Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • mika/sssd
  • guillem/debian-pkg-sssd
  • john.veitch/sssd
  • jgullberg/sssd
  • gioele/sssd
  • oktay454/sssd
  • sergiodj/sssd
  • 3v1n0/sssd
  • jfalk-guest/sssd
  • sathieu/sssd
  • dpward/sssd
  • sssd-team/sssd
  • ahasenack/sssd
  • jbicha/sssd
  • yrro-guest/sssd
15 results
Show changes
Commits on Source (194)
Showing
with 923 additions and 121 deletions
......@@ -10,8 +10,8 @@ Resolves: https://github.com/SSSD/sssd/issues/XXXX
# note.
#
# :relnote: Generic release note.
# :feature: New feature desription.
# :fixes: Notable bug fix desription.
# :feature: New feature description.
# :fixes: Notable bug fix description.
# :packaging: Packaging change description.
# :config: Change in configuration (new option, new default, etc.)
......
name: Build SSSD's source rpm
inputs:
version:
description: Package version.
required: true
release:
description: Package release.
required: false
default: '${{ github.run_number }}'
working-directory:
description: Working directory.
required: false
default: '.'
outputs:
file:
description: Source rpm file name.
value: ${{ steps.srpm.outputs.file }}
path:
description: Path to the source rpm.
value: ${{ steps.srpm.outputs.path }}
runs:
using: 'composite'
steps:
- name: Generate tarball and spec file
shell: bash
run: |
pushd '${{ inputs.working-directory }}'
version="${{ inputs.version }}"
release="${{ inputs.release }}"
name="sssd-$version"
tar -cvzf "$name.tar.gz" --transform "s,^,$name/," *
cp contrib/sssd.spec.in ./sssd.spec
sed -iE "s/@PACKAGE_NAME@/sssd/g" ./sssd.spec
sed -iE "s/@PACKAGE_VERSION@/$version/g" ./sssd.spec
sed -iE "s/@PRERELEASE_VERSION@/$release/g" ./sssd.spec
popd
- name: Build source rpm
id: srpm
uses: next-actions/build-srpm@master
with:
tarball: ${{ inputs.working-directory }}/sssd-${{ inputs.version }}.tar.gz
specfile: ${{ inputs.working-directory }}/sssd.spec
name: 'Configure SSSD'
description: 'Configure SSSD'
runs:
using: "composite"
steps:
- shell: bash
run: |
source contrib/fedora/bashrc_sssd
pushd contrib/ci/
. configure.sh
popd
reconfig "${CONFIGURE_ARG_LIST[@]}"
name: 'Install dependencies'
description: 'Install dependencies to build sssd'
runs:
using: "composite"
steps:
- shell: bash
run: |
sudo ./contrib/ci/run --deps-only
name: "Analyze (target)"
on:
pull_request_target:
branches: [master]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
cancel-in-progress: true
jobs:
cppcheck:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.sha }}
persist-credentials: false
- name: Perform cppcheck analysis
# v0.0.11 is the latest release but we need a later commit
uses: linuxdeepin/action-cppcheck@9ef62c4ec8cd5660952cd02c58b83fa57c16a42b
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.repository }}
pull_request_id: ${{ github.event.pull_request.number }}
allow_approve: false
enable_checks: "warning,unusedFunction,missingInclude"
comment_result: false
covscan:
runs-on: covscan
permissions:
contents: read
steps:
- name: Checkout target branch
uses: actions/checkout@v2
with:
ref: ${{ github.base_ref }}
path: target
- name: Checkout pull request branch
uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.sha }}
path: pr
- name: Build source rpm - ${{ github.base_ref }}
id: target
uses: ./target/.github/actions/build-sssd-srpm
with:
working-directory: target
version: ${{ github.base_ref }}
- name: Build source rpm - pr${{ github.event.pull_request.number }}
id: pr
uses: ./target/.github/actions/build-sssd-srpm
with:
working-directory: pr
version: pr${{ github.event.pull_request.number }}
- name: Run covscan
run: |
run-covscan --base-srpm "${{ steps.target.outputs.path }}" --srpm "${{ steps.pr.outputs.path }}" --output-dir logs
- name: Print result
uses: next-actions/print-logs@master
if: always()
with:
working-directory: logs
files: |
added.err
*.err
- name: Upload artifacts
if: always()
uses: actions/upload-artifact@v3
with:
if-no-files-found: ignore
name: covscan
path: |
./logs/*.err
name: "ci"
on:
push:
branches: [master]
pull_request:
branches: [master]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build:
runs-on: ubuntu-latest
container: quay.io/sssd/ci-client-devel:latest
