packages/anaconda
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
anaconda/backport-remove-authconfig-support.patch
yanan-rock 5d3c5dfaf5 remove authconfig support 
Signed-off-by: yanan-rock <yanan@huawei.com>
(cherry picked from commit a28c47ae4e4d9df574e5e96a65931234c613cab0)
2022-01-30 15:46:02 +08:00

424 lines
17 KiB
Diff
Raw Blame History

From 17b8e2e895448aeae990b419036448011b6eb105 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Fri, 9 Jul 2021 12:51:07 +0200
Subject: [PATCH] remove authconfig support
Authconfig compatibility tool (from authselect-compat) will be removed from Fedora 35:
https://fedoraproject.org/wiki/Changes/RemoveAuthselectCompatPackage
---
pyanaconda/core/kickstart/commands.py | 1 -
pyanaconda/modules/security/installation.py | 35 +-------
pyanaconda/modules/security/kickstart.py | 2 -
pyanaconda/modules/security/security.py | 44 +--------
.../modules/security/security_interface.py | 23 -----
.../modules/security/test_module_security.py | 89 +------------------
6 files changed, 6 insertions(+), 188 deletions(-)
diff --git a/pyanaconda/core/kickstart/commands.py b/pyanaconda/core/kickstart/commands.py
index 3c3eed0..b3fbdff 100644
--- a/pyanaconda/core/kickstart/commands.py
+++ b/pyanaconda/core/kickstart/commands.py
@@ -22,7 +22,6 @@
# pylint:disable=unused-import
# Supported kickstart commands.
-from pykickstart.commands.authconfig import F28_Authconfig as Authconfig
from pykickstart.commands.authselect import F28_Authselect as Authselect
from pykickstart.commands.autopart import F29_AutoPart as AutoPart
from pykickstart.commands.autostep import FC3_AutoStep as AutoStep
diff --git a/pyanaconda/modules/security/installation.py b/pyanaconda/modules/security/installation.py
index 03badc1678..9d3369f737 100644
--- a/pyanaconda/modules/security/installation.py
+++ b/pyanaconda/modules/security/installation.py
@@ -33,7 +33,6 @@
REALM_TOOL_NAME = "realm"
AUTHSELECT_TOOL_PATH = "/usr/bin/authselect"
-AUTHCONFIG_TOOL_PATH = "/usr/sbin/authconfig"
PAM_SO_PATH = "/lib/security/pam_fprintd.so"
PAM_SO_64_PATH = "/lib64/security/pam_fprintd.so"
@@ -356,7 +355,7 @@ def run(self):
def run_auth_tool(cmd, args, root, required=True):
"""Run an authentication related tool.
- This generally means either authselect or the legacy authconfig tool.
+ This generally means authselect.
:param str cmd: path to the tool to be run
:param list(str) args: list of arguments passed to the tool
:param str root: a path to the root in which the tool should be run
@@ -443,35 +442,3 @@ def run(self):
self._authselect_options + ["--force"],
self._sysroot
)
-
-
-class ConfigureAuthconfigTask(Task):
- """Installation task for Authconfig configuration.
-
- NOTE: Authconfig is deprecated, this is present temporarily
- as long as we want to provide backward compatibility
- for the authconfig command in kickstart.
- """
-
- def __init__(self, sysroot, authconfig_options):
- """Create a new Authconfig configuration task.
-
- :param str sysroot: a path to the root of the target system
- :param list authconfig_options: options for authconfig
- """
- super().__init__()
- self._sysroot = sysroot
- self._authconfig_options = authconfig_options
-
- @property
- def name(self):
- return "Authconfig configuration"
-
- def run(self):
- # Apply the authconfig options from the kickstart file (deprecated).
