PR#31: sssd-2.9.0-1: Rebase to latest upstream release - rpms/sssd

rpms / sssd

#31 sssd-2.9.0-1: Rebase to latest upstream release

Merged a year ago by pbrezina. Opened a year ago by pbrezina.

rpms/ pbrezina/sssd rawhide into rawhide

SPDX migration

Pavel Březina • a year ago

c92a5b7

sssd-2.9.0-1: Rebase to latest upstream release

Pavel Březina • a year ago

61f34a1

.gitignore

file modified

		`@@ -105,3 +105,4 @@`
		`/sssd-2.8.0.tar.gz`
		`/sssd-2.8.1.tar.gz`
		`/sssd-2.8.2.tar.gz`
		`+ /sssd-2.9.0.tar.gz`

0001-FILE-WATCH-Callback-not-executed-on-link-or-relative.patch

file added

+251

		`@@ -0,0 +1,251 @@`
		`+ From eb43c2400a34a4ab77be4f75ba7536baecda3bef Mon Sep 17 00:00:00 2001`
		`+ From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= <allopez@redhat.com>`
		`+ Date: Wed, 10 May 2023 17:29:07 +0200`
		`+ Subject: [PATCH 1/4] FILE WATCH: Callback not executed on link or relative`
		`+ path`
		`+ MIME-Version: 1.0`
		`+ Content-Type: text/plain; charset=UTF-8`
		`+ Content-Transfer-Encoding: 8bit`
		`+`
		`+ When the watched file was a symbolic link or was a relative path,`
		`+ the calback was not executed because the filename comparison`
		`+ was wrongly considering the files to be different.`
		`+`
		`+ The solution is to normalize the filenames before comparing them.`
		`+ This cannot be easily done at setup because the file could not`
		`+ exist at that moment.`
		`+`
		`+ The test was adapted to check this situation.`
		`+`
		`+ Resolves: https://github.com/SSSD/sssd/issues/6718`
		`+`
		`+ Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>`
		`+ Reviewed-by: Pavel Březina <pbrezina@redhat.com>`
		`+ (cherry picked from commit b2a4ff2aa67707c226c5835c1fcac042fce1cae3)`
		`+ ---`
		`+ src/tests/file_watch-tests.c \| 87 +++++++++++++++++++++++++-----------`
		`+ src/util/file_watch.c \| 26 +++++++++--`
		`+ 2 files changed, 85 insertions(+), 28 deletions(-)`
		`+`
		`+ diff --git a/src/tests/file_watch-tests.c b/src/tests/file_watch-tests.c`
		`+ index 3ca5b44f9553e26bfefa5ee3449b374121c7fcca..3e1aea6cece863c6a762d6a98cc1885aeb395c5a 100644`
		`+ --- a/src/tests/file_watch-tests.c`
		`+ +++ b/src/tests/file_watch-tests.c`
		`+ @@ -36,11 +36,19 @@`
		`+ #include "util/file_watch.h"`
		`+ #include "tests/common.h"`
		`+`
		`+ -#define FW_DIR TEST_DIR "/file-watch"`
		`+ -#define WATCHED_FILE_INOTIFY FW_DIR "/watched_file_inotify"`
		`+ -#define WATCHED_FILE_POLL FW_DIR "/watched_file_poll"`
		`+ -#define WATCHED_EXISTING_FILE_INOTIFY FW_DIR "/watched_file_inotify.exists"`
		`+ -#define WATCHED_EXISTING_FILE_POLL FW_DIR "/watched_file_poll.exists"`
		`+ +#define FW_NAME "/file-watch-test-dir"`
		`+ +#define FILE_INOTIFY_NAME "watched_file_inotify"`
		`+ +#define FILE_POLL_NAME "watched_file_poll"`
		`+ +#define FW_DIR TEST_DIR FW_NAME`
		`+ +#define EXISTING_FILE_INOTIFY_NAME FILE_INOTIFY_NAME ".exists"`
		`+ +#define EXISTING_FILE_POLL_NAME FILE_POLL_NAME ".exists"`
		`+ +#define WATCHED_FILE_INOTIFY FW_DIR "/.." FW_NAME "/" FILE_INOTIFY_NAME`
		`+ +#define WATCHED_FILE_POLL FW_DIR "/.." FW_NAME "/" FILE_POLL_NAME`
		`+ +#define WATCHED_EXISTING_FILE_INOTIFY FW_DIR "/.." FW_NAME "/" EXISTING_FILE_INOTIFY_NAME`
		`+ +#define WATCHED_EXISTING_FILE_POLL FW_DIR "/.." FW_NAME "/" EXISTING_FILE_POLL_NAME`
		`+ +#define WATCHED_EXISTING_LINK_INOTIFY FW_DIR "/" EXISTING_FILE_INOTIFY_NAME ".link"`
		`+ +#define WATCHED_EXISTING_LINK_POLL FW_DIR "/" EXISTING_FILE_POLL_NAME ".link"`
		`+ +#define UNWATCHED_FILE FW_DIR "/unwatched_file"`
