Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The semanage_ports.py script needs to pick the correct version of python on a system with multiple installed #335

Closed
trevor-vaughan opened this issue Feb 4, 2021 · 7 comments · Fixed by #336
Closed

The semanage_ports.py script needs to pick the correct version of python on a system with multiple installed #335

trevor-vaughan opened this issue Feb 4, 2021 · 7 comments · Fixed by #336

Comments

@trevor-vaughan
Copy link
Contributor

Affected Puppet, Ruby, OS and module versions/distributions

  • Puppet: Any
  • Ruby: Any
  • Distribution: EL8
  • Module version: Any

Information

On systems with multiple python interpreters installed, one needs to be explicitly chosen so that the correct libraries are used.

I'm not exactly sure what the correct method for doing this is but it may be better to detect the system python using Ruby and then generate the script on the fly with the correct interpreter in place.
@trevor-vaughan
Copy link
Contributor Author

Relevant information https://developers.redhat.com/blog/2019/05/07/what-no-python-in-red-hat-enterprise-linux-8/

@ekohl
Copy link
Member

ekohl commented Feb 5, 2021

I would expect it to use the system Python via our custom fact.

puppet-selinux/lib/facter/selinux_python_command.rb

Lines 4 to 6 in 4633c26

if File.exist? '/usr/libexec/platform-python'
# RHEL 8 / CentOS 8
'/usr/libexec/platform-python'

Then rather than using the shebang, it should use the interpreter from the facts.

Is this an actual problem that you can reproduce?

@trevor-vaughan
Copy link
Contributor Author

trevor-vaughan commented Feb 5, 2021
edited
Loading

Relevant #330 => I am also trying to build an RPM for EL8 and this is causing issues.

Suggestion:

  • Remove the #! completely since it is not required for the code
  • Remove the selinux_python_command and internalize the lookup in the provider since the fact isn't actually required by anything else.
  • Adding a confine that runs python and actually validates that the expected module is available would be good as well.

@ekohl
Copy link
Member

ekohl commented Feb 5, 2021

That sounds good to me. I would consider removing the fact as a breaking change but can deal with that. So perhaps first a PR to remove the need for the fact (which would be an enhancement) and then one to remove the fact?

@trevor-vaughan
Copy link
Contributor Author

Sure, that's easy enough. Can mark the fact as deprecated.

@ekohl
Copy link
Member

ekohl commented Feb 5, 2021

Sounds good to me.

trevor-vaughan added a commit to trevor-vaughan/pupmod-voxpupuli-selinux that referenced this issue Feb 14, 2021
@trevor-vaughan
Update port management
42d3c14 
Fixed:
  * Moved the python discovery into the semanage_ports provider
  * Ensure that the correct python is chosen by attempting to load the
    `semanage` library
  * Removed the #! line from the semanage_ports.py file to fix RPM
    building
  * Removed CentOS 6 support from `test-acceptance-with-vagrant` since
    it will no longer function due to upstream deprecation

Changed:
  * Marked the `selinux_python_command` fact as deprecated in the README
    since the logic now resides in the provider itself
  * Added support for Puppet 7
  * Added Fedora 33 support

Closes voxpupuli#335
@trevor-vaughan trevor-vaughan mentioned this issue Feb 14, 2021
Merged
trevor-vaughan added a commit to trevor-vaughan/pupmod-voxpupuli-selinux that referenced this issue Feb 14, 2021
@trevor-vaughan
Update port management
9ea2e9f 
Fixed:
  * Moved the python discovery into the semanage_ports provider
  * Ensure that the correct python is chosen by attempting to load the
    `semanage` library
  * Removed the #! line from the semanage_ports.py file to fix RPM
    building
  * Removed CentOS 6 support from `test-acceptance-with-vagrant` since
    it will no longer function due to upstream deprecation

Changed:
  * Marked the `selinux_python_command` fact as deprecated in the README
    since the logic now resides in the provider itself
  * Added support for Puppet 7
  * Added Fedora 33 support

Closes voxpupuli#335
trevor-vaughan added a commit to trevor-vaughan/pupmod-voxpupuli-selinux that referenced this issue Feb 14, 2021
@trevor-vaughan
Update port management
d7051e1 
Fixed:
  * Moved the python discovery into the semanage_ports provider
  * Ensure that the correct python is chosen by attempting to load the
    `semanage` library
  * Removed the #! line from the semanage_ports.py file to fix RPM
    building
  * Removed CentOS 6 support from `test-acceptance-with-vagrant` since
    it will no longer function due to upstream deprecation

Changed:
  * Marked the `selinux_python_command` fact as deprecated in the README
    since the logic now resides in the provider itself
  * Added support for Puppet 7
  * Added Fedora 33 support

Closes voxpupuli#335
trevor-vaughan added a commit to trevor-vaughan/pupmod-voxpupuli-selinux that referenced this issue Feb 16, 2021
@trevor-vaughan
Update port management
8fdaf89 
Fixed:
  * Moved the python discovery into the semanage_ports provider
  * Ensure that the correct python is chosen by attempting to load the
    `semanage` library
  * Removed the #! line from the semanage_ports.py file to fix RPM
    building
  * Removed CentOS 6 support from `test-acceptance-with-vagrant` since
    it will no longer function due to upstream deprecation

Changed:
  * Marked the `selinux_python_command` fact as deprecated in the README
    since the logic now resides in the provider itself
  * Added support for Puppet 7
  * Added Fedora 33 support

Closes voxpupuli#335
trevor-vaughan added a commit to trevor-vaughan/pupmod-voxpupuli-selinux that referenced this issue Feb 18, 2021
@trevor-vaughan
Update port management
05bebd6 
Pull Request (PR) description

Fixed:

    Moved the python discovery into the semanage_ports provider
    Ensure that the correct python is chosen by attempting to load the
    semanage library
    Removed the #! line from the semanage_ports.py file to fix RPM
    building
    Removed CentOS 6 support from test-acceptance-with-vagrant since
    it will no longer function due to upstream deprecation

Changed:

    Marked the selinux_python_command fact as deprecated in the README
    since the logic now resides in the provider itself

This Pull Request (PR) fixes the following issues

Fixes voxpupuli#335
@trevor-vaughan
Copy link
Contributor Author

@ekohl I think this is good to go, would you mind giving it another look when you have a chance?

EmRowlands pushed a commit to EmRowlands/puppet-selinux that referenced this issue Mar 29, 2023
@trevor-vaughan
Update port management
f2efe11 
Pull Request (PR) description

Fixed:

    Moved the python discovery into the semanage_ports provider
    Ensure that the correct python is chosen by attempting to load the
    semanage library
    Removed the #! line from the semanage_ports.py file to fix RPM
    building
    Removed CentOS 6 support from test-acceptance-with-vagrant since
    it will no longer function due to upstream deprecation

Changed:

    Marked the selinux_python_command fact as deprecated in the README
    since the logic now resides in the provider itself

This Pull Request (PR) fixes the following issues

Fixes voxpupuli#335
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@ekohl @trevor-vaughan