Merge ~ahasenack/ubuntu/+source/realmd:jammy-realmd-merge into ubuntu/+source/realmd:debian/sid
- Git
- lp:~ahasenack/ubuntu/+source/realmd
- jammy-realmd-merge
- Merge into debian/sid
Status: | Merged | ||||
---|---|---|---|---|---|
Merge reported by: | Andreas Hasenack | ||||
Merged at revision: | 22c110ec75fa0f9069b1782a629c8755c50b53cd | ||||
Proposed branch: | ~ahasenack/ubuntu/+source/realmd:jammy-realmd-merge | ||||
Merge into: | ubuntu/+source/realmd:debian/sid | ||||
Diff against target: |
353 lines (+301/-1) 6 files modified
debian/changelog (+139/-0) debian/control (+2/-1) debian/patches/03_ldap-discovery-socket-timeout.patch (+76/-0) debian/patches/04_add-computer-name-to-manpage.patch (+32/-0) debian/patches/05_dont-add-services-line.patch (+49/-0) debian/patches/series (+3/-0) |
||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Utkarsh Gupta (community) | Approve | ||
Canonical Server Core Reviewers | Pending | ||
Review via email: mp+413763@code.launchpad.net |
This proposal supersedes a proposal from 2022-01-06.
Commit message
Description of the change
Merge from debian, which updated to the latest upstream release. Upstream has all the patches but one that is ubuntu/debian specific. I'll try to send that to debian again after this.
I also grabbed two more simple fixes from upstream's git repo which I thought were useful. I'll also submit them to debian, but they will be in the next upstream release anyway, so this added delta is not indefinite anyway.
Testing. Well, that requires an AD server. I'm working on getting one up and running again in a VM, but that will take a bit of time. But will be useful for another realmd bug I plan to tackle next, #1905000.
Andreas Hasenack (ahasenack) wrote : | # |
Utkarsh Gupta (utkarsh) wrote : | # |
Hello,
I'll take a stab at this.
Utkarsh Gupta (utkarsh) wrote : | # |
Looks good, thank you, Andreas. Few pointers though:
-> You could use `quilt refresh` after applying the patch, that'll remove unnecessary details. Completely optional but we generally want to do that, I think.
-> I think we can really make this a sync at some point and that'd be great! The two newly added changes will already be merged in Debian so I don't think you need to send that but brownie points if you do. As for the Debian/Ubuntu specific one, I think we should so the next merge can be a sync. I know it's already on your radar to send this (as noted in the description) but I feel if you can do this before uploading, then you can also add those DEP3 headers (Forwarded one) and also add a link to the MR in the git commit but I know you have this thought out.
-> Since all of them are minor, I am approving this with two additional comments below. \o/
Andreas Hasenack (ahasenack) wrote : | # |
I'm recently taking the approach of only submitting to debian after it passed our review, to avoid going back and forth with updates here in LP and also in salsa or the debian bug. And then when debian makes comments, I have to update the MP here in LP with them. Keeping both proposals up at the same time can be difficult because of that.
Andreas Hasenack (ahasenack) : | # |
- b85f911... by Andreas Hasenack
-
DEP3 update for dont-add-
services- line.patch
Andreas Hasenack (ahasenack) : | # |
- 5858754... by Andreas Hasenack
-
Drop "ubuntu specific" comment from d/p/series
- 7222508... by Andreas Hasenack
-
Rename the patch to follow the pattern
- 22c110e... by Andreas Hasenack
-
Changelog update about the patch rename
Andreas Hasenack (ahasenack) wrote : | # |
The other two new added patches I submitted to debian via salsa PRs:
https:/
Christian Ehrhardt (paelzer) wrote : | # |
On Wed, Jan 12, 2022 at 1:27 PM Utkarsh Gupta
<email address hidden> wrote:
>
> -> You could use `quilt refresh` after applying the patch, that'll remove unnecessary details. Completely optional but we generally want to do that, I think.
Umm, IIRC in case a patch from a remote source applies as-is we
usually do not refresh it so everyone can easily spot it is "the same"
(other than adding headers).
If we touch it anyway, then yes refreshing to the common format is helpful.
But anyway - all of that is somewhat soft and not a hard rule either way.
Utkarsh Gupta (utkarsh) wrote : | # |
Hello,
This looks good, thanks, Andreas.
