Ubuntu
sssd package

Merge ~sergiodj/ubuntu/+source/sssd:merge-2.7.3-2-kinetic into ubuntu/+source/sssd:debian/sid

  1. Git
  2. lp:~sergiodj/ubuntu/+source/sssd
  3. merge-2.7.3-2-kinetic
  4. Merge into debian/sid
Proposed by Sergio Durigan Junior
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merge reported by: git-ubuntu bot
Merged at revision: 331d49c982c8a44c94240b0c8317d399db01519e
Proposed branch: ~sergiodj/ubuntu/+source/sssd:merge-2.7.3-2-kinetic
Merge into: ubuntu/+source/sssd:debian/sid
Diff against target: 463 lines (+286/-19)
5 files modified
debian/changelog (+254/-0)
debian/control (+4/-4)
debian/libnss-sss.postinst (+18/-7)
debian/libnss-sss.postrm (+10/-2)
dev/null (+0/-6)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Andreas Hasenack Approve
Canonical Server Reporter Pending
Review via email: mp+429395@code.launchpad.net

Description of the change

This is the merge of sssd 2.7.3-2 from Debian unstable.

Here's the FFe for the merge:

https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1988615

In it, you will find a brief explanation of the most important change here: the reversion of the dh-nss usage. Long story short, dh-nss is a new dh sequencer that will make it easier for packages to change the /etc/nsswitch.conf file. However, since it's a new thing, it still has a few rough edges that need to be sorted out. Unfortunately, one of those rough edges is causing sssd's dep8 tests to fail on Debian. Although this specifically problem has been addressed by the dh-nss maintainer, I still don't feel confident enough to bring this change into Ubuntu yet.

I decided to merge this new version because it introduces a change that I think is interesting to our users: "All SSSD client libraries (nss, pam, etc) won't serialize requests anymore by default, i.e. requests from multiple threads can be executed in parallel."

There's a PPA with the proposed change here:

https://launchpad.net/~sergiodj/+archive/ubuntu/sssd-merge/+packages

Because this is an FFe, I also decided to rebuild the reverse Build-Depends. You can find them here:

https://launchpad.net/~sergiodj/+archive/ubuntu/sssd-merge-kinetic/+packages

autopkgtest is still OK:

Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-kinetic-sergiodj-sssd-merge/?format=plain)
  sssd @ amd64:
    http://autopkgtest.ubuntu.com/results/autopkgtest-kinetic-sergiodj-sssd-merge/kinetic/amd64/s/sssd/20220903_042948_718f7@/log.gz
    03.09.22 04:29:48 ✅ Triggers: sssd/2.7.3-2ubuntu1~ppa2
  sssd @ arm64:
    http://autopkgtest.ubuntu.com/results/autopkgtest-kinetic-sergiodj-sssd-merge/kinetic/arm64/s/sssd/20220903_043150_f85a9@/log.gz
    03.09.22 04:31:50 ✅ Triggers: sssd/2.7.3-2ubuntu1~ppa2
  sssd @ armhf:
    http://autopkgtest.ubuntu.com/results/autopkgtest-kinetic-sergiodj-sssd-merge/kinetic/armhf/s/sssd/20220903_044318_5af0f@/log.gz
    03.09.22 04:43:18 ✅ Triggers: sssd/2.7.3-2ubuntu1~ppa2
  sssd @ ppc64el:
    http://autopkgtest.ubuntu.com/results/autopkgtest-kinetic-sergiodj-sssd-merge/kinetic/ppc64el/s/sssd/20220903_042902_f85a9@/log.gz
    03.09.22 04:29:02 ✅ Triggers: sssd/2.7.3-2ubuntu1~ppa2
  sssd @ s390x:
    http://autopkgtest.ubuntu.com/results/autopkgtest-kinetic-sergiodj-sssd-merge/kinetic/s390x/s/sssd/20220903_042643_68c49@/log.gz
    03.09.22 04:26:43 ✅ Triggers: sssd/2.7.3-2ubuntu1~ppa2

To post a comment you must log in.
Revision history for this message
Andreas Hasenack (ahasenack) :
review: Needs Information
Revision history for this message
Andreas Hasenack (ahasenack) :
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

The revert looks good, I compared 2.7.3-1 with this branch, debian/ directory only (git diff pkg/import/2.7.3-1..merge-2.7.3-2-kinetic -- debian), and you just missed a comment ("# append 'sss' to the end of the line if it's not found already
"), and a sed was done in a different position.

I guess it's just the automount/automounter question now, and it looks like debian's fix for it in 2.7.3-2 was perhaps incomplete?

~sergiodj/ubuntu/+source/sssd:merge-2.7.3-2-kinetic updated
b78f6fd... by Sergio Durigan Junior

merge-changelogs

d00301b... by Sergio Durigan Junior

reconstruct-changelog

331d49c... by Sergio Durigan Junior

update-maintainer

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks, Andreas.

I've addressed your comments. I decided to add the missing comment to the postinst file and make the revert as clean as possible. The "automount" thing was indeed a thinko; fixed.

I'd appreciate if you could take another quick look. Meanwhile, I will ask the release team to take a look at the FFe bug.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

+1, just please also list in the FFe bug the other two changes that are being done here:
- usage of DPKG_ROOT (no idea what bug that was fixing)
- the s/automounter/automount/ fix in maintainer scripts

review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: sergiodj, ahasenack
Uploaders: sergiodj, ahasenack
MP auto-approved

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

On Tuesday, September 06 2022, Andreas Hasenack wrote:

> Review: Approve
>
> +1, just please also list in the FFe bug the other two changes that are being done here:
> - usage of DPKG_ROOT (no idea what bug that was fixing)
> - the s/automounter/automount/ fix in maintainer scripts

OK, will do.

I pinged #ubuntu-release but so far nobody replied to the FFe bug, so
I'm still waiting...

Thanks.

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

FFe approved.

Uploaded:

$ dput sssd_2.7.3-2ubuntu1_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/sssd/sssd_2.7.3-2ubuntu1_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/sssd/sssd_2.7.3-2ubuntu1.dsc: Valid signature from 106DA1C8C3CBBF14
Package includes an .orig.tar.gz file although the debian revision suggests
that it might not be required. Multiple uploads of the .orig.tar.gz may be
rejected by the upload queue management software.
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading sssd_2.7.3-2ubuntu1.dsc: done.
  Uploading sssd_2.7.3.orig.tar.gz: done.
  Uploading sssd_2.7.3.orig.tar.gz.asc: done.
  Uploading sssd_2.7.3-2ubuntu1.debian.tar.xz: done.
  Uploading sssd_2.7.3-2ubuntu1_source.buildinfo: done.
  Uploading sssd_2.7.3-2ubuntu1_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 8fc6bdc..f74417d 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,18 @@
6+sssd (2.7.3-2ubuntu1) kinetic; urgency=medium
7+
8+ * Merge with Debian unstable (LP: #1987348, #1988615). Remaining changes:
9+ - d/control: Drop libgdm-dev Build-Depend on i386.
10+ - d/control: Don't build sssd-tools on i386, now uninstallable due
11+ to added python3-{click,systemd} dependencies.
12+ * Add changes:
13+ - Revert dh_nss usage; the feature is still being polished.
14+ + d/control: Don't Build-Depend on dh-sequence-installnss.
15+ + d/libnss-sss.nss: Remove file.
16+ + d/libnss-sss.postinst: Revert changes to use dh-nss.
17+ + d/libnss-sss.postrm: Likewise.
18+
19+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 06 Sep 2022 13:56:06 -0400
20+
21 sssd (2.7.3-2) unstable; urgency=medium
22
23 [ Timo Aaltonen ]
24@@ -17,6 +32,15 @@ sssd (2.7.3-1) unstable; urgency=medium
25
26 -- Timo Aaltonen <tjaalton@debian.org> Wed, 06 Jul 2022 08:52:58 +0300
27
28+sssd (2.7.2-3ubuntu1) kinetic; urgency=medium
29+
30+ * Merge with Debian unstable. Remaining changes:
31+ - d/control: Drop libgdm-dev Build-Depend on i386.
32+ - d/control: Don't build sssd-tools on i386, now uninstallable due
33+ to added python3-{click,systemd} dependencies.
34+
35+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 23 Jun 2022 14:03:54 -0400
36+
37 sssd (2.7.2-3) unstable; urgency=medium
38
39 * d/p/fix-shebang-on-sss_analyze.patch: Fix shebang on sss_analyze.
40@@ -36,6 +60,18 @@ sssd (2.7.2-1) unstable; urgency=medium
41
42 -- Timo Aaltonen <tjaalton@debian.org> Wed, 22 Jun 2022 13:19:27 +0300
43
44+sssd (2.7.1-2ubuntu1) kinetic; urgency=medium
45+
46+ * Merge with Debian unstable (LP: #1971327, #1934997). Remaining changes:
47+ - d/control: Drop libgdm-dev Build-Depend on i386.
48+ - d/control: Don't build sssd-tools on i386, now uninstallable due
49+ to added python3-{click,systemd} dependencies.
50+ * Dropped changes:
51+ - d/rules: Disable lto, not ready upstream.
52+ [ Incorporated by Debian ]
53+
54+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 14 Jun 2022 16:59:20 -0400
55+
56 sssd (2.7.1-2) unstable; urgency=medium
57
58 * pac-relax-default-for-pac_check-option.diff: Drop pac_present from
59@@ -78,6 +114,31 @@ sssd (2.6.3-2) unstable; urgency=medium
60
61 -- Timo Aaltonen <tjaalton@debian.org> Tue, 29 Mar 2022 10:04:50 +0300
62
63+sssd (2.6.3-1ubuntu3) jammy; urgency=medium
64+
65+ * No-change rebuild with new samba 4.15.5
66+
67+ -- Andreas Hasenack <andreas@canonical.com> Thu, 24 Feb 2022 08:55:08 -0300
68+
69+sssd (2.6.3-1ubuntu2) jammy; urgency=medium
70+
71+ * No-change rebuild with new libnfsidmap from src:nfs-utils
72+
73+ -- Andreas Hasenack <andreas@canonical.com> Thu, 17 Feb 2022 10:57:41 -0300
74+
75+sssd (2.6.3-1ubuntu1) jammy; urgency=medium
76+
