Ubuntu
sssd package

Merge ~sergiodj/ubuntu/+source/sssd:bug1900642-condpathexists-focal into ubuntu/+source/sssd:ubuntu/focal-devel

  1. Git
  2. lp:~sergiodj/ubuntu/+source/sssd
  3. bug1900642-condpathexists-focal
  4. Merge into ubuntu/focal-devel
Proposed by Sergio Durigan Junior
Status: Merged
Approved by: Sergio Durigan Junior
Approved revision: 3ead5e9a451cd682c339c702d8f50869659b1d2b
Merged at revision: 3ead5e9a451cd682c339c702d8f50869659b1d2b
Proposed branch: ~sergiodj/ubuntu/+source/sssd:bug1900642-condpathexists-focal
Merge into: ubuntu/+source/sssd:ubuntu/focal-devel
Diff against target: 117 lines (+95/-0)
3 files modified
debian/changelog (+8/-0)
debian/patches/0003-Only-start-sssd.service-if-there-s-a-configuration-f.patch (+86/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Bryce Harrington (community) Approve
Canonical Server Pending
Review via email: mp+396099@code.launchpad.net

Description of the change

This is a MP to address bug 1900642. It includes a patch that comes directly from upstream, which accepted my solution (after some tweaking).

In a nutshell, what the new patch does is to include some conditions in the sssd.service file that are responsible for checking whether the user as (a) a file named /etc/sssd/sssd.conf, or (b) some configuration snippet under /etc/sssd/conf.d/. If either is true, then the service can be started.

It's important to mention that these conditions will only be added to the service file if sssd has been compiled without --enable-files-domain support. This is true for the Debian/Ubuntu sssd packages.

The good thing is that the SRU template can be left unmodified.

autopkgtest is still happy:

autopkgtest [17:03:52]: @@@@@@@@@@@@@@@@@@@@ summary
ldap-user-group-ldap-auth PASS
ldap-user-group-krb5-auth PASS

To post a comment you must log in.
Revision history for this message
Bryce Harrington (bryce) wrote :

Same as the groovy MP, approved for same reason and same condition that a fix for hirsute is likewise needed before this can be accepted for SRU.

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks for the review, Bryce.

I've just created an MP for hirsute, and tagged you as a reviewer:

https://code.launchpad.net/~sergiodj/ubuntu/+source/sssd/+git/sssd/+merge/396206

If you can, please have a look :-). Thanks!

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

$ git push pkg upload/2.2.3-3ubuntu0.2
Enumerating objects: 16, done.
Counting objects: 100% (16/16), done.
Delta compression using up to 8 threads
Compressing objects: 100% (11/11), done.
Writing objects: 100% (11/11), 2.86 KiB | 418.00 KiB/s, done.
Total 11 (delta 7), reused 0 (delta 0)
To ssh://git.launchpad.net/ubuntu/+source/sssd
 * [new tag] upload/2.2.3-3ubuntu0.2 -> upload/2.2.3-3ubuntu0.2