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Install dependencies
id: dependencies
uses: ./.github/actions/install-dependencies
- name: Configure sssd
uses: ./.github/actions/configure
- name: make
shell: bash
working-directory: x86_64
run: |
source ../contrib/fedora/bashrc_sssd
make CFLAGS+="$SSS_WARNINGS -Werror"
- name: make check
shell: bash
working-directory: x86_64
run: |
source ../contrib/fedora/bashrc_sssd
make CFLAGS+="$SSS_WARNINGS -Werror" check
- name: make distcheck
shell: bash
working-directory: x86_64
run: |
source ../contrib/fedora/bashrc_sssd
make distcheck
- uses: actions/upload-artifact@v3
if: always()
with:
name: configure
path: |
x86_64/config.log
x86_64/config.h
if-no-files-found: error
prepare:
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
matrix: ${{ steps.matrix.outputs.matrix }}
steps:
- name: Checkout sources
uses: actions/checkout@v2
- name: Get matrix
id: matrix
run: ./contrib/ci/get-matrix.py --action
intgcheck:
needs: [prepare, build]
strategy:
fail-fast: false
matrix:
tag: ${{ fromJson(needs.prepare.outputs.matrix).intgcheck }}
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
path: sssd
- name: Setup containers
uses: SSSD/sssd-ci-containers/actions/setup@master
with:
path: sssd-ci-containers
tag: ${{ matrix.tag }}
limit: dns client
override: |
services:
client:
image: ${REGISTRY}/ci-client-devel:${TAG}
volumes:
- ../sssd:/sssd:rw
- name: Run integration tests
uses: SSSD/sssd-ci-containers/actions/exec@master
with:
working-directory: /sssd
script: ./contrib/ci/run --moderate
- name: Print logs
uses: next-actions/print-logs@master
if: always()
with:
working-directory: ./sssd/ci-build-debug
files: |
test-suite.log
ci-make-intgcheck.log
ci-make-distcheck.log
- name: Upload main artifacts
if: always()
uses: actions/upload-artifact@v3
with:
if-no-files-found: ignore
name: ${{ matrix.tag }}-intgcheck
path: |
./sssd/*.log
./sssd/ci-build-debug/ci-*.log
./sssd/ci-build-debug/test-suite.log
./sssd/ci-build-debug/ci-mock-result/*.log
- name: Upload valgrind artifacts
if: always()
uses: actions/upload-artifact@v3
with:
if-no-files-found: ignore
name: ${{ matrix.tag }}-intgcheck-valgrind
path: |
./sssd/ci-build-debug/*.valgrind.log
multihost:
needs: [prepare, build]
strategy:
fail-fast: false
matrix:
tag: ${{ fromJson(needs.prepare.outputs.matrix).multihost }}
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout sssd repository
uses: actions/checkout@v2
with:
path: sssd
- name: Setup containers
uses: SSSD/sssd-ci-containers/actions/setup@master
with:
path: sssd-ci-containers
tag: ${{ matrix.tag }}
limit: dns client
override: |
services:
client:
image: ${REGISTRY}/ci-client-devel:${TAG}
shm_size: 4G
volumes:
- ../sssd:/sssd:rw
- name: Build SSSD on the client
uses: SSSD/sssd-ci-containers/actions/exec@master
with:
log-file: multihost-build.log
working-directory: /sssd
script: |
#!/bin/bash
set -ex
./contrib/ci/run --deps-only
autoreconf -if
mkdir -p /dev/shm/sssd
pushd /dev/shm/sssd
/sssd/configure --enable-silent-rules
make rpms
- name: Install SSSD on the client
uses: SSSD/sssd-ci-containers/actions/exec@master
with:
log-file: multihost-install.log
user: root
script: |
#!/bin/bash
set -ex
dnf remove -y --noautoremove sssd\*
dnf install -y /dev/shm/sssd/rpmbuild/RPMS/*/*.rpm
rm -fr /dev/shm/sssd
- name: Install multihost tests dependencies
shell: bash
run: |
set -ex
sudo apt-get update
# Install certutil and dependencies for python-ldap
sudo apt-get install -y libnss3-tools libsasl2-dev python-dev libldap2-dev libssl-dev
# Virtualenv
pip3 install virtualenv
python3 -m venv .venv
source .venv/bin/activate
# Install multihost tests requirements
pip3 install -r ./sssd/src/tests/multihost/requirements.txt
- name: Create multihost configuration
run: |
cat <<EOF > mhc.yml
root_password: 'Secret123'
domains:
- name: tier0.tests
type: sssd
hosts:
- name: client
external_hostname: client.test
role: master
EOF
- name: Run basic multihost tests
run: |
set -ex -o pipefail
source .venv/bin/activate
pytest -s --multihost-config=./mhc.yml ./sssd/src/tests/multihost/basic |& tee multihost-pytest.log
- name: Upload artifacts
if: always()
uses: actions/upload-artifact@v3
with:
if-no-files-found: ignore
name: ${{ matrix.tag }}-multihost
path: |
sssd/ci-install-deps.log
multihost-build.log
multihost-install.log
multihost-pytest.log
# Build project in Fedora copr with multiple chroots.
#
# The project is build for each pull request and it will be availale in copr as
# @sssd/pr#number. If the build is successful, it can be then installed with:
# dnf copr enable @sssd/pr#number.
#
# The project is automatically deleted after 60 days or after the pull request
# is closed, whatever happens first. It is rebuild with each pull request
# update.
#
# The source rpm used to build the project in copr is attached as an artifact to
# this check.
#
# Simplified flow:
# - build srpm (rvn == sssd-pr#number-#runid) and upload it as an artifact
# - obtain list of desired chroots
# - create copr project @sssd/pr#number
# - cancel previous pending builds
# - build project - there is one job (and one commit status) per chroot
name: copr
on:
pull_request_target:
types: [opened, synchronize, reopened]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
cancel-in-progress: true
env:
COPR_ACCOUNT: '@sssd'
COPR_PROJECT: pr${{ github.event.pull_request.number }}
PR_ID: ${{ github.event.pull_request.number }}
PR_URL: ${{ github.event.pull_request.html_url }}
jobs:
prepare:
runs-on: ubuntu-latest
outputs:
srpm: ${{ steps.srpm.outputs.file }}
chroots_json: ${{ steps.chroots.outputs.json }}
permissions:
contents: read
steps:
- name: Checkout source
uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Build source rpm
id: srpm
uses: ./.github/actions/build-sssd-srpm
with:
version: ${{ env.COPR_PROJECT }}
- name: Upload source rpm as an artifact
uses: actions/upload-artifact@v2
with:
name: ${{ steps.srpm.outputs.file }}
path: ${{ steps.srpm.outputs.path }}
- name: Initialize copr actions
id: copr
uses: next-actions/copr/init@master
with:
token: ${{ secrets.COPR_SECRETS }}
- name: Get copr chroots
id: chroots
uses: next-actions/copr/filter-chroots@master
with:
coprcfg: ${{ secrets.COPR_SECRETS }}
filter: "fedora-.+-x86_64|centos-stream-9-x86_64"
exclude: "fedora-eln-.+"
- name: Create copr project
uses: next-actions/copr/create-project@master
with:
coprcfg: ${{ steps.copr.outputs.coprcfg }}
chroots: ${{ steps.chroots.outputs.list }}
project: ${{ env.COPR_PROJECT }}
account: ${{ env.COPR_ACCOUNT }}
fedora-review: off
description: 'Development package for [sssd pull request #${{ env.PR_ID }}](${{ env.PR_URL }}).'
instructions: 'Use this for test purpose only. Do not use this in production.'
- name: Cancel pending builds
uses: next-actions/copr/cancel-builds@master
with:
coprcfg: ${{ steps.copr.outputs.coprcfg }}
project: ${{ env.COPR_PROJECT }}
account: ${{ env.COPR_ACCOUNT }}
- name: Add buildroot repository to CentOS Stream
env:
coprcfg: ${{ steps.copr.outputs.coprcfg }}
run: |
copr-cli --config "$coprcfg" edit-chroot \
--repos 'https://kojihub.stream.centos.org/kojifiles/repos/c9s-build/latest/$basearch/' \
$COPR_ACCOUNT/$COPR_PROJECT/centos-stream-9-x86_64
build:
runs-on: ubuntu-latest
needs: [prepare]
strategy:
matrix:
chroot: ${{ fromJson(needs.prepare.outputs.chroots_json) }}
fail-fast: false
steps:
- name: Checkout source
uses: actions/checkout@v2
- name: Downlooad source rpm
uses: actions/download-artifact@v2
with:
name: ${{ needs.prepare.outputs.srpm }}
path: .
- name: Initialize copr actions
id: copr
uses: next-actions/copr/init@master
with:
token: ${{ secrets.COPR_SECRETS }}
- name: Build srpm in copr for ${{ matrix.chroot }}
uses: next-actions/copr/submit-build@master
with:
coprcfg: ${{ steps.copr.outputs.coprcfg }}
srpm: ${{ needs.prepare.outputs.srpm }}
chroots: ${{ matrix.chroot }}
project: ${{ env.COPR_PROJECT }}
account: ${{ env.COPR_ACCOUNT }}
name: copr cleanup
on:
pull_request_target:
types: [closed]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
cancel-in-progress: false
jobs:
delete:
runs-on: ubuntu-latest
if: ${{ github.event.action == 'closed' }}
steps:
- name: Initialize copr actions
id: copr
uses: next-actions/copr/init@master
with:
token: ${{ secrets.COPR_SECRETS }}
- name: Delete copr project
uses: next-actions/copr/delete-project@master
with:
coprcfg: ${{ steps.copr.outputs.coprcfg }}
project: 'pr${{ github.event.pull_request.number }}'
account: '@sssd'
name: Coverity scan
on:
# run once daily at 00:30 UTC due to
# https://scan.coverity.com/faq#frequency
schedule:
- cron: "30 0 * * *"
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
coverity:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Install dependencies
uses: ./.github/actions/install-dependencies
- name: Configure
uses: ./.github/actions/configure
- name: Execute and submit coverity scan
uses: vapier/coverity-scan-action@v1.2.0
with:
email: "sssd-maint@redhat.com"
token: ${{ secrets.COVERITY_SCAN_TOKEN }}
working-directory: x86_64
name: "Static code analysis"
on:
push:
branches: [master]
pull_request:
branches: [master]
schedule:
# Everyday at midnight
- cron: '0 0 * * *'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