		`+`
		`+`
		`+ static TALLOC_CTX *test_mem_ctx;`
		`+ @@ -50,34 +58,51 @@ struct fn_arg {`
		`+ int counter;`
		`+ };`
		`+`
		`+ +static void remove_files(void)`
		`+ +{`
		`+ + unlink(WATCHED_FILE_INOTIFY);`
		`+ + unlink(WATCHED_FILE_POLL);`
		`+ + unlink(WATCHED_EXISTING_LINK_INOTIFY);`
		`+ + unlink(WATCHED_EXISTING_LINK_POLL);`
		`+ + unlink(WATCHED_EXISTING_FILE_INOTIFY);`
		`+ + unlink(WATCHED_EXISTING_FILE_POLL);`
		`+ + unlink(UNWATCHED_FILE);`
		`+ +}`
		`+ +`
		`+ static void setup_file_watch(void)`
		`+ {`
		`+ + DEBUG(SSSDBG_TRACE_ALL, "==========================================\n");`
		`+ test_mem_ctx = talloc_new(NULL);`
		`+ mkdir(FW_DIR, 0700);`
		`+ - unlink(WATCHED_FILE_INOTIFY);`
		`+ - unlink(WATCHED_FILE_POLL);`
		`+ - unlink(WATCHED_EXISTING_FILE_INOTIFY);`
		`+ - unlink(WATCHED_EXISTING_FILE_POLL);`
		`+ + remove_files();`
		`+ }`
		`+`
		`+ -`
		`+ static void teardown_file_watch(void)`
		`+ {`
		`+ - unlink(WATCHED_FILE_INOTIFY);`
		`+ - unlink(WATCHED_FILE_POLL);`
		`+ - unlink(WATCHED_EXISTING_FILE_INOTIFY);`
		`+ - unlink(WATCHED_EXISTING_FILE_POLL);`
		`+ talloc_free(test_mem_ctx);`
		`+ + remove_files();`
		`+ + rmdir(FW_DIR);`
		`+ }`
		`+`
		`+`
		`+ static void callback(const char filename, void arg)`
		`+ {`
		`+ - DEBUG(SSSDBG_TRACE_FUNC, "Callback invoked\n");`
		`+ + static char received[PATH_MAX + 1];`
		`+ + static char expected[PATH_MAX + 1];`
		`+ + char *res;`
		`+ struct fn_arg data = (struct fn_arg ) arg;`
		`+`
		`+ + DEBUG(SSSDBG_TRACE_FUNC, "Callback invoked\n");`
		`+ +`
		`+ ck_assert_msg(data != NULL, "Callback received NULL argument");`
		`+ - ck_assert_msg(strcmp(filename, data->filename) == 0,`
		`+ +`
		`+ + res = realpath(data->filename, expected);`
		`+ + ck_assert_msg(res != NULL, "Failed to normalize the expected filename");`
		`+ +`
		`+ + res = realpath(filename, received);`
		`+ + ck_assert_msg(res != NULL, "Failed to normalize the received filename");`
		`+ +`
		`+ + ck_assert_msg(strcmp(expected, received) == 0,`
		`+ "Wrong filename in the callback.");`
		`+ data->counter++;`
		`+ }`
		`+ @@ -88,7 +113,7 @@ static void modify_file(const char *filename)`
		`+ int fd;`
		`+ int res;`
		`+`
		`+ - DEBUG(SSSDBG_TRACE_FUNC, "File modified\n");`
		`+ + DEBUG(SSSDBG_TRACE_FUNC, "Modifying file %s\n", filename);`
		`+ fd = open(filename, O_WRONLY \| O_CREAT \| O_APPEND, S_IRUSR \| S_IWUSR);`
		`+ ck_assert_msg(fd != -1, "Failed to open the file.");`
		`+`
		`+ @@ -119,11 +144,14 @@ static void test_file_watch_no_file(bool use_inotify)`
		`+ arg.filename = filename;`
		`+ arg.counter = 0;`
		`+`
		`+ + DEBUG(SSSDBG_TRACE_ALL, "Watching file %s\n", filename);`
		`+ ctx = fw_watch_file(test_mem_ctx, ev, filename, use_inotify, callback, &arg);`
		`+ ck_assert_msg(ctx != NULL, "Failed to watch a file.");`
		`+ ck_assert_msg(arg.counter == 0, "Unexpected callback invocation.");`
		`+`
		`+ - // At this point the file doesn't exist, we will create it.`
		`+ + // At this point the file doesn't exist. We create the watched and an`
		`+ + // unwatched file`
		`+ + modify_file(UNWATCHED_FILE);`
		`+ modify_file(filename);`
		`+ if (use_inotify) {`
		`+ res = tevent_loop_once(ev);`
		`+ @@ -152,26 +180,35 @@ static void test_file_watch_with_file(bool use_inotify)`
		`+ {`
		`+ struct file_watch_ctx *ctx;`
		`+ struct tevent_context *ev;`
		`+ + const char *filepath;`
		`+ const char *filename;`
		`+ + const char *linkpath;`
		`+ struct fn_arg arg;`
		`+ int res;`
