Hide Forgot
Rebase to SSSD 1.15+, to pick up the latest enhancements and stabilization expected for next IdM in RHEL release.
I based the 7.4 specfile on Fedora specfile update for 1.15.0. Lukas, could you please review the specfile for any issues?
There are some unused patches in dist git: 0001-Resolves-rhbz-1415785-ldap_child-does-not-remove-tem.patch 0002-Apply-patches-for-gpo-bugs.patch sssd-1.15.0 provides libwbclient 0.13.0 but spec still has 0.12 We should provide an alternative for the same version as samba has e.g. /usr/lib64/sssd/modules/libwbclient.so.0.13.0 -> /usr/lib64/libwbclient.so.0.12 There is a typo in winbind-idmap plugin. p11_child needn't have SUID bit due to polkit rule. diff --git a/sssd.spec b/sssd.spec index c6e464c..24f4092 100644 --- a/sssd.spec +++ b/sssd.spec @@ -471,7 +471,7 @@ Conflicts: libwbclient-devel < 4.1.12 Development libraries for the SSSD libwbclient implementation. %package winbind-idmap -Summary: SSSSD's idmap_sss Backend for Winbind +Summary: SSSD's idmap_sss Backend for Winbind Group: Applications/System License: GPLv3+ and LGPLv3+ @@ -676,7 +676,7 @@ done %{_libexecdir}/%{servicename}/sssd_secrets %{_libexecdir}/%{servicename}/sssd_ssh %{_libexecdir}/%{servicename}/sssd_sudo -%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/p11_child +%{_libexecdir}/%{servicename}/p11_child %dir %{_libdir}/%{name} %{_libdir}/%{name}/libsss_simple.so
And I am also not sure about removing "Requires(pre): shadow-utils" I know there was some bug but I do not remember details. But sssd user/group is added in "ipa", "krb5-common", "common" but "Requires(pre)" is just in "ipa" package. But there can be a bug in upstream spec file as well.
(In reply to Lukas Slebodnik from comment #3) > There are some unused patches in dist git: > > 0001-Resolves-rhbz-1415785-ldap_child-does-not-remove-tem.patch > 0002-Apply-patches-for-gpo-bugs.patch > Are you looking at the rhel-7.4.0 branch? Because I don't see these patches locally.. jhrozek@hendrix:~/devel/rhel-git/sssd|rhel-7.4⚡ ⇒ ls *.patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch 0502-NOUPSTREAM-Bundle-http-parser.patch > sssd-1.15.0 provides libwbclient 0.13.0 but spec still has 0.12 > We should provide an alternative for the same version as samba has > e.g. > /usr/lib64/sssd/modules/libwbclient.so.0.13.0 -> > /usr/lib64/libwbclient.so.0.12 > fixed > There is a typo in winbind-idmap plugin. removed the extra S > p11_child needn't have SUID bit due > to polkit rule. > fixed > diff --git a/sssd.spec b/sssd.spec > index c6e464c..24f4092 100644 > --- a/sssd.spec > +++ b/sssd.spec > @@ -471,7 +471,7 @@ Conflicts: libwbclient-devel < 4.1.12 > Development libraries for the SSSD libwbclient implementation. > > %package winbind-idmap > -Summary: SSSSD's idmap_sss Backend for Winbind > +Summary: SSSD's idmap_sss Backend for Winbind > Group: Applications/System > License: GPLv3+ and LGPLv3+ > > @@ -676,7 +676,7 @@ done > %{_libexecdir}/%{servicename}/sssd_secrets > %{_libexecdir}/%{servicename}/sssd_ssh > %{_libexecdir}/%{servicename}/sssd_sudo > -%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/p11_child > +%{_libexecdir}/%{servicename}/p11_child > > %dir %{_libdir}/%{name} > %{_libdir}/%{name}/libsss_simple.so Thank you for the review. I pushed the changes, but I will only build them with the next update -- I think the package is testable already, so no need for a rebuild now.
[root@vm-idm-020 ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.4 Beta (Maipo) [root@vm-idm-020 ~]# rpm -qi sssd Name : sssd Version : 1.15.2 Release : 43.el7 Architecture: x86_64 Install Date: Mon 12 Jun 2017 12:48:31 PM IST Group : Applications/System Size : 35147 License : GPLv3+ Signature : RSA/SHA256, Tue 06 Jun 2017 01:41:13 AM IST, Key ID 199e2f91fd431d51 Source RPM : sssd-1.15.2-43.el7.src.rpm Build Date : Mon 05 Jun 2017 09:36:45 PM IST Build Host : x86-038.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : https://pagure.io/SSSD/sssd/ Summary : System Security Services Daemon Description : Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:2294