py @@ -32,7 +32,7 @@ from pyanaconda.modules.security.kickstart import SecurityKickstartSpecification from pyanaconda.modules.security.security_interface import SecurityInterface from pyanaconda.modules.security.installation import ConfigureSELinuxTask, \ RealmDiscoverTask, RealmJoinTask, ConfigureAuthselectTask, \ - ConfigureAuthconfigTask, ConfigureFingerprintAuthTask + ConfigureFingerprintAuthTask from pyanaconda.anaconda_loggers import get_module_logger log = get_module_logger(__name__) @@ -50,9 +50,6 @@ class SecurityService(KickstartService): self.authselect_changed = Signal() self._authselect_args = [] - self.authconfig_changed = Signal() - self._authconfig_args = [] - self.fingerprint_auth_enabled_changed = Signal() self._fingerprint_auth_enabled = False @@ -78,9 +75,6 @@ class SecurityService(KickstartService): if data.authselect.authselect: self.set_authselect(shlex.split(data.authselect.authselect)) - if data.authconfig.authconfig: - self.set_authconfig(shlex.split(data.authconfig.authconfig)) - if data.realm.join_realm: realm = RealmData() realm.name = data.realm.join_realm @@ -97,9 +91,6 @@ class SecurityService(KickstartService): if self.authselect: data.authselect.authselect = " ".join(self.authselect) - if self.authconfig: - data.authconfig.authconfig = " ".join(self.authconfig) - if self.realm.name: data.realm.join_realm = self.realm.name data.realm.discover_options = self.realm.discover_options @@ -139,27 +130,6 @@ class SecurityService(KickstartService): self.authselect_changed.emit() log.debug("Authselect is set to %s.", args) - @property - def authconfig(self): - """Arguments for the authconfig tool. - - Authconfig is deprecated, use authselect. - - :return: a list of arguments - """ - return self._authconfig_args - - def set_authconfig(self, args): - """Set the arguments for the authconfig tool. - - Authconfig is deprecated, use authselect. - - :param args: a list of arguments - """ - self._authconfig_args = args - self.authconfig_changed.emit() - log.debug("Authconfig is set to %s.", args) - @property def fingerprint_auth_enabled(self): """Specifies if fingerprint authentication should be enabled. @@ -216,7 +186,7 @@ class SecurityService(KickstartService): for name in self.realm.required_packages: requirements.append(Requirement.for_package(name, reason="Needed to join a realm.")) - # Add authselect / authconfig requirements + # Add authselect requirements if self.authselect or self.fingerprint_auth_enabled: # we need the authselect package in two cases: # - autselect command is used in kickstart @@ -227,12 +197,6 @@ class SecurityService(KickstartService): "for fingerprint authentication support." )) - if self.authconfig: - requirements.append(Requirement.for_package( - "authselect-compat", - reason="Needed to support legacy authconfig kickstart command." - )) - return requirements def discover_realm_with_task(self): @@ -271,9 +235,5 @@ class SecurityService(KickstartService): ConfigureAuthselectTask( sysroot=conf.target.system_root, authselect_options=self.authselect - ), - ConfigureAuthconfigTask( - sysroot=conf.target.system_root, - authconfig_options=self.authconfig ) ] diff --git a/pyanaconda/modules/security/security_interface.py b/pyanaconda/modules/security/security_interface.py index 5191b39..537b972 100644 --- a/pyanaconda/modules/security/security_interface.py +++ b/pyanaconda/modules/security/security_interface.py @@ -35,7 +35,6 @@ class SecurityInterface(KickstartModuleInterface): super().connect_signals() self.watch_property("SELinux", self.implementation.selinux_changed) self.watch_property("Authselect", self.implementation.authselect_changed) - self.watch_property("Authconfig", self.implementation.authconfig_changed) self.watch_property( "FingerprintAuthEnabled", self.implementation.fingerprint_auth_enabled_changed ) @@ -83,28 +82,6 @@ class SecurityInterface(KickstartModuleInterface): """ self.implementation.set_authselect(args) - @property - def Authconfig(self) -> List[Str]: - """Arguments for the authconfig tool. - - Authconfig is deprecated, use authselect. - - :return: a list of arguments - """ - return self.implementation.authconfig - - @emits_properties_changed - def SetAuthconfig(self, args: List[Str]): - """Set the arguments for the authconfig tool. - - Authconfig is deprecated, use authselect. - - Example: ['--passalgo=sha512', '--useshadow'] - - :param args: a list of arguments - """ - self.implementation.set_authconfig(args) - @property def Realm(self) -> Structure: """Specification of the enrollment in a realm. diff --git a/tests/nosetests/pyanaconda_tests/module_security_test.py b/tests/nosetests/pyanaconda_tests/module_security_test.py index 9ea41ec..9fe23e9 100644 --- a/tests/nosetests/pyanaconda_tests/module_security_test.py +++ b/tests/nosetests/pyanaconda_tests/module_security_test.py @@ -33,8 +33,8 @@ from pyanaconda.modules.security.security_interface import SecurityInterface from pyanaconda.modules.security.constants import SELinuxMode from pyanaconda.modules.security.installation import ConfigureSELinuxTask, \ RealmDiscoverTask, RealmJoinTask, ConfigureFingerprintAuthTask, \ - ConfigureAuthselectTask, ConfigureAuthconfigTask, AUTHSELECT_TOOL_PATH, \ - AUTHCONFIG_TOOL_PATH, PAM_SO_64_PATH, PAM_SO_PATH + ConfigureAuthselectTask, AUTHSELECT_TOOL_PATH, \ + PAM_SO_64_PATH, PAM_SO_PATH from tests.nosetests.pyanaconda_tests import patch_dbus_publish_object, check_kickstart_interface, \ check_task_creation, check_task_creation_list, PropertiesChangedCallback, check_dbus_property from pyanaconda.modules.common.structures.requirement import Requirement @@ -64,7 +64,7 @@ class SecurityInterfaceTestCase(unittest.TestCase): def kickstart_properties_test(self): """Test kickstart properties.""" self.assertEqual(self.security_interface.KickstartCommands, - ["auth", "authconfig", "authselect", "selinux", "realm"]) + ["authselect", "selinux", "realm"]) self.assertEqual(self.security_interface.KickstartSections, []) self.assertEqual(self.security_interface.KickstartAddons, []) self.callback.assert_not_called() @@ -83,13 +83,6 @@ class SecurityInterfaceTestCase(unittest.TestCase): ["sssd", "with-mkhomedir"] ) - def authconfig_property_test(self): - """Test the authconfig property.""" - self._check_dbus_property( - "Authconfig", - ["--passalgo=sha512", "--useshadow"] - ) - def fingerprint_auth_enabled_test(self): """Test the fingerprint_auth_enabled property.""" self._check_dbus_property( @@ -137,28 +130,6 @@ class SecurityInterfaceTestCase(unittest.TestCase): """ self._test_kickstart(ks_in, ks_out) - def auth_kickstart_test(self): - """Test the auth command.""" - ks_in = """ - auth --passalgo=sha512 --useshadow - """ - ks_out = """ - # System authorization information - auth --passalgo=sha512 --useshadow - """ - self._test_kickstart(ks_in, ks_out) - - def authconfig_kickstart_test(self): - """Test the authconfig command.""" - ks_in = """ - authconfig --passalgo=sha512 --useshadow - """ - ks_out = """ - # System authorization information - auth --passalgo=sha512 --useshadow - """ - self._test_kickstart(ks_in, ks_out) - def authselect_kickstart_test(self): """Test the authselect command.""" ks_in = """ @@ -210,7 +181,6 @@ class SecurityInterfaceTestCase(unittest.TestCase): ConfigureSELinuxTask, ConfigureFingerprintAuthTask, ConfigureAuthselectTask, - ConfigureAuthconfigTask, ] task_paths = self.security_interface.InstallWithTasks() task_objs = check_task_creation_list(self, task_paths, publisher, task_classes) @@ -224,9 +194,6 @@ class