Andreas Hasenack (ahasenack) wrote : | # |
Thanks, uploaded (after another quick test of this, to avoid a brown paper bag bug ;).
Preview Diff
1 | diff --git a/debian/changelog b/debian/changelog |
2 | index c8e4a0a..b775d0d 100644 |
3 | --- a/debian/changelog |
4 | +++ b/debian/changelog |
5 | @@ -1,3 +1,73 @@ |
6 | +realmd (0.17.0-1ubuntu1) jammy; urgency=medium |
7 | + |
8 | + * Merge with Debian unstable (LP: #1946896). Remaining changes: |
9 | + - d/p/dont-add-services-line.patch: in Ubuntu and Debian, the sssd_* |
10 | + services are socket activated and don't need a "services" line in |
11 | + sssd.conf (LP #1880157) |
12 | + * Dropped (all applied upstream): |
13 | + - d/p/0001-LDAP-don-t-close-LDAP-socket-twice.patch: don't close LDAP |
14 | + socket twice. |
15 | + - d/p/0001-Fix-man-page-reference-in-systemd-service-file.patch: the |
16 | + manpage is realm(8), not realmd(8) |
17 | + - d/p/0001-Use-current-idmap-options-for-smb.conf.patch: use the |
18 | + idmap options in smb.conf for modern versions of samba (LP #1894153) |
19 | + - d/p/0001-Find-NetBIOS-name-in-keytab-while-leaving.patch: find |
20 | + NetBIOS name in keytab while leaving the domain (LP #1894340) |
21 | + - d/p/0001-Fix-issues-found-by-Coverity.patch: fix issues found by |
22 | + Coverity |
23 | + - d/p/0002-Change-qualified-names-default-for-IPA.patch: change |
24 | + qualified names default for IPA |
25 | + - d/p/0003-discover-try-to-get-domain-name-from-hostname.patch: if |
26 | + there is no domain name returned by DHCP check if the hostname |
27 | + contains a domain part and use this to discover a realm. |
28 | + - d/p/0001-IPA-do-not-call-sssd-enable-logins.patch: IPA: do not call |
29 | + sssd-enable-logins |
30 | + - d/p/0001-Set-NEWEST-flag-when-resolving-packages-with-Package.patch: |
31 | + install the latest version of a package when resolving packages with |
32 | + PackageKit |
33 | + - d/p/0001-doc-make-sure-cross-reference-ids-are-predictable.patch: make |
34 | + sure cross-reference ids are predictable |
35 | + - d/p/0002-tools-remove-duplicated-va_start.patch: remove duplicated |
36 | + va_start() |
37 | + - d/p/0003-service-remove-dead-code.patch: remove unused code |
38 | + - d/p/0004-service-check-return-value-of-fcntl.patch: check return |
39 | + value of fcntl() |
40 | + - d/p/0005-service-avoid-dereference-of-a-null-pointer.patch: avoid |
41 | + dereference of a null pointer |
42 | + - d/p/0006-service-avoid-dereferencing-a-NULL-pointer.patch: avoid |
43 | + dereferencing a NULL pointer |
44 | + - d/p/0001-Add-missing-xsl-file-to-Makefile.am.patch: add missing xsl |
45 | + file to Makefile.am |
46 | + - d/p/0002-configure-do-not-inherit-DISTRO-from-the-environment.patch: |
47 | + do not inherit DISTRO from the environment |
48 | + - d/p/0003-doc-extend-user-principal-section.patch: doc: extend |
49 | + user-principal section |
50 | + - d/p/0004-doc-fix-discover-name-only.patch: doc: fix discover |
51 | + name-only parameter |
52 | + - d/p/0005-doc-add-see-also-to-man-pages.patch: doc: add see also to |
53 | + man pages |
54 | + - d/p/0006-doc-extend-description-of-config-handling.patch: doc: extend |
55 | + description of config handling |
56 | + - d/p/0007-service-use-kerberos-method-secrets-and-keytab.patch: when |
57 | + using Samba with Winbind, set "kerberos method" to "secrets and keytab" |
58 | + - d/p/install-libnss-winbind.patch: install libnss-winbind when needed |
59 | + (LP #1894150) |
60 | + - d/p/0002-Use-startTLS-with-FreeIPA.patch: attempt StartTLS first |
61 | + when talking to FreeIPA |