		`+`
		`+ if (use_inotify) {`
		`+ - filename = WATCHED_EXISTING_FILE_INOTIFY;`
		`+ + filename = EXISTING_FILE_INOTIFY_NAME;`
		`+ + filepath = WATCHED_EXISTING_FILE_INOTIFY;`
		`+ + linkpath = WATCHED_EXISTING_LINK_INOTIFY;`
		`+ } else {`
		`+ - filename = WATCHED_EXISTING_FILE_POLL;`
		`+ + filename = EXISTING_FILE_POLL_NAME;`
		`+ + filepath = WATCHED_EXISTING_FILE_POLL;`
		`+ + linkpath = WATCHED_EXISTING_LINK_POLL;`
		`+ }`
		`+ - modify_file(filename);`
		`+ + modify_file(filepath);`
		`+ + res = symlink(filename, linkpath);`
		`+ + ck_assert_msg(res == 0, "Failed create the symbolic link");`
		`+`
		`+ ev = tevent_context_init(test_mem_ctx);`
		`+ ck_assert_msg(ev != NULL, "Failed to create the tevent context.");`
		`+`
		`+ - arg.filename = filename;`
		`+ + arg.filename = linkpath;`
		`+ arg.counter = 0;`
		`+`
		`+ // File already exists`
		`+ - ctx = fw_watch_file(test_mem_ctx, ev, filename, use_inotify, callback, &arg);`
		`+ - ck_assert_msg(ctx != NULL, "Failed to watch a file.");`
		`+ + DEBUG(SSSDBG_TRACE_ALL, "Watching link %s\n", linkpath);`
		`+ + ctx = fw_watch_file(test_mem_ctx, ev, linkpath, use_inotify, callback, &arg);`
		`+ + ck_assert_msg(ctx != NULL, "Failed to watch a link.");`
		`+ ck_assert_msg(arg.counter >= 1, "Callback not invoked at start up.");`
		`+ ck_assert_msg(arg.counter <= 1, "Callback invoked too many times at start up.");`
		`+`
		`+ @@ -179,7 +216,7 @@ static void test_file_watch_with_file(bool use_inotify)`
		`+ if (!use_inotify) {`
		`+ sleep(2); // Detection by polling is based on the file's modification time.`
		`+ }`
		`+ - modify_file(filename);`
		`+ + modify_file(filepath);`
		`+ if (use_inotify) {`
		`+ res = tevent_loop_once(ev);`
		`+ ck_assert_msg(res == 0, "tevent_loop_once() failed.");`
		`+ diff --git a/src/util/file_watch.c b/src/util/file_watch.c`
		`+ index b994e41163a4955a2f68f3b12f6f99831d64ed2e..d19fdccd608a378f3351200a62708a02fb61a529 100644`
		`+ --- a/src/util/file_watch.c`
		`+ +++ b/src/util/file_watch.c`
		`+ @@ -121,7 +121,10 @@ static int watched_file_inotify_cb(const char *filename,`
		`+ uint32_t flags,`
		`+ void *pvt)`
		`+ {`
		`+ + static char received[PATH_MAX + 1];`
		`+ + static char expected[PATH_MAX + 1];`
		`+ struct file_watch_ctx *fw_ctx;`
		`+ + char *res;`
		`+`
		`+ DEBUG(SSSDBG_TRACE_LIBS,`
		`+ "Received inotify notification for %s\n", filename);`
		`+ @@ -131,15 +134,32 @@ static int watched_file_inotify_cb(const char *filename,`
		`+ return EINVAL;`
		`+ }`
		`+`
		`+ - if (strcmp(fw_ctx->filename, filename) == 0) {`
		`+ - if (access(fw_ctx->filename, F_OK) == 0) {`
		`+ - fw_ctx->cb(fw_ctx->filename, fw_ctx->cb_arg);`
		`+ + res = realpath(fw_ctx->filename, expected);`
		`+ + if (res == NULL) {`
		`+ + DEBUG(SSSDBG_TRACE_LIBS,`
		`+ + "Normalization failed for expected %s. Skipping the callback.\n",`
		`+ + fw_ctx->filename);`
		`+ + goto done;`
		`+ + }`
		`+ +`
		`+ + res = realpath(filename, received);`
		`+ + if (res == NULL) {`
		`+ + DEBUG(SSSDBG_TRACE_LIBS,`
		`+ + "Normalization failed for received %s. Skipping the callback.\n",`
		`+ + filename);`
		`+ + goto done;`
		`+ + }`
		`+ +`
		`+ + if (strcmp(expected, received) == 0) {`
		`+ + if (access(received, F_OK) == 0) {`
		`+ + fw_ctx->cb(received, fw_ctx->cb_arg);`
		`+ } else {`
		`+ DEBUG(SSSDBG_TRACE_LIBS,`
		`+ "File %s is missing. Skipping the callback.\n", filename);`
		`+ }`
		`+ }`
		`+`
		`+ +done:`
		`+ return EOK;`
		`+ }`
		`+`
		`+ --`
		`+ 2.39.2`
		`+`

sources

file modified

+1 -1

		`@@ -1,1 +1,1 @@`
		`- SHA512 (sssd-2.8.2.tar.gz) = 10b7a641823aefb43e30bff9e5f309a1f48446ffff421a06f86496db24ba1fbd384733b5690864507ef9b2f04c91e563fe9820536031f83f1bd6e93edfedee55`
		`+ SHA512 (sssd-2.9.0.tar.gz) = cf65572cfa6468c4b3edc3a33a48ab6d58979917901662eb8b2d8fc5931494be81da13295246500a3a315b71d0395594c9a565014e5875f3cdde50da096f253d`

sssd.spec

file modified

+67 -64

		`@@ -42,14 +42,15 @@`
		`%global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release})`

		`Name: sssd`
		`- Version: 2.8.2`
		`- Release: 4%{?dist}`
		`+ Version: 2.9.0`
		`+ Release: 1%{?dist}`
		`Summary: System Security Services Daemon`
		`- License: GPLv3+`
		`+ License: GPL-3.0-or-later`
		`URL: https://github.com/SSSD/sssd/`
		`- Source0: https://github.com/SSSD/sssd/releases/download/2.8.2/sssd-2.8.2.tar.gz`
		`+ Source0: https://github.com/SSSD/sssd/releases/download/2.9.0/sssd-2.9.0.tar.gz`

		`### Patches ###`
		`+ Patch0001: 0001-FILE-WATCH-Callback-not-executed-on-link-or-relative.patch`

		`### Dependencies ###`

		`@@ -98,6 +99,7 @@`
		`BuildRequires: krb5-devel`
		`BuildRequires: libcmocka-devel >= 1.0.0`
		`BuildRequires: libdhash-devel >= 0.4.2`
		`+ BuildRequires: libfido2-devel`
		`BuildRequires: libini_config-devel >= 1.1`
		`BuildRequires: libldb-devel >= %{ldb_version}`
		`BuildRequires: libnfsidmap-devel`
		`@@ -160,7 +162,10 @@`

		`%package common`
		`Summary: Common files for the SSSD`
		`- License: GPLv3+`
		`+ License: GPL-3.0-or-later`
		`+ # libsss_simpleifp is removed starting 2.9.0`
		`+ Obsoletes: libsss_simpleifp < 2.9.0`
		`+ Obsoletes: libsss_simpleifp-debuginfo < 2.9.0`
		`# Requires`
		`# due to ABI changes in 1.1.30/1.2.0`
		`Requires: libldb >= %{ldb_version}`
		`@@ -187,7 +192,7 @@`

		`%package client`
		`Summary: SSSD Client libraries for NSS and PAM`
		`- License: LGPLv3+`
		`+ License: LGPL-3.0-or-later`
		`Requires: libsss_nss_idmap = %{version}-%{release}`
		`Requires: libsss_idmap = %{version}-%{release}`
		`Requires(post): /usr/sbin/alternatives`
		`@@ -199,7 +204,7 @@`

		`%package -n libsss_sudo`
		`Summary: A library to allow communication between SUDO and SSSD`
		`- License: LGPLv3+`
		`+ License: LGPL-3.0-or-later`
		`Conflicts: sssd-common < %{version}-%{release}`

		`%description -n libsss_sudo`
		`@@ -207,7 +212,7 @@`

		`%package -n libsss_autofs`
		`Summary: A library to allow communication between Autofs and SSSD`
		`- License: LGPLv3+`
		`+ License: LGPL-3.0-or-later`
		`Conflicts: sssd-common < %{version}-%{release}`