- if self._authconfig_options:
- run_auth_tool(
- AUTHCONFIG_TOOL_PATH,
- ["--update", "--nostart"] + self._authconfig_options,
- self._sysroot
- )
diff --git a/pyanaconda/modules/security/kickstart.py b/pyanaconda/modules/security/kickstart.py
index 1adbc72934..24cbb03253 100644
--- a/pyanaconda/modules/security/kickstart.py
+++ b/pyanaconda/modules/security/kickstart.py
@@ -23,8 +23,6 @@
class SecurityKickstartSpecification(KickstartSpecification):
commands = {
- "auth": COMMANDS.Authconfig,
- "authconfig": COMMANDS.Authconfig,
"authselect": COMMANDS.Authselect,
"selinux": COMMANDS.SELinux,
"realm": COMMANDS.Realm
diff --git a/pyanaconda/modules/security/security.py b/pyanaconda/modules/security/security.py
index b4e9f3f..de1b7f1 100644
--- a/pyanaconda/modules/security/security.py
+++ b/pyanaconda/modules/security/security.py
@@ -32,7 +32,7 @@ from pyanaconda.modules.security.kickstart import SecurityKickstartSpecification
from pyanaconda.modules.security.security_interface import SecurityInterface
from pyanaconda.modules.security.installation import ConfigureSELinuxTask, \
RealmDiscoverTask, RealmJoinTask, ConfigureAuthselectTask, \
- ConfigureAuthconfigTask, ConfigureFingerprintAuthTask
+ ConfigureFingerprintAuthTask
from pyanaconda.anaconda_loggers import get_module_logger
log = get_module_logger(__name__)
@@ -50,9 +50,6 @@ class SecurityService(KickstartService):
self.authselect_changed = Signal()
self._authselect_args = []
- self.authconfig_changed = Signal()
- self._authconfig_args = []
-
self.fingerprint_auth_enabled_changed = Signal()
self._fingerprint_auth_enabled = False
@@ -78,9 +75,6 @@ class SecurityService(KickstartService):
if data.authselect.authselect:
self.set_authselect(shlex.split(data.authselect.authselect))
- if data.authconfig.authconfig:
- self.set_authconfig(shlex.split(data.authconfig.authconfig))
-
if data.realm.join_realm:
realm = RealmData()
realm.name = data.realm.join_realm
@@ -97,9 +91,6 @@ class SecurityService(KickstartService):
if self.authselect:
data.authselect.authselect = " ".join(self.authselect)
- if self.authconfig:
- data.authconfig.authconfig = " ".join(self.authconfig)
-
if self.realm.name:
data.realm.join_realm = self.realm.name
data.realm.discover_options = self.realm.discover_options
@@ -139,27 +130,6 @@ class SecurityService(KickstartService):
self.authselect_changed.emit()
log.debug("Authselect is set to %s.", args)
- @property
- def authconfig(self):
- """Arguments for the authconfig tool.
-
- Authconfig is deprecated, use authselect.
-
- :return: a list of arguments
- """
- return self._authconfig_args
-
- def set_authconfig(self, args):
- """Set the arguments for the authconfig tool.
-
- Authconfig is deprecated, use authselect.
-
- :param args: a list of arguments
- """
- self._authconfig_args = args
- self.authconfig_changed.emit()
- log.debug("Authconfig is set to %s.", args)
-
@property
def fingerprint_auth_enabled(self):
"""Specifies if fingerprint authentication should be enabled.
@@ -216,7 +186,7 @@ class SecurityService(KickstartService):
for name in self.realm.required_packages:
requirements.append(Requirement.for_package(name, reason="Needed to join a realm."))
- # Add authselect / authconfig requirements
+ # Add authselect requirements
if self.authselect or self.fingerprint_auth_enabled:
# we need the authselect package in two cases:
# - autselect command is used in kickstart
@@ -227,12 +197,6 @@ class SecurityService(KickstartService):
"for fingerprint authentication support."
))
- if self.authconfig:
- requirements.append(Requirement.for_package(
- "authselect-compat",
- reason="Needed to support legacy authconfig kickstart command."
- ))
-
return requirements
def discover_realm_with_task(self):
@@ -271,9 +235,5 @@ class SecurityService(KickstartService):
ConfigureAuthselectTask(
sysroot=conf.target.system_root,
authselect_options=self.authselect
- ),
- ConfigureAuthconfigTask(
- sysroot=conf.target.system_root,
- authconfig_options=self.authconfig
)
]
diff --git a/pyanaconda/modules/security/security_interface.py b/pyanaconda/modules/security/security_interface.py
index 5191b39..537b972 100644
--- a/pyanaconda/modules/security/security_interface.py
+++ b/pyanaconda/modules/security/security_interface.py
@@ -35,7 +35,6 @@ class SecurityInterface(KickstartModuleInterface):
super().connect_signals()
self.watch_property("SELinux", self.implementation.selinux_changed)
self.watch_property("Authselect", self.implementation.authselect_changed)
- self.watch_property("Authconfig", self.implementation.authconfig_changed)
self.watch_property(
"FingerprintAuthEnabled", self.implementation.fingerprint_auth_enabled_changed
)
@@ -83,28 +82,6 @@ class SecurityInterface(KickstartModuleInterface):
"""
self.implementation.set_authselect(args)
- @property
- def Authconfig(self) -> List[Str]:
- """Arguments for the authconfig tool.