62 | + - d/p/0004-service-use-additional-dns-hostnames-with-net-ads-jo.patch: |
63 | + when using samba to join a domain, and the client is from a different |
64 | + domain, also set "additional dns hostnames" |
65 | + - d/p/0003-service-use-net-ads-join-with-k-for-user-join-as-wel.patch: |
66 | + when joining using samba, try kerberos auth first and fallback to |
67 | + ntlm as before |
68 | + * Added changes: |
69 | + - d/p/03_ldap-discovery-socket-timeout.patch: use a shorter timeout |
70 | + for the unbind request sent when finishing up the discovery phase |
71 | + - d/p/04_add-computer-name-to-manpage.patch: document the existing |
72 | + --computer-name command line option |
73 | + |
74 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 06 Jan 2022 17:39:36 +0000 |
75 | + |
76 | realmd (0.17.0-1) unstable; urgency=medium |
77 | |
78 | * debian/watch: Update the URL and point to the git releases |
79 | @@ -8,6 +78,75 @@ realmd (0.17.0-1) unstable; urgency=medium |
80 | |
81 | -- Laurent Bigonville <bigon@debian.org> Mon, 16 Aug 2021 15:35:48 +0200 |
82 | |
83 | +realmd (0.16.3-3ubuntu2) impish; urgency=medium |
84 | + |
85 | + * No-change rebuild due to OpenLDAP soname bump. |
86 | + |
87 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 21 Jun 2021 18:08:26 -0400 |
88 | + |
89 | +realmd (0.16.3-3ubuntu1) groovy; urgency=medium |
90 | + |
91 | + * d/p/0001-LDAP-don-t-close-LDAP-socket-twice.patch: don't close LDAP |
92 | + socket twice. |
93 | + * d/p/0001-Fix-man-page-reference-in-systemd-service-file.patch: the |
94 | + manpage is realm(8), not realmd(8) |
95 | + * d/p/0001-Use-current-idmap-options-for-smb.conf.patch: use the |
96 | + idmap options in smb.conf for modern versions of samba (LP: #1894153) |
97 | + * d/p/0001-Find-NetBIOS-name-in-keytab-while-leaving.patch: find |
98 | + NetBIOS name in keytab while leaving the domain (LP: #1894340) |
99 | + * d/p/0001-Fix-issues-found-by-Coverity.patch: fix issues found by |
100 | + Coverity |
101 | + * d/p/0002-Change-qualified-names-default-for-IPA.patch: change |
102 | + qualified names default for IPA |
103 | + * d/p/0003-discover-try-to-get-domain-name-from-hostname.patch: if |
104 | + there is no domain name returned by DHCP check if the hostname |
105 | + contains a domain part and use this to discover a realm. |
106 | + * d/p/0001-IPA-do-not-call-sssd-enable-logins.patch: IPA: do not call |
107 | + sssd-enable-logins |
108 | + * d/p/0001-Set-NEWEST-flag-when-resolving-packages-with-Package.patch: |
109 | + install the latest version of a package when resolving packages with |
110 | + PackageKit |
111 | + * d/p/0001-doc-make-sure-cross-reference-ids-are-predictable.patch: make |
112 | + sure cross-reference ids are predictable |
113 | + * d/p/0002-tools-remove-duplicated-va_start.patch: remove duplicated |
114 | + va_start() |
115 | + * d/p/0003-service-remove-dead-code.patch: remove unused code |
116 | + * d/p/0004-service-check-return-value-of-fcntl.patch: check return |
117 | + value of fcntl() |
118 | + * d/p/0005-service-avoid-dereference-of-a-null-pointer.patch: avoid |
119 | + dereference of a null pointer |
120 | + * d/p/0006-service-avoid-dereferencing-a-NULL-pointer.patch: avoid |
121 | + dereferencing a NULL pointer |
122 | + * d/p/0001-Add-missing-xsl-file-to-Makefile.am.patch: add missing xsl |
123 | + file to Makefile.am |
124 | + * d/p/0002-configure-do-not-inherit-DISTRO-from-the-environment.patch: |
125 | + do not inherit DISTRO from the environment |
126 | + * d/p/0003-doc-extend-user-principal-section.patch: doc: extend |
