Ubuntu
sssd package

Merge ~ahasenack/ubuntu/+source/sssd:eoan-sssd-2.2.0-4-merge into ubuntu/+source/sssd:debian/sid

  1. Git
  2. lp:~ahasenack/ubuntu/+source/sssd
  3. eoan-sssd-2.2.0-4-merge
  4. Merge into debian/sid
Proposed by Andreas Hasenack
Status: Merged
Approved by: Andreas Hasenack
Approved revision: b512a3b4910648902d13ea2dfc8f2cf013516d6f
Merge reported by: Andreas Hasenack
Merged at revision: b512a3b4910648902d13ea2dfc8f2cf013516d6f
Proposed branch: ~ahasenack/ubuntu/+source/sssd:eoan-sssd-2.2.0-4-merge
Merge into: ubuntu/+source/sssd:debian/sid
Diff against target: 175 lines (+112/-3)
5 files modified
debian/changelog (+64/-0)
debian/control (+4/-3)
debian/patches/python3-shebang.patch (+13/-0)
debian/patches/restart-on-failure.patch (+29/-0)
debian/patches/series (+2/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Bryce Harrington (community) Approve
Canonical Server Pending
Review via email: mp+370825@code.launchpad.net

Description of the change

Merge from debian, new major version. I'm glad we have the dep8 tests we do, and they passed:

https://bileto.ubuntu.com/#/ticket/3772

Our delta is minimal, a lot was dropped. It's just a python -> python3 switch, and I'm not sure what debian's stance on that is yet.

I asked Timo about this merge, and he said the debian package has stabilized now in this new 2.x series and we could get it. There were no blockers or big issues.

To post a comment you must log in.
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

sssd master has pcre2 support (https://github.com/SSSD/sssd/pull/677#issuecomment-508238642), but not this 2.2.0 release. Anyway, that means soon the sssd task in https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1792544 can be closed

~ahasenack/ubuntu/+source/sssd:eoan-sssd-2.2.0-4-merge updated
2be6d8b... by Andreas Hasenack

  * Added:
    - d/p/restart-on-failure.patch: add Restart=on-failure to sssd.service
      (LP: #1821927)

b512a3b... by Andreas Hasenack

changelog

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I added a fix for #1821927 and uploaded a new package to the bileto ppa, it's running as I write this.

Revision history for this message
Bryce Harrington (bryce) wrote :

It installed into an lxd container just fine, although I noticed some warnings during the install. Noticed the adduser one we ran into with kafka. :-) Not sure about the relevance of the other warnings.

# sudo add-apt-repository -y ppa:ci-train-ppa-service/3772
(...)
# apt-get install sssd
(...)
Creating SSSD system user & group...
adduser: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating.
Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode
Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 54): Warning failed to create cache: usr.sbin.sssd
(...)
Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /lib/systemd/system/sssd.service.
sssd-autofs.service is a disabled or a static unit, not starting it.
sssd-nss.service is a disabled or a static unit, not starting it.
sssd-pam.service is a disabled or a static unit, not starting it.
sssd-ssh.service is a disabled or a static unit, not starting it.
sssd-sudo.service is a disabled or a static unit, not starting it.
Job for sssd-pam-priv.socket failed.
See "systemctl status sssd-pam-priv.socket" and "journalctl -xe" for details.
A dependency job for sssd-pam.socket failed. See 'journalctl -xe' for details.
Job for sssd-nss.socket failed.
See "systemctl status sssd-nss.socket" and "journalctl -xe" for details.
Job for sssd-autofs.socket failed.
See "systemctl status sssd-autofs.socket" and "journalctl -xe" for details.
Job for sssd-sudo.socket failed.
See "systemctl status sssd-sudo.socket" and "journalctl -xe" for details.
Job for sssd-ssh.socket failed.
See "systemctl status sssd-ssh.socket" and "journalctl -xe" for details.
Setting up sssd-proxy (2.2.0-4ubuntu1~ppa2) ...
Setting up cracklib-runtime (2.9.6-2) ...
Setting up libpwquality1:amd64 (1.4.0-3) ...
Setting up sssd-ad-common (2.2.0-4ubuntu1~ppa2) ...
Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /lib/systemd/system/sssd-pac.socket.
sssd-pac.service is a disabled or a static unit, not starting it.
Job for sssd-pac.socket failed.
See "systemctl status sssd-pac.socket" and "journalctl -xe" for details.
Setting up sssd-krb5-common (2.2.0-4ubuntu1~ppa2) ...
(...)
# apt-cache policy sssd | grep Installed:
  Installed: 2.2.0-4ubuntu1~ppa2