$ dput sssd_2.2.3-3ubuntu0.2_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/sssd/sssd-focal/sssd_2.2.3-3ubuntu0.2_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/sssd/sssd-focal/sssd_2.2.3-3ubuntu0.2.dsc: Valid signature from 106DA1C8C3CBBF14
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading sssd_2.2.3-3ubuntu0.2.dsc: done.
  Uploading sssd_2.2.3-3ubuntu0.2.diff.gz: done.
  Uploading sssd_2.2.3-3ubuntu0.2_source.buildinfo: done.
  Uploading sssd_2.2.3-3ubuntu0.2_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 21cd451..b6366f5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
1sssd (2.2.3-3ubuntu0.2) focal; urgency=medium
2
3 * d/p/0003-Only-start-sssd.service-if-there-s-a-configuration-f.patch:
4 Upstream patch to make sssd.service only able to start when there
5 is a configuration file present. (LP: #1900642)
6
7 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 11 Jan 2021 14:33:54 -0500
8
1sssd (2.2.3-3ubuntu0.1) focal; urgency=medium9sssd (2.2.3-3ubuntu0.1) focal; urgency=medium
210
3 * Enable support for "ad_use_ldaps" for new Active Directory 11 * Enable support for "ad_use_ldaps" for new Active Directory
diff --git a/debian/patches/0003-Only-start-sssd.service-if-there-s-a-configuration-f.patch b/debian/patches/0003-Only-start-sssd.service-if-there-s-a-configuration-f.patch
4new file mode 10064412new file mode 100644
index 0000000..622ddc3
--- /dev/null
+++ b/debian/patches/0003-Only-start-sssd.service-if-there-s-a-configuration-f.patch
@@ -0,0 +1,86 @@
1From: Sergio Durigan Junior <sergio.durigan@canonical.com>
2Date: Wed, 9 Dec 2020 22:54:21 -0500
3Subject: Only start sssd.service if there's a configuration file present
4
5This commit is the follow-up of the discussion that is happening here:
6
7https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1900642
8
9In a nutshell, SSSD is compile with --disable-files-domain and
10installed without a configuration file by default, which means that
11it's impossible to start it successfully unless the user has actively
12created/copied a sssd.conf inside /etc/sssd.
13
14There are two possible ways to have sssd.service successfully start:
15
161) If SSSD is configured with --enable-files-domain, then no
17 configuration file is required, and the service can start normally.
18
192) If SSSD is configured with --disable-files-domain, then a
20 configuration file is required. This can be either
21 /etc/sssd/sssd.conf, or a snippet under /etc/sssd/conf.d/.
22
23For this reason, I'd like to suggest that we conditionally add the
24following lines to sssd.service:
25
26 ConditionPathExists=|/etc/sssd/sssd.conf
27 ConditionDirectoryNotEmpty=|/etc/sssd/conf.d/
28
29These lines will be added only if SSSD is not configured with
30--enable-files-domain.
31
32Signed-off-by: Sergio Durigan Junior <sergio.durigan@canonical.com>
33
34Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
35
36Author: Sergio Durigan Junior <sergio.durigan@canonical.com>
37Origin: upstream, https://github.com/SSSD/sssd/commit/a25256fe22dd0b976093d15a5c7c73e1dc64bbcc
38Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1900642
39Last-Updated: 2021-01-11
40---
41 Makefile.am | 12 +++++++++++-
42 src/sysv/systemd/sssd.service.in | 1 +
43 2 files changed, 12 insertions(+), 1 deletion(-)
44
45diff --git a/Makefile.am b/Makefile.am
46index 4bacabd..1e5c0e8 100644
47--- a/Makefile.am
48+++ b/Makefile.am
49@@ -95,6 +95,15 @@ if HAVE_SYSTEMD_UNIT
50 ifp_exec_cmd = $(sssdlibexecdir)/sssd_ifp --uid 0 --gid 0 --dbus-activated
51 ifp_systemdservice = SystemdService=sssd-ifp.service
52 ifp_restart = Restart=on-failure
53+# If sssd is configured with --enable-files-domain, the service is
54+# able to start even without a configuration file. Otherwise, sssd
55+# requires a configuration file (either /etc/sssd/sssd.conf, or some
56+# snippet under /etc/sssd/sssd.conf.d/) to be present.
57+if ADD_FILES_DOMAIN
58+condconfigexists =
59+else
60+condconfigexists = ConditionPathExists=\|/etc/sssd/sssd.conf\nConditionDirectoryNotEmpty=\|/etc/sssd/conf.d/
61+endif
62 else
63 ifp_exec_cmd = $(sssdlibexecdir)/sss_signal
64 ifp_systemdservice =
65@@ -5128,7 +5137,8 @@ edit_cmd = $(SED) \
66 -e 's|@libexecdir[@]|$(libexecdir)|g' \
67 -e 's|@pipepath[@]|$(pipepath)|g' \
68 -e 's|@prefix[@]|$(prefix)|g' \
69- -e 's|@SSSD_USER[@]|$(SSSD_USER)|g'
70+ -e 's|@SSSD_USER[@]|$(SSSD_USER)|g' \
71+ -e 's|@condconfigexists[@]|$(condconfigexists)|g'
72
73 replace_script = \
74 @rm -f $@ $@.tmp; \
75diff --git a/src/sysv/systemd/sssd.service.in b/src/sysv/systemd/sssd.service.in
76index 7a4b7c7..aae36f7 100644
77--- a/src/sysv/systemd/sssd.service.in
78+++ b/src/sysv/systemd/sssd.service.in
79@@ -3,6 +3,7 @@ Description=System Security Services Daemon
80 # SSSD must be running before we permit user sessions
81 Before=systemd-user-sessions.service nss-user-lookup.target
82 Wants=nss-user-lookup.target
83+@condconfigexists@
84
85 [Service]
86 Environment=DEBUG_LOGGER=--logger=files
diff --git a/debian/patches/series b/debian/patches/series
index 4b402cf..2ec352f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@ lp-1868703-01-ad-allow-booleans-for-ad_inherit_opts_if_needed.patch
6lp-1868703-02-ad-add-ad_use_ldaps.patch6lp-1868703-02-ad-add-ad_use_ldaps.patch
7lp-1868703-03-ldap-add-new-option-ldap_sasl_maxssf.patch7lp-1868703-03-ldap-add-new-option-ldap_sasl_maxssf.patch
8lp-1868703-04-ad-set-min-and-max-ssf-for-ldaps.patch8lp-1868703-04-ad-set-min-and-max-ssf-for-ldaps.patch
90003-Only-start-sssd.service-if-there-s-a-configuration-f.patch

Subscribers

People subscribed via source and target branches