127 | + user-principal section |
128 | + * d/p/0004-doc-fix-discover-name-only.patch: doc: fix discover |
129 | + name-only parameter |
130 | + * d/p/0005-doc-add-see-also-to-man-pages.patch: doc: add see also to |
131 | + man pages |
132 | + * d/p/0006-doc-extend-description-of-config-handling.patch: doc: extend |
133 | + description of config handling |
134 | + * d/p/0007-service-use-kerberos-method-secrets-and-keytab.patch: when |
135 | + using Samba with Winbind, set "kerberos method" to "secrets and keytab" |
136 | + * d/p/install-libnss-winbind.patch: install libnss-winbind when needed |
137 | + (LP: #1894150) |
138 | + * d/p/05_dont-add-services-line.patch: in Ubuntu and Debian, the sssd_* |
139 | + services are socket activated and don't need a "services" line in |
140 | + sssd.conf (LP: #1880157) |
141 | + * d/p/0004-service-use-additional-dns-hostnames-with-net-ads-jo.patch: |
142 | + when using samba to join a domain, and the client is from a different |
143 | + domain, also set "additional dns hostnames" |
144 | + * d/p/0002-Use-startTLS-with-FreeIPA.patch: attempt StartTLS first |
145 | + when talking to FreeIPA |
146 | + * d/p/0003-service-use-net-ads-join-with-k-for-user-join-as-wel.patch: |
147 | + when joining using samba, try kerberos auth first and fallback to |
148 | + ntlm as before |
149 | + |
150 | + -- Andreas Hasenack <andreas@canonical.com> Tue, 08 Sep 2020 15:15:12 -0300 |
151 | + |
152 | realmd (0.16.3-3) unstable; urgency=medium |
153 | |
154 | [ Andreas Henriksson ] |
155 | diff --git a/debian/control b/debian/control |
156 | index a2446b1..6d16592 100644 |
157 | --- a/debian/control |
158 | +++ b/debian/control |
159 | @@ -1,7 +1,8 @@ |
160 | Source: realmd |
161 | Section: admin |
162 | Priority: optional |
163 | -Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org> |
164 | +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
165 | +XSBC-Original-Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org> |
166 | Uploaders: Laurent Bigonville <bigon@debian.org> |
167 | Build-Depends: debhelper (>= 12), |
168 | intltool (>= 0.35.0), |
169 | diff --git a/debian/patches/03_ldap-discovery-socket-timeout.patch b/debian/patches/03_ldap-discovery-socket-timeout.patch |
170 | new file mode 100644 |
171 | index 0000000..aec5668 |
172 | --- /dev/null |
173 | +++ b/debian/patches/03_ldap-discovery-socket-timeout.patch |
174 | @@ -0,0 +1,76 @@ |
175 | +commit 370bf84857d5674a092f46fa5932a0c92ad5bbf5 |
176 | +Author: Sumit Bose <sbose@redhat.com> |
177 | +Date: Wed Nov 24 17:25:18 2021 +0100 |
178 | + |
179 | + ldap: add socket timeout |
180 | + |
181 | + During the discovery phase realmd tries to open LDAP connections to |
182 | + multiple DC addresses returned by DNS. When cleaning up we have to call |
183 | + ldap_destroy() to release the resources allocated for the LDAP context. |
184 | + ldap_destroy() tries to send a LDAP unbind request independent of the |
185 | + connection state. If the related address is block by a firewall or a not |
186 | + properly routed IPv6 address there might be no reply on the TCP level |
187 | + and the request might be stuck for quite some tome in the kernel. |
188 | + |
189 | + To avoid the unexpected long delays will block realmd this patch lowers |
190 | + the timeout considerably to 5s. As multiple other timeouts this value is |
191 | + currently hardcoded. |
192 | + |
193 | + Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1817869 |
194 | + |
195 | +Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=1817869 |