-
- Authconfig is deprecated, use authselect.
-
- :return: a list of arguments
- """
- return self.implementation.authconfig
-
- @emits_properties_changed
- def SetAuthconfig(self, args: List[Str]):
- """Set the arguments for the authconfig tool.
-
- Authconfig is deprecated, use authselect.
-
- Example: ['--passalgo=sha512', '--useshadow']
-
- :param args: a list of arguments
- """
- self.implementation.set_authconfig(args)
-
@property
def Realm(self) -> Structure:
"""Specification of the enrollment in a realm.
diff --git a/tests/nosetests/pyanaconda_tests/module_security_test.py b/tests/nosetests/pyanaconda_tests/module_security_test.py
index 9ea41ec..9fe23e9 100644
--- a/tests/nosetests/pyanaconda_tests/module_security_test.py
+++ b/tests/nosetests/pyanaconda_tests/module_security_test.py
@@ -33,8 +33,8 @@ from pyanaconda.modules.security.security_interface import SecurityInterface
from pyanaconda.modules.security.constants import SELinuxMode
from pyanaconda.modules.security.installation import ConfigureSELinuxTask, \
RealmDiscoverTask, RealmJoinTask, ConfigureFingerprintAuthTask, \
- ConfigureAuthselectTask, ConfigureAuthconfigTask, AUTHSELECT_TOOL_PATH, \
- AUTHCONFIG_TOOL_PATH, PAM_SO_64_PATH, PAM_SO_PATH
+ ConfigureAuthselectTask, AUTHSELECT_TOOL_PATH, \
+ PAM_SO_64_PATH, PAM_SO_PATH
from tests.nosetests.pyanaconda_tests import patch_dbus_publish_object, check_kickstart_interface, \
check_task_creation, check_task_creation_list, PropertiesChangedCallback, check_dbus_property
from pyanaconda.modules.common.structures.requirement import Requirement
@@ -64,7 +64,7 @@ class SecurityInterfaceTestCase(unittest.TestCase):
def kickstart_properties_test(self):
"""Test kickstart properties."""
self.assertEqual(self.security_interface.KickstartCommands,
- ["auth", "authconfig", "authselect", "selinux", "realm"])
+ ["authselect", "selinux", "realm"])
self.assertEqual(self.security_interface.KickstartSections, [])
self.assertEqual(self.security_interface.KickstartAddons, [])
self.callback.assert_not_called()
@@ -83,13 +83,6 @@ class SecurityInterfaceTestCase(unittest.TestCase):
["sssd", "with-mkhomedir"]
)
- def authconfig_property_test(self):
- """Test the authconfig property."""
- self._check_dbus_property(
- "Authconfig",
- ["--passalgo=sha512", "--useshadow"]
- )
-
def fingerprint_auth_enabled_test(self):
"""Test the fingerprint_auth_enabled property."""
self._check_dbus_property(
@@ -137,28 +130,6 @@ class SecurityInterfaceTestCase(unittest.TestCase):
"""
self._test_kickstart(ks_in, ks_out)
- def auth_kickstart_test(self):
- """Test the auth command."""
- ks_in = """
- auth --passalgo=sha512 --useshadow
- """
- ks_out = """
- # System authorization information
- auth --passalgo=sha512 --useshadow
- """
- self._test_kickstart(ks_in, ks_out)
-
- def authconfig_kickstart_test(self):
- """Test the authconfig command."""
- ks_in = """
- authconfig --passalgo=sha512 --useshadow
- """
- ks_out = """
- # System authorization information
- auth --passalgo=sha512 --useshadow
- """
- self._test_kickstart(ks_in, ks_out)
-
def authselect_kickstart_test(self):
"""Test the authselect command."""
