Ubuntu
sssd package

Merge ~ahasenack/ubuntu/+source/sssd:cosmic-sssd-merge-1.16.2-1 into ubuntu/+source/sssd:debian/sid

  1. Git
  2. lp:~ahasenack/ubuntu/+source/sssd
  3. cosmic-sssd-merge-1.16.2-1
  4. Merge into debian/sid
Proposed by Andreas Hasenack
Status: Merged
Merge reported by: Christian Ehrhardt 
Merged at revision: 2cede9935d88f1152c404474062475b9db6c1a72
Proposed branch: ~ahasenack/ubuntu/+source/sssd:cosmic-sssd-merge-1.16.2-1
Merge into: ubuntu/+source/sssd:debian/sid
Diff against target: 284 lines (+204/-1)
5 files modified
debian/changelog (+147/-0)
debian/control (+2/-1)
debian/patches/disable-sss_nss_idmap-tests.diff (+23/-0)
debian/patches/libsss-dependency.diff (+30/-0)
debian/patches/series (+2/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Pending
Review via email: mp+352761@code.launchpad.net

Description of the change

Merge from debian's 1.16.2. Notable changes:
- libcmocka-dev new build dependency. This is used for testing only, so it doesn't matter that it's in universe
- building with cmocka triggered many more tests, and one in particular fails in Ubuntu because of our usage of the -Bsymbolic-functions linker flag. This prevents a mocked function from being called and the real one is called instead. See https://bit.ly/2OTDtDM for a thread in the upstream mailing list. I did an experimental build without -Bsymbolic-functions and the test passed. I'm not prepared to remove this flag from the whole build, however, and the alternatives seem cumbersome at this time, so I rather just disable this known test failure. Unfortunately this is a new delta, but an easy one to maintain.
- another new delta is to fix a build problem that does not happen with all linux distributions. So far just gentoo, opensuse and us. Removing -Bsymbolic-flags doesn't affect the outcome, so it's something else. This was discussed upstream at https://bit.ly/2MrqgAw and the patch that we are carrying is committed upstream, so the next version will have this bit of delta dropped.
- finally, I dropped Doko's fix for a python3 module build error that happened once when he did a no-change rebuild upload (see build failures at https://launchpad.net/ubuntu/+source/sssd/1.16.1-1ubuntu2). Those don't happen again in a PPA (https://launchpad.net/~ahasenack/+archive/ubuntu/sssd-merge-1.16.2-1/+packages), and I hope they won't happen when uploading to the archive. There is some magic going on with dh-install and/or dh-python, look at https://pastebin.ubuntu.com/p/CBvNgDmp9d/: the paths in *.install don't agree with what ends up in the deb package.
- the debian d/rules change to use samba idmap version 6 is fine, since that was the default before when this option didn't exist

PPA with test packages: https://launchpad.net/~ahasenack/+archive/ubuntu/sssd-merge-1.16.2-1/+packages

I tested locally the following scenarios:
- pure ldap authentication with ssl, and ldap user enumeration/information
- ldap with ssl for user information, kerberos for user authentication
- kerberos for authentication, /etc/passwd (files) for user enumeration/information

These tests are a bit complex to describe in a step by step basis. I still want to add them as DEP8 tests in an upcoming upload.

To confirm that the new build-depends didn't introduce anything unexpected, I installed all generated debs in a container with no universe component enabled, and it worked fine.

To post a comment you must log in.
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

If happy with the MP, please push the upload tag and set the MP to approved. I can dput the package and follow migration.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Upstream opened a PR for this issue: https://github.com/SSSD/sssd/pull/632

I confirmed that the patch makes the test pass in Ubuntu. We can either wait for it to be merged, and then apply it in this branch, or do that in a second step as to not block this upload.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Since you surgically only disable the one test and a solution is incoming (which implies we can drop next time) we should be fine to upload this as-is.
If we wait for the next merge or do a minor upload with the fix mostly depends on how much pain/effort it is - if migration turns out to be rather painful we might not do a follow on soon.
If it is trivial, then why not.
And if you know from the past that sssd migrates painfully, we might give upstream until mid next week to commit, so that we would only have one upload.

On the MP itself:
Ack to Changelog (not complaining abotu different wording style preferences)
Ack to Dropped changes
Ack to new changes
Upgrade works fine on a test
General Testing (I'm not good at sssd thou) also works (tested 1.16.2-1ubuntu1~ppa8)

FYI - Rbasak once told me that the Forwarded in Dep3 is only defined as yes/no
Since then I only do yes/no but add own flags called Forwarded-info: or so.
Really not important enough to stop you, but I wanted to let you know.

I'd leave the tag&push to your confirm that you want to keep the header as-is (and if you want to wait for upstream committing the fix).

