Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • mika/sssd
  • guillem/debian-pkg-sssd
  • john.veitch/sssd
  • jgullberg/sssd
  • gioele/sssd
  • oktay454/sssd
  • sergiodj/sssd
  • 3v1n0/sssd
  • jfalk-guest/sssd
  • sathieu/sssd
  • dpward/sssd
  • sssd-team/sssd
  • ahasenack/sssd
  • jbicha/sssd
  • yrro-guest/sssd
15 results
Show changes
Commits on Source (135)
Showing
with 126 additions and 101 deletions
......@@ -13,14 +13,14 @@ jobs:
pull-requests: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
persist-credentials: false
- name: Perform cppcheck analysis
# v0.0.11 is the latest release but we need a later commit
uses: linuxdeepin/action-cppcheck@9ef62c4ec8cd5660952cd02c58b83fa57c16a42b
uses: linuxdeepin/action-cppcheck@e63fb1d3f321e0467737aa9de7f691360fb1b8fb
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.repository }}
......@@ -36,13 +36,13 @@ jobs:
timeout-minutes: 1440
steps:
- name: Checkout target branch
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
ref: ${{ github.base_ref }}
path: target
- name: Checkout pull request branch
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
path: pr
......
......@@ -15,7 +15,7 @@ jobs:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Install dependencies
id: dependencies
......@@ -63,7 +63,7 @@ jobs:
matrix: ${{ steps.matrix.outputs.matrix }}
steps:
- name: Checkout sources
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Get matrix
id: matrix
......@@ -80,7 +80,7 @@ jobs:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
path: sssd
......@@ -124,6 +124,7 @@ jobs:
./sssd/ci-build-debug/ci-*.log
./sssd/ci-build-debug/test-suite.log
./sssd/ci-build-debug/ci-mock-result/*.log
./sssd/ci-build-debug/src/tests/cwrap/test-suite.log
- name: Upload valgrind artifacts
if: always()
......@@ -145,7 +146,7 @@ jobs:
contents: read
steps:
- name: Checkout sssd repository
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
path: sssd
......@@ -214,7 +215,7 @@ jobs:
pip3 install -r ./sssd/src/tests/multihost/requirements.txt
- name: Create multihost configuration
uses: DamianReeves/write-file-action@41569a7dac64c252caacca7bceefe28b70b38db1
uses: DamianReeves/write-file-action@0a7fcbe1960c53fc08fe789fa4850d24885f4d84
with:
path: mhc.yml
write-mode: overwrite
......@@ -258,7 +259,7 @@ jobs:
contents: read
steps:
- name: Checkout sssd repository
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
path: sssd
......@@ -276,12 +277,22 @@ jobs:
- /dev/shm
volumes:
- ../sssd:/sssd:rw
ipa:
image: ${REGISTRY}/ci-ipa-devel:${TAG}
shm_size: 4G
tmpfs:
- /dev/shm
volumes:
- ../sssd:/sssd:rw
- name: Build SSSD on the client
- name: Build SSSD on the client and IPA
uses: SSSD/sssd-ci-containers/actions/exec@master
with:
log-file: build.log
working-directory: /sssd
where: |
client
ipa
script: |
#!/bin/bash
set -ex
......@@ -294,22 +305,35 @@ jobs:
/sssd/configure --enable-silent-rules
make rpms
- name: Install SSSD on the client
- name: Install SSSD on the client and IPA
uses: SSSD/sssd-ci-containers/actions/exec@master
with:
log-file: install.log
user: root
where: |
client
ipa
script: |
#!/bin/bash
set -ex
dnf remove -y --noautoremove sssd\*
dnf install -y /dev/shm/sssd/rpmbuild/RPMS/*/*.rpm
rm -fr /dev/shm/sssd
# We need to reenable sssd-kcm since it was disabled by removing sssd not not enabled again
systemctl enable --now sssd-kcm.socket
- name: Restart SSSD on IPA server
uses: SSSD/sssd-ci-containers/actions/exec@master
with:
user: root
where: ipa
script: |
#!/bin/bash
set -ex
systemctl restart sssd || systemctl status sssd
- name: Install system tests dependencies
shell: bash
working-directory: ./sssd/src/tests/system
......
......@@ -41,7 +41,7 @@ jobs:
contents: read
steps:
- name: Checkout source
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
......@@ -114,7 +114,7 @@ jobs:
fail-fast: false
steps:
- name: Checkout source
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Downlooad source rpm
uses: actions/download-artifact@v3
......