		`%description -n libsss_autofs`
		`@@ -215,7 +220,7 @@`

		`%package tools`
		`Summary: Userspace tools for use with the SSSD`
		`- License: GPLv3+`
		`+ License: GPL-3.0-or-later`
		`Requires: sssd-common = %{version}-%{release}`
		`# required by sss_obfuscate`
		`Requires: python3-sss = %{version}-%{release}`
		`@@ -234,7 +239,7 @@`

		`%package -n python3-sssdconfig`
		`Summary: SSSD and IPA configuration file manipulation classes and functions`
		`- License: GPLv3+`
		`+ License: GPL-3.0-or-later`
		`BuildArch: noarch`
		`%{?python_provide:%python_provide python3-sssdconfig}`

		`@@ -243,7 +248,7 @@`

		`%package -n python3-sss`
		`Summary: Python3 bindings for sssd`
		`- License: LGPLv3+`
		`+ License: LGPL-3.0-or-later`
		`Requires: sssd-common = %{version}-%{release}`
		`%{?python_provide:%python_provide python3-sss}`

		`@@ -254,7 +259,7 @@`

		`%package -n python3-sss-murmur`
		`Summary: Python3 bindings for murmur hash function`
		`- License: LGPLv3+`
		`+ License: LGPL-3.0-or-later`
		`%{?python_provide:%python_provide python3-sss-murmur}`

		`%description -n python3-sss-murmur`
		`@@ -262,7 +267,7 @@`

		`%package ldap`
		`Summary: The LDAP back end of the SSSD`
		`- License: GPLv3+`
		`+ License: GPL-3.0-or-later`
		`Requires: sssd-common = %{version}-%{release}`
		`Requires: sssd-krb5-common = %{version}-%{release}`
		`Requires: libsss_idmap = %{version}-%{release}`
		`@@ -274,7 +279,7 @@`

		`%package krb5-common`
		`Summary: SSSD helpers needed for Kerberos and GSSAPI authentication`
		`- License: GPLv3+`
		`+ License: GPL-3.0-or-later`
		`Requires: cyrus-sasl-gssapi%{?_isa}`
		`Requires: sssd-common = %{version}-%{release}`

		`@@ -284,7 +289,7 @@`

		`%package krb5`
		`Summary: The Kerberos authentication back end for the SSSD`
		`- License: GPLv3+`
		`+ License: GPL-3.0-or-later`
		`Requires: sssd-common = %{version}-%{release}`
		`Requires: sssd-krb5-common = %{version}-%{release}`

		`@@ -294,7 +299,7 @@`

		`%package common-pac`
		`Summary: Common files needed for supporting PAC processing`
		`- License: GPLv3+`
		`+ License: GPL-3.0-or-later`
		`Requires: sssd-common = %{version}-%{release}`
		`Requires: libsss_idmap = %{version}-%{release}`

		`@@ -304,7 +309,7 @@`

		`%package ipa`
		`Summary: The IPA back end of the SSSD`
		`- License: GPLv3+`
		`+ License: GPL-3.0-or-later`
		`Requires: samba-client-libs >= %{samba_package_version}`
		`Requires: sssd-common = %{version}-%{release}`
		`Requires: sssd-krb5-common = %{version}-%{release}`
		`@@ -320,7 +325,7 @@`

		`%package ad`
		`Summary: The AD back end of the SSSD`
		`- License: GPLv3+`
		`+ License: GPL-3.0-or-later`
		`Requires: samba-client-libs >= %{samba_package_version}`
		`Requires: sssd-common = %{version}-%{release}`
		`Requires: sssd-krb5-common = %{version}-%{release}`
		`@@ -337,7 +342,7 @@`

		`%package proxy`
		`Summary: The proxy back end of the SSSD`
		`- License: GPLv3+`
		`+ License: GPL-3.0-or-later`
		`Requires: sssd-common = %{version}-%{release}`

		`%description proxy`
		`@@ -346,14 +351,14 @@`

		`%package -n libsss_idmap`
		`Summary: FreeIPA Idmap library`
		`- License: LGPLv3+`
		`+ License: LGPL-3.0-or-later`

		`%description -n libsss_idmap`
		`Utility library to convert SIDs to Unix uids and gids`

		`%package -n libsss_idmap-devel`
		`Summary: FreeIPA Idmap library`
		`- License: LGPLv3+`
		`+ License: LGPL-3.0-or-later`
		`Requires: libsss_idmap = %{version}-%{release}`

