From c20b2ae4ece10e07eeb80fcdd706a474d3be1475 Mon Sep 17 00:00:00 2001 From: "Yann E. MORIN" Date: Sun, 25 Feb 2024 10:24:21 +0100 Subject: [PATCH] package/openssh: fix dependencies with refpolicy Commit 2c5a82a29ceb (package/openssh: select linux-pam if refpolicy upstream is selected) did not account for the linux-pam dependencies before selecting it, causing unmet dependencies warnings (unfortunately, not errors), such as: $ KCONFIG_SEED=0xCF227CF4 make randconfig WARNING: unmet direct dependencies detected for BR2_PACKAGE_LINUX_PAM Depends on [n]: BR2_ENABLE_LOCALE [=n] && BR2_USE_WCHAR [=n] && !BR2_STATIC_LIBS [=n] && BR2_USE_MMU [=y] && BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 [=y] Selected by [y]: - BR2_PACKAGE_OPENSSH [=y] && BR2_USE_MMU [=y] && BR2_PACKAGE_REFPOLICY_UPSTREAM_VERSION [=y] 2c5a82a29ceb made the choice of having openssl bear the responsibility to select linux-pam when the upstream refpolicy version was enabled. Semantically however, the responsibility really lies within refpolicy itself, since that's what imposes linux-pam to openssh. Move the select to refpolicy and drop it from openssh. Then, ensure that linux-pam is only selected when it is available. That means that one may get an openssh that is not linked against linux-pam, when the linux-pam dependencies are not met; refpolicy (by way of libsepol) also has a more stringent requirement on gcc version than linux-pam, so most probably the missing dependencies would be locale, wchar, or a static build. We consider that situation to be a corner case that we do not want to address. In the future, we may have more similar situations, whereby refpolicy would impose other packages be linked with otherwise optional dependencies. If (when) that were (will be) the case, then the proposed mechanism would quickly become ugly; we could then re-assess a nicer way to do that. Until then, this is good ebough. Signed-off-by: Yann E. MORIN Cc: Adam Duskett Cc: Thomas Petazzoni Cc: Fabrice Fontaine Signed-off-by: Peter Korsgaard --- package/openssh/Config.in | 1 - package/refpolicy/Config.in | 8 ++++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/package/openssh/Config.in b/package/openssh/Config.in index a3038ba01f..08d3c7d391 100644 --- a/package/openssh/Config.in +++ b/package/openssh/Config.in @@ -1,7 +1,6 @@ config BR2_PACKAGE_OPENSSH bool "openssh" depends on BR2_USE_MMU # fork() - select BR2_PACKAGE_LINUX_PAM if BR2_PACKAGE_REFPOLICY_UPSTREAM_VERSION select BR2_PACKAGE_OPENSSL select BR2_PACKAGE_ZLIB help diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in index 0e72b895df..8ae8f0448d 100644 --- a/package/refpolicy/Config.in +++ b/package/refpolicy/Config.in @@ -36,6 +36,14 @@ choice config BR2_PACKAGE_REFPOLICY_UPSTREAM_VERSION bool "Upstream version" + # Consider reworking the following when adding new entries: + # Upstream refpolicy for openssh expects linux-pam to be used + select BR2_PACKAGE_LINUX_PAM if BR2_PACKAGE_OPENSSH \ + && BR2_USE_MMU \ + && BR2_ENABLE_LOCALE \ + && BR2_USE_WCHAR \ + && !BR2_STATIC_LIBS \ + && BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 help Use the refpolicy as provided by Buildroot.