Ubuntu
sssd package

Merge ~sergiodj/ubuntu/+source/sssd:merge-2.5.2-4-jammy into ubuntu/+source/sssd:debian/sid

  1. Git
  2. lp:~sergiodj/ubuntu/+source/sssd
  3. merge-2.5.2-4-jammy
  4. Merge into debian/sid
Proposed by Sergio Durigan Junior
Status: Merged
Merge reported by: Sergio Durigan Junior
Merged at revision: 47b8ad116bb6fb3f0288091350c802165dd52bf9
Proposed branch: ~sergiodj/ubuntu/+source/sssd:merge-2.5.2-4-jammy
Merge into: ubuntu/+source/sssd:debian/sid
Diff against target: 294 lines (+228/-2)
5 files modified
debian/changelog (+139/-0)
debian/control (+3/-2)
debian/patches/fix-python-tests.patch (+83/-0)
debian/patches/series (+1/-0)
debian/rules (+2/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Pending
Review via email: mp+410912@code.launchpad.net

Description of the change

This is the merge of sssd 2.5.2-4 from Debian.

This is a relatively straightforward merge. Fortunately we will be able to drop a bunch of delta we've been carrying, because Debian incorporated most of it.

There's one patch that we're still going to have to carry for a bit more which is the d/p/fix-python-tests.patch. This one hasn't been adopted by Debian because it's not a problem there yet, and eventually we will be able to drop it because it's been accepted by upstream and is part of the 2.6.0 release. I'm expecting that Debian will update sssd to this release before the end of jammy's cycle.

Aside from that, there's not much else to say. The package is getting into a better shape with each release, which is good.

There's a PPA with the proposed package here:

https://launchpad.net/~sergiodj/+archive/ubuntu/sssd-merge/+packages

autopkgtest is still happy:

autopkgtest [20:30:44]: @@@@@@@@@@@@@@@@@@@@ summary
ldap-user-group-ldap-auth PASS
ldap-user-group-krb5-auth PASS

To post a comment you must log in.
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Ping :-).

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Putting that on my TODO-List for today ...

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

"The package is getting into a better shape with each release, which is good."
=> That is the right spirit :-)

* Changelog:
  - [+] old content and logical tag match as expected
  - [+] changelog entry correct version and targeted codename
  - [+] changelog entries correct
  - [x] bug references correct
        Keeping the reference to "(LP: #1910611) fully intact will ping the bug on every merge.
        please change that to e.g. LP: 1910611 to leave the bug alone.
  - [+] update-maintainer has been run

* Merge - Indirect Changes:
  - [+] no upstream changes to consider
        At https://github.com/SSSD/sssd/releases there are some removals with 2.5.0 which
        made me think, but the biggest one is the samba change which would not work with
        our recent samba anyway.
  - [+] no further upstream version to consider
        (we know 2.6 will be another step, it is good to go them one by one)
  - [+] debian changes look safe
        I wondered but 994479 didn't skip all testing, so ok

* Merge - Old Delta:
  - [+] dropped changes are ok to be dropped
  - [+] nothing else to drop (yet)
  - [+] changes forwarded upstream/debian

* New Delta:
  - [+] no new patches added

* Git/Maintenance
  - [+] commits are properly split (more important on -dev than on SRUs)

* Build/Test:
  - [+] build is ok
  - [+] verified PPA package installs/uninstalls
  - [+] autopkgtest against the PPA package passes
  - [+] sanity checks test fine

I have only had a trivial sssd install (2.5.2-4ubuntu1~ppa2) that worked fine, I assume you have tested this for real and ran the autopkgtest?

Only found the minimal nitpick in the changelog, up to you to adapt before an upload.

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

On Tuesday, November 02 2021, Christian Ehrhardt  wrote:

> Review: Approve

Thanks for the review, Christian.

> * Changelog:
> - [+] old content and logical tag match as expected
> - [+] changelog entry correct version and targeted codename
> - [+] changelog entries correct
> - [x] bug references correct
> Keeping the reference to "(LP: #1910611) fully intact will ping the bug on every merge.
> please change that to e.g. LP: 1910611 to leave the bug alone.

Huh, that's funny. git-ubuntu should take care of automatically
removing the colon from these bug references, but for some reason it
didn't this time. But yeah, I will remove it by hand, thanks.

> - [+] update-maintainer has been run
>
> * Merge - Indirect Changes:
> - [+] no upstream changes to consider
> At https://github.com/SSSD/sssd/releases there are some removals with 2.5.0 which
> made me think, but the biggest one is the samba change which would not work with
> our recent samba anyway.