196 | +Origin: upstream, https://gitlab.freedesktop.org/realmd/realmd/-/commit/370bf84857d5674a092f46fa5932a0c92ad5bbf5 |
197 | +Last-Update: 2022-01-06 |
198 | +diff --git a/service/realm-ldap.c b/service/realm-ldap.c |
199 | +index bdfb96c..f7b6d13 100644 |
200 | +--- a/service/realm-ldap.c |
201 | ++++ b/service/realm-ldap.c |
202 | +@@ -22,6 +22,7 @@ |
203 | + #include <sys/types.h> |
204 | + #include <sys/socket.h> |
205 | + #include <netinet/in.h> |
206 | ++#include <netinet/tcp.h> |
207 | + |
208 | + #include <errno.h> |
209 | + |
210 | +@@ -179,6 +180,7 @@ static GSourceFuncs socket_source_funcs = { |
211 | + |
212 | + /* Not included in ldap.h but documented */ |
213 | + int ldap_init_fd (ber_socket_t fd, int proto, LDAP_CONST char *url, struct ldap **ldp); |
214 | ++#define LDAP_SOCKET_TIMEOUT 5 |
215 | + |
216 | + GSource * |
217 | + realm_ldap_connect_anonymous (GSocketAddress *address, |
218 | +@@ -202,6 +204,8 @@ realm_ldap_connect_anonymous (GSocketAddress *address, |
219 | + int opt_rc; |
220 | + int ldap_opt_val; |
221 | + const char *errmsg = NULL; |
222 | ++ struct timeval tv = {LDAP_SOCKET_TIMEOUT, 0}; |
223 | ++ unsigned int milli = LDAP_SOCKET_TIMEOUT * 1000; |
224 | + |
225 | + g_return_val_if_fail (G_IS_INET_SOCKET_ADDRESS (address), NULL); |
226 | + |
227 | +@@ -244,6 +248,23 @@ realm_ldap_connect_anonymous (GSocketAddress *address, |
228 | + if (!g_unix_set_fd_nonblocking (ls->sock, FALSE, NULL)) |
229 | + g_warning ("couldn't set to blocking"); |
230 | + |
231 | ++ /* Lower the kernel defaults which might be minutes to hours */ |
232 | ++ rc = setsockopt (ls->sock, SOL_SOCKET, SO_RCVTIMEO, |
233 | ++ &tv, sizeof (tv)); |
234 | ++ if (rc != 0) { |
235 | ++ g_warning ("couldn't set SO_RCVTIMEO"); |
236 | ++ } |
237 | ++ rc = setsockopt (ls->sock, SOL_SOCKET, SO_SNDTIMEO, |
238 | ++ &tv, sizeof (tv)); |
239 | ++ if (rc != 0) { |
240 | ++ g_warning ("couldn't set SO_SNDTIMEO"); |
241 | ++ } |
242 | ++ rc = setsockopt (ls->sock, IPPROTO_TCP, TCP_USER_TIMEOUT, |
243 | ++ &milli, sizeof (milli)); |
244 | ++ if (rc != 0) { |
245 | ++ g_warning ("couldn't set TCP_USER_TIMEOUT"); |
246 | ++ } |
247 | ++ |
248 | + if (family == G_SOCKET_FAMILY_IPV4) { |
249 | + url = g_strdup_printf ("%s://%s:%d", |
250 | + use_ldaps ? "ldaps" : "ldap", |
251 | diff --git a/debian/patches/04_add-computer-name-to-manpage.patch b/debian/patches/04_add-computer-name-to-manpage.patch |
252 | new file mode 100644 |
253 | index 0000000..539cb32 |
254 | --- /dev/null |
255 | +++ b/debian/patches/04_add-computer-name-to-manpage.patch |
256 | @@ -0,0 +1,32 @@ |
257 | +commit 05100771ea6bd775caae705bb53f76a0816f3b81 |
258 | +Author: Sumit Bose <sbose@redhat.com> |
259 | +Date: Tue May 11 11:13:06 2021 +0200 |
260 | + |
261 | + doc: add computer-name to realm man page |
262 | + |
263 | +Origin: upstream, https://gitlab.freedesktop.org/realmd/realmd/-/commit/05100771ea6bd775caae705bb53f76a0816f3b81 |
264 | +Last-Update: 2022-01-06 |
265 | +diff --git a/doc/manual/realm.xml b/doc/manual/realm.xml |
266 | +index 9160a8a..b4dc27c 100644 |
267 | +--- a/doc/manual/realm.xml |
268 | ++++ b/doc/manual/realm.xml |
269 | +@@ -222,6 +222,19 @@ $ realm join --user=admin --computer-ou=OU=Special domain.example.com |
270 | + supported for all realms. By default the membership software |
271 | + is automatically selected.</para></listitem> |
272 | + </varlistentry> |
273 | ++ <varlistentry> |
274 | ++ <term><option>--computer-name=xxx</option></term> |
275 | ++ <listitem> |
276 | ++ <para>This option only applies to Active |
277 | ++ Directory realms. Specify this option to |