codeql:
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Install dependencies
id: dependencies
uses: ./.github/actions/install-dependencies
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: cpp, python
queries: +security-and-quality
- name: Configure sssd
uses: ./.github/actions/configure
- name: Build sssd
working-directory: x86_64
run: |
PROCESSORS=$(/usr/bin/getconf _NPROCESSORS_ONLN)
make -j$PROCESSORS
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
flake8:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name:
uses: ikerexxe/lintly-flake8-github-action@fix_execution
if: github.event_name == 'pull_request'
with:
token: ${{ secrets.GITHUB_TOKEN }}
failIf: new
language: c
compiler: gcc
sudo: required
dist: trusty
services:
- docker
addons:
apt:
packages:
- bash
- tar
- bzip2
env:
global:
# The next declaration is the encrypted COVERITY_SCAN_TOKEN, created
# via the "travis encrypt" command using the project repo's public key
- secure: "gD4XB/tAquGTUFGvQ4+a+K9EbemQtyZs0Py+r7+HAEQ7h/B+fwwRX1h5bGzMUjyCUJ88u28wdRZ0TNxIiEVXuSi/0Ia9BOvdS9YurXdpZc7ha1OpYnJd1tYwxGrgozKW9qXB3R6XZmlcxVGzIHF3fwK9a1p+rNDUihWhasqeAPFFI3IhQhwDIIxO3paRGvHHO0UNlw0+lpgsiQLYIYFWYjHqq2voZ1UlV4Ga7LSP1Yh8F38hDSMk7ykSLedsV1kqxh3zky8p5fLSbDRI1y7PLNBYD63LagUCEk1o3nF+hF0l3nRfEApFJKUhBfccgNc2mdXbBdDxDCnwiArbTXQNxI2Iml85UJ/I5/CS3uE437A3H7ZdvL51w2592JGNMEwq9pxGK3vxcN8g/Yn2Xoo1F2KTVHBexT44LEnS0ADRj5K8AfDsyIUz/rB9+N05k5WXtqcDWblpC5gfD0nk3WQnpmc8hjeI2B9RTFTa3ydA4I5wfABkGfNARH39RxK10d+b176U8x3z05p/PgyraAYKi2kFpA3ha5fw9o1CIqcd5OpUcIWrIo5+FG8hYgtcIG+65PSOHz6gGVZkpZyR4vqIuHIfw4jdi68d6LfoophdhjuFSDTuwgXXGQNjdaYQSpeoZ5Gm9hvHbasabqIBpOfDo/Yjq6up20byvmDaGtoeojI="
before_install:
- ./.travis/travis-docker-build.sh
script:
- docker run -e COVERITY_SCAN_TOKEN=$COVERITY_SCAN_TOKEN --rm sssd/sssd
#!/bin/bash
set -e
# Create an archive of the current checkout
TARBALL=`mktemp -p . tarball-XXXXXX.tar.bz2`
git ls-files |xargs tar cfj $TARBALL .git
sudo docker build -f Dockerfile.deps -t sssd/sssd-deps .
sudo docker build -t sssd/sssd --build-arg TARBALL=$TARBALL .
rm -f $TARBALL
exit 0
#!/bin/bash
#Exit on failures
set -e
pushd /builddir/
# We have to define the _Float* types as those are not defined by coverity and as result
# the codes linking agains those (pretty much anything linking against stdlib.h and math.h)
# won't be covered.
echo "#define _Float128 long double" > /tmp/coverity.h
echo "#define _Float64x long double" >> /tmp/coverity.h
echo "#define _Float64 double" >> /tmp/coverity.h
echo "#define _Float32x double" >> /tmp/coverity.h
echo "#define _Float32 float" >> /tmp/coverity.h
# The coverity scan script returns an error despite succeeding...
CFLAGS="${CFLAGS:- -include /tmp/coverity.h}" \
TRAVIS_BRANCH="${TRAVIS_BRANCH:-master}" \
COVERITY_SCAN_PROJECT_NAME="${COVERITY_SCAN_PROJECT_NAME:-SSSD/sssd}" \
COVERITY_SCAN_NOTIFICATION_EMAIL="${COVERITY_SCAN_NOTIFICATION_EMAIL:-sssd-maint@redhat.com}" \
COVERITY_SCAN_BUILD_COMMAND_PREPEND="${COVERITY_SCAN_BUILD_COMMAND_PREPEND:-source contrib/fedora/bashrc_sssd && reconfig}" \
COVERITY_SCAN_BUILD_COMMAND="${COVERITY_SCAN_BUILD_COMMAND:-make all check TESTS= }" \
COVERITY_SCAN_BRANCH_PATTERN=${COVERITY_SCAN_BRANCH_PATTERN:-master} \
/usr/bin/travisci_build_coverity_scan.sh ||:
popd #builddir
The instructions on how to build the SSSD and contribute to the
project can be found here:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://sssd.io/docs/developers
https://sssd.io/contrib/introduction.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FROM sssd/sssd-deps
MAINTAINER SSSD Maintainers <sssd-maint@redhat.com>
ARG TARBALL
RUN echo -n | openssl s_client -connect scan.coverity.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee -a /etc/ssl/certs/ca- && curl -s https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh -o /usr/bin/travisci_build_coverity_scan.sh && chmod a+x /usr/bin/travisci_build_coverity_scan.sh
ADD $TARBALL /builddir/
ENTRYPOINT /builddir/.travis/travis-tasks.sh
FROM fedora:latest
MAINTAINER SSSD Maintainers <sssd-maint@redhat.com>
ARG TARBALL
RUN dnf -y install git openssl sudo curl wget ruby rubygems "rubygem(json)" wget rpm-build dnf-plugins-core libldb-devel && \
git clone --depth=50 --branch=master https://github.com/SSSD/sssd.git /tmp/sssd && \
cd /tmp/sssd && \
./contrib/fedora/make_srpm.sh && \
dnf builddep -y rpmbuild/SRPMS/sssd-*.src.rpm && \
dnf -y clean all
......@@ -19,7 +19,7 @@ class Notification {
*
* There are two types of notifications:
* a) Summary (i.e. sssd-ci: Success. details: @details_url)
* b) Single build (i.e. sssd-ci/fedora28: Success. details: @aws_url)
* b) Single build (i.e. sssd-ci/fedora35: Success. details: @aws_url)
*/
Notification(pipeline, context, details_url, aws_url, on_demand) {
this.pipeline = pipeline
......@@ -87,8 +87,16 @@ class Test {
this.target = pipeline.env.CHANGE_TARGET
}
def handleCmdError(rc) {
if (rc == 255) {
this.pipeline.error "Timeout reached."
} else if (rc != 0) {
this.pipeline.error "Some tests failed."
}
}
/* Test entry point. */
def run() {
def run(command=null) {
/* These needs to be set here in order to get correct workspace. */
this.artifactsdir = "${this.pipeline.env.WORKSPACE}/artifacts/${this.system}"
this.codedir = "${this.pipeline.env.WORKSPACE}/sssd"
......@@ -109,20 +117,18 @@ class Test {
this.pipeline.echo "Executing tests, started at ${this.getCurrentTime()}"
def command = String.format(
'%s/sssd-test-suite -c "%s" run --sssd "%s" --artifacts "%s" --update --prune',
"${this.basedir}/sssd-test-suite",
"${this.basedir}/configs/${this.system}.json",
this.codedir,
this.artifactsdir
)
if (command == null) {
command = String.format(
'%s/sssd-test-suite -c "%s" run --sssd "%s" --artifacts "%s" --update --prune',
"${this.basedir}/sssd-test-suite",
"${this.basedir}/configs/${this.system}.json",
this.codedir,
this.artifactsdir
)
}
def rc = this.pipeline.sh script: command, returnStatus: true
if (rc == 255) {
this.pipeline.error "Timeout reached."
} else if (rc != 0) {
this.pipeline.error "Some tests failed."
}
this.handleCmdError(rc)
this.pipeline.echo "Finished at ${this.getCurrentTime()}"
this.notify('SUCCESS', 'Success.')
......@@ -217,6 +223,10 @@ class OnDemandTest extends Test {
this.branch = branch
}
def handleCmdError(rc) {
super.handleCmdError(rc)
}
def run() {
this.pipeline.echo "Repository: ${this.repo}"
this.pipeline.echo "Branch: ${this.branch}"
......@@ -245,7 +255,116 @@ class OnDemandTest extends Test {
}
}
/* Manage test run for internal covscan test.
* Can be triggered for PRs, ondemand and branch runs */
class Covscan extends Test {
String repo
String branch
String basedir
String pr_number
boolean on_demand
String artifactsdir
/* @param pipeline Jenkins pipeline context.
* @param notification Notification object.
* @param repo Repository fetch URL.
* @param branch Branch to checkout.
* @param pr_number Pull Request Number, null if not inside a PR.
* @param on_demand true for on_demand runs, false otherwise.
*/
Covscan(pipeline, notification, repo, branch, pr_number, on_demand) {
super(pipeline, "covscan", notification)
this.repo = repo
this.branch = branch
this.pr_number = pr_number
this.basedir = "/home/fedora"
this.on_demand = on_demand
}
/* Errors returned from covscan.sh */
def handleCmdError(rc) {
if (rc == 0) { return }
switch (rc) {
case 1:
this.pipeline.error "Covscan diff shows new errors!"
break
case 2:
this.pipeline.error "Covscan task FAILED"
break
case 3:
this.pipeline.error "Covscan task INTERRUPTED"
break
case 4:
this.pipeline.error "Covscan task CANCELLED"
break
case 255:
this.pipeline.error "Timeout reached."
break
default:
this.pipeline.error "Generic Failure, unknown return code"
break
}
}
def run() {
def version = this.pr_number ? this.pr_number : this.branch.trim()
this.pipeline.echo "Executing covscan script with version: ${version}_${this.pipeline.env.BUILD_ID}"
def command = String.format(
'%s/scripts/covscan.sh "%s%s_%s" "%s"',
this.basedir,
this.pr_number ? "pr" : "",
version,
this.pipeline.env.BUILD_ID,
this.pipeline.env.WORKSPACE,
)
super.run(command)
}
def checkout() {
if (on_demand) {
this.pipeline.echo "Checkout ${this.branch}"
this.pipeline.dir('sssd') {
this.pipeline.git branch: this.branch, url: this.repo
}
} else {
this.pipeline.dir('sssd') {
this.pipeline.checkout this.pipeline.scm
}
}
}
def rebase() {
super.rebase()
}
def archive() {
if (on_demand) {
this.pipeline.echo 'On demand run. Artifacts are not stored in the cloud.'