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I updated the dep3 header and pushed --force. New hash to tag with upload is 83d52c481399b10d78b6553b6376bd28fd0b59b8 please.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Tag pushed and sponsored

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 06a1412..df16eea 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,19 @@
6+sssd (1.16.2-1ubuntu1) cosmic; urgency=medium
7+
8+ * Merge with Debian unstable.
9+ * Dropped:
10+ - Fix installation of the python3 modules.
11+ [No longer needed, it builds fine now.]
12+ - d/sssd-common.maintscript: rm_conffile for upstart drop
13+ [Can be dropped in a merge post 18.04]
14+ * Added:
15+ - d/p/libsss-dependency.diff: fix build issue dependency between
16+ libsss_cert and libsss_child.
17+ - d/p/disable-sss_nss_idmap-tests.diff: disable the sss_nss_idmap tests
18+ which fail in Ubuntu because of the -Bsymbolic-functions linker flag.
19+
20+ -- Andreas Hasenack <andreas@canonical.com> Wed, 08 Aug 2018 10:49:35 -0300
21+
22 sssd (1.16.2-1) unstable; urgency=medium
23
24 * New upstream release. (LP: #1778554)
25@@ -13,6 +29,35 @@ sssd (1.16.2-1) unstable; urgency=medium
26
27 -- Timo Aaltonen <tjaalton@debian.org> Wed, 27 Jun 2018 14:07:55 +0300
28
29+sssd (1.16.1-1ubuntu4) cosmic; urgency=medium
30+
31+ * d/p/python3-libipa-hbac.install, d/p/python3-libsss-nss-idmap.install,
32+ d/p/python3-sss.install: modules go in /usr/lib/python3*, not
33+ /usr/local/lib/python3* (LP: #1780783)
34+ * d/sssd-common.sssd.init: drop initscript that was accidentally added
35+ in 1.16.1-1ubuntu3.
36+
37+ -- Andreas Hasenack <andreas@canonical.com> Tue, 10 Jul 2018 17:21:22 -0300
38+
39+sssd (1.16.1-1ubuntu3) cosmic; urgency=medium
40+
41+ * Fix installation of the python3 modules.
42+
43+ -- Matthias Klose <doko@ubuntu.com> Tue, 15 May 2018 12:08:22 -0400
44+
45+sssd (1.16.1-1ubuntu2) cosmic; urgency=medium
46+
47+ * No-change rebuild for http-parser soname change.
48+
49+ -- Matthias Klose <doko@ubuntu.com> Mon, 14 May 2018 17:33:20 +0000
50+
51+sssd (1.16.1-1ubuntu1) bionic; urgency=medium
52+
53+ * Merge from Debian. (LP: #1754746)
54+ * d/p/restart_providers_on_timeshift.patch: Dropped, upstream.
55+
56+ -- Timo Aaltonen <tjaalton@debian.org> Mon, 09 Apr 2018 13:45:29 +0300
57+
58 sssd (1.16.1-1) unstable; urgency=medium
59
60 * New upstream release.
61@@ -27,6 +72,29 @@ sssd (1.16.1-1) unstable; urgency=medium
62
63 -- Timo Aaltonen <tjaalton@debian.org> Tue, 13 Mar 2018 11:25:00 +0200
64
65+sssd (1.16.0-5ubuntu2) bionic; urgency=medium
66+
67+ * Enable the secrets service and build against http-parser (LP: #1754365).
68+ This drops the following Debian delta:
69+ - Build without the secrets service as libhttp-parser2.1 is in universe
70+ * d/{sssd-common.postinst,sssd-common.dirs}: create the secrets directory
71+ used by sssd-secrets and set its permissions in postinst.
72+ (Closes: #892315)
73+
74+ -- Andreas Hasenack <andreas@canonical.com> Tue, 06 Mar 2018 16:23:11 +0100
75+
76+sssd (1.16.0-5ubuntu1) bionic; urgency=medium
77+
78+ * Merge with Debian unstable (LP: #1735493). Remaining changes:
79+ - Build without the secrets service as libhttp-parser2.1 is in universe
80+ - d/p/restart_providers_on_timeshift.patch: Use SIGUSR2 after watchdog
81+ detects time shift to execute pending scheduled tasks that could
82+ be stuck (LP 1641875)
83+ [refreshed with what was committed upstream in the end]
84+ - d/sssd-common.maintscript: rm_conffile for upstart drop
85+
86+ -- Andreas Hasenack <andreas@canonical.com> Fri, 26 Jan 2018 17:46:39 -0200
87+
88 sssd (1.16.0-5) unstable; urgency=medium
89
90 * rules: Disable files domain, it's not useful in Debian. (Closes:
91@@ -63,12 +131,35 @@ sssd (1.16.0-1) unstable; urgency=medium
92
