From: Yoann Congal Date: Tue, 15 Apr 2025 21:34:27 +0000 (+0200) Subject: rpm-sequoia-crypto-policy: Fix build failure on Debian 12+Strongswan X-Git-Tag: uninative-4.8~701 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d10ca0fe194b62b2f383be880a008cde2bd0fd4f;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git rpm-sequoia-crypto-policy: Fix build failure on Debian 12+Strongswan rpm-sequoia-crypto-policy tries to validate the configuration files using host tools. For the Strongswan policy, it uses "ipsec readwriteconf" which is not available on Debian 12 with Strongswan installed. To fix this, add and use an option to skip the problematic validation. Signed-off-by: Yoann Congal Signed-off-by: Richard Purdie --- diff --git a/meta/recipes-devtools/rpm-sequoia/rpm-sequoia-crypto-policy/0001-libreswan-Allow-skipping-test_config-for-old-ipsec.patch b/meta/recipes-devtools/rpm-sequoia/rpm-sequoia-crypto-policy/0001-libreswan-Allow-skipping-test_config-for-old-ipsec.patch new file mode 100644 index 00000000000..db3ea4b843d --- /dev/null +++ b/meta/recipes-devtools/rpm-sequoia/rpm-sequoia-crypto-policy/0001-libreswan-Allow-skipping-test_config-for-old-ipsec.patch @@ -0,0 +1,29 @@ +From f7a8e2c049c2c3e2bfcb801d7b65214c0a5bad77 Mon Sep 17 00:00:00 2001 +From: Yoann Congal +Date: Tue, 15 Apr 2025 17:27:20 +0200 +Subject: [PATCH] libreswan: Allow skipping test_config for old ipsec + +In some case, /usr/sbin/ipsec does not handle the readwriteconf command. +e.g. on Debian 12 with strongswan installed. +As with the other OLD_* variables, add an OLD_LIBRESWAN environment +variable to skip configuration testing on those systems. + +Signed-off-by: Yoann Congal +Upstream-Status: Backport [https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/merge_requests/237] +--- + python/policygenerators/libreswan.py | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/python/policygenerators/libreswan.py b/python/policygenerators/libreswan.py +index a2b02f5..d81ec0c 100644 +--- a/python/policygenerators/libreswan.py ++++ b/python/policygenerators/libreswan.py +@@ -227,6 +227,8 @@ class LibreswanGenerator(ConfigGenerator): + + @classmethod + def test_config(cls, config): ++ if os.getenv('OLD_LIBRESWAN') == '1': ++ return True + if not os.access('/usr/sbin/ipsec', os.X_OK): + return True + diff --git a/meta/recipes-devtools/rpm-sequoia/rpm-sequoia-crypto-policy_git.bb b/meta/recipes-devtools/rpm-sequoia/rpm-sequoia-crypto-policy_git.bb index 522e9a393d7..4ccfc95c33c 100644 --- a/meta/recipes-devtools/rpm-sequoia/rpm-sequoia-crypto-policy_git.bb +++ b/meta/recipes-devtools/rpm-sequoia/rpm-sequoia-crypto-policy_git.bb @@ -8,7 +8,10 @@ LIC_FILES_CHKSUM = "file://COPYING.LESSER;md5=a6f89e2100d9b6cdffcea4f398e37343" # Python 3.11+ is needed to build fedora-crypto-policies inherit allarch python3native -SRC_URI = "git://gitlab.com/redhat-crypto/fedora-crypto-policies.git;protocol=https;branch=master" +SRC_URI = " \ + git://gitlab.com/redhat-crypto/fedora-crypto-policies.git;protocol=https;branch=master \ + file://0001-libreswan-Allow-skipping-test_config-for-old-ipsec.patch \ +" SRCREV = "032b418a6db842f0eab330eb5909e4604e888728" UPSTREAM_CHECK_COMMITS = "1" @@ -20,10 +23,11 @@ do_compile () { # It speeds up the build and we only need DEFAULT/rpm-sequoia. rm -f $(ls -1 policies/*.pol | grep -v DEFAULT.pol) || echo nothing to delete - # Don't validate openssh and gnutls policy variants. + # Don't validate openssh, gnutls and libreswan policy variants. # Validation may fail and these variants are not needed. export OLD_OPENSSH=1 export OLD_GNUTLS=1 + export OLD_LIBRESWAN=1 make ASCIIDOC=echo XSLTPROC=echo }