this.pipeline.echo 'They are accessible only from Jenkins.'
this.pipeline.echo "${this.pipeline.env.BUILD_URL}/artifact/artifacts/${this.system}"
this.pipeline.archiveArtifacts artifacts: "artifacts/**",
allowEmptyArchive: true
this.pipeline.sh "rm -fr ${this.artifactsdir}"
} else {
super.archive()
}
}
def notify(status, message) {
this.notification.notify(status, message, "covscan")
}
}
def systems = []
def pr_labels = []
def with_tests_label = false
def with_tests_title = false
def on_demand = params.ON_DEMAND ? true : false
def notification = new Notification(
this, 'sssd-ci',
......@@ -254,6 +373,10 @@ def notification = new Notification(
on_demand
)
this.properties([
buildDiscarder(logRotator(daysToKeepStr: '30', numToKeepStr: '70')),
])
try {
stage('Get system list') {
node('master') {
......@@ -300,6 +423,9 @@ try {
python -c "import sys, json; print(json.load(sys.stdin).get('title'))"
"""
currentBuild.description = "PR ${env.CHANGE_ID}: ${title}"
if (title.toLowerCase().contains('tests: ')) {
with_tests_title = true
}
} else {
/* Branch: name */
currentBuild.description = "Branch: ${env.BRANCH_NAME}"
......@@ -308,6 +434,23 @@ try {
}
}
stage('Retrieve labels') {
node('master') {
if (env.CHANGE_TARGET) {
def labels = sh returnStdout: true, script: """
curl -s https://api.github.com/repos/SSSD/sssd/pulls/${env.CHANGE_ID}
"""
def props = readJSON text: labels
props['labels'].each { key, value ->
pr_labels.add(key['name'])
if (key['name'] == 'Tests') {
with_tests_label = true
}
}
}
}
}
stage('Prepare systems') {
notification.notify('PENDING', 'Pending.')
......@@ -315,6 +458,9 @@ try {
for (system in systems) {
notification.notify('PENDING', 'Awaiting executor', system)
}
if ((with_tests_label == false) && (with_tests_title == false)) {
notification.notify('PENDING', 'Pending.', "covscan")
}
}
/* Run tests on multiple systems in parallel. */
......@@ -338,6 +484,19 @@ try {
}
})
}
/* Run covscan against non-test related PRs */
if ((with_tests_label == false) && (with_tests_title == false)) {
stages.put("covscan", {
node("sssd-ci") {
stage("covscan") {
covscan = new Covscan(this, notification, params.REPO_URL, params.REPO_BRANCH, env.CHANGE_ID, on_demand)
covscan.run()
}
}
})
}
parallel(stages)
}
stage('Report results') {
......
......@@ -188,6 +188,9 @@ if BUILD_SEMANAGE
sssdlibexec_PROGRAMS += selinux_child
endif
sssdlibexec_PROGRAMS += p11_child
if BUILD_OIDC_CHILD
sssdlibexec_PROGRAMS += oidc_child
endif
if SSSD_USER
if HAVE_POLKIT_RULES_D
polkit_rulesdir = $(polkitdir)
......@@ -214,7 +217,7 @@ if HAVE_CHECK
strtonum-tests \
resolv-tests \
krb5-utils-tests \
check_and_open-tests \
check_file-tests \
files-tests \
refcount-tests \
fail_over-tests \
......@@ -294,6 +297,7 @@ if HAVE_CMOCKA
sss_certmap_test \
test_sssd_krb5_locator_plugin \
test_confdb \
test_krb5_idp_plugin \
$(NULL)
......@@ -524,6 +528,7 @@ AM_CPPFLAGS = \
$(JOURNALD_CFLAGS) \
-DLIBDIR=\"$(libdir)\" \
-DVARDIR=\"$(localstatedir)\" \
-DRUNDIR=\"$(runstatedir)\" \
-DSSS_STATEDIR=\"$(sss_statedir)\" \
-DSYSCONFDIR=\"$(sysconfdir)\" \
-DSHLIBEXT=\"$(SHLIBEXT)\" \
......@@ -886,7 +891,6 @@ dist_noinst_HEADERS = \
src/tests/cmocka/test_expire_common.h \
src/tests/cmocka/test_sdap_access.h \
src/tests/cmocka/data_provider/mock_dp.h \
src/tests/cwrap/common_mock_nss_dl_load.h \
src/sss_client/pam_message.h \
src/sss_client/ssh/sss_ssh_client.h \
src/sss_client/sudo/sss_sudo.h \
......@@ -904,6 +908,7 @@ dist_noinst_HEADERS = \
src/shared/murmurhash3.h \
src/shared/safealign.h \
src/p11_child/p11_child.h \