77+ * Merge with Debian unstable (LP: #1946904). Remaining changes:
78+ - d/rules: Disable lto, not ready upstream.
79+ - d/control: Drop libgdm-dev Build-Depend on i386.
80+ - d/control: Don't build sssd-tools on i386, now uninstallable due
81+ to added python3-{click,systemd} dependencies.
82+ * Dropped changes, picked by Debian:
83+ - Remove RANDFILE from the config template. It's no longer necessary and
84+ breaks with openssl 3.0.
85+
86+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 14 Feb 2022 16:21:21 -0500
87+
88 sssd (2.6.3-1) unstable; urgency=medium
89
90 * New upstream release.
91@@ -89,6 +150,40 @@ sssd (2.6.3-1) unstable; urgency=medium
92
93 -- Timo Aaltonen <tjaalton@debian.org> Fri, 11 Feb 2022 09:35:43 +0200
94
95+sssd (2.6.1-1ubuntu4) jammy; urgency=medium
96+
97+ * No-change rebuild with Python 3.10 as default version
98+
99+ -- Graham Inggs <ginggs@ubuntu.com> Sun, 16 Jan 2022 15:13:06 +0000
100+
101+sssd (2.6.1-1ubuntu3) jammy; urgency=medium
102+
103+ * Remember how architecture lists in debian/control work.
104+
105+ -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 17 Dec 2021 23:12:51 +0000
106+
107+sssd (2.6.1-1ubuntu2) jammy; urgency=medium
108+
109+ * Don't build sssd-tools on i386, now uninstallable due to added
110+ python3-{click,systemd} dependencies.
111+
112+ -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 17 Dec 2021 21:50:00 +0000
113+
114+sssd (2.6.1-1ubuntu1) jammy; urgency=low
115+
116+ * Merge from Debian unstable. Remaining changes:
117+ - Disable lto, not ready upstream.
118+ - d/control: Drop libgdm-dev Build-Depend on i386.
119+ - Remove RANDFILE from the config template. It's no longer necessary and
120+ breaks with openssl 3.0.
121+ * Dropped changes, included upstream:
122+ - d/p/fix-python-tests.patch: Fix Python tests by making them
123+ assert Python module paths by using full pathnames.
124+ * Dropped changes, included in Debian:
125+ - debian/control: Switch to libsemanage-dev from libsemanage1-dev
126+
127+ -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 10 Dec 2021 10:29:16 -0800
128+
129 sssd (2.6.1-1) unstable; urgency=medium
130
131 * New upstream release.
132@@ -105,6 +200,54 @@ sssd (2.5.2-5) unstable; urgency=medium
133
134 -- Timo Aaltonen <tjaalton@debian.org> Mon, 08 Nov 2021 21:17:29 +0200
135
136+sssd (2.5.2-4ubuntu4) jammy; urgency=medium
137+
138+ * No-change rebuild against libssl3
139+
140+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 09 Dec 2021 00:19:23 +0000
141+
142+sssd (2.5.2-4ubuntu3) jammy; urgency=medium
143+
144+ * Remove RANDFILE from the config template. It's no longer necessary and
145+ breaks with openssl 3.0.
146+
147+ -- Rico Tzschichholz <ricotz@ubuntu.com> Tue, 23 Nov 2021 20:19:07 +0100
148+
149+sssd (2.5.2-4ubuntu2) jammy; urgency=medium
150+
151+ * debian/control: Switch to libsemanage-dev from libsemanage1-dev
152+
153+ -- Rico Tzschichholz <ricotz@ubuntu.com> Mon, 22 Nov 2021 20:51:36 +0100
154+
155+sssd (2.5.2-4ubuntu1) jammy; urgency=medium
156+
157+ * Merge with Debian unstable (LP: #1946904). Remaining changes:
158+ - Disable lto, not ready upstream.
159+ - d/control: Drop libgdm-dev Build-Depend on i386.
160+ - d/p/fix-python-tests.patch: Fix Python tests by making them
161+ assert Python module paths by using full pathnames.
162+ * Dropped changes:
163+ - d/apparmor-profile: Update profile. (LP #1910611)
164+ + Extend read permissions to /etc/sssd/** and /etc/gss/**.
165+ + Add read/execute permission to /usr/libexec/sssd/*.
166+ [ Incorporated by Debian. ]
167+ - Fix FTBFS with newer autoconf
168+ + debian/patches/fix_newer_autoconf.patch: do not unset PYTHON_PREFIX
169+ and PYTHON_EXEC_PREFIX in src/external/python.m4.
170+ [ Incorporated by Debian. ]
171+ - SECURITY UPDATE: shell command injection in sssctl comment
172+ + debian/patches/CVE-2021-3621.patch: replace system() with execvp() to
173+ avoid execution of user supplied command in
174+ src/tools/sssctl/sssctl.c, src/tools/sssctl/sssctl.h,
175+ src/tools/sssctl/sssctl_data.c, src/tools/sssctl/sssctl_logs.c.
176+ + CVE-2021-3621
177+ [ Incorporated by Debian. ]
178+ - d/p/disable-fail_over-tests.patch: Disable fail_over-tests,
179+ which is failing when running inside sbuild.
180+ [ Not needed anymore; issue does not reproduce on Jammy. ]
181+
182+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 27 Oct 2021 20:16:31 -0400
183+
184 sssd (2.5.2-4) unstable; urgency=medium
185
186 * control: Promote libnss-sss and libpam-sss to sssd-common Depends.
187@@ -147,6 +290,63 @@ sssd (2.5.2-1) unstable; urgency=medium
188
189 -- Timo Aaltonen <tjaalton@debian.org> Thu, 16 Sep 2021 14:51:42 +0300
190
191+sssd (2.4.1-2ubuntu4) impish; urgency=medium
192+
193+ * Fix FTBFS with newer autoconf
194+ - debian/patches/fix_newer_autoconf.patch: do not unset PYTHON_PREFIX
195+ and PYTHON_EXEC_PREFIX in src/external/python.m4.
196+
197+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 08 Sep 2021 11:39:53 -0400
198+
199+sssd (2.4.1-2ubuntu3) impish; urgency=medium
200+
201+ * SECURITY UPDATE: shell command injection in sssctl comment
202+ - debian/patches/CVE-2021-3621.patch: replace system() with execvp() to
203+ avoid execution of user supplied command in
204+ src/tools/sssctl/sssctl.c, src/tools/sssctl/sssctl.h,
205+ src/tools/sssctl/sssctl_data.c, src/tools/sssctl/sssctl_logs.c.
206+ - CVE-2021-3621
207+
208+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 18 Aug 2021 08:13:38 -0400
209+
210+sssd (2.4.1-2ubuntu2) impish; urgency=medium
211+
212+ * No-change rebuild due to OpenLDAP soname bump.
213+
214+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 21 Jun 2021 18:09:16 -0400
215+
216+sssd (2.4.1-2ubuntu1) impish; urgency=medium
217+
218+ * Merge with Debian unstable. Remaining changes:
219+ - d/apparmor-profile: Update profile. (LP #1910611)
220+ + Extend read permissions to /etc/sssd/** and /etc/gss/**.
221+ + Add read/execute permission to /usr/libexec/sssd/*.
222+ - Disable lto, not ready upstream.
223+ - d/control: Drop libgdm-dev Build-Depend on i386.
224+ * Dropped changes:
225+ - d/p/condition-path-exists-sssd-conf.patch: Only start
226+ sssd.service if there is a configuration file present.
227+ (LP: #1900642)
228+ [ Included in 2.4.1-2 ]
229+ - d/p/0003-Only-start-sssd.service-if-there-s-a-configuration-f.patch:
230+ Upstream patch to make sssd.service only able to start when there
231+ is a configuration file present. (LP #1900642)
232+ - d/p/condition-path-exists-sssd-conf.patch: Remove.
233+ [ Included in 2.4.1-2 ]
234+ - Avoid sending malformed SYSLOG_IDENTIFIER to journald (LP #1908065):
235+ + d/p/lp-1908065-01-syslog_identifier-format.patch:
236+ Upstream patch to include "sssd[]" identifier in program names.
237+ + d/p/lp-1908065-02-remove-syslog_identifier.patch:
238+ Upstream patch to remove custom SYSLOG_IDENTIFIER from Journald.
239+ [ Included in 2.4.1-2 ]
240+ * Added changes:
241+ - d/p/fix-python-tests.patch: Fix Python tests by making them
242+ assert Python module paths by using full pathnames.
243+ - d/p/disable-fail_over-tests.patch: Disable fail_over-tests,
244+ which is failing when running inside sbuild.
245+
246+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 18 May 2021 17:29:58 -0400
247+
248 sssd (2.4.1-2) unstable; urgency=medium
249
250 [ Marco Trevisan (Treviño) ]
251@@ -172,6 +372,59 @@ sssd (2.4.1-1) unstable; urgency=medium
252
253 -- Timo Aaltonen <tjaalton@debian.org> Wed, 10 Feb 2021 11:32:35 +0200
254
255+sssd (2.4.0-1ubuntu7) impish; urgency=medium
256+
257+ * d/control: Drop libgdm-dev Build-Depend on i386.
258+
259+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 11 May 2021 16:22:31 -0400
260+
261+sssd (2.4.0-1ubuntu6) hirsute; urgency=medium
262+
263+ * Disable lto, not ready upstream.
264+
265+ -- Matthias Klose <doko@ubuntu.com> Tue, 23 Mar 2021 13:18:53 +0100
266+
267+sssd (2.4.0-1ubuntu5) hirsute; urgency=medium
268+
269+ * No change rebuild with fixed ownership.
270+
271+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 16 Feb 2021 15:22:14 +0000
272+
273+sssd (2.4.0-1ubuntu4) hirsute; urgency=medium
274+
275+ * Avoid sending malformed SYSLOG_IDENTIFIER to journald (LP: #1908065):
276+ - d/p/lp-1908065-01-syslog_identifier-format.patch:
277+ Upstream patch to include "sssd[]" identifier in program names.
278+ - d/p/lp-1908065-02-remove-syslog_identifier.patch:
279+ Upstream patch to remove custom SYSLOG_IDENTIFIER from Journald.
280+
281+ -- Valters Jansons <valter.jansons@gmail.com> Fri, 05 Feb 2021 20:51:32 +0000
282+
283+sssd (2.4.0-1ubuntu3) hirsute; urgency=medium
284+
285+ * d/apparmor-profile: Update profile. (LP: #1910611)
286+ - Extend read permissions to /etc/sssd/conf.d/* and /etc/gss/mech.d/*.
287+ - Add read/execute permission to /usr/libexec/sssd/*.
288+
289+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 18 Jan 2021 16:57:21 -0500
290+
291+sssd (2.4.0-1ubuntu2) hirsute; urgency=medium
292+
293+ * d/p/0003-Only-start-sssd.service-if-there-s-a-configuration-f.patch:
294+ Upstream patch to make sssd.service only able to start when there
295+ is a configuration file present. (LP: #1900642)
296+ * d/p/condition-path-exists-sssd-conf.patch: Remove.
297+
298+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 12 Jan 2021 16:17:38 -0500
299+
300+sssd (2.4.0-1ubuntu1) hirsute; urgency=medium
301+
302+ * d/p/condition-path-exists-sssd-conf.patch: Only start
303+ sssd.service if there is a configuration file present.
304+ (LP: #1900642)
305+
306+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 10 Dec 2020 14:20:24 -0500
307+
308 sssd (2.4.0-1) unstable; urgency=medium
309
310 * New upstream release.
311@@ -1241,3 +1494,4 @@ sssd (0.5.0-0ubuntu1) karmic; urgency=low
312 * Initial release.
313
314 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 24 Aug 2009 16:35:11 -0400
315+
316diff --git a/debian/control b/debian/control
317index 8618c7a..4a8fc74 100644
318--- a/debian/control
319+++ b/debian/control
320@@ -1,7 +1,8 @@
321 Source: sssd
322 Section: utils
323 Priority: optional
324-Maintainer: Debian SSSD Team <pkg-sssd-devel@alioth-lists.debian.net>
325+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
326+XSBC-Original-Maintainer: Debian SSSD Team <pkg-sssd-devel@alioth-lists.debian.net>
327 Uploaders: Timo Aaltonen <tjaalton@debian.org>,
328 Dominik George <natureshadow@debian.org>
329 Build-Depends:
330@@ -11,7 +12,6 @@ Build-Depends:
331 debhelper-compat (= 12),
332 dh-apparmor,
333 dh-python,
334- dh-sequence-installnss,
335 dnsutils,
336 docbook-xml,
337 docbook-xsl,
338@@ -27,7 +27,7 @@ Build-Depends:
339 libcurl4-openssl-dev,
340 libdbus-1-dev,
341 libdhash-dev,
342- libgdm-dev [!s390x !kfreebsd-any !hurd-any],
343+ libgdm-dev [!s390x !kfreebsd-any !hurd-any !i386],
344 libglib2.0-dev,
345 libini-config-dev,
346 libjansson-dev,
347@@ -229,7 +229,7 @@ Description: System Security Services Daemon -- proxy back end
348 PAM modules to leverage SSSD caching.
349
350 Package: sssd-tools
351-Architecture: any
352+Architecture: amd64 arm64 armhf ppc64el riscv64 s390x
353 Depends:
354 python3,
355 python3-sss,
356diff --git a/debian/libnss-sss.nss b/debian/libnss-sss.nss
357deleted file mode 100644
358index b775128..0000000
359--- a/debian/libnss-sss.nss
360+++ /dev/null
361@@ -1,6 +0,0 @@
362-passwd last sss
363-group last sss
364-shadow last sss
365-netgroup last sss
366-services last sss
367-automount last sss
368diff --git a/debian/libnss-sss.postinst b/debian/libnss-sss.postinst
369index 547ae99..8faf711 100755
370--- a/debian/libnss-sss.postinst
371+++ b/debian/libnss-sss.postinst
372@@ -1,19 +1,31 @@
373 #!/bin/sh
374 set -e
375
376+#DEBHELPER#
377+
378+# This code was taken from libnss-myhostname, which got it from nss-mdns:
379+
380 log() {
381 echo "$*"
382 }
383
384-# Add the `automount` database to nsswitch.conf if it's not there.
385-insert_nss_automount_db () {
386+# try to insert sss entries to the passwd, group, shadow and netgroup
387+# lines in /etc/nsswitch.conf to automatically enable libnss-sss
388+# support; do not change the configuration if the lines already
389+# references some sss lookups
390+insert_nss_entry() {
391 log "Checking NSS setup..."
392 # abort if /etc/nsswitch.conf does not exist
393 if ! [ -e "${DPGK_ROOT}/etc/nsswitch.conf" ]; then
394 log "Could not find ${DPKG_ROOT}/etc/nsswitch.conf."
395 return
396 fi
397-
398+ # append 'sss' to the end of the line if it's not found already
399+ sed -i --regexp-extended '
400+ /^(passwd|group|shadow|netgroup|services|automount):/ {
401+ /\bsss\b/! s/$/ sss/
402+ }
403+ ' /etc/nsswitch.conf
404 # and add a new entry for automount if it's not there
405 if ! grep -q automount "${DPKG_ROOT}/etc/nsswitch.conf" ; then
406 log "Setting up empty automount NSS database"
407@@ -26,8 +38,9 @@ action="$1"
408 if [ configure = "$action" ]; then
409 if [ -z "$2" ]; then
410 log "First installation detected..."
411- # first install: setup automount NSS database.
412- insert_nss_automount_db
413+ # first install: setup the recommended configuration (unless
414+ # nsswitch.conf already contains sss entries)
415+ insert_nss_entry
416 else
417 # upgrade
418 version="$2"
419@@ -38,5 +51,3 @@ if [ configure = "$action" ]; then
420 fi
421 fi
422 fi
423-
424-#DEBHELPER#
425diff --git a/debian/libnss-sss.postrm b/debian/libnss-sss.postrm
426index ea36611..426adfc 100755
427--- a/debian/libnss-sss.postrm
428+++ b/debian/libnss-sss.postrm
429@@ -3,11 +3,13 @@ set -e
430
431 #DEBHELPER#
432
433+# This code was taken from libnss-myhostname, which got it from nss-mdns:
434+
435 log() {
436 echo "$*"
437 }
438
439-remove_nss_automount_db () {
440+remove_nss_entry() {
441 log "Checking NSS setup..."
442 # abort if /etc/nsswitch.conf does not exist
443 if ! [ -e "${DPKG_ROOT}/etc/nsswitch.conf" ]; then
444@@ -17,12 +19,18 @@ remove_nss_automount_db () {
445
446 # Remove NSS databases: `automount` and `automounter` (legacy).
447 sed -i '/^automount/d' "${DPKG_ROOT}/etc/nsswitch.conf"
448+ sed -i --regexp-extended '
449+ /^(passwd|group|shadow|netgroup|services):/ {
450+ s/\bsss\b//g
451+ s/[[:space:]]+$//
452+ }
453+ ' /etc/nsswitch.conf
454 }
455
456 case "$1" in
457 remove|purge)
458 if [ "${DPKG_MAINTSCRIPT_PACKAGE_REFCOUNT:-1}" = 1 ]; then
459- remove_nss_automount_db
460+ remove_nss_entry
461 fi
462 ;;
463 upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)

Subscribers

People subscribed via source and target branches