......@@ -13,7 +13,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Install dependencies
uses: ./.github/actions/install-dependencies
......@@ -22,7 +22,7 @@ jobs:
uses: ./.github/actions/configure
- name: Execute and submit coverity scan
uses: vapier/coverity-scan-action@v1.2.0
uses: vapier/coverity-scan-action@v1.7.0
with:
email: "sssd-maint@redhat.com"
token: ${{ secrets.COVERITY_SCAN_TOKEN }}
......
......@@ -17,7 +17,7 @@ jobs:
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Install dependencies
id: dependencies
......@@ -57,7 +57,7 @@ jobs:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Setup virtual environment
working-directory: ./src/tests/system
......
......@@ -810,7 +810,6 @@ dist_noinst_HEADERS = \
src/db/sysdb_subid.h \
src/db/sysdb_domain_resolution_order.h \
src/db/sysdb_passkey_user_verification.h \
src/db/sysdb_computer.h \
src/db/sysdb_iphosts.h \
src/db/sysdb_ipnetworks.h \
src/confdb/confdb.h \
......@@ -1249,7 +1248,6 @@ libsss_util_la_SOURCES = \
src/db/sysdb_iphosts.c \
src/db/sysdb_ipnetworks.c \
src/util/sss_pam_data.c \
src/db/sysdb_computer.c \
src/db/sysdb_subid.c \
src/util/util.c \
src/util/util_ext.c \
......@@ -2348,7 +2346,10 @@ ipa_ldap_opt_tests_LDADD = \
$(LDB_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
$(OPENLDAP_LIBS) \
libsss_test_common.la
libsss_test_common.la \
libsss_ldap_common.la \
libdlopen_test_providers.la \
$(NULL)
ad_ldap_opt_tests_SOURCES = \
src/providers/ldap/ldap_opts.c \
......@@ -2910,6 +2911,8 @@ nestedgroups_tests_LDADD = \
$(SSSD_INTERNAL_LTLIBS) \
libsss_idmap.la \
libsss_test_common.la \
libsss_ldap_common.la \
libdlopen_test_providers.la \
$(NULL)
if BUILD_SYSTEMTAP
nestedgroups_tests_LDADD += stap_generated_probes.lo
......@@ -3156,6 +3159,8 @@ sdap_tests_LDADD = \
$(SSSD_INTERNAL_LTLIBS) \
$(OPENLDAP_LIBS) \
libsss_test_common.la \
libsss_ldap_common.la \
libdlopen_test_providers.la \
$(NULL)
if BUILD_IFP
......@@ -3851,6 +3856,7 @@ test_passkey_LDFLAGS = \
-Wl,-wrap,fido_dev_open \
-Wl,-wrap,fido_dev_has_uv \
-Wl,-wrap,fido_dev_has_pin \
-Wl,-wrap,fido_dev_supports_uv \
-Wl,-wrap,fido_dev_make_cred \
-Wl,-wrap,fido_cred_x5c_ptr \
-Wl,-wrap,fido_cred_verify \
......@@ -4401,6 +4407,8 @@ libsss_proxy_la_SOURCES = \
src/providers/proxy/proxy_hosts.c \
src/providers/proxy/proxy_ipnetworks.c \
src/providers/proxy/proxy_auth.c \
src/providers/proxy/proxy_certmap.c \
src/util/cert_derb64_to_ldap_filter.c \
src//util/nss_dl_load.c \
$(NULL)
libsss_proxy_la_CFLAGS = \
......@@ -4416,6 +4424,7 @@ libsss_proxy_la_LIBADD = \
$(SSSD_INTERNAL_LTLIBS) \
libsss_iface.la \
libsss_sbus.la \
libsss_certmap.la \
$(NULL)
libsss_proxy_la_LDFLAGS = \
-avoid-version \
......