278 | ++ override the default name used when creating |
279 | ++ the computer account. The system's FQDN will |
280 | ++ still be saved in the dNSHostName attribute.</para> |
281 | ++ <para>Specify the name as a string of 15 or |
282 | ++ fewer characters that is a valid NetBIOS |
283 | ++ computer name.</para> |
284 | ++ </listitem> |
285 | ++ </varlistentry> |
286 | + <varlistentry> |
287 | + <term><option>--no-password</option></term> |
288 | + <listitem><para>Perform the join automatically without |
289 | diff --git a/debian/patches/05_dont-add-services-line.patch b/debian/patches/05_dont-add-services-line.patch |
290 | new file mode 100644 |
291 | index 0000000..2cdc1a5 |
292 | --- /dev/null |
293 | +++ b/debian/patches/05_dont-add-services-line.patch |
294 | @@ -0,0 +1,49 @@ |
295 | +Description: Don't add the services line to sssd.conf |
296 | + In Ubuntu and Debian, the sssd services (like nss, pam, pac, etc) are socket |
297 | + activated and should not be listed in the services line, as they will be |
298 | + started on demand by systemd. |
299 | +Author: Andreas Hasenack <andreas@canonical.com> |
300 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1880157 |
301 | +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003620 |
302 | +Forwarded: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org/thread/JC3N3DBSMHZSA66IPLGAMBSXLCTYXWJR/ |
303 | +Last-Update: 2022-01-12 |
304 | +--- |
305 | +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ |
306 | +--- a/service/realm-sssd-config.c |
307 | ++++ b/service/realm-sssd-config.c |
308 | +@@ -130,7 +130,6 @@ |
309 | + gchar **already; |
310 | + gboolean ret; |
311 | + gchar *section; |
312 | +- const gchar *services[] = { "nss", "pam", NULL }; |
313 | + va_list va; |
314 | + gint i; |
315 | + |
316 | +@@ -155,7 +154,6 @@ |
317 | + g_strfreev (already); |
318 | + |
319 | + /* Setup a default sssd section */ |
320 | +- realm_ini_config_set_list_diff (config, "sssd", "services", ", ", services, NULL); |
321 | + if (!realm_ini_config_have (config, "sssd", "config_file_version")) |
322 | + realm_ini_config_set (config, "sssd", "config_file_version", "2", NULL); |
323 | + |
324 | +--- a/tests/test-sssd-config.c |
325 | ++++ b/tests/test-sssd-config.c |
326 | +@@ -90,7 +90,7 @@ |
327 | + gconstpointer unused) |
328 | + { |
329 | + const gchar *data = "[domain/one]\nval=1\n[sssd]\ndomains=one"; |
330 | +- const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one, two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n"; |
331 | ++ const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one, two\nconfig_file_version = 2\n\n[domain/two]\ndos = 2\n"; |
332 | + GError *error = NULL; |
333 | + gchar *output; |
334 | + gboolean ret; |
335 | +@@ -140,7 +140,7 @@ |
336 | + test_add_domain_only (Test *test, |
337 | + gconstpointer unused) |
338 | + { |
339 | +- const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n"; |
340 | ++ const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version = 2\n\n[domain/two]\ndos = 2\n"; |
341 | + GError *error = NULL; |
342 | + gchar *output; |
343 | + gboolean ret; |
344 | diff --git a/debian/patches/series b/debian/patches/series |
345 | index 00e862d..ee5278d 100644 |
346 | --- a/debian/patches/series |
347 | +++ b/debian/patches/series |
348 | @@ -1,2 +1,5 @@ |
349 | 01_freeipa_section.patch |
350 | 02_cross.patch |
351 | +03_ldap-discovery-socket-timeout.patch |
352 | +04_add-computer-name-to-manpage.patch |
353 | +05_dont-add-services-line.patch |
While testing, I found a cyrus-sasl2 bug (#1956833), for which I have an MP up as well.