Ubuntu
sssd package

Merge ~ahasenack/ubuntu/+source/sssd:cosmic-sssd-merge-1.16.2-1 into ubuntu/+source/sssd:debian/sid

  1. Git
  2. lp:~ahasenack/ubuntu/+source/sssd
  3. cosmic-sssd-merge-1.16.2-1
  4. Merge into debian/sid
Proposed by Andreas Hasenack
Status: Merged
Merge reported by: Christian Ehrhardt 
Merged at revision: 2cede9935d88f1152c404474062475b9db6c1a72
Proposed branch: ~ahasenack/ubuntu/+source/sssd:cosmic-sssd-merge-1.16.2-1
Merge into: ubuntu/+source/sssd:debian/sid
Diff against target: 284 lines (+204/-1)
5 files modified
debian/changelog (+147/-0)
debian/control (+2/-1)
debian/patches/disable-sss_nss_idmap-tests.diff (+23/-0)
debian/patches/libsss-dependency.diff (+30/-0)
debian/patches/series (+2/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Pending
Review via email: mp+352761@code.launchpad.net

Description of the change

Merge from debian's 1.16.2. Notable changes:
- libcmocka-dev new build dependency. This is used for testing only, so it doesn't matter that it's in universe
- building with cmocka triggered many more tests, and one in particular fails in Ubuntu because of our usage of the -Bsymbolic-functions linker flag. This prevents a mocked function from being called and the real one is called instead. See https://bit.ly/2OTDtDM for a thread in the upstream mailing list. I did an experimental build without -Bsymbolic-functions and the test passed. I'm not prepared to remove this flag from the whole build, however, and the alternatives seem cumbersome at this time, so I rather just disable this known test failure. Unfortunately this is a new delta, but an easy one to maintain.
- another new delta is to fix a build problem that does not happen with all linux distributions. So far just gentoo, opensuse and us. Removing -Bsymbolic-flags doesn't affect the outcome, so it's something else. This was discussed upstream at https://bit.ly/2MrqgAw and the patch that we are carrying is committed upstream, so the next version will have this bit of delta dropped.
- finally, I dropped Doko's fix for a python3 module build error that happened once when he did a no-change rebuild upload (see build failures at https://launchpad.net/ubuntu/+source/sssd/1.16.1-1ubuntu2). Those don't happen again in a PPA (https://launchpad.net/~ahasenack/+archive/ubuntu/sssd-merge-1.16.2-1/+packages), and I hope they won't happen when uploading to the archive. There is some magic going on with dh-install and/or dh-python, look at https://pastebin.ubuntu.com/p/CBvNgDmp9d/: the paths in *.install don't agree with what ends up in the deb package.
- the debian d/rules change to use samba idmap version 6 is fine, since that was the default before when this option didn't exist

PPA with test packages: https://launchpad.net/~ahasenack/+archive/ubuntu/sssd-merge-1.16.2-1/+packages

I tested locally the following scenarios:
- pure ldap authentication with ssl, and ldap user enumeration/information
- ldap with ssl for user information, kerberos for user authentication
- kerberos for authentication, /etc/passwd (files) for user enumeration/information

These tests are a bit complex to describe in a step by step basis. I still want to add them as DEP8 tests in an upcoming upload.

To confirm that the new build-depends didn't introduce anything unexpected, I installed all generated debs in a container with no universe component enabled, and it worked fine.

To post a comment you must log in.
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

If happy with the MP, please push the upload tag and set the MP to approved. I can dput the package and follow migration.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Upstream opened a PR for this issue: https://github.com/SSSD/sssd/pull/632

I confirmed that the patch makes the test pass in Ubuntu. We can either wait for it to be merged, and then apply it in this branch, or do that in a second step as to not block this upload.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Since you surgically only disable the one test and a solution is incoming (which implies we can drop next time) we should be fine to upload this as-is.
If we wait for the next merge or do a minor upload with the fix mostly depends on how much pain/effort it is - if migration turns out to be rather painful we might not do a follow on soon.
If it is trivial, then why not.
And if you know from the past that sssd migrates painfully, we might give upstream until mid next week to commit, so that we would only have one upload.