+1

> - [+] no further upstream version to consider
> (we know 2.6 will be another step, it is good to go them one by one)

Yeah. I think Debian will merge it before the end of our cycle.

> - [+] debian changes look safe
> I wondered but 994479 didn't skip all testing, so ok
>
> * Merge - Old Delta:
> - [+] dropped changes are ok to be dropped
> - [+] nothing else to drop (yet)
> - [+] changes forwarded upstream/debian
>
> * New Delta:
> - [+] no new patches added
>
> * Git/Maintenance
> - [+] commits are properly split (more important on -dev than on SRUs)
>
> * Build/Test:
> - [+] build is ok
> - [+] verified PPA package installs/uninstalls
> - [+] autopkgtest against the PPA package passes
> - [+] sanity checks test fine
>
> I have only had a trivial sssd install (2.5.2-4ubuntu1~ppa2) that worked fine, I assume you have tested this for real and ran the autopkgtest?

Yeah, I did test it locally and ran autopkgtest as well.

> Only found the minimal nitpick in the changelog, up to you to adapt before an upload.

Thanks, I've adjusted d/changelog to remove the colon and uploaded it:

$ dput sssd_2.5.2-4ubuntu1_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/sssd/sssd_2.5.2-4ubuntu1_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/sssd/sssd_2.5.2-4ubuntu1.dsc: Valid signature from 106DA1C8C3CBBF14
Package includes an .orig.tar.gz file although the debian revision suggests
that it might not be required. Multiple uploads of the .orig.tar.gz may be
rejected by the upload queue management software.
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading sssd_2.5.2-4ubuntu1.dsc: done.
  Uploading sssd_2.5.2.orig.tar.gz: done.
  Uploading sssd_2.5.2.orig.tar.gz.asc: done.
  Uploading sssd_2.5.2-4ubuntu1.debian.tar.xz: done.
  Uploading sssd_2.5.2-4ubuntu1_source.buildinfo: done.
  Uploading sssd_2.5.2-4ubuntu1_source.changes: done.
Successfully uploaded packages.

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

 sssd | 2.5.2-4ubuntu1 | jammy | source, amd64, arm64, armhf, i386, ppc64el, riscv64, s390x

This is done

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 5d77edb..8b4a535 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,32 @@
1sssd (2.5.2-4ubuntu1) jammy; urgency=medium
2
3 * Merge with Debian unstable (LP: #1946904). Remaining changes:
4 - Disable lto, not ready upstream.
5 - d/control: Drop libgdm-dev Build-Depend on i386.
6 - d/p/fix-python-tests.patch: Fix Python tests by making them
7 assert Python module paths by using full pathnames.
8 * Dropped changes:
9 - d/apparmor-profile: Update profile. (LP #1910611)
10 + Extend read permissions to /etc/sssd/** and /etc/gss/**.
11 + Add read/execute permission to /usr/libexec/sssd/*.
12 [ Incorporated by Debian. ]
13 - Fix FTBFS with newer autoconf
14 + debian/patches/fix_newer_autoconf.patch: do not unset PYTHON_PREFIX
15 and PYTHON_EXEC_PREFIX in src/external/python.m4.
16 [ Incorporated by Debian. ]
17 - SECURITY UPDATE: shell command injection in sssctl comment
18 + debian/patches/CVE-2021-3621.patch: replace system() with execvp() to
19 avoid execution of user supplied command in
20 src/tools/sssctl/sssctl.c, src/tools/sssctl/sssctl.h,
21 src/tools/sssctl/sssctl_data.c, src/tools/sssctl/sssctl_logs.c.
22 + CVE-2021-3621
23 [ Incorporated by Debian. ]
24 - d/p/disable-fail_over-tests.patch: Disable fail_over-tests,
25 which is failing when running inside sbuild.
26 [ Not needed anymore; issue does not reproduce on Jammy. ]
27
28 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 27 Oct 2021 20:16:31 -0400
29
1sssd (2.5.2-4) unstable; urgency=medium30sssd (2.5.2-4) unstable; urgency=medium
231
3 * control: Promote libnss-sss and libpam-sss to sssd-common Depends.32 * control: Promote libnss-sss and libpam-sss to sssd-common Depends.
@@ -40,6 +69,63 @@ sssd (2.5.2-1) unstable; urgency=medium
4069
41 -- Timo Aaltonen <tjaalton@debian.org> Thu, 16 Sep 2021 14:51:42 +030070 -- Timo Aaltonen <tjaalton@debian.org> Thu, 16 Sep 2021 14:51:42 +0300
4271
72sssd (2.4.1-2ubuntu4) impish; urgency=medium
73
74 * Fix FTBFS with newer autoconf
75 - debian/patches/fix_newer_autoconf.patch: do not unset PYTHON_PREFIX
76 and PYTHON_EXEC_PREFIX in src/external/python.m4.
77
78 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 08 Sep 2021 11:39:53 -0400
79
80sssd (2.4.1-2ubuntu3) impish; urgency=medium
81
82 * SECURITY UPDATE: shell command injection in sssctl comment
83 - debian/patches/CVE-2021-3621.patch: replace system() with execvp() to
84 avoid execution of user supplied command in
85 src/tools/sssctl/sssctl.c, src/tools/sssctl/sssctl.h,
86 src/tools/sssctl/sssctl_data.c, src/tools/sssctl/sssctl_logs.c.
87 - CVE-2021-3621
88
89 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 18 Aug 2021 08:13:38 -0400
90
91sssd (2.4.1-2ubuntu2) impish; urgency=medium
92
93 * No-change rebuild due to OpenLDAP soname bump.
94
95 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 21 Jun 2021 18:09:16 -0400
96
97sssd (2.4.1-2ubuntu1) impish; urgency=medium
98
99 * Merge with Debian unstable. Remaining changes:
100 - d/apparmor-profile: Update profile. (LP #1910611)
101 + Extend read permissions to /etc/sssd/** and /etc/gss/**.
102 + Add read/execute permission to /usr/libexec/sssd/*.
103 - Disable lto, not ready upstream.
104 - d/control: Drop libgdm-dev Build-Depend on i386.
105 * Dropped changes:
106 - d/p/condition-path-exists-sssd-conf.patch: Only start
107 sssd.service if there is a configuration file present.
108 (LP: #1900642)
109 [ Included in 2.4.1-2 ]
110 - d/p/0003-Only-start-sssd.service-if-there-s-a-configuration-f.patch:
111 Upstream patch to make sssd.service only able to start when there
112 is a configuration file present. (LP #1900642)
113 - d/p/condition-path-exists-sssd-conf.patch: Remove.
114 [ Included in 2.4.1-2 ]
115 - Avoid sending malformed SYSLOG_IDENTIFIER to journald (LP #1908065):
116 + d/p/lp-1908065-01-syslog_identifier-format.patch:
117 Upstream patch to include "sssd[]" identifier in program names.
118 + d/p/lp-1908065-02-remove-syslog_identifier.patch:
119 Upstream patch to remove custom SYSLOG_IDENTIFIER from Journald.
120 [ Included in 2.4.1-2 ]
121 * Added changes:
122 - d/p/fix-python-tests.patch: Fix Python tests by making them
123 assert Python module paths by using full pathnames.
124 - d/p/disable-fail_over-tests.patch: Disable fail_over-tests,
125 which is failing when running inside sbuild.
126
127 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 18 May 2021 17:29:58 -0400
128
43sssd (2.4.1-2) unstable; urgency=medium129sssd (2.4.1-2) unstable; urgency=medium
44130
45 [ Marco Trevisan (Treviño) ]131 [ Marco Trevisan (Treviño) ]
@@ -65,6 +151,59 @@ sssd (2.4.1-1) unstable; urgency=medium
65151
66 -- Timo Aaltonen <tjaalton@debian.org> Wed, 10 Feb 2021 11:32:35 +0200152 -- Timo Aaltonen <tjaalton@debian.org> Wed, 10 Feb 2021 11:32:35 +0200
67153
154sssd (2.4.0-1ubuntu7) impish; urgency=medium
155
156 * d/control: Drop libgdm-dev Build-Depend on i386.
157
158 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 11 May 2021 16:22:31 -0400
159
160sssd (2.4.0-1ubuntu6) hirsute; urgency=medium
161
162 * Disable lto, not ready upstream.
163
164 -- Matthias Klose <doko@ubuntu.com> Tue, 23 Mar 2021 13:18:53 +0100
165
166sssd (2.4.0-1ubuntu5) hirsute; urgency=medium
167
168 * No change rebuild with fixed ownership.
169
170 -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 16 Feb 2021 15:22:14 +0000
171
172sssd (2.4.0-1ubuntu4) hirsute; urgency=medium
173
174 * Avoid sending malformed SYSLOG_IDENTIFIER to journald (LP: #1908065):
175 - d/p/lp-1908065-01-syslog_identifier-format.patch:
176 Upstream patch to include "sssd[]" identifier in program names.
177 - d/p/lp-1908065-02-remove-syslog_identifier.patch:
178 Upstream patch to remove custom SYSLOG_IDENTIFIER from Journald.
179
180 -- Valters Jansons <valter.jansons@gmail.com> Fri, 05 Feb 2021 20:51:32 +0000
181
182sssd (2.4.0-1ubuntu3) hirsute; urgency=medium
183
184 * d/apparmor-profile: Update profile. (LP: #1910611)
185 - Extend read permissions to /etc/sssd/conf.d/* and /etc/gss/mech.d/*.
186 - Add read/execute permission to /usr/libexec/sssd/*.
187
188 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 18 Jan 2021 16:57:21 -0500
189
190sssd (2.4.0-1ubuntu2) hirsute; urgency=medium
191
192 * d/p/0003-Only-start-sssd.service-if-there-s-a-configuration-f.patch:
193 Upstream patch to make sssd.service only able to start when there
194 is a configuration file present. (LP: #1900642)
195 * d/p/condition-path-exists-sssd-conf.patch: Remove.
196
197 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 12 Jan 2021 16:17:38 -0500
198
199sssd (2.4.0-1ubuntu1) hirsute; urgency=medium
200
201 * d/p/condition-path-exists-sssd-conf.patch: Only start
202 sssd.service if there is a configuration file present.
203 (LP: #1900642)
204
205 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 10 Dec 2020 14:20:24 -0500
206
68sssd (2.4.0-1) unstable; urgency=medium207sssd (2.4.0-1) unstable; urgency=medium
69208
70 * New upstream release.209 * New upstream release.
diff --git a/debian/control b/debian/control
index e02837d..3fad894 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,8 @@
1Source: sssd1Source: sssd
2Section: utils2Section: utils
3Priority: optional3Priority: optional
4Maintainer: Debian SSSD Team <pkg-sssd-devel@alioth-lists.debian.net>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Debian SSSD Team <pkg-sssd-devel@alioth-lists.debian.net>
5Uploaders: Timo Aaltonen <tjaalton@debian.org>,6Uploaders: Timo Aaltonen <tjaalton@debian.org>,
6 Dominik George <natureshadow@debian.org>7 Dominik George <natureshadow@debian.org>
7Build-Depends:8Build-Depends:
@@ -25,7 +26,7 @@ Build-Depends:
25 libcollection-dev,26 libcollection-dev,
26 libdbus-1-dev,27 libdbus-1-dev,
27 libdhash-dev,28 libdhash-dev,
28 libgdm-dev [!s390x !kfreebsd-any !hurd-any],29 libgdm-dev [!s390x !kfreebsd-any !hurd-any !i386],
29 libglib2.0-dev,30 libglib2.0-dev,
30 libini-config-dev,31 libini-config-dev,
31 libjansson-dev,32 libjansson-dev,
diff --git a/debian/patches/fix-python-tests.patch b/debian/patches/fix-python-tests.patch
32new file mode 10064433new file mode 100644
index 0000000..5053f8e
--- /dev/null
+++ b/debian/patches/fix-python-tests.patch
@@ -0,0 +1,83 @@
1From: Sergio Durigan Junior <sergio.durigan@canonical.com>
2Date: Mon, 17 May 2021 19:09:14 -0400
3Subject: Improve assertion when verifying paths for Python modules
4
5In Ubuntu we're facing a problem where the 3 Python tests under
6src/tests/*-test.py are failing due to cosmetical differences between
7what the '.__file__' method returns and what 'MODPATH' ends up being.
8
9I have not been able to pinpoint exactly what is causing this issue;
10it only happens when SSSD is built inside a chroot environment (with
11sbuild, for example). The logs look like this:
12
13F
14======================================================================
15FAIL: testImport (__main__.PyHbacImport)
16Import the module and assert it comes from tree
17----------------------------------------------------------------------
18Traceback (most recent call last):
19 File "/<<PKGBUILDDIR>>/src/tests/pyhbac-test.py", line 91, in testImport
20 self.assertEqual(pyhbac.__file__, MODPATH + "/pyhbac.so")
21AssertionError: '/<<PKGBUILDDIR>>/build/./tp_pyhbac_xw2omut2/pyhbac.so' != './tp_pyhbac_xw2omut2/pyhbac.so'
22- /<<PKGBUILDDIR>>/build/./tp_pyhbac_xw2omut2/pyhbac.so
23+ ./tp_pyhbac_xw2omut2/pyhbac.so
24
25Given that the intention of the test is to verify that the two paths
26are equal, I suggest that we do this slight improvement and call
27'os.path.realpath' before comparing both paths. This way we guarantee
28that they're both properly canonicalized.
29
30I have verified that the tests still pass with this change.
31
32Signed-off-by: Sergio Durigan Junior <sergio.durigan@canonical.com>
33
34Forwarded: yes, https://github.com/SSSD/sssd/pull/5636
35Last-Updated: 2021-05-18
36---
37 src/tests/pyhbac-test.py | 3 ++-
38 src/tests/pysss-test.py | 3 ++-
39 src/tests/pysss_murmur-test.py | 3 ++-
40 3 files changed, 6 insertions(+), 3 deletions(-)
41
42diff --git a/src/tests/pyhbac-test.py b/src/tests/pyhbac-test.py
43index 06163af..c8ce47f 100755
44--- a/src/tests/pyhbac-test.py
45+++ b/src/tests/pyhbac-test.py
46@@ -88,7 +88,8 @@ class PyHbacImport(unittest.TestCase):
47 print("Could not load the pyhbac module. Please check if it is "
48 "compiled", file=sys.stderr)
49 raise e
50- self.assertEqual(pyhbac.__file__, MODPATH + "/pyhbac.so")
51+ self.assertEqual(os.path.realpath(pyhbac.__file__),
52+ os.path.realpath(MODPATH + "/pyhbac.so"))
53
54
55 class PyHbacRuleElementTest(unittest.TestCase):
56diff --git a/src/tests/pysss-test.py b/src/tests/pysss-test.py
57index 30bc074..20ef0ab 100755
58--- a/src/tests/pysss-test.py
59+++ b/src/tests/pysss-test.py
60@@ -58,7 +58,8 @@ class PysssImport(unittest.TestCase):
61 print("Could not load the pysss module. Please check if it is "
62 "compiled", file=sys.stderr)
63 raise ex
64- self.assertEqual(pysss.__file__, MODPATH + "/pysss.so")
65+ self.assertEqual(os.path.realpath(pysss.__file__),
66+ os.path.realpath(MODPATH + "/pysss.so"))
67
68
69 class PysssEncryptTest(unittest.TestCase):
70diff --git a/src/tests/pysss_murmur-test.py b/src/tests/pysss_murmur-test.py
71index 531f8b5..75b4651 100755
72--- a/src/tests/pysss_murmur-test.py
73+++ b/src/tests/pysss_murmur-test.py
74@@ -59,7 +59,8 @@ class PySssMurmurImport(unittest.TestCase):
75 print("Could not load the pysss_murmur module. "
76 "Please check if it is compiled", file=sys.stderr)
77 raise e
78- self.assertEqual(pysss_murmur.__file__, MODPATH + "/pysss_murmur.so")
79+ self.assertEqual(os.path.realpath(pysss_murmur.__file__),
80+ os.path.realpath(MODPATH + "/pysss_murmur.so"))
81
82
83 class PySssMurmurTestNeg(unittest.TestCase):
diff --git a/debian/patches/series b/debian/patches/series
index 66b6f6e..21183b7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,3 +3,4 @@ default-to-socket-activated-services.diff
3fix_newer_autoconf.patch3fix_newer_autoconf.patch
40001-TOOLS-replace-system-with-execvp-to-avoid-execution-.patch40001-TOOLS-replace-system-with-execvp-to-avoid-execution-.patch
50001-ad-fallback-to-ldap-if-cldap-is-not-available-in-lib.patch50001-ad-fallback-to-ldap-if-cldap-is-not-available-in-lib.patch
6fix-python-tests.patch
diff --git a/debian/rules b/debian/rules
index 2adb804..c2251b3 100755
--- a/debian/rules
+++ b/debian/rules
@@ -3,6 +3,8 @@
3 dh $@ --with python3 \3 dh $@ --with python3 \
4 --builddirectory=build4 --builddirectory=build
55
6export DEB_BUILD_MAINT_OPTIONS = optimize=-lto
7
6DPKG_EXPORT_BUILDFLAGS = 18DPKG_EXPORT_BUILDFLAGS = 1
7include /usr/share/dpkg/buildflags.mk9include /usr/share/dpkg/buildflags.mk
810

Subscribers

People subscribed via source and target branches