......@@ -29,60 +29,44 @@ declare -a CONFIGURE_ARG_LIST=(
"--enable-ldb-version-check"
"--with-syslog=journald"
"--enable-systemtap"
"--with-python2-bindings"
)
if [[ "$DISTRO_BRANCH" == -redhat-redhatenterprise*-6.*- ||
"$DISTRO_BRANCH" == -redhat-centos-6.*- ]]; then
if [[ "$DISTRO_BRANCH" == -redhat-centos-8*- ||
"$DISTRO_BRANCH" == -redhat-redhatenterprise*-8.*- ]]; then
CONFIGURE_ARG_LIST+=(
"--with-smb-idmap-interface-version=5"
"--disable-cifs-idmap-plugin"
"--with-syslog=syslog"
"--without-python3-bindings"
"--without-kcm"
"--with-python2-bindings"
)
fi
if [[ "$DISTRO_BRANCH" == -redhat-fedora-2[0-2]* ]]; then
else
CONFIGURE_ARG_LIST+=(
"--without-kcm"
"--without-python2-bindings"
)
fi
if [[ "$DISTRO_BRANCH" == -redhat-redhatenterprise*-7.*- ||
"$DISTRO_BRANCH" == -redhat-centos-7.*- ]]; then
CONFIGURE_ARG_LIST+=(
"--without-python3-bindings"
)
fi
# Different versions of Debian might need different versions here but this is
# sufficient to make the CI work
if [[ "$DISTRO_BRANCH" == -debian-* ]]; then
CONFIGURE_ARG_LIST+=(
"--without-python2-bindings"
"--with-smb-idmap-interface-version=5"
)
fi
if [[ "$DISTRO_BRANCH" == -redhat-fedora-4[0-9]* ||
"$DISTRO_BRANCH" == -redhat-fedora-3[2-9]* ||
"$DISTRO_BRANCH" == -redhat-centos*-9*- ||
"$DISTRO_BRANCH" == -redhat-redhatenterprise*-9.*- ]]; then
CONFIGURE_ARG_LIST+=(
"--without-python2-bindings"
)
fi
if [[ "$DISTRO_BRANCH" == -redhat-fedora-3[5-9]* ||
"$DISTRO_BRANCH" == -redhat-redhatenterprise*-9.*- ]]; then
if [[ "$DISTRO_BRANCH" == -redhat-fedora-* ||
"$DISTRO_BRANCH" == -redhat-centos-9*- ||
"$DISTRO_BRANCH" == -redhat-centos-10*- ||
"$DISTRO_BRANCH" == -redhat-redhatenterprise*-9.*- ||
"$DISTRO_BRANCH" == -redhat-redhatenterprise*-10.*- ]]; then
CONFIGURE_ARG_LIST+=(
"--with-subid"
)
fi
if [[ "$DISTRO_BRANCH" == -redhat-fedora-* ]]; then
if [[ "$DISTRO_BRANCH" == -redhat-fedora-* ||
"$DISTRO_BRANCH" == -redhat-centos-9*- ||
"$DISTRO_BRANCH" == -redhat-centos-10*- ||
"$DISTRO_BRANCH" == -redhat-redhatenterprise*-9.*- ||
"$DISTRO_BRANCH" == -redhat-redhatenterprise*-10.*- ]]; then
CONFIGURE_ARG_LIST+=(
"--with-passkey"
)
......
......@@ -33,7 +33,6 @@ declare DEPS_INTGCHECK_SATISFIED=true
if [[ "$DISTRO_BRANCH" == -redhat-* ]]; then
declare _DEPS_LIST_SPEC
DEPS_LIST+=(
clang-analyzer
fakeroot
libfaketime
libcmocka-devel
......@@ -49,8 +48,7 @@ if [[ "$DISTRO_BRANCH" == -redhat-* ]]; then
libunistring-devel
)
if [[ "$DISTRO_BRANCH" == -redhat-fedora-31* ||
"$DISTRO_BRANCH" == -redhat-redhatenterprise*-8.*- ||
if [[ "$DISTRO_BRANCH" == -redhat-redhatenterprise*-8.*- ||
"$DISTRO_BRANCH" == -redhat-centos*-8*- ]]; then
DEPS_LIST+=(
python2
......@@ -60,7 +58,7 @@ if [[ "$DISTRO_BRANCH" == -redhat-* ]]; then
fi
if [[ "$DISTRO_BRANCH" == -redhat-fedora-4[0-9]* ||
"$DISTRO_BRANCH" == -redhat-fedora-3[1-9]* ||
"$DISTRO_BRANCH" == -redhat-fedora-3[7-9]* ||
"$DISTRO_BRANCH" == -redhat-redhatenterprise*-8.*- ||
"$DISTRO_BRANCH" == -redhat-redhatenterprise*-9.*- ||
"$DISTRO_BRANCH" == -redhat-centos*-8*- ||
......@@ -108,7 +106,6 @@ if [[ "$DISTRO_BRANCH" == -debian-* ]]; then
autopoint
check
cifs-utils
clang
dh-apparmor
dnsutils
docbook-xml
......
......@@ -51,17 +51,7 @@ function distro_pkg_install()
{
declare prompt=$'Need root permissions to install packages.\n'
prompt+="Enter sudo password for $USER: "
if [[ "$DISTRO_BRANCH" == -redhat-fedora-2[2-5]* ]]; then
# TODO switch fedora to DNF once
# https://bugzilla.redhat.com/show_bug.cgi?id=1215208 is fixed
[ $# != 0 ] && sudo -p "$prompt" \
yum-deprecated --assumeyes install -- "$@" |&
# Pass input to output, fail if a missing package is reported
awk 'BEGIN {s=0}
/^No package .* available.$/ {s=1}
{print}
END {exit s}'
elif [[ "$DISTRO_BRANCH" == -redhat-fedora-* ]]; then
if [[ "$DISTRO_BRANCH" == -redhat-fedora-* ]]; then
[ $# != 0 ] && sudo -p "$prompt" \
/usr/bin/dnf --assumeyes --best \
--setopt=install_weak_deps=False \
......
......@@ -27,10 +27,12 @@ def get_fedora_releases(type, exclude=[]):
def get_fedora_matrix():
fedora_stable = get_fedora_releases('current')
fedora_devel = get_fedora_releases('pending', exclude=['eln'])
fedora_frozen = get_fedora_releases('frozen', exclude=['eln'])
matrix = []
matrix.extend(['fedora-{0}'.format(x) for x in fedora_stable])
matrix.extend(['fedora-{0}'.format(x) for x in fedora_devel])
matrix.extend(['fedora-{0}'.format(x) for x in fedora_frozen])
return matrix
......@@ -48,9 +50,9 @@ if __name__ == "__main__":
parser.add_argument('--action', action='store_true', help='It is run in GitHub actions mode')
args = parser.parse_args()
fedora = get_fedora_matrix()
centos = get_centos_matrix()
other = get_other_matrix()
fedora = sorted(get_fedora_matrix())
centos = sorted(get_centos_matrix())
other = sorted(get_other_matrix())
matrix = {
'intgcheck': [*fedora, *centos, *other],
......
......@@ -171,8 +171,6 @@
fun:be_res_init
fun:be_init_failover
fun:test_ipa_server_create_trusts_setup
...
fun:_cmocka_run_group_tests
}
# Leaks in bash if p11_child returns and error because due to libtool the
......
......@@ -30,7 +30,7 @@
%global build_kcm_renewals 0
%endif
%if 0%{?fedora} >= 39
%if 0%{?fedora} >= 39 || 0%{?rhel} >= 9
%global build_passkey 1
%else
%global build_passkey 0
......@@ -72,6 +72,7 @@ Requires: sssd-krb5 = %{version}-%{release}
Requires: sssd-ldap = %{version}-%{release}
Requires: sssd-proxy = %{version}-%{release}
Suggests: logrotate
Suggests: procps-ng
Suggests: python3-sssdconfig = %{version}-%{release}
Suggests: sssd-dbus = %{version}-%{release}
......@@ -356,6 +357,7 @@ identity data from and authenticate against an Active Directory server.
Summary: The proxy back end of the SSSD
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
Requires: libsss_certmap = %{version}-%{release}
%description proxy
Provides the proxy back end which can be used to wrap an existing NSS and/or
......
sssd (2.9.4-1) unstable; urgency=medium
[ Sergio Durigan Junior ]
* Improve certificate/smartcard dep8 tests.
- d/t/control: Don't depend on "needs-sudo" restriction, since the
tests don't really use "sudo" selectively but rather rely on a normal
user being setup as a side effect of "needs-sudo". Instead, we can
use "needs-root".
- d/t/sssd-smart-card-pam-auth-configs-tester.sh,
d/t/sssd-softhism2-certificates-tests.sh: Use
"${AUTOPKGTEST_NORMAL_USER}" instead of "$SUDO_USER".
[ Timo Aaltonen ]
* New upstream release.
* control: Migrate to systemd-dev. (Closes: #1060512)
* rules, install: Use systemdsystemunitdir.
-- Timo Aaltonen <tjaalton@debian.org> Thu, 18 Jan 2024 12:04:33 +0200
sssd (2.9.2-1) unstable; urgency=medium
[ Timo Aaltonen ]
......
......@@ -9,7 +9,7 @@ Build-Depends:
bc,
check <!nocheck>,
cifs-utils,
debhelper-compat (= 12),
debhelper-compat (= 13),
dh-apparmor,
dh-python,
dh-sequence-installnss,
......@@ -65,11 +65,12 @@ Build-Depends:
lsb-release,
openssh-client <!nocheck>,
openssl <!nocheck>,
pkgconf,
python3-dev,
python3-setuptools,
samba-dev (>= 2:4.1.13),
softhsm2 <!nocheck>,
systemd,
systemd-dev,
systemtap-sdt-dev,
uuid-dev,
xml-core,
......