src/oidc_child/oidc_child_util.h \
$(NULL)
......@@ -1051,7 +1056,7 @@ EXTRA_DIST += \
pkglib_LTLIBRARIES += libsss_sbus.la
libsss_sbus_la_SOURCES = \
src/util/check_and_open.c \
src/util/check_file.c \
src/util/debug.c \
src/util/debug_backtrace.c \
src/util/sss_chain_id.c \
......@@ -1242,7 +1247,7 @@ libsss_util_la_SOURCES = \
src/util/usertools.c \
src/util/backup_file.c \
src/util/strtonum.c \
src/util/check_and_open.c \
src/util/check_file.c \
src/util/refcount.c \
src/util/sss_nss.c \
src/util/sss_utf8.c \
......@@ -1269,8 +1274,7 @@ libsss_util_la_SOURCES = \
src/util/sss_regexp.c \
src/util/sss_chain_id_tevent.c \
src/util/sss_chain_id.c \
src/util/nss_dl_load.c \
src/util/nss_dl_load_extra.c \
src/util/sss_time.c \
$(NULL)
libsss_util_la_CFLAGS = \
$(AM_CFLAGS) \
......@@ -1376,6 +1380,7 @@ libsss_nss_idmap_la_SOURCES = \
src/sss_client/common.c \
src/sss_client/idmap/common_ex.c \
src/sss_client/nss_mc_passwd.c \
src/sss_client/nss_mc_sid.c \
src/sss_client/nss_passwd.c \
src/sss_client/nss_mc_group.c \
src/sss_client/nss_group.c \
......@@ -1392,7 +1397,7 @@ libsss_nss_idmap_la_LIBADD = \
$(NULL)
libsss_nss_idmap_la_LDFLAGS = \
-Wl,--version-script,$(srcdir)/src/sss_client/idmap/sss_nss_idmap.exports \
-version-info 5:0:5
-version-info 6:0:6
dist_noinst_DATA += src/sss_client/idmap/sss_nss_idmap.exports
......@@ -2166,13 +2171,13 @@ krb5_utils_tests_LDADD = \
libsss_test_common.la
check_and_open_tests_SOURCES = \
src/tests/check_and_open-tests.c \
src/util/check_and_open.c
check_and_open_tests_CFLAGS = \
check_file_tests_SOURCES = \
src/tests/check_file-tests.c \
src/util/check_file.c
check_file_tests_CFLAGS = \
$(AM_CFLAGS) \
$(CHECK_CFLAGS)
check_and_open_tests_LDADD = \
check_file_tests_LDADD = \
libsss_debug.la \
$(CHECK_LIBS) \
libsss_test_common.la
......@@ -2192,7 +2197,7 @@ endif
if HAVE_INOTIFY
files_tests_SOURCES = \
src/tests/files-tests.c \
src/util/check_and_open.c \
src/util/check_file.c \
src/util/atomic_io.c \
src/util/selinux.c \
src/util/files.c
......@@ -2570,6 +2575,7 @@ EXTRA_pam_srv_tests_DEPENDENCIES += p11_child
pam_srv_tests_SOURCES = \
$(TEST_MOCK_RESP_OBJ) \
src/tests/cmocka/test_pam_srv.c \
src/tests/cmocka/common_utils.c \
src/sss_client/pam_message.c \
src/responder/pam/pamsrv_cmd.c \
src/responder/pam/pamsrv_p11.c \
......@@ -3812,6 +3818,18 @@ test_kcm_queue_LDADD = \
libsss_sbus.la \
$(NULL)
test_krb5_idp_plugin_SOURCES = \
src/tests/cmocka/test_krb5_idp_plugin.c \
src/krb5_plugin/idp/idp_utils.c \
$(NULL)
test_krb5_idp_plugin_CFLAGS = \
$(AM_CFLAGS) \
$(NULL)
test_krb5_idp_plugin_LDADD = \
$(CMOCKA_LIBS) \
$(JANSSON_LIBS) \
$(NULL)
if BUILD_KCM_RENEWAL
test_kcm_renewals_SOURCES = \
$(TEST_MOCK_RESP_OBJ) \
......@@ -4517,6 +4535,7 @@ krb5_child_SOURCES = \
src/util/become_user.c \
src/util/util_errors.c \
src/sss_client/common.c \
src/krb5_plugin/idp/idp_utils.c \
$(NULL)
krb5_child_CFLAGS = \
$(AM_CFLAGS) \
......@@ -4532,6 +4551,7 @@ krb5_child_LDADD = \
$(KRB5_LIBS) \
$(CLIENT_LIBS) \
$(SYSTEMD_LOGIN_LIBS) \
$(JANSSON_LIBS) \
$(NULL)
ldap_child_SOURCES = \
......@@ -4589,6 +4609,7 @@ gpo_child_SOURCES = \
src/util/atomic_io.c \
src/util/util.c \
src/util/util_ext.c \
src/util/util_errors.c \
src/util/signal.c \
src/util/sss_chain_id.c
gpo_child_CFLAGS = \
......@@ -4653,6 +4674,32 @@ p11_child_LDADD += \
$(SSL_LIBS) \
$(NULL)
if BUILD_OIDC_CHILD
oidc_child_SOURCES = \
src/oidc_child/oidc_child.c \
src/oidc_child/oidc_child_curl.c \
src/oidc_child/oidc_child_json.c \
src/util/atomic_io.c \
src/util/memory.c \