Revision history for this message
Bryce Harrington (bryce) wrote :

 √ Verified LP numbers and descriptions

Note that Robie expressed a doubt on LP #1821927 regarding Restart=on-failure and wanting to see more discussion. I also notice the upstream bug report got closed as fixed (with same change as here), but doesn't appear to have been any discussion about pros and cons. Maybe it's good? maybe it needs more discussion? Maybe it's Maybelline.

(My personal opinion is if upstream has taken the change, and it isn't something that'll cause annoyances for users, no reason we can't carry it too. But I could see value in adopting a standard across all services, to achieve better distro consistency, so will defer to those with stronger opinions than me.)

 √ Verified version number
 √ Verified update-maintainer
 √ Verified debdiff targets correct release codename
 √ Verified bileto build completed w/ autopkgtests without errors
 √ Verified installation / de-installation / purge / upgrade from the PPA into lxc

I notice bileto ran and passed the autopkgtests, however when I first ran them in an lxd container the ldap test errors out:

    https://paste.ubuntu.com/p/KxH9yh6ybK/

The journal -xe output:

    https://paste.ubuntu.com/p/kbJWKvRhkd/

The above output suggested doing this:

    # systemctl disable sssd-pam.socket

After that, I reran the test and this time everything passed

    https://paste.ubuntu.com/p/8FtWmxy2th/

No idea if this indicates something that needs adjusted in packaging, or is just an installation configuration detail.

+1 approve from me, just make sure to touch base with Robie before finalizing stuff.

review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Thanks for adding https://pagure.io/SSSD/sssd/c/b1ea33eca64a0429513fcfe2ba7402ff56889b46

Revision history for this message
Christian Ehrhardt  (paelzer) :
review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks for the review guys!

Bryce, in your ldap run I think this noise from run-parts broke the expect tool:

ldap.example.com login: testuser1
Password:
run-parts: /etc/update-motd.d/98-fsck-at-reboot exited with return code 2

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the

I also don't like the messages about socket services failing to start, I'll take a look at that and how it was supposed to be handled.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I clarified with Timo, and he with upstream, that these socket activated services won't start if there is no config file. It's noisy, but harmless for the time being. Timo might patch it in a new debian upload.

I'll upload b512a3b4910648902d13ea2dfc8f2cf013516d6f now.

$ git push pkg upload/2.2.0-4ubuntu1
Enumerating objects: 39, done.
Counting objects: 100% (39/39), done.
Delta compression using up to 2 threads
Compressing objects: 100% (33/33), done.
Writing objects: 100% (33/33), 4.96 KiB | 508.00 KiB/s, done.
Total 33 (delta 19), reused 0 (delta 0)
To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/sssd
 * [new tag] upload/2.2.0-4ubuntu1 -> upload/2.2.0-4ubuntu1

$ dput ubuntu ../sssd_2.2.0-4ubuntu1_source.changes
Checking signature on .changes
gpg: ../sssd_2.2.0-4ubuntu1_source.changes: Valid signature from AC983EB5BF6BCBA9
Checking signature on .dsc
gpg: ../sssd_2.2.0-4ubuntu1.dsc: Valid signature from AC983EB5BF6BCBA9
Package includes an .orig.tar.gz file although the debian revision suggests
that it might not be required. Multiple uploads of the .orig.tar.gz may be
rejected by the upload queue management software.
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading sssd_2.2.0-4ubuntu1.dsc: done.
  Uploading sssd_2.2.0.orig.tar.gz: done.
  Uploading sssd_2.2.0-4ubuntu1.diff.gz: done.
  Uploading sssd_2.2.0-4ubuntu1_source.buildinfo: done.
  Uploading sssd_2.2.0-4ubuntu1_source.changes: done.
Successfully uploaded packages.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