On the MP itself:
Ack to Changelog (not complaining abotu different wording style preferences)
Ack to Dropped changes
Ack to new changes
Upgrade works fine on a test
General Testing (I'm not good at sssd thou) also works (tested 1.16.2-1ubuntu1~ppa8)

FYI - Rbasak once told me that the Forwarded in Dep3 is only defined as yes/no
Since then I only do yes/no but add own flags called Forwarded-info: or so.
Really not important enough to stop you, but I wanted to let you know.

I'd leave the tag&push to your confirm that you want to keep the header as-is (and if you want to wait for upstream committing the fix).

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I updated the dep3 header and pushed --force. New hash to tag with upload is 83d52c481399b10d78b6553b6376bd28fd0b59b8 please.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Tag pushed and sponsored

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 06a1412..df16eea 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,19 @@
1sssd (1.16.2-1ubuntu1) cosmic; urgency=medium
2
3 * Merge with Debian unstable.
4 * Dropped:
5 - Fix installation of the python3 modules.
6 [No longer needed, it builds fine now.]
7 - d/sssd-common.maintscript: rm_conffile for upstart drop
8 [Can be dropped in a merge post 18.04]
9 * Added:
10 - d/p/libsss-dependency.diff: fix build issue dependency between
11 libsss_cert and libsss_child.
12 - d/p/disable-sss_nss_idmap-tests.diff: disable the sss_nss_idmap tests
13 which fail in Ubuntu because of the -Bsymbolic-functions linker flag.
14
15 -- Andreas Hasenack <andreas@canonical.com> Wed, 08 Aug 2018 10:49:35 -0300
16
1sssd (1.16.2-1) unstable; urgency=medium17sssd (1.16.2-1) unstable; urgency=medium
218
3 * New upstream release. (LP: #1778554)19 * New upstream release. (LP: #1778554)
@@ -13,6 +29,35 @@ sssd (1.16.2-1) unstable; urgency=medium
1329
14 -- Timo Aaltonen <tjaalton@debian.org> Wed, 27 Jun 2018 14:07:55 +030030 -- Timo Aaltonen <tjaalton@debian.org> Wed, 27 Jun 2018 14:07:55 +0300
1531
32sssd (1.16.1-1ubuntu4) cosmic; urgency=medium
33
34 * d/p/python3-libipa-hbac.install, d/p/python3-libsss-nss-idmap.install,
35 d/p/python3-sss.install: modules go in /usr/lib/python3*, not
36 /usr/local/lib/python3* (LP: #1780783)
37 * d/sssd-common.sssd.init: drop initscript that was accidentally added
38 in 1.16.1-1ubuntu3.
39
40 -- Andreas Hasenack <andreas@canonical.com> Tue, 10 Jul 2018 17:21:22 -0300
41
42sssd (1.16.1-1ubuntu3) cosmic; urgency=medium
43
44 * Fix installation of the python3 modules.
45
46 -- Matthias Klose <doko@ubuntu.com> Tue, 15 May 2018 12:08:22 -0400
47
48sssd (1.16.1-1ubuntu2) cosmic; urgency=medium
49
50 * No-change rebuild for http-parser soname change.
51
52 -- Matthias Klose <doko@ubuntu.com> Mon, 14 May 2018 17:33:20 +0000
53
54sssd (1.16.1-1ubuntu1) bionic; urgency=medium
55
56 * Merge from Debian. (LP: #1754746)
57 * d/p/restart_providers_on_timeshift.patch: Dropped, upstream.
58
59 -- Timo Aaltonen <tjaalton@debian.org> Mon, 09 Apr 2018 13:45:29 +0300
60
16sssd (1.16.1-1) unstable; urgency=medium61sssd (1.16.1-1) unstable; urgency=medium
1762
18 * New upstream release.63 * New upstream release.
@@ -27,6 +72,29 @@ sssd (1.16.1-1) unstable; urgency=medium
2772
28 -- Timo Aaltonen <tjaalton@debian.org> Tue, 13 Mar 2018 11:25:00 +020073 -- Timo Aaltonen <tjaalton@debian.org> Tue, 13 Mar 2018 11:25:00 +0200
2974
75sssd (1.16.0-5ubuntu2) bionic; urgency=medium
76
77 * Enable the secrets service and build against http-parser (LP: #1754365).
78 This drops the following Debian delta:
79 - Build without the secrets service as libhttp-parser2.1 is in universe
80 * d/{sssd-common.postinst,sssd-common.dirs}: create the secrets directory
81 used by sssd-secrets and set its permissions in postinst.
82 (Closes: #892315)
83
84 -- Andreas Hasenack <andreas@canonical.com> Tue, 06 Mar 2018 16:23:11 +0100
85
86sssd (1.16.0-5ubuntu1) bionic; urgency=medium
87
88 * Merge with Debian unstable (LP: #1735493). Remaining changes:
89 - Build without the secrets service as libhttp-parser2.1 is in universe
90 - d/p/restart_providers_on_timeshift.patch: Use SIGUSR2 after watchdog
91 detects time shift to execute pending scheduled tasks that could
92 be stuck (LP 1641875)
93 [refreshed with what was committed upstream in the end]
94 - d/sssd-common.maintscript: rm_conffile for upstart drop
95
96 -- Andreas Hasenack <andreas@canonical.com> Fri, 26 Jan 2018 17:46:39 -0200
97
30sssd (1.16.0-5) unstable; urgency=medium98sssd (1.16.0-5) unstable; urgency=medium
3199
32 * rules: Disable files domain, it's not useful in Debian. (Closes:100 * rules: Disable files domain, it's not useful in Debian. (Closes:
@@ -63,12 +131,35 @@ sssd (1.16.0-1) unstable; urgency=medium
63131
64 -- Timo Aaltonen <tjaalton@debian.org> Wed, 20 Dec 2017 11:58:50 +0200132 -- Timo Aaltonen <tjaalton@debian.org> Wed, 20 Dec 2017 11:58:50 +0200
65133
134sssd (1.15.3-3ubuntu1) bionic; urgency=medium
135
136 * Merge with Debian unstable (LP: #1732242). Remaining changes:
137 - Build without the secrets service as libhttp-parser2.1 is in universe
138 - d/p/restart_providers_on_timeshift.patch: Use SIGUSR2 after watchdog
139 detects time shift to execute pending scheduled tasks that could
140 be stuck (LP 1641875)
141 * Drop unused upstart file debian/sssd-common.sssd.upstart.in
142 - remove debian/sssd-common.sssd.upstart.in
143 - debian/sssd-common.maintscript remove stale conffile
144
145 -- Andreas Hasenack <andreas@canonical.com> Tue, 14 Nov 2017 16:13:02 -0200
146
66sssd (1.15.3-3) unstable; urgency=medium147sssd (1.15.3-3) unstable; urgency=medium
67148
68 * Rebuild against new libldb. (Closes: #880013)149 * Rebuild against new libldb. (Closes: #880013)
69150
70 -- Timo Aaltonen <tjaalton@debian.org> Sun, 29 Oct 2017 09:13:42 +0200151 -- Timo Aaltonen <tjaalton@debian.org> Sun, 29 Oct 2017 09:13:42 +0200
71152
153sssd (1.15.3-2ubuntu1) artful; urgency=medium
154
155 * Merge from Debian, remaining changes:
156 - Build without the secrets service as libhttp-parser2.1 is in universe
157 - d/p/restart_providers_on_timeshift.patch: Use SIGUSR2 after watchdog
158 detects time shift to execute pending scheduled tasks that could
159 be stuck (LP: 1641875)
160
161 -- Timo Aaltonen <tjaalton@debian.org> Thu, 12 Oct 2017 10:02:08 +0300
162
72sssd (1.15.3-2) unstable; urgency=medium163sssd (1.15.3-2) unstable; urgency=medium
73164
74 * control: Fix libipa-hbac-dev short description.165 * control: Fix libipa-hbac-dev short description.
@@ -92,6 +183,27 @@ sssd (1.15.3-1) unstable; urgency=medium
92183
93 -- Timo Aaltonen <tjaalton@debian.org> Sat, 29 Jul 2017 11:50:41 +0300184 -- Timo Aaltonen <tjaalton@debian.org> Sat, 29 Jul 2017 11:50:41 +0300
94185
186sssd (1.15.2-1ubuntu3) artful; urgency=medium
187
188 * No-change rebuild to build with python3.6.
189
190 -- Matthias Klose <doko@ubuntu.com> Mon, 24 Jul 2017 18:24:23 +0000
191
192sssd (1.15.2-1ubuntu2) artful; urgency=medium
193
194 * d/apparmor-profile:
195 - allow the chown capability (LP: #1699576)
196 - allow sssd to notify systemd during startup (LP: #1689387)
197
198 -- Andreas Hasenack <andreas@canonical.com> Wed, 21 Jun 2017 15:50:35 -0300
199
200sssd (1.15.2-1ubuntu1) zesty; urgency=medium
201
202 * Merge from Debian.
203 - new bugfix release
204
205 -- Timo Aaltonen <tjaalton@debian.org> Thu, 06 Apr 2017 12:45:49 +0300
206
95sssd (1.15.2-1) unstable; urgency=medium207sssd (1.15.2-1) unstable; urgency=medium
96208
97 * New upstream release.209 * New upstream release.
@@ -103,6 +215,41 @@ sssd (1.15.2-1) unstable; urgency=medium
103215
104 -- Timo Aaltonen <tjaalton@debian.org> Mon, 20 Mar 2017 15:17:19 +0200216 -- Timo Aaltonen <tjaalton@debian.org> Mon, 20 Mar 2017 15:17:19 +0200
105217
218sssd (1.15.0-3ubuntu4) zesty; urgency=medium
219
220 * Rebuild against new samba/libldb. (LP: #1664785)
221
222 -- Timo Aaltonen <tjaalton@debian.org> Sun, 05 Mar 2017 13:30:40 +0200
223
224sssd (1.15.0-3ubuntu3) zesty; urgency=medium
225
226 * d/p/restart_providers_on_timeshift.patch: Use SIGUSR2 after watchdog
227 detects time shift to execute pending scheduled tasks that could
228 be stuck (LP: #1641875)
229
230 -- Victor Tapia <victor.tapia@canonical.com> Wed, 15 Feb 2017 17:05:05 +0100
231
232sssd (1.15.0-3ubuntu2) zesty; urgency=medium
233
234 * Demote sssd-ad Recommends to Suggests. This fixes a component mismatch in
235 Ubuntu, but also we believe in LP 1590471 that it shouldn't be required for
236 full functionality of sssd-ad anyway. This has also been done in Debian VCS
237 in commit d26fd6b.
238
239 -- Robie Basak <robie.basak@ubuntu.com> Thu, 09 Feb 2017 13:34:01 +0000
240
241sssd (1.15.0-3ubuntu1) zesty; urgency=medium
242
243 * Build without the secrets service as libhttp-parser2.1 is in universe. An
244 MIR is pending in LP 1638957; when this is complete, we can revert this.
245 - Configure with --without-secrets.
246 - Drop build depends on libhttp-parser-dev and libjansson-dev. These are
247 only needed for the "secrets service".
248 - Remove secrets service -related files from d/sssd-common.install and in
249 d/rules.
250
251 -- Robie Basak <robie.basak@ubuntu.com> Tue, 07 Feb 2017 19:37:45 +0000
252
106sssd (1.15.0-3) unstable; urgency=medium253sssd (1.15.0-3) unstable; urgency=medium
107254
108 * rules, install: Remove responder service and socket files for now, the255 * rules, install: Remove responder service and socket files for now, the
diff --git a/debian/control b/debian/control
index ba9aede..28853e2 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,8 @@
1Source: sssd1Source: sssd
2Section: utils2Section: utils
3Priority: optional3Priority: optional
4Maintainer: Debian SSSD Team <pkg-sssd-devel@lists.alioth.debian.org>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Debian SSSD Team <pkg-sssd-devel@lists.alioth.debian.org>
5Uploaders: Timo Aaltonen <tjaalton@debian.org>6Uploaders: Timo Aaltonen <tjaalton@debian.org>
6Build-Depends:7Build-Depends:
7 autopoint,8 autopoint,
diff --git a/debian/patches/disable-sss_nss_idmap-tests.diff b/debian/patches/disable-sss_nss_idmap-tests.diff
8new file mode 1006449new file mode 100644
index 0000000..f9145a1
--- /dev/null
+++ b/debian/patches/disable-sss_nss_idmap-tests.diff
@@ -0,0 +1,23 @@
1Description: Disable sss_nss_idmap-tests
2 The test_getsidbyname and test_getorigbyname tests rely on mocking out
3 a call to sss_nss_make_request_timeout(), using libcmocka. In Ubuntu that
4 mocking doesn't work because of the -Bsymbolic-functions linker flag that
5 is used by default. It's less intrusive to just disable this test than to
6 remove the linker flag from the whole build.
7 Mailing list thread: https://bit.ly/2OTDtDM
8Author: Andreas Hasenack <andreas@canonical.com>
9Bug: https://github.com/SSSD/sssd/pull/632
10Forwarded: no
11Last-Update: 2018-08-07
12---
13This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
14--- a/Makefile.am
15+++ b/Makefile.am
16@@ -239,7 +239,6 @@
17 test-io \
18 test-negcache \
19 test-authtok \
20- sss_nss_idmap-tests \
21 dyndns-tests \
22 fqnames-tests \
23 nestedgroups-tests \
diff --git a/debian/patches/libsss-dependency.diff b/debian/patches/libsss-dependency.diff
0new file mode 10064424new file mode 100644
index 0000000..e1b7d16
--- /dev/null
+++ b/debian/patches/libsss-dependency.diff
@@ -0,0 +1,30 @@
1Description: utils: add libsss_child dependency to libsss_cert
2 Since the refactoring of the ssh responder to call p11_child to
3 validate certificates there is a dependency between libss_cert and
4 libsss_child. In some environments, e.g. gentoo or the OpenSUSE build
5 service, this dependency must be declared explicitly even if it is
6 resolved otherwise while linking the binaries.
7 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
8Author: Sumit Bose <sbose@redhat.com>
9Origin: upstream, https://pagure.io/SSSD/sssd/c/a2cc554f438c220b3cc73eb93879dd87795a86cd
10Last-Update: 2018-08-07
11--- a/Makefile.am
12+++ b/Makefile.am
13@@ -967,11 +967,17 @@
14 $(AM_CFLAGS) \
15 $(SSS_CERT_CFLAGS) \
16 $(NULL)
17+# NOTE:
18+# There is a dependency between libsss_cert and libsss_child which should
19+# always be declared explicitly and if missing might cause issue in some
20+# environments (e.g. Gentoo or OpenSUSE build service), even if it is
21+# resolved otherwise while linking the binaries.
22 libsss_cert_la_LIBADD = \
23 $(SSS_CERT_LIBS) \
24 $(TALLOC_LIBS) \
25 $(TEVENT_LIBS) \
26 libsss_crypt.la \
27+ libsss_child.la \
28 libsss_debug.la \
29 libsss_certmap.la \
30 $(NULL)
diff --git a/debian/patches/series b/debian/patches/series
index 512387a..99828b4 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,4 @@
1#placeholder1#placeholder
2disable-tests.diff2disable-tests.diff
3libsss-dependency.diff
4disable-sss_nss_idmap-tests.diff

Subscribers

People subscribed via source and target branches