		`%description -n libsss_idmap-devel`
		`@@ -361,14 +366,14 @@`

		`%package -n libipa_hbac`
		`Summary: FreeIPA HBAC Evaluator library`
		`- License: LGPLv3+`
		`+ License: LGPL-3.0-or-later`

		`%description -n libipa_hbac`
		`Utility library to validate FreeIPA HBAC rules for authorization requests`

		`%package -n libipa_hbac-devel`
		`Summary: FreeIPA HBAC Evaluator library`
		`- License: LGPLv3+`
		`+ License: LGPL-3.0-or-later`
		`Requires: libipa_hbac = %{version}-%{release}`

		`%description -n libipa_hbac-devel`
		`@@ -376,7 +381,7 @@`

		`%package -n python3-libipa_hbac`
		`Summary: Python3 bindings for the FreeIPA HBAC Evaluator library`
		`- License: LGPLv3+`
		`+ License: LGPL-3.0-or-later`
		`Requires: libipa_hbac = %{version}-%{release}`
		`%{?python_provide:%python_provide python3-libipa_hbac}`

		`@@ -386,14 +391,14 @@`

		`%package -n libsss_nss_idmap`
		`Summary: Library for SID and certificate based lookups`
		`- License: LGPLv3+`
		`+ License: LGPL-3.0-or-later`

		`%description -n libsss_nss_idmap`
		`Utility library for SID and certificate based lookups`

		`%package -n libsss_nss_idmap-devel`
		`Summary: Library for SID and certificate based lookups`
		`- License: LGPLv3+`
		`+ License: LGPL-3.0-or-later`
		`Requires: libsss_nss_idmap = %{version}-%{release}`

		`%description -n libsss_nss_idmap-devel`
		`@@ -401,7 +406,7 @@`

		`%package -n python3-libsss_nss_idmap`
		`Summary: Python3 bindings for libsss_nss_idmap`
		`- License: LGPLv3+`
		`+ License: LGPL-3.0-or-later`
		`Requires: libsss_nss_idmap = %{version}-%{release}`
		`%{?python_provide:%python_provide python3-libsss_nss_idmap}`

		`@@ -411,7 +416,7 @@`

		`%package dbus`
		`Summary: The D-Bus responder of the SSSD`
		`- License: GPLv3+`
		`+ License: GPL-3.0-or-later`
		`Requires: sssd-common = %{version}-%{release}`
		`%{?systemd_requires}`

		`@@ -423,7 +428,7 @@`
		`%package polkit-rules`
		`Summary: Rules for polkit integration for SSSD`
		`Group: Applications/System`
		`- License: GPLv3+`
		`+ License: GPL-3.0-or-later`
		`Requires: polkit >= 0.106`
		`Requires: sssd-common = %{version}-%{release}`

		`@@ -432,26 +437,9 @@`
		`for smartcard support.`
		`%endif`

		`- %package -n libsss_simpleifp`
		`- Summary: The SSSD D-Bus responder helper library`
		`- License: GPLv3+`
		`- Requires: sssd-dbus = %{version}-%{release}`
		`-`
		`- %description -n libsss_simpleifp`
		`- Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.`
		`-`
		`- %package -n libsss_simpleifp-devel`
		`- Summary: The SSSD D-Bus responder helper library`
		`- License: GPLv3+`
		`- Requires: dbus-devel`
		`- Requires: libsss_simpleifp = %{version}-%{release}`
		`-`
		`- %description -n libsss_simpleifp-devel`
		`- Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.`
		`-`
		`%package winbind-idmap`
		`Summary: SSSD's idmap_sss Backend for Winbind`
		`- License: GPLv3+ and LGPLv3+`
		`+ License: GPL-3.0-or-later AND LGPL-3.0-or-later`
		`Requires: libsss_nss_idmap = %{version}-%{release}`
		`Requires: libsss_idmap = %{version}-%{release}`
		`Conflicts: sssd-common < %{version}-%{release}`
		`@@ -462,7 +450,7 @@`

		`%package nfs-idmap`
		`Summary: SSSD plug-in for NFSv4 rpc.idmapd`
		`- License: GPLv3+`
		`+ License: GPL-3.0-or-later`
		`Conflicts: sssd-common < %{version}-%{release}`

		`%description nfs-idmap`
		`@@ -472,7 +460,7 @@`

		`%package -n libsss_certmap`
		`Summary: SSSD Certificate Mapping Library`
		`- License: LGPLv3+`
		`+ License: LGPL-3.0-or-later`
		`Conflicts: sssd-common < %{version}-%{release}`