ks_in = """
@@ -210,7 +181,6 @@ class SecurityInterfaceTestCase(unittest.TestCase):
ConfigureSELinuxTask,
ConfigureFingerprintAuthTask,
ConfigureAuthselectTask,
- ConfigureAuthconfigTask,
]
task_paths = self.security_interface.InstallWithTasks()
task_objs = check_task_creation_list(self, task_paths, publisher, task_classes)
@@ -224,9 +194,6 @@ class SecurityInterfaceTestCase(unittest.TestCase):
# ConfigureAuthselectTask
obj = task_objs[2]
self.assertEqual(obj.implementation._authselect_options, [])
- # ConfigureAuthconfigTask
- obj = task_objs[3]
- self.assertEqual(obj.implementation._authconfig_options, [])
@patch_dbus_publish_object
def realm_join_default_test(self, publisher):
@@ -247,20 +214,17 @@ class SecurityInterfaceTestCase(unittest.TestCase):
realm.discovered = True
authselect = ['select', 'sssd']
- authconfig = ['--passalgo=sha512', '--useshadow']
fingerprint = True
self.security_interface.SetRealm(RealmData.to_structure(realm))
self.security_interface.SetSELinux(SELINUX_PERMISSIVE)
self.security_interface.SetAuthselect(authselect)
- self.security_interface.SetAuthconfig(authconfig)
self.security_interface.SetFingerprintAuthEnabled(fingerprint)
task_classes = [
ConfigureSELinuxTask,
ConfigureFingerprintAuthTask,
ConfigureAuthselectTask,
- ConfigureAuthconfigTask,
]
task_paths = self.security_interface.InstallWithTasks()
task_objs = check_task_creation_list(self, task_paths, publisher, task_classes)
@@ -274,9 +238,6 @@ class SecurityInterfaceTestCase(unittest.TestCase):
# ConfigureAuthselectTask
obj = task_objs[2]
self.assertEqual(obj.implementation._authselect_options, authselect)
- # ConfigureAuthconfigTask
- obj = task_objs[3]
- self.assertEqual(obj.implementation._authconfig_options, authconfig)
@patch_dbus_publish_object
def realm_join_configured_test(self, publisher):
@@ -366,15 +327,6 @@ class SecurityInterfaceTestCase(unittest.TestCase):
def authselect_requirements_test(self):
"""Test that package requirements for authselect propagate correctly."""
- self.security_interface.SetAuthconfig(['--passalgo=sha512', '--useshadow'])
- requirements = Requirement.from_structure_list(
- self.security_interface.CollectRequirements()
- )
- self.assertEqual(len(requirements), 1)
- self.assertEqual(requirements[0].type, "package")
- self.assertEqual(requirements[0].name, "authselect-compat")
-
- self.security_interface.SetAuthconfig([])
self.security_interface.SetAuthselect(['select', 'sssd'])
requirements = Requirement.from_structure_list(
self.security_interface.CollectRequirements()
@@ -383,7 +335,6 @@ class SecurityInterfaceTestCase(unittest.TestCase):
self.assertEqual(requirements[0].type, "package")
self.assertEqual(requirements[0].name, "authselect")
- self.security_interface.SetAuthconfig([])
self.security_interface.SetAuthselect([])
self.security_interface.SetFingerprintAuthEnabled(True)
requirements = Requirement.from_structure_list(
@@ -860,37 +811,3 @@ class SecurityTasksTestCase(unittest.TestCase):
root=sysroot
)
os.remove(authselect_path)
-
- @patch('pyanaconda.core.util.execWithRedirect')
- def configure_authconfig_task_test(self, execWithRedirect):
- """Test the configure authconfig task."""
- with tempfile.TemporaryDirectory() as sysroot:
-
- authconfig_dir = os.path.normpath(sysroot + os.path.dirname(AUTHCONFIG_TOOL_PATH))
- authconfig_path = os.path.normpath(sysroot + AUTHCONFIG_TOOL_PATH)
- os.makedirs(authconfig_dir)
-
- # The authconfig command is missing
- execWithRedirect.reset_mock()
- task = ConfigureAuthconfigTask(
- sysroot=sysroot,
- authconfig_options=["--passalgo=sha512", "--useshadow"]
- )
- with self.assertRaises(SecurityInstallationError):
- task.run()
- execWithRedirect.assert_not_called()
-
- # The authconfig command is there
- execWithRedirect.reset_mock()
- os.mknod(authconfig_path)
- task = ConfigureAuthconfigTask(
- sysroot=sysroot,
- authconfig_options=["--passalgo=sha512", "--useshadow"]
- )
- task.run()
- execWithRedirect.assert_called_once_with(
- AUTHCONFIG_TOOL_PATH,
- ["--update", "--nostart", "--passalgo=sha512", "--useshadow"],
- root=sysroot
- )
- os.remove(authconfig_path)
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink