Bug 1273652

Created attachment 1084930 [details]
changes to spec file need to build idmapd plugin

Here are the (trivial) changes we made to the spec file in order to build the idmapd plugin.

Cross-filed as support case 01527018.

(In reply to James Ralston from comment #0)
> Description of problem:
> 
> The %configure macro in the sssd.spec file for RHEL6 deliberately includes
> the --without-nfsv4-idmapd-plugin flag, which disables building the
> /usr/lib64/libnfsidmap/sss.so idmapd plugin. This makes it impossible for
> RHEL6 NFSv4 clients to leverage sssd to perform NFSv4 id mapping.
> 
> It contrast, the sssd.spec file for RHEL7 builds and packages the
> /usr/lib64/libnfsidmap/sss.so idmapd plugin, along with several other
> plugins that are excluded from the RHEL6 sssd packages.
> 
> We still have many RHEL6 clients that we need to configure as NFSv4 clients.
> We need the /usr/lib64/libnfsidmap/sss.so idmapd plugin.
> 
> I don't understand why the idmapd plugin (as well as other plugins) were
> excluded from the RHEL6 sssd packages. The reason can't be because they are
> too old to work effectively, because the latest RHEL6 sssd packages (1.12.2)
> are currently more recent than the latest RHEL7 sssd packages (1.12.4).
> 
> For now, we've rebuilt the sssd packages from source, patching the spec file
> to properly build and package the idmapd plugin. But we are highly
> disinterested in maintaining our own local fork of sssd for RHEL6. Please
> update the RHEL6 packages to include the idmapd plugin.
> 
If you do not want to maintain packages yourself than you can use back-ported version from Fedora 21 as a temporary solution.
https://copr.fedoraproject.org/coprs/lslebodn/sssd-1-12/

Dev ack since this is just a specfile change.

I tried to find the reason we explicitly disable the plugin but couldn't...I suspect it's because we were trying to minimize the amount of new features added into 6.7 since it's already pretty late even in the RHEL cycle..

James, thanks for filing this bug. It's tentatively scheduled for 6.8.

Jakub: understood; thanks.

We don't have an issue with maintaining a local fork, as long as we know that we can eventually reintegrate with upstream.

FYI, here is a test repo: https://copr.fedoraproject.org/coprs/jhrozek/SSSD-6.8-preview/

To verify the bug, just make sure the sssd-common subpackage contains the sss.so file under libdir/libnfsidmap.

We don't test the functionality itself IIRC and moreover, it was tested by a user/customer who also reported a leak in the plugin. so we already know the plugin works :)

Verified in version
[root@apollo ~]# rpm -q sssd-common
sssd-common-1.13.3-15.el6.x86_64

[root@apollo ~]# rpm -ql sssd-common | grep sss.so
/usr/lib64/libnfsidmap/sss.so

[root@apollo ~]# file /usr/lib64/libnfsidmap/sss.so
/usr/lib64/libnfsidmap/sss.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, stripped

[root@apollo ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.8 Beta (Santiago)

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0782.html