......@@ -14,6 +14,7 @@ CFLAGS += -I/usr/include/samba-4.0
export CK_DEFAULT_TIMEOUT=30
export am_cv_python_pythondir=/usr/lib/python3/dist-packages
export am_cv_python_pyexecdir=/usr/lib/python3/dist-packages
export systemdsystemunitdir=$(shell pkgconf --variable=systemdsystemunitdir systemd | sed s,^/,,)
DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
......@@ -39,7 +40,7 @@ override_dh_auto_configure:
--with-crypto=libcrypto \
--with-ssh \
--with-initscript=systemd \
--with-systemdunitdir=/lib/systemd/system \
--with-systemdunitdir=/$(systemdsystemunitdir) \
--with-files-provider \
--with-smb-idmap-interface-version=6 \
--without-python2-bindings \
......
lib/systemd/system/sssd-pac.service
lib/systemd/system/sssd-pac.socket
${env:systemdsystemunitdir}/sssd-pac.service
${env:systemdsystemunitdir}/sssd-pac.socket
usr/libexec/sssd/sssd_pac
etc/pam.d/sssd-shadowutils
lib/systemd/system/sssd.service
lib/systemd/system/sssd-sudo.service
lib/systemd/system/sssd-sudo.socket
lib/systemd/system/sssd-ssh.service
lib/systemd/system/sssd-ssh.socket
lib/systemd/system/sssd-autofs.service
lib/systemd/system/sssd-autofs.socket
lib/systemd/system/sssd-pam.service
lib/systemd/system/sssd-pam.socket
lib/systemd/system/sssd-pam-priv.socket
lib/systemd/system/sssd-nss.service
lib/systemd/system/sssd-nss.socket
${env:systemdsystemunitdir}/sssd.service
${env:systemdsystemunitdir}/sssd-sudo.service
${env:systemdsystemunitdir}/sssd-sudo.socket
${env:systemdsystemunitdir}/sssd-ssh.service
${env:systemdsystemunitdir}/sssd-ssh.socket
${env:systemdsystemunitdir}/sssd-autofs.service
${env:systemdsystemunitdir}/sssd-autofs.socket
${env:systemdsystemunitdir}/sssd-pam.service
${env:systemdsystemunitdir}/sssd-pam.socket
${env:systemdsystemunitdir}/sssd-pam-priv.socket
${env:systemdsystemunitdir}/sssd-nss.service
${env:systemdsystemunitdir}/sssd-nss.socket
usr/bin/sss_ssh_authorizedkeys
usr/bin/sss_ssh_knownhostsproxy
usr/lib/*/cifs-utils/cifs_idmap_sss.so
......
lib/systemd/system/sssd-ifp.service
${env:systemdsystemunitdir}/sssd-ifp.service
usr/libexec/sssd/sssd_ifp
usr/share/dbus-1/system-services/org.freedesktop.sssd.infopipe.service
usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
......
etc/krb5.conf.d/kcm_default_ccache
lib/systemd/system/sssd-kcm.service
lib/systemd/system/sssd-kcm.socket
${env:systemdsystemunitdir}/sssd-kcm.service
${env:systemdsystemunitdir}/sssd-kcm.socket
usr/libexec/sssd/sssd_kcm
usr/share/sssd-kcm/kcm_default_ccache
usr/share/man/man8/sssd-kcm.8
......@@ -6,9 +6,7 @@ Tests: ldap-user-group-krb5-auth
Depends: @, slapd, ldap-utils, openssl, expect, lsb-release, krb5-user, krb5-admin-server, krb5-kdc
Restrictions: isolation-container, needs-root, allow-stderr
Test-Command: sudo
bash debian/tests/sssd-softhism2-certificates-tests.sh
Features: test-name=sssd-softhism2-certificates-tests
Tests: sssd-softhism2-certificates-tests.sh
Depends: bash,
gnutls-bin,
openssl,
......@@ -16,10 +14,10 @@ Depends: bash,
softhsm2,
sssd,
util-linux
Restrictions: needs-sudo,
Restrictions: needs-root,
allow-stderr
Test-Command: sudo env
Test-Command: env
OFFLINE_MODE=1
bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh
Features: test-name=sssd-smart-card-pam-auth-configs
......@@ -34,6 +32,6 @@ Depends: bash,
util-linux
Restrictions: breaks-testbed,
isolation-container,
needs-sudo,
needs-root,
allow-stderr