src/util/strtonum.c \
$(NULL)
oidc_child_CFLAGS = \
$(AM_CFLAGS) \
$(POPT_CFLAGS) \
$(JANSSON_CFLAGS) \
$(JOSE_CFLAGS) \
$(CURL_CFLAGS) \
$(NULL)
oidc_child_LDADD = \
libsss_debug.la \
$(TALLOC_LIBS) \
$(POPT_LIBS) \
$(JANSSON_LIBS) \
$(JOSE_LIBS) \
$(CURL_LIBS) \
$(NULL)
endif
memberof_la_SOURCES = \
src/ldb_modules/memberof.c \
src/util/util.c \
......@@ -4703,8 +4750,35 @@ sssd_krb5_localauth_plugin_la_LDFLAGS = \
-module
endif
krb5_plugindir = @appmodpath@
dist_krb5snippets_DATA = contrib/enable_sssd_conf_dir
krb5_plugin_LTLIBRARIES = \
sssd_krb5_idp_plugin.la \
$(NULL)
sssd_krb5_idp_plugin_la_SOURCES = \
src/krb5_plugin/idp/idp_clpreauth.c \
src/krb5_plugin/idp/idp_kdcpreauth.c \
src/krb5_plugin/idp/idp_utils.c \
$(NULL)
sssd_krb5_idp_plugin_la_CFLAGS = \
$(AM_CFLAGS) \
$(KRB5_CFLAGS) \
$(NULL)
sssd_krb5_idp_plugin_la_LIBADD = \
$(KRB5_LIBS) \
$(KRAD_LIBS) \
$(JANSSON_LIBS) \
$(NULL)
sssd_krb5_idp_plugin_la_LDFLAGS = \
-avoid-version \
-module \
$(NULL)
dist_noinst_HEADERS += src/krb5_plugin/idp/idp.h
dist_krb5snippets_DATA += src/krb5_plugin/idp/sssd_enable_idp
sssd_pac_plugin_la_SOURCES = \
src/sss_client/sssd_pac.c \
src/sss_client/common.c \
......@@ -5132,6 +5206,7 @@ installsssddirs::
$(DESTDIR)$(sudolibdir) \
$(DESTDIR)$(autofslibdir) \
$(DESTDIR)$(pipepath)/private \
$(DESTDIR)$(krb5snippetsdir) \
$(SSSD_USER_DIRS) \
$(NULL);
if SSSD_USER
......
......@@ -14,6 +14,30 @@ SSSD is shipped as a binary package by most Linux distributions. If you
want to obtain the latest source files, please navigate to the
[Releases folder on GitHub](https://github.com/SSSD/sssd/releases).
We sign release tarballs with our [gpg key (id C13CD07FFB2DB1408E457A3CD3D21B2910CF6759)](./contrib/pubkey.asc)
since April 2022. For convenience, the key is also uploaded to
`keys.openpgp.org` keyserver. You can import the key using:
```
$ curl -o sssd.asc https://raw.githubusercontent.com/SSSD/sssd/master/contrib/pubkey.asc
$ gpg2 --import sssd.asc
```
or
```
$ gpg2 --keyserver keys.openpgp.org --recv-keys C13CD07FFB2DB1408E457A3CD3D21B2910CF6759
```
And verify the signature with:
```
$ version=x.y.z
$ curl -o sssd-$version.tar.gz https://github.com/SSSD/sssd/releases/download/$version/sssd-$version.tar.gz
$ curl -o sssd-$version.tar.gz.asc https://github.com/SSSD/sssd/releases/download/$version/sssd-$version.tar.gz.asc
$ gpg2 --verify sssd-$version.tar.gz.asc sssd-$version.tar.gz
```
## Releases
SSSD maintains two release streams - stable and LTM. Releases designated as
LTM are long-term maintenance releases and will see bugfixes and security
......
......@@ -172,6 +172,7 @@ WITH_SSSD_USER
SSSD_RUNSTATEDIR
WITH_SECRETS_DB_PATH
WITH_KCM
WITH_OIDC_CHILD
m4_include([src/external/pkg.m4])
m4_include([src/external/libpopt.m4])
......@@ -195,6 +196,7 @@ m4_include([src/external/selinux.m4])
m4_include([src/external/crypto.m4])
m4_include([src/external/nsupdate.m4])
m4_include([src/external/libkeyutils.m4])
m4_include([src/external/libkrad.m4])
m4_include([src/external/libnl.m4])
m4_include([src/external/systemd.m4])
m4_include([src/external/pac_responder.m4])
......@@ -211,6 +213,11 @@ m4_include([src/external/systemtap.m4])
m4_include([src/external/service.m4])
m4_include([src/external/test_ca.m4])
m4_include([src/external/ax_valgrind_check.m4])
m4_include([src/external/libjansson.m4])
AS_IF([test x$with_oidc_child = xyes], [
m4_include([src/external/libcurl.m4])
m4_include([src/external/libjose.m4])
])
AS_IF([test x$with_kcm = xyes], [
m4_include([src/external/libuuid.m4])
......