93 -- Timo Aaltonen <tjaalton@debian.org> Wed, 20 Dec 2017 11:58:50 +0200
94
95+sssd (1.15.3-3ubuntu1) bionic; urgency=medium
96+
97+ * Merge with Debian unstable (LP: #1732242). Remaining changes:
98+ - Build without the secrets service as libhttp-parser2.1 is in universe
99+ - d/p/restart_providers_on_timeshift.patch: Use SIGUSR2 after watchdog
100+ detects time shift to execute pending scheduled tasks that could
101+ be stuck (LP 1641875)
102+ * Drop unused upstart file debian/sssd-common.sssd.upstart.in
103+ - remove debian/sssd-common.sssd.upstart.in
104+ - debian/sssd-common.maintscript remove stale conffile
105+
106+ -- Andreas Hasenack <andreas@canonical.com> Tue, 14 Nov 2017 16:13:02 -0200
107+
108 sssd (1.15.3-3) unstable; urgency=medium
109
110 * Rebuild against new libldb. (Closes: #880013)
111
112 -- Timo Aaltonen <tjaalton@debian.org> Sun, 29 Oct 2017 09:13:42 +0200
113
114+sssd (1.15.3-2ubuntu1) artful; urgency=medium
115+
116+ * Merge from Debian, remaining changes:
117+ - Build without the secrets service as libhttp-parser2.1 is in universe
118+ - d/p/restart_providers_on_timeshift.patch: Use SIGUSR2 after watchdog
119+ detects time shift to execute pending scheduled tasks that could
120+ be stuck (LP: 1641875)
121+
122+ -- Timo Aaltonen <tjaalton@debian.org> Thu, 12 Oct 2017 10:02:08 +0300
123+
124 sssd (1.15.3-2) unstable; urgency=medium
125
126 * control: Fix libipa-hbac-dev short description.
127@@ -92,6 +183,27 @@ sssd (1.15.3-1) unstable; urgency=medium
128
129 -- Timo Aaltonen <tjaalton@debian.org> Sat, 29 Jul 2017 11:50:41 +0300
130
131+sssd (1.15.2-1ubuntu3) artful; urgency=medium
132+
133+ * No-change rebuild to build with python3.6.
134+
135+ -- Matthias Klose <doko@ubuntu.com> Mon, 24 Jul 2017 18:24:23 +0000
136+
137+sssd (1.15.2-1ubuntu2) artful; urgency=medium
138+
139+ * d/apparmor-profile:
140+ - allow the chown capability (LP: #1699576)
141+ - allow sssd to notify systemd during startup (LP: #1689387)
142+
143+ -- Andreas Hasenack <andreas@canonical.com> Wed, 21 Jun 2017 15:50:35 -0300
144+
145+sssd (1.15.2-1ubuntu1) zesty; urgency=medium
146+
147+ * Merge from Debian.
148+ - new bugfix release
149+
150+ -- Timo Aaltonen <tjaalton@debian.org> Thu, 06 Apr 2017 12:45:49 +0300
151+
152 sssd (1.15.2-1) unstable; urgency=medium
153
154 * New upstream release.
155@@ -103,6 +215,41 @@ sssd (1.15.2-1) unstable; urgency=medium
156
157 -- Timo Aaltonen <tjaalton@debian.org> Mon, 20 Mar 2017 15:17:19 +0200
158
159+sssd (1.15.0-3ubuntu4) zesty; urgency=medium
160+
161+ * Rebuild against new samba/libldb. (LP: #1664785)
162+
163+ -- Timo Aaltonen <tjaalton@debian.org> Sun, 05 Mar 2017 13:30:40 +0200
164+
165+sssd (1.15.0-3ubuntu3) zesty; urgency=medium
166+
167+ * d/p/restart_providers_on_timeshift.patch: Use SIGUSR2 after watchdog
168+ detects time shift to execute pending scheduled tasks that could
169+ be stuck (LP: #1641875)
170+
171+ -- Victor Tapia <victor.tapia@canonical.com> Wed, 15 Feb 2017 17:05:05 +0100
172+
173+sssd (1.15.0-3ubuntu2) zesty; urgency=medium
174+
175+ * Demote sssd-ad Recommends to Suggests. This fixes a component mismatch in
176+ Ubuntu, but also we believe in LP 1590471 that it shouldn't be required for
177+ full functionality of sssd-ad anyway. This has also been done in Debian VCS
178+ in commit d26fd6b.
179+
180+ -- Robie Basak <robie.basak@ubuntu.com> Thu, 09 Feb 2017 13:34:01 +0000
181+
182+sssd (1.15.0-3ubuntu1) zesty; urgency=medium
183+
184+ * Build without the secrets service as libhttp-parser2.1 is in universe. An
185+ MIR is pending in LP 1638957; when this is complete, we can revert this.
186+ - Configure with --without-secrets.
187+ - Drop build depends on libhttp-parser-dev and libjansson-dev. These are
188+ only needed for the "secrets service".