This migrated in eoan.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 7a97edd..6e636f7 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,23 @@
6+sssd (2.2.0-4ubuntu1) eoan; urgency=medium
7+
8+ * Merge with Debian unstable. Remaining changes:
9+ - Switch sss_obfuscate shebang to python3.
10+ * Dropped:
11+ - Fix build with newer samba (4.10+):
12+ + d/p/build-newer-samba.patch: replace ARRAY_SIZE with N_ELEMENTS, since
13+ the former is no longer available.
14+ [Fixed upstream]
15+ + d/p/make-n_elements-public.patch: make N_ELEMENTS public
16+ [Fixed upstream]
17+ - d/p/GPO_CROND-customization.patch: Set GPO_CROND to cron instead of
18+ crond for Debian and Ubuntu (LP #1572908)
19+ [Fixed upstream]
20+ * Added:
21+ - d/p/restart-on-failure.patch: add Restart=on-failure to sssd.service
22+ (LP: #1821927)
23+
24+ -- Andreas Hasenack <andreas@canonical.com> Mon, 29 Jul 2019 18:09:16 -0300
25+
26 sssd (2.2.0-4) unstable; urgency=medium
27
28 [ Sam Morris ]
29@@ -57,6 +77,25 @@ sssd (1.16.4-1~exp1) experimental; urgency=medium
30
31 -- Timo Aaltonen <tjaalton@debian.org> Wed, 03 Apr 2019 09:56:33 +0300
32
33+sssd (1.16.3-3.1ubuntu1) eoan; urgency=medium
34+
35+ * Merge with Debian unstable. Remaining changes:
36+ - Fix build with newer samba (4.10+):
37+ + d/p/build-newer-samba.patch: replace ARRAY_SIZE with N_ELEMENTS, since
38+ the former is no longer available.
39+ + d/p/make-n_elements-public.patch: make N_ELEMENTS public
40+ - d/p/GPO_CROND-customization.patch: Set GPO_CROND to cron instead of
41+ crond for Debian and Ubuntu (LP #1572908)
42+ - Switch sss_obfuscate shebang to python3.
43+ * Dropped:
44+ - d/p/mit-krb-1.17-build-fix.patch: accept krb5 1.17 for building the PAC
45+ plugin
46+ [In 1.16.3-3.1]
47+ - d/p/fix-test-copy-ccache.patch: fix mocking krb5_creds in test_copy_ccache
48+ [In 1.16.3-3.1]
49+
50+ -- Andreas Hasenack <andreas@canonical.com> Wed, 22 May 2019 18:28:06 -0300
51+
52 sssd (1.16.3-3.1) unstable; urgency=high
53
54 * Non-maintainer upload.
55@@ -65,6 +104,31 @@ sssd (1.16.3-3.1) unstable; urgency=high
56
57 -- Dominik George <natureshadow@debian.org> Sun, 24 Feb 2019 11:05:55 +0100
58
59+sssd (1.16.3-3ubuntu3) eoan; urgency=medium
60+
61+ * Switch sss_obfuscate shebang to python3.
62+
63+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Apr 2019 11:17:49 +0100
64+
65+sssd (1.16.3-3ubuntu2) eoan; urgency=medium
66+
67+ * d/p/GPO_CROND-customization.patch: Set GPO_CROND to cron instead of
68+ crond for Debian and Ubuntu (LP: #1572908)
69+
70+ -- Victor Tapia <victor.tapia@canonical.com> Mon, 23 Apr 2019 13:48:26 +0100
71+
72+sssd (1.16.3-3ubuntu1) disco; urgency=medium
73+
74+ * Fix build with newer samba (4.10+):
75+ - d/p/build-newer-samba.patch: replace ARRAY_SIZE with N_ELEMENTS, since
76+ the former is no longer available.
77+ - d/p/make-n_elements-public.patch: make N_ELEMENTS public
78+ * d/p/fix-test-copy-ccache.patch: fix mocking krb5_creds in test_copy_ccache
79+ * d/p/mit-krb-1.17-build-fix.patch: accept krb5 1.17 for building the PAC
80+ plugin
81+
82+ -- Andreas Hasenack <andreas@canonical.com> Mon, 04 Mar 2019 20:21:27 -0300
83+
84 sssd (1.16.3-3) unstable; urgency=medium
85
86 * fix-curl-ftbfs.diff: Fix build with current curl. (Closes: #913403)