SecurityInterfaceTestCase(unittest.TestCase): # ConfigureAuthselectTask obj = task_objs[2] self.assertEqual(obj.implementation._authselect_options, []) - # ConfigureAuthconfigTask - obj = task_objs[3] - self.assertEqual(obj.implementation._authconfig_options, []) @patch_dbus_publish_object def realm_join_default_test(self, publisher): @@ -247,20 +214,17 @@ class SecurityInterfaceTestCase(unittest.TestCase): realm.discovered = True authselect = ['select', 'sssd'] - authconfig = ['--passalgo=sha512', '--useshadow'] fingerprint = True self.security_interface.SetRealm(RealmData.to_structure(realm)) self.security_interface.SetSELinux(SELINUX_PERMISSIVE) self.security_interface.SetAuthselect(authselect) - self.security_interface.SetAuthconfig(authconfig) self.security_interface.SetFingerprintAuthEnabled(fingerprint) task_classes = [ ConfigureSELinuxTask, ConfigureFingerprintAuthTask, ConfigureAuthselectTask, - ConfigureAuthconfigTask, ] task_paths = self.security_interface.InstallWithTasks() task_objs = check_task_creation_list(self, task_paths, publisher, task_classes) @@ -274,9 +238,6 @@ class SecurityInterfaceTestCase(unittest.TestCase): # ConfigureAuthselectTask obj = task_objs[2] self.assertEqual(obj.implementation._authselect_options, authselect) - # ConfigureAuthconfigTask - obj = task_objs[3] - self.assertEqual(obj.implementation._authconfig_options, authconfig) @patch_dbus_publish_object def realm_join_configured_test(self, publisher): @@ -366,15 +327,6 @@ class SecurityInterfaceTestCase(unittest.TestCase): def authselect_requirements_test(self): """Test that package requirements for authselect propagate correctly.""" - self.security_interface.SetAuthconfig(['--passalgo=sha512', '--useshadow']) - requirements = Requirement.from_structure_list( - self.security_interface.CollectRequirements() - ) - self.assertEqual(len(requirements), 1) - self.assertEqual(requirements[0].type, "package") - self.assertEqual(requirements[0].name, "authselect-compat") - - self.security_interface.SetAuthconfig([]) self.security_interface.SetAuthselect(['select', 'sssd']) requirements = Requirement.from_structure_list( self.security_interface.CollectRequirements() @@ -383,7 +335,6 @@ class SecurityInterfaceTestCase(unittest.TestCase): self.assertEqual(requirements[0].type, "package") self.assertEqual(requirements[0].name, "authselect") - self.security_interface.SetAuthconfig([]) self.security_interface.SetAuthselect([]) self.security_interface.SetFingerprintAuthEnabled(True) requirements = Requirement.from_structure_list( @@ -860,37 +811,3 @@ class SecurityTasksTestCase(unittest.TestCase): root=sysroot ) os.remove(authselect_path) - - @patch('pyanaconda.core.util.execWithRedirect') - def configure_authconfig_task_test(self, execWithRedirect): - """Test the configure authconfig task.""" - with tempfile.TemporaryDirectory() as sysroot: - - authconfig_dir = os.path.normpath(sysroot + os.path.dirname(AUTHCONFIG_TOOL_PATH)) - authconfig_path = os.path.normpath(sysroot + AUTHCONFIG_TOOL_PATH) - os.makedirs(authconfig_dir) - - # The authconfig command is missing - execWithRedirect.reset_mock() - task = ConfigureAuthconfigTask( - sysroot=sysroot, - authconfig_options=["--passalgo=sha512", "--useshadow"] - ) - with self.assertRaises(SecurityInstallationError): - task.run() - execWithRedirect.assert_not_called() - - # The authconfig command is there - execWithRedirect.reset_mock() - os.mknod(authconfig_path) - task = ConfigureAuthconfigTask( - sysroot=sysroot, - authconfig_options=["--passalgo=sha512", "--useshadow"] - ) - task.run() - execWithRedirect.assert_called_once_with( - AUTHCONFIG_TOOL_PATH, - ["--update", "--nostart", "--passalgo=sha512", "--useshadow"], - root=sysroot - ) - os.remove(authconfig_path) -- 2.27.0