189+ - Remove secrets service -related files from d/sssd-common.install and in
190+ d/rules.
191+
192+ -- Robie Basak <robie.basak@ubuntu.com> Tue, 07 Feb 2017 19:37:45 +0000
193+
194 sssd (1.15.0-3) unstable; urgency=medium
195
196 * rules, install: Remove responder service and socket files for now, the
197diff --git a/debian/control b/debian/control
198index ba9aede..28853e2 100644
199--- a/debian/control
200+++ b/debian/control
201@@ -1,7 +1,8 @@
202 Source: sssd
203 Section: utils
204 Priority: optional
205-Maintainer: Debian SSSD Team <pkg-sssd-devel@lists.alioth.debian.org>
206+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
207+XSBC-Original-Maintainer: Debian SSSD Team <pkg-sssd-devel@lists.alioth.debian.org>
208 Uploaders: Timo Aaltonen <tjaalton@debian.org>
209 Build-Depends:
210 autopoint,
211diff --git a/debian/patches/disable-sss_nss_idmap-tests.diff b/debian/patches/disable-sss_nss_idmap-tests.diff
212new file mode 100644
213index 0000000..f9145a1
214--- /dev/null
215+++ b/debian/patches/disable-sss_nss_idmap-tests.diff
216@@ -0,0 +1,23 @@
217+Description: Disable sss_nss_idmap-tests
218+ The test_getsidbyname and test_getorigbyname tests rely on mocking out
219+ a call to sss_nss_make_request_timeout(), using libcmocka. In Ubuntu that
220+ mocking doesn't work because of the -Bsymbolic-functions linker flag that
221+ is used by default. It's less intrusive to just disable this test than to
222+ remove the linker flag from the whole build.
223+ Mailing list thread: https://bit.ly/2OTDtDM
224+Author: Andreas Hasenack <andreas@canonical.com>
225+Bug: https://github.com/SSSD/sssd/pull/632
226+Forwarded: no
227+Last-Update: 2018-08-07
228+---
229+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
230+--- a/Makefile.am
231++++ b/Makefile.am
232+@@ -239,7 +239,6 @@
233+ test-io \
234+ test-negcache \
235+ test-authtok \
236+- sss_nss_idmap-tests \
237+ dyndns-tests \
238+ fqnames-tests \
239+ nestedgroups-tests \
240diff --git a/debian/patches/libsss-dependency.diff b/debian/patches/libsss-dependency.diff
241new file mode 100644
242index 0000000..e1b7d16
243--- /dev/null
244+++ b/debian/patches/libsss-dependency.diff
245@@ -0,0 +1,30 @@
246+Description: utils: add libsss_child dependency to libsss_cert
247+ Since the refactoring of the ssh responder to call p11_child to
248+ validate certificates there is a dependency between libss_cert and
249+ libsss_child. In some environments, e.g. gentoo or the OpenSUSE build
250+ service, this dependency must be declared explicitly even if it is
251+ resolved otherwise while linking the binaries.
252+ Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
253+Author: Sumit Bose <sbose@redhat.com>
254+Origin: upstream, https://pagure.io/SSSD/sssd/c/a2cc554f438c220b3cc73eb93879dd87795a86cd
255+Last-Update: 2018-08-07
256+--- a/Makefile.am
257++++ b/Makefile.am
258+@@ -967,11 +967,17 @@
259+ $(AM_CFLAGS) \
260+ $(SSS_CERT_CFLAGS) \
261+ $(NULL)
262++# NOTE:
263++# There is a dependency between libsss_cert and libsss_child which should
264++# always be declared explicitly and if missing might cause issue in some
265++# environments (e.g. Gentoo or OpenSUSE build service), even if it is
266++# resolved otherwise while linking the binaries.
267+ libsss_cert_la_LIBADD = \
268+ $(SSS_CERT_LIBS) \
269+ $(TALLOC_LIBS) \
270+ $(TEVENT_LIBS) \
271+ libsss_crypt.la \
272++ libsss_child.la \
273+ libsss_debug.la \
274+ libsss_certmap.la \
275+ $(NULL)
276diff --git a/debian/patches/series b/debian/patches/series
277index 512387a..99828b4 100644
278--- a/debian/patches/series
279+++ b/debian/patches/series
280@@ -1,2 +1,4 @@
281 #placeholder
282 disable-tests.diff
283+libsss-dependency.diff
284+disable-sss_nss_idmap-tests.diff

Subscribers

People subscribed via source and target branches