Inherit github-releases class to check the correct latest stable
verison.
Before the patch:
$ devtool latest-version sssd
INFO: Current version: 2.10.2
INFO: Latest version:
After the patch:
$ devtool latest-version sssd
INFO: Current version: 2.10.2
INFO: Latest version: 2.11.1
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
The unprivileged service user feature has been improved in 2.10 to allow
running the sssd service as an unprivileged user [1]. So enable this
feature, and then we can run the service as the unprivileged user sssd.
[1] https://github.com/SSSD/sssd/releases/tag/2.10.0
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The project uses /usr/bin/python as the path to the python3 interpreter
in the shebang of the python3 script /usr/sbin/sss_obfuscate[1].
OpenEmbedded uses /usr/bin/python3, and thus, it causes bitbake to raise
the QA issue attached below.
This fixes the path to the python3 interpreter by sed'ing the shebang at
do_install if the python3 is set in the PACKAGECONFIG.
Fixes:
NOTE: Executing Tasks
ERROR: sssd-2.9.2-r0 do_package_qa: QA Issue: /usr/sbin/sss_obfuscate contained in package sssd-python requires /usr/bin/python, but no providers found in RDEPENDS:sssd-python? [file-rdeps]
ERROR: sssd-2.9.2-r0 do_package_qa: Fatal QA errors were found, failing task.
[1]: https://github.com/SSSD/sssd/blob/2.5.2/src/tools/sss_obfuscate#L1
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The project installs the python script sss_obfuscate to the /usr/sbin
directory and the modules to the /usr/lib/python3.X directory.
The recipe does not ship the python modules to the package sssd, and
thus, it raises the QA issue attached below.
This adds the python artifacts (sss_obfuscate script and module files)
to the dedicated package sssd-python.
Fixes:
NOTE: Executing Tasks
ERROR: sssd-2.9.2-r0 do_package: QA Issue: sssd: Files/directories were installed but not shipped in any package:
/usr/lib/python3.12/site-packages/pysss.so
/usr/lib/python3.12/site-packages/pyhbac.so
/usr/lib/python3.12/site-packages/pysss_murmur.so
/usr/lib/python3.12/site-packages/pysss_nss_idmap.so
/usr/lib/python3.12/site-packages/SSSDConfig
/usr/lib/python3.12/site-packages/SSSDConfig-2.9.2-py3.12.egg-info
/usr/lib/python3.12/site-packages/SSSDConfig/__init__.py
/usr/lib/python3.12/site-packages/SSSDConfig/ipachangeconf.py
/usr/lib/python3.12/site-packages/SSSDConfig/sssdoptions.py
/usr/lib/python3.12/site-packages/SSSDConfig/__pycache__
/usr/lib/python3.12/site-packages/SSSDConfig/__pycache__/__init__.cpython-312.pyc
/usr/lib/python3.12/site-packages/SSSDConfig/__pycache__/ipachangeconf.cpython-312.pyc
/usr/lib/python3.12/site-packages/SSSDConfig/__pycache__/sssdoptions.cpython-312.pyc
/usr/lib/python3.12/site-packages/SSSDConfig-2.9.2-py3.12.egg-info/dependency_links.txt
/usr/lib/python3.12/site-packages/SSSDConfig-2.9.2-py3.12.egg-info/top_level.txt
/usr/lib/python3.12/site-packages/SSSDConfig-2.9.2-py3.12.egg-info/SOURCES.txt
/usr/lib/python3.12/site-packages/SSSDConfig-2.9.2-py3.12.egg-info/PKG-INFO
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
sssd: 17 installed and not shipped files. [installed-vs-shipped]
ERROR: sssd-2.9.2-r0 do_package: Fatal QA errors were found, failing task.
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The configure script checks for the utility python3.X-config to be in
$PATH; that script is shipped by the package python3-native.
The recipe does not depend on the package python3-native which causes
the task do_configure to fail.
The recipe inherits from the bbclass python3-dir that does not install
the required script to the sysroot. The bbclass python3native inherits
from (the already inherited bbclass) python3-dir and it adds the missing
dependency to python3-native.
This fixes the configure error by "upgrading" the inherit bbclass from
python3-dir to python3-native.
Fixes:
| checking for python3.12-config... no
| configure: error:
| The program python3.12-config was not found in search path.
| Please ensure that it is installed and its directory is included in the search
| path. If you want to build sssd without python3 bindings then specify
| --without-python3-bindings when running configure.
| NOTE: The following config.log files may provide further information.
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The variable HAVE_PYTHON3 expects a boolean value[1] and the configure
script raises an error if the option --with-python3-bindings is set and
if the value HAVE_PYTHON3 is not "yes"[2].
The recipe sets a non-boolean value to ac_cv_prog_HAVE_PYTHON3 and thus
causes the task do_configure to fail.
This fixes the value set to ac_cv_prog_HAVE_PYTHON3 by setting it to yes
instead of $(PYTHON_DIR).