		`%description -n libsss_certmap`
		`@@ -480,7 +468,7 @@`

		`%package -n libsss_certmap-devel`
		`Summary: SSSD Certificate Mapping Library`
		`- License: LGPLv3+`
		`+ License: LGPL-3.0-or-later`
		`Requires: libsss_certmap = %{version}-%{release}`

		`%description -n libsss_certmap-devel`
		`@@ -488,7 +476,7 @@`

		`%package kcm`
		`Summary: An implementation of a Kerberos KCM server`
		`- License: GPLv3+`
		`+ License: GPL-3.0-or-later`
		`Requires: sssd-common = %{version}-%{release}`
		`%if %{build_kcm_renewals}`
		`Requires: krb5-libs >= %{krb5_version}`
		`@@ -501,7 +489,7 @@`

		`%package idp`
		`Summary: Kerberos plugins and OIDC helper for external identity providers.`
		`- License: GPLv3+`
		`+ License: GPL-3.0-or-later`
		`Requires: sssd-common = %{version}-%{release}`

		`%description idp`
		`@@ -509,6 +497,16 @@`
		`authentication against external identity providers. Additionally a helper`
		`program to handle the OAuth 2.0 Device Authorization Grant is provided.`

		`+ %package passkey`
		`+ Summary: SSSD helpers and plugins needed for authentication with passkey token`
		`+ License: GPL-3.0-or-later`
		`+ Requires: sssd-common = %{version}-%{release}`
		`+ Requires: libfido2`
		`+`
		`+ %description passkey`
		`+ This package provides helper processes and Kerberos plugins that are required to`
		`+ enable authentication with passkey token.`
		`+`
		`%prep`
		`%autosetup -p1`

		`@@ -537,12 +535,14 @@`
		`--with-sssd-user=%{sssd_user} \`
		`--with-syslog=journald \`
		`--with-test-dir=/dev/shm \`
		`+ --with-files-provider \`
		`%if %{build_subid}`
		`--with-subid \`
		`%endif`
		`%if 0%{?fedora}`
		`--disable-polkit-rules-path \`
		`%endif`
		`+ --with-passkey \`
		`%{nil}`

		`%make_build all docs runstatedir=%{_rundir}`
		`@@ -579,6 +579,10 @@`
		`cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/sssd_enable_idp \`
		`$RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/sssd_enable_idp`

		`+ # Enable krb5 passkey plugins by default (when sssd-passkey package is installed)`
		`+ cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/sssd_enable_passkey \`
		`+ $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/sssd_enable_passkey`
		`+`
		`# krb5 configuration snippet`
		`cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/enable_sssd_conf_dir \`
		`$RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir`
		`@@ -714,7 +718,6 @@`
		`%{_libexecdir}/%{servicename}/sssd_check_socket_activated_responders`

		`%dir %{_libdir}/%{name}`
		`- # The files provider is intentionally packaged in -common`
		`%{_libdir}/%{name}/libsss_files.so`
		`%{_libdir}/%{name}/libsss_simple.so`

		`@@ -841,19 +844,9 @@`
		`%{_mandir}/man5/sssd-ifp.5*`
		`%{_unitdir}/sssd-ifp.service`
		`# InfoPipe DBus plumbing`
		`- %{_sysconfdir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf`
		`+ %{_datadir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf`
		`%{_datadir}/dbus-1/system-services/org.freedesktop.sssd.infopipe.service`

		`- %files -n libsss_simpleifp`
		`- %{_libdir}/libsss_simpleifp.so.*`
		`-`
		`- %files -n libsss_simpleifp-devel`
		`- %doc sss_simpleifp_doc/html`
		`- %{_includedir}/sss_sifp.h`
		`- %{_includedir}/sss_sifp_dbus.h`
		`- %{_libdir}/libsss_simpleifp.so`
		`- %{_libdir}/pkgconfig/sss_simpleifp.pc`
		`-`
		`%files client -f sssd_client.lang`
		`%license src/sss_client/COPYING src/sss_client/COPYING.LESSER`
		`%{_libdir}/libnss_sss.so.2`
		`@@ -986,6 +979,12 @@`
		`%{_datadir}/sssd/krb5-snippets/sssd_enable_idp`
		`%config(noreplace) %{_sysconfdir}/krb5.conf.d/sssd_enable_idp`

		`+ %files passkey`
		`+ %attr(755,%{sssd_user},%{sssd_user}) %{_libexecdir}/%{servicename}/passkey_child`
		`+ %{_libdir}/%{name}/modules/sssd_krb5_passkey_plugin.so`
		`+ %{_datadir}/sssd/krb5-snippets/sssd_enable_passkey`
		`+ %config(noreplace) %{_sysconfdir}/krb5.conf.d/sssd_enable_passkey`
		`+`
		`%if 0%{?rhel}`
		`%pre common`
		`getent group sssd >/dev/null \|\| groupadd -r sssd`
		`@@ -1060,6 +1059,10 @@`
		`%systemd_postun_with_restart sssd.service`

