Bug 1393824
| Summary: | Rebase SSSD to version 1.15+ | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Martin Kosek <mkosek> |
| Component: | sssd | Assignee: | SSSD Maintainers <sssd-maint> |
| Status: | CLOSED ERRATA | QA Contact: | Steeve Goveas <sgoveas> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.4 | CC: | grajaiya, jhrozek, lslebodn, mkosek, mzidek, nsoman, pbrezina |
| Target Milestone: | rc | Keywords: | Rebase |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | sssd-1.15.0-1.el7 | Doc Type: | Rebase: Bug Fixes and Enhancements |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-08-01 09:00:03 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1394205 | ||
| Bug Blocks: | 1399979 | ||
|
Description
Martin Kosek
2016-11-10 12:15:20 UTC
I based the 7.4 specfile on Fedora specfile update for 1.15.0. Lukas, could you please review the specfile for any issues? There are some unused patches in dist git:
0001-Resolves-rhbz-1415785-ldap_child-does-not-remove-tem.patch
0002-Apply-patches-for-gpo-bugs.patch
sssd-1.15.0 provides libwbclient 0.13.0 but spec still has 0.12
We should provide an alternative for the same version as samba has
e.g.
/usr/lib64/sssd/modules/libwbclient.so.0.13.0 -> /usr/lib64/libwbclient.so.0.12
There is a typo in winbind-idmap plugin. p11_child needn't have SUID bit due to polkit rule.
diff --git a/sssd.spec b/sssd.spec
index c6e464c..24f4092 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -471,7 +471,7 @@ Conflicts: libwbclient-devel < 4.1.12
Development libraries for the SSSD libwbclient implementation.
%package winbind-idmap
-Summary: SSSSD's idmap_sss Backend for Winbind
+Summary: SSSD's idmap_sss Backend for Winbind
Group: Applications/System
License: GPLv3+ and LGPLv3+
@@ -676,7 +676,7 @@ done
%{_libexecdir}/%{servicename}/sssd_secrets
%{_libexecdir}/%{servicename}/sssd_ssh
%{_libexecdir}/%{servicename}/sssd_sudo
-%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/p11_child
+%{_libexecdir}/%{servicename}/p11_child
%dir %{_libdir}/%{name}
%{_libdir}/%{name}/libsss_simple.so
And I am also not sure about removing "Requires(pre): shadow-utils" I know there was some bug but I do not remember details. But sssd user/group is added in "ipa", "krb5-common", "common" but "Requires(pre)" is just in "ipa" package. But there can be a bug in upstream spec file as well. (In reply to Lukas Slebodnik from comment #3) > There are some unused patches in dist git: > > 0001-Resolves-rhbz-1415785-ldap_child-does-not-remove-tem.patch > 0002-Apply-patches-for-gpo-bugs.patch > Are you looking at the rhel-7.4.0 branch? Because I don't see these patches locally.. jhrozek@hendrix:~/devel/rhel-git/sssd|rhel-7.4⚡ ⇒ ls *.patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch 0502-NOUPSTREAM-Bundle-http-parser.patch > sssd-1.15.0 provides libwbclient 0.13.0 but spec still has 0.12 > We should provide an alternative for the same version as samba has > e.g. > /usr/lib64/sssd/modules/libwbclient.so.0.13.0 -> > /usr/lib64/libwbclient.so.0.12 > fixed > There is a typo in winbind-idmap plugin. removed the extra S > p11_child needn't have SUID bit due > to polkit rule. > fixed > diff --git a/sssd.spec b/sssd.spec > index c6e464c..24f4092 100644 > --- a/sssd.spec > +++ b/sssd.spec > @@ -471,7 +471,7 @@ Conflicts: libwbclient-devel < 4.1.12 > Development libraries for the SSSD libwbclient implementation. > > %package winbind-idmap > -Summary: SSSSD's idmap_sss Backend for Winbind > +Summary: SSSD's idmap_sss Backend for Winbind > Group: Applications/System > License: GPLv3+ and LGPLv3+ > > @@ -676,7 +676,7 @@ done > %{_libexecdir}/%{servicename}/sssd_secrets > %{_libexecdir}/%{servicename}/sssd_ssh > %{_libexecdir}/%{servicename}/sssd_sudo > -%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/p11_child > +%{_libexecdir}/%{servicename}/p11_child > > %dir %{_libdir}/%{name} > %{_libdir}/%{name}/libsss_simple.so Thank you for the review. I pushed the changes, but I will only build them with the next update -- I think the package is testable already, so no need for a rebuild now. [root@vm-idm-020 ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.4 Beta (Maipo) [root@vm-idm-020 ~]# rpm -qi sssd Name : sssd Version : 1.15.2 Release : 43.el7 Architecture: x86_64 Install Date: Mon 12 Jun 2017 12:48:31 PM IST Group : Applications/System Size : 35147 License : GPLv3+ Signature : RSA/SHA256, Tue 06 Jun 2017 01:41:13 AM IST, Key ID 199e2f91fd431d51 Source RPM : sssd-1.15.2-43.el7.src.rpm Build Date : Mon 05 Jun 2017 09:36:45 PM IST Build Host : x86-038.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : https://pagure.io/SSSD/sssd/ Summary : System Security Services Daemon Description : Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:2294 |