Fixes:
| checking for python3... (cached) python3.12
| configure: error:
| The program python3 was not found in search path.
| Please ensure that it is installed and its directory is included in the search
| path. It is required for building python3 bindings. If you do not want to build
| them please use argument --without-python3-bindings when running configure.
| NOTE: The following config.log files may provide further information.
[1]: https://github.com/SSSD/sssd/blob/2.5.2/configure.ac#L323-L325
[2]: https://github.com/SSSD/sssd/blob/2.5.2/configure.ac#L353-L377
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
SSSD has introduced the internal tool sss_analyze since 2.6.0[1].
Add log parsing tool which can be used to track requests across
responder and backend logs.
sss_analyze is a python3 script[2] with modules[3] that is run by the
sssctl command analyze[4][5][6].
The autotools installs the files to ${libexec} and ${python3dir}[7]. The
latter is set if the configure option --with-python3-bindings is set
only.
As a consequence, the Makefile installs the python3 files to /sssd
instead of /usr/lib/python3.12/site-packages/sssd if the option
--with-python3-bindings is unset:
gportay@archlinux ~/src $ find build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/modules
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/modules/__init__.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/modules/request.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/modules/error.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/__init__.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/source_files.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/source_journald.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/source_reader.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/parser.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/sss_analyze.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/sssd/util.py
The sss_analyze tool is unrelated to the python3 bindings; the sssctl
does not condition its code if the python3 bindings are unset.
Therefore, sss_analyze has to be installed even if the python3 bindings
are unset.
This ensures the variable python3dir is set to the expected location by
adding it to --without-python3-bindings if the python3 feature is
disabled.
gportay@archlinux ~/src $ find build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/modules
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/modules/__init__.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/modules/request.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/modules/error.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/__init__.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/source_files.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/source_journald.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/source_reader.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/parser.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/sss_analyze.py
build/tmp/work/core2-64-poky-linux/sssd/2.9.2/image/usr/lib/python3.12/site-packages/sssd/util.py
[1]: https://github.com/SSSD/sssd/commit/82e051e1f15060554ecacc07107c82675369e0bb
[2]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/analyzer/sss_analyze#L1
[3]: https://github.com/SSSD/sssd/tree/2.9.2/src/tools/analyzer
[4]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/sssctl/sssctl_logs.c#L47
[5]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/sssctl/sssctl_logs.c#L605
[6]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/sssctl/sssctl.c#L337
[7]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/analyzer/Makefile.am#L7
[8]: https://github.com/SSSD/sssd/blob/2.9.2/configure.ac#L394
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The internal tool sss_analyze is a python script run by the sssctl
command analyze.
The script sss_analyze imports the python module logging[1].
However, the package sssd lacks installing this python module that is
required to run the script.
This adds the missing run-time dependency python3-logging to ensure this
module comes along the package sssd.
Fixes:
root@qemux86-64:~# sssctl analyze
Traceback (most recent call last):
File "/usr/libexec/sssd/sss_analyze", line 3, in <module>
from sssd import sss_analyze
File "/usr/lib/python3.12/site-packages/sssd/sss_analyze.py", line 3, in <module>
from sssd.modules import request
File "/usr/lib/python3.12/site-packages/sssd/modules/request.py", line 2, in <module>
import logging
ModuleNotFoundError: No module named 'logging'
[1]: https://github.com/SSSD/sssd/blob/2.9.2/src/tools/analyzer/source_files.py#L2
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The internal tool sss_analyze is a python script run by the sssctl
command analyze.
The script sss_analyze is shipped by the package sssd since 2.6.0.
However, the package sssd lacks installing the python interpreter that
is required to run the script.
This adds the missing run-time dependency python3-core to ensure the
interpreter python3 comes along the package sssd.
Fixes:
root@qemux86-64:~# sssctl analyze
env: can't execute 'python3': No such file or directory
Command '/usr/libexec/sssd/sss_analyze' failed with [127]
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* WORKDIR -> UNPACKDIR transition
* Switch away from S = WORKDIR
Signed-off-by: Changqing Li <changqing.li@windriver.com>
[Fixed up the smack changes due to prior patch]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The option --without-python2-bindings was added twice, by the commit
4375507f39, and then after python2 was
deprecated with the commit 96737082ad.
This removes the latter.
Signed-off-by: Gaël PORTAY <gael.portay@rtone.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Update sssd from 2.7.4 to 2.9.1.
* backport patch to fix interpreter of script sss_analyze
* add runtime dependency python3-systemd when systemd is enabled
* update FILES
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
drop CVE-2021-3621.patch
refresh a few patches
fixup configure-unsafe globally via sed in build.m4
=== test
RESULTS - sssd.SSSDTest.test_sssd_help: PASSED (1.70s)
RESULTS - sssd.SSSDTest.test_sssd_sssctl_conf_perms_chk: PASSED (2.71s)
RESULTS - sssd.SSSDTest.test_sssd_sssctl_deamon: PASSED (2.07s)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Yi Zhao
gael.portay+rtone@gmail.com
gael.portay@rtone.fr
Hitendra Prajapati
Changqing Li
Armin Kuster
Kai Kang