1823002 – Please, provide u2f-hidraw-policy component as a separate package

Bug 1823002 - Please, provide u2f-hidraw-policy component as a separate package

Summary: Please, provide u2f-hidraw-policy component as a separate package

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	libfido2
Sub Component:
Version:	32
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Gary Buhrmaster
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-04-10 21:42 UTC by clime7
Modified:	2020-04-26 19:54 UTC (History)
CC List:	8 users (show)
Fixed In Version:	libfido2-1.3.1-2.fc32
Clone Of:
Environment:
Last Closed:	2020-04-26 02:50:50 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description clime7 2020-04-10 21:42:47 UTC

Description of problem:

Under f32, u2f-hidraw-policy is provided by systemd, whereas in f31 it was provided by u2f-hidraw policy package.

The problem is that whatever now requires this package gets systemd with all its deps pulled in, which is not always desirable.

An example is git-core package, which requires openssh-client. That one in turn requires libfido2, which requires u2f-hidraw-policy.

Meaning that it's currently impossible to install git-core in a minimal systemd-less environment.

Please, see also this thread on Fedora mailing list for more information: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/MPZGEIHDEUSFNKJN2US3PFDFETFV5UW5/


Version-Release number of selected component (if applicable):
Version     : 245~rc1
Release     : 3.fc32

How reproducible:
always

Steps to Reproduce:
install something which requires u2f-hidraw-policy

Actual results:
systemd is pulled in

Expected results:
systemd is not pulled in

Additional info:

Comment 1 Miro Hrončok 2020-04-10 23:17:44 UTC

u2f-hidraw-policy on Fedora 31 already requires systemd:


$ mock -r fedora-31-x86_64 install libfido2
...
acl-2.2.53-4.fc31.x86_64
cryptsetup-libs-2.3.0-1.fc31.x86_64
dbus-1:1.12.16-3.fc31.x86_64
dbus-broker-21-6.fc31.x86_64
dbus-common-1:1.12.16-3.fc31.noarch
device-mapper-1.02.165-1.fc31.x86_64
device-mapper-libs-1.02.165-1.fc31.x86_64
gnutls-3.6.13-1.fc31.x86_64
iptables-libs-1.8.3-7.fc31.x86_64
json-c-0.13.1-8.fc31.x86_64
kmod-libs-26-4.fc31.x86_64
libargon2-20171227-3.fc31.x86_64
libcbor-0.5.0-6.fc31.x86_64
libfido2-1.3.1-1.fc31.x86_64
libpcap-14:1.9.1-2.fc31.x86_64
libseccomp-2.4.2-2.fc31.x86_64
nettle-3.5.1-3.fc31.x86_64
qrencode-libs-4.0.2-4.fc31.x86_64
systemd-243.8-1.fc31.x86_64
systemd-pam-243.8-1.fc31.x86_64
systemd-rpm-macros-243.8-1.fc31.noarch
u2f-hidraw-policy-1.0.2-10.fc31.x86_64



$ mock -r fedora-32-x86_64 install libfido2
...
acl-2.2.53-5.fc32.x86_64
cryptsetup-libs-2.3.0-1.fc32.x86_64
dbus-1:1.12.16-4.fc32.x86_64
dbus-broker-22-1.fc32.x86_64
dbus-common-1:1.12.16-4.fc32.noarch
device-mapper-1.02.171-1.fc32.x86_64
device-mapper-libs-1.02.171-1.fc32.x86_64
gnutls-3.6.13-1.fc32.x86_64
iptables-libs-1.8.4-7.fc32.x86_64
json-c-0.13.1-9.fc32.x86_64
kmod-libs-27-1.fc32.x86_64
libargon2-20171227-4.fc32.x86_64
libcbor-0.5.0-7.fc32.x86_64
libfido2-1.3.1-1.fc32.x86_64
libmnl-1.0.4-11.fc32.x86_64
libnetfilter_conntrack-1.0.7-4.fc32.x86_64
libnfnetlink-1.0.1-17.fc32.x86_64
libpcap-14:1.9.1-3.fc32.x86_64
libseccomp-2.4.2-3.fc32.x86_64
nettle-3.5.1-5.fc32.x86_64
qrencode-libs-4.0.2-5.fc32.x86_64
systemd-245.4-1.fc32.x86_64
systemd-pam-245.4-1.fc32.x86_64
systemd-rpm-macros-245.4-1.fc32.noarch


Should libfido2 only require (u2f-hidraw-policy if systemd)?

Comment 2 Zbigniew Jędrzejewski-Szmek 2020-04-11 08:58:59 UTC

> Should libfido2 only require (u2f-hidraw-policy if systemd)?
Yes, I think it is the best solution, with one caveat, explanation below.
Please make that:

Requires: (u2f-hidraw-policy if systemd-udev)

Of all the links in the chain:
> git-core package, which requires openssh-client
99% of people will want ssh for use with git, so Requires is appropriate
> openssh-client in turn requires libfido2
and this one is an automatically generated dependency on a library
> which requires u2f-hidraw-policy.
... so it seems best to break the chain here.
Udev rules don't do anything if udev is not installed, so that conditional requires
is appropriate.

(Provides:u2f-hidraw-policy should be on the systemd-udev package,
not systemd. I'll push a commit to systemd to fix that now. But since systemd-udev
requires systemd already, both changes can be done in parallel without synchronization.)

I'll reassign this to libfido2, since the adjustment needs to be made there.

Comment 3 Zbigniew Jędrzejewski-Szmek 2020-04-11 09:07:44 UTC

https://src.fedoraproject.org/rpms/systemd/c/80532792aa6f988d34f18ce1ffdfa992be9cb402?branch=master
https://src.fedoraproject.org/rpms/systemd/c/e3554e7309cb758e893e67b51b3909a2973aa809?branch=f32

Comment 4 Fedora Update System 2020-04-11 15:14:48 UTC

FEDORA-2020-ad2a3e2499 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-ad2a3e2499

Comment 5 clime7 2020-04-11 17:35:19 UTC

Thank you very much for the quick reaction!

Comment 6 Fedora Update System 2020-04-11 18:51:57 UTC

FEDORA-2020-ad2a3e2499 has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-ad2a3e2499`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-ad2a3e2499

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 7 Fedora Update System 2020-04-26 02:50:50 UTC

FEDORA-2020-ad2a3e2499 has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 8 clime7 2020-04-26 19:54:24 UTC

Great job, here!

Note You need to log in before you can comment on or make changes to this bug.