		`%changelog`
		`+ * Fri May 5 2023 Pavel Březina <pbrezina@redhat.com> - 2.9.0-1`
		`+ - Rebase to SSSD 2.9.0`
		`+ - SPDX migration`
		`+`
		`* Thu Jan 26 2023 Stephen Gallagher <sgallagh@redhat.com> - 2.8.2-4`
		`- Rebuild against libunistring 1.1`

no initial comment

ipedrosa commented a year ago

LGTM

rebased onto ff6fafc

a year ago

rebased onto 13150fa

a year ago

zuul commented a year ago

Build succeeded.
https://fedora.softwarefactory-project.io/zuul/buildset/6472a306b7af441d9f944ee3bef38be1

check-for-arches : SUCCESS in 3m 22s
rpm-scratch-build : SUCCESS in 18m 29s
rpm-scratch-build-s390x : SUCCESS in 17m 53s (non-voting)
rpm-scratch-build-ppc64le : SUCCESS in 24m 16s (non-voting)
rpm-scratch-build-i686 : SUCCESS in 19m 45s (non-voting)
rpm-scratch-build-aarch64 : SUCCESS in 17m 45s (non-voting)
rpm-linter : TIMED_OUT in 31m 57s (non-voting)
rpm-rpminspect : TIMED_OUT in 32m 00s (non-voting)
check-for-sti-tests : SUCCESS in 17s
check-for-fmf-tests : SUCCESS in 17s
rpm-install-test : SUCCESS in 2m 03s
Skipped 2 jobs

zuul commented a year ago

Build succeeded.
https://fedora.softwarefactory-project.io/zuul/buildset/431ce8de22a54f76850927c8b816b442

check-for-arches : SUCCESS in 3m 23s
rpm-scratch-build : SUCCESS in 17m 25s
rpm-scratch-build-s390x : SUCCESS in 16m 36s (non-voting)
rpm-scratch-build-ppc64le : SUCCESS in 17m 45s (non-voting)
rpm-scratch-build-i686 : SUCCESS in 17m 44s (non-voting)
rpm-scratch-build-aarch64 : SUCCESS in 16m 38s (non-voting)
rpm-linter : FAILURE in 26m 33s (non-voting)
rpm-rpminspect : TIMED_OUT in 31m 19s (non-voting)
check-for-sti-tests : SUCCESS in 17s
check-for-fmf-tests : SUCCESS in 18s
rpm-install-test : SUCCESS in 2m 14s
Skipped 2 jobs

atikhonov commented on line 121 of sssd.spec a year ago

While we strive to remove 'files provider' in F39 (before devel freeze) we don't have all bits in place yet.
In particular, 2.9.0 doesn't yet have support of cert-mapping by 'proxy provider' (needed for smart card auth of local users - https://github.com/SSSD/sssd/pull/6633)
I think it would be safer to disable build of 'files provider' with a later rebase on 2.9.1+ when (if) we are fully ready (including Fedora change page).

pbrezina commented a year ago

Ok, so build it with with-files-provider?

atikhonov commented a year ago

so build it with with-files-provider?

Imo, yes, for a time being.

Edited a year ago by atikhonov

rebased onto 31956f5

a year ago

zuul commented a year ago

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci
https://fedora.softwarefactory-project.io/zuul/buildset/363fb3ebbbde4181b7d2bc2a76a80157

check-for-arches : SUCCESS in 2m 29s
rpm-scratch-build : FAILURE in 14m 19s
rpm-scratch-build-s390x : FAILURE in 20m 36s (non-voting)
rpm-scratch-build-ppc64le : FAILURE in 23m 44s (non-voting)
rpm-scratch-build-i686 : FAILURE in 23m 31s (non-voting)
rpm-scratch-build-aarch64 : FAILURE in 18m 37s (non-voting)
rpm-linter : SKIPPED Skipped due to failed job rpm-scratch-build (non-voting)
rpm-rpminspect : SKIPPED Skipped due to failed job rpm-scratch-build (non-voting)
check-for-sti-tests : SKIPPED Skipped due to failed job rpm-scratch-build
check-for-fmf-tests : SKIPPED Skipped due to failed job rpm-scratch-build
rpm-install-test : SKIPPED Skipped due to failed job rpm-scratch-build
rpm-tmt-test : SKIPPED Skipped due to failed job rpm-scratch-build
rpm-sti-test : SKIPPED Skipped due to failed job rpm-scratch-build