87diff --git a/debian/control b/debian/control
88index baa5115..8fc2aba 100644
89--- a/debian/control
90+++ b/debian/control
91@@ -1,7 +1,8 @@
92 Source: sssd
93 Section: utils
94 Priority: optional
95-Maintainer: Debian SSSD Team <pkg-sssd-devel@alioth-lists.debian.net>
96+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
97+XSBC-Original-Maintainer: Debian SSSD Team <pkg-sssd-devel@alioth-lists.debian.net>
98 Uploaders: Timo Aaltonen <tjaalton@debian.org>,
99 Dominik George <natureshadow@debian.org>
100 Build-Depends:
101@@ -232,8 +233,8 @@ Description: System Security Services Daemon -- proxy back end
102 Package: sssd-tools
103 Architecture: any
104 Depends:
105- python,
106- python-sss,
107+ python3,
108+ python3-sss,
109 sssd-common (= ${binary:Version}),
110 ${misc:Depends},
111 ${shlibs:Depends}
112diff --git a/debian/patches/python3-shebang.patch b/debian/patches/python3-shebang.patch
113new file mode 100644
114index 0000000..a74fd04
115--- /dev/null
116+++ b/debian/patches/python3-shebang.patch
117@@ -0,0 +1,13 @@
118+Description: Switch sss_obfuscate shebang to python3.
119+Author: Dimitri John Ledkov <xnox@ubuntu.com>
120+
121+Index: sssd-1.16.3/src/tools/sss_obfuscate
122+===================================================================
123+--- sssd-1.16.3.orig/src/tools/sss_obfuscate
124++++ sssd-1.16.3/src/tools/sss_obfuscate
125+@@ -1,4 +1,4 @@
126+-#!/usr/bin/python
127++#!/usr/bin/python3
128+
129+ from __future__ import print_function
130+
131diff --git a/debian/patches/restart-on-failure.patch b/debian/patches/restart-on-failure.patch
132new file mode 100644
133index 0000000..03677ba
134--- /dev/null
135+++ b/debian/patches/restart-on-failure.patch
136@@ -0,0 +1,29 @@
137+From b1ea33eca64a0429513fcfe2ba7402ff56889b46 Mon Sep 17 00:00:00 2001
138+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
139+Date: Mon, 8 Jul 2019 11:37:19 +0200
140+Subject: [PATCH] systemd: add Restart=on-failure to sssd.service
141+
142+Resolves:
143+https://pagure.io/SSSD/sssd/issue/4040
144+
145+Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
146+---
147+ src/sysv/systemd/sssd.service.in | 1 +
148+ 1 file changed, 1 insertion(+)
149+
150+Origin: upstream, https://github.com/SSSD/sssd/commit/b1ea33eca64a0429513fcfe2ba7402ff56889b46
151+Bug: https://pagure.io/SSSD/sssd/issue/4040
152+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1821927
153+Last-Update: 2019-07-31
154+diff --git a/src/sysv/systemd/sssd.service.in b/src/sysv/systemd/sssd.service.in
155+index 2cb7cadf7d..7a4b7c74c8 100644
156+--- a/src/sysv/systemd/sssd.service.in
157++++ b/src/sysv/systemd/sssd.service.in
158+@@ -11,6 +11,7 @@ ExecStart=@sbindir@/sssd -i ${DEBUG_LOGGER}
159+ Type=notify
160+ NotifyAccess=main
161+ PIDFile=@pidpath@/sssd.pid
162++Restart=on-failure
163+
164+ [Install]
165+ WantedBy=multi-user.target
166diff --git a/debian/patches/series b/debian/patches/series
167index 8488b90..8bfa56a 100644
168--- a/debian/patches/series
169+++ b/debian/patches/series
170@@ -1,3 +1,5 @@
171 fix-have-systemd.diff
172 fix-whitespace-test.diff
173 default-to-socket-activated-services.diff
174+python3-shebang.patch
175+restart-on-failure.patch

Subscribers

People subscribed via source and target branches