RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 2177765 - either backport kerberos fixes or rebase to latest gnome-online-accounts
Summary: either backport kerberos fixes or rebase to latest gnome-online-accounts
Keywords:
Status: CLOSED ERRATA
Alias: None
Deadline: 2023-06-26
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: gnome-online-accounts
Version: 9.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Ray Strode [halfline]
QA Contact: Michal Odehnal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-03-13 15:18 UTC by Ray Strode [halfline]
Modified: 2023-11-07 09:48 UTC (History)
5 users (show)

Fixed In Version: gnome-online-accounts-3.40.0-3.el9
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-11-07 08:32:55 UTC
Type: Bug
Target Upstream Version:
Embargoed:
pm-rhel: mirror+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Gitlab redhat/centos-stream/rpms gnome-online-accounts merge_requests 3 0 None opened Backport various kerberos fixes from upstream 2023-06-06 18:00:44 UTC
Red Hat Issue Tracker RHELPLAN-151613 0 None None None 2023-03-13 15:19:07 UTC
Red Hat Product Errata RHBA-2023:6440 0 None None None 2023-11-07 08:32:57 UTC

Description Ray Strode [halfline] 2023-03-13 15:18:48 UTC 
gnome-online-accounts has gotten a number of fixes to his kerberos refreshing code recently upstream.

This makes it work better with KCM and KEYRING type kerberos caches.

We should consider either backporting the fixes, or rebasing gnome-online-accounts to the latest upstream version (it's been in a slow moving maintenance mode for quite some time so the rebase isn't going to be adding a bunch of features or anything, mainly bugfixes)

One thing we should make sure when doing this work, is that the KCM in rhel 9 supports change notification.

If not, we'll need to make sure to continue polling in that case.
Comment 1 Ray Strode [halfline] 2023-03-13 15:20:41 UTC 
> gnome-online-accounts has gotten a number of fixes to his kerberos refreshing code recently upstream.

uhh s/his/its/
Comment 3 Milan Crha 2023-03-14 15:53:22 UTC 
While I'd prefer the rebase, the 3.48.0 will require libsoup3 and librest-1.0 (it had been ported in time of 3.45.1), where none of these is part of the RHEL9 right now, thus the only option is to backport selected commits.

The list of selected commits is quite large to maintain. Maybe just sync the kerberos-related files with the upstream version, +/- ports and other changes? Unless those changes require fixes in other (non-kerberos) files.

(In reply to Ray Strode [halfline] from comment #0)
> One thing we should make sure when doing this work, is that the KCM in rhel
> 9 supports change notification.
> 
> If not, we'll need to make sure to continue polling in that case.

I do not know what this means in practice, I'm sorry.
Comment 4 Michael Catanzaro 2023-03-14 18:04:29 UTC 
> I do not know what this means in practice, I'm sorry.

Ray's talking about https://gitlab.gnome.org/GNOME/gnome-online-accounts/-/merge_requests/61 which just got reverted and which we therefore do not want in RHEL 9.
Comment 5 Milan Crha 2023-03-27 10:01:29 UTC 
I'm closing this per the above comment.
Comment 6 Ray Strode [halfline] 2023-03-27 12:56:37 UTC 
ah that's only a small part of the fixes. It was basically just answering this

"One thing we should make sure when doing this work, is that the KCM in rhel 9 supports change notification."

with a "Nope."

It still would be good to get the other fixes in. I can do the work if you like. I just don't want to step on your toes.

Of course if you feel strongly that these fixes shouldn't go in for some reason, feel free to re-close WONTFIX.
Comment 8 Milan Crha 2023-03-27 13:15:09 UTC 
I thought the notifications are one of the main things behind all those commits you listed.

Feel free to backport the other commits, especially if you are willing to take care of any fallout of it (hopefully there will be none, but one never knows). My main concern is that it's a lot of commits, which can be a problem to maintain long term. Whether you pick one-by-one and backport them or you just override the kerberos-backend-files from the upstream version is up to you.
Comment 9 Ray Strode [halfline] 2023-03-27 13:16:28 UTC 
sounds good
Comment 10 Ray Strode [halfline] 2023-03-27 13:19:39 UTC 
(the kerberos code was originally written to work with FILE and DIR type credential caches. It mostly predates KCM and KEYRING type credential caches, so it had a number of bugs that made it flakey with them [and some general bugs as well])
Comment 16 errata-xmlrpc 2023-11-07 08:32:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (gnome-online-accounts bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:6440
Note You need to log in before you can comment on or make changes to this bug.