Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • mika/sssd
  • guillem/debian-pkg-sssd
  • john.veitch/sssd
  • jgullberg/sssd
  • gioele/sssd
  • oktay454/sssd
  • sergiodj/sssd
  • 3v1n0/sssd
  • jfalk-guest/sssd
  • sathieu/sssd
  • dpward/sssd
  • sssd-team/sssd
  • ahasenack/sssd
  • jbicha/sssd
  • yrro-guest/sssd
15 results
Show changes
Commits on Source (236)
Showing
with 2169 additions and 2209 deletions
name: "Analyze (target)"
on:
pull_request_target:
branches: [master]
branches: [master, sssd-2-7]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
cancel-in-progress: true
......@@ -81,3 +81,13 @@ jobs:
name: covscan
path: |
./logs/*.err
result:
name: All tests are successful
if: ${{ always() }}
runs-on: ubuntu-latest
needs: [cppcheck, covscan]
steps:
- name: Fail on failure
if: ${{ needs.cppcheck.result != 'success' || needs.covscan.result != 'success' }}
run: exit 1
name: "ci"
on:
push:
branches: [master]
branches: [master, sssd-2-7]
pull_request:
branches: [master]
branches: [master, sssd-2-7]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
......@@ -29,14 +29,14 @@ jobs:
working-directory: x86_64
run: |
source ../contrib/fedora/bashrc_sssd
make CFLAGS+="$SSS_WARNINGS -Werror"
make CFLAGS+="$SSS_WARNINGS -Werror -Wno-error=deprecated-declarations"
- name: make check
shell: bash
working-directory: x86_64
run: |
source ../contrib/fedora/bashrc_sssd
make CFLAGS+="$SSS_WARNINGS -Werror" check
make CFLAGS+="$SSS_WARNINGS -Werror -Wno-error=deprecated-declarations" check
- name: make distcheck
shell: bash
......@@ -48,11 +48,12 @@ jobs:
- uses: actions/upload-artifact@v3
if: always()
with:
name: configure
name: build
path: |
x86_64/config.log
x86_64/config.h
if-no-files-found: error
x86_64/test-suite.log
if-no-files-found: ignore
prepare:
runs-on: ubuntu-latest
......@@ -211,17 +212,19 @@ jobs:
pip3 install -r ./sssd/src/tests/multihost/requirements.txt
- name: Create multihost configuration
run: |
cat <<EOF > mhc.yml
root_password: 'Secret123'
domains:
- name: tier0.tests
type: sssd
hosts:
- name: client
external_hostname: client.test
role: master
EOF
uses: DamianReeves/write-file-action@41569a7dac64c252caacca7bceefe28b70b38db1
with:
path: mhc.yml
write-mode: overwrite
contents: |
root_password: 'Secret123'
domains:
- name: tier0.tests
type: sssd
hosts:
- name: client
external_hostname: client.test
role: master
- name: Run basic multihost tests
run: |
......@@ -241,3 +244,13 @@ jobs:
multihost-build.log
multihost-install.log
multihost-pytest.log
result:
name: All tests are successful
if: ${{ always() }}
runs-on: ubuntu-latest
needs: [build, intgcheck, multihost]
steps:
- name: Fail on failure
if: ${{ needs.build.result != 'success' || needs.intgcheck.result != 'success' || needs.multihost.result != 'success' }}
run: exit 1
......@@ -21,6 +21,7 @@
name: copr
on:
pull_request_target:
branches: [master, sssd-2-7]
types: [opened, synchronize, reopened]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
......@@ -67,8 +68,8 @@ jobs:
id: chroots
uses: next-actions/copr/filter-chroots@master
with:
coprcfg: ${{ secrets.COPR_SECRETS }}
filter: "fedora-.+-x86_64|centos-stream-9-x86_64"
coprcfg: ${{ steps.copr.outputs.coprcfg }}
filter: "fedora-.+-x86_64|centos-stream-.*-x86_64"
exclude: "fedora-eln-.+"
- name: Create copr project
......@@ -93,6 +94,13 @@ jobs:
env:
coprcfg: ${{ steps.copr.outputs.coprcfg }}
run: |
# CentOS Stream 8
copr-cli --config "$coprcfg" edit-chroot \
--repos 'https://koji.mbox.centos.org/kojifiles/repos/dist-c8-stream-build/latest/$basearch/' \
--modules idm:DL1 \
$COPR_ACCOUNT/$COPR_PROJECT/centos-stream-8-x86_64
# CentOS Stream 9
copr-cli --config "$coprcfg" edit-chroot \
--repos 'https://kojihub.stream.centos.org/kojifiles/repos/c9s-build/latest/$basearch/' \
$COPR_ACCOUNT/$COPR_PROJECT/centos-stream-9-x86_64
......@@ -128,3 +136,13 @@ jobs:
chroots: ${{ matrix.chroot }}
project: ${{ env.COPR_PROJECT }}
account: ${{ env.COPR_ACCOUNT }}
result:
name: All copr builds are successful
if: ${{ always() }}
runs-on: ubuntu-latest
needs: [build]
steps:
- name: Fail on failure
if: ${{ needs.build.result != 'success' }}
run: exit 1
name: copr cleanup
on:
pull_request_target:
branches: [master, sssd-2-7]
types: [closed]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
......
name: "Static code analysis"
on:
push:
branches: [master]
branches: [master, sssd-2-7]
pull_request:
branches: [master]
branches: [master, sssd-2-7]
schedule:
# Everyday at midnight
- cron: '0 0 * * *'
......@@ -24,7 +24,7 @@ jobs:
uses: ./.github/actions/install-dependencies
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
uses: github/codeql-action/init@v2
with:
languages: cpp, python
queries: +security-and-quality
......@@ -39,7 +39,7 @@ jobs:
make -j$PROCESSORS
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
uses: github/codeql-action/analyze@v2
flake8:
runs-on: ubuntu-latest
......@@ -47,9 +47,19 @@ jobs:
- name: Checkout repository
uses: actions/checkout@v2
- name:
uses: ikerexxe/lintly-flake8-github-action@fix_execution
- name: Run flake8
uses: grantmcconnaughey/lintly-flake8-github-action@d9db4fd0be9fb1cd19206a48ec0773bd93b82cbd
if: github.event_name == 'pull_request'
with:
token: ${{ secrets.GITHUB_TOKEN }}
failIf: new
result:
name: All tests are successful
if: ${{ always() }}
runs-on: ubuntu-latest
needs: [codeql, flake8]
steps:
- name: Fail on failure
if: ${{ needs.codeql.result != 'success' || needs.flake8.result != 'success' }}
run: exit 1
import hudson.AbortException
import org.jenkinsci.plugins.workflow.steps.FlowInterruptedException
/* Send notifications to Github.
* If it is an on-demand run then no notifications are sent.
*/
class Notification {
def pipeline
String context
String details_url
String aws_url
boolean on_demand
/* @param pipeline Jenkins pipeline context.
* @param context Github notification context (the bold text).
* @param details_url Link for "details" button.
* @param aws_url Link to cloud where logs are stored.
* @param on_demand True if this is an on-demand run.
*
* There are two types of notifications:
* a) Summary (i.e. sssd-ci: Success. details: @details_url)
* b) Single build (i.e. sssd-ci/fedora35: Success. details: @aws_url)
*/
Notification(pipeline, context, details_url, aws_url, on_demand) {
this.pipeline = pipeline
this.context = context
this.details_url = details_url
this.aws_url = aws_url
this.on_demand = on_demand
}
/* Send notification. If system is not null single build is notified. */
def notify(status, message, system = null) {
def context = system ? "${this.context}/${system}" : this.context
this.pipeline.echo "[${context}] ${status}: ${message}"
if (this.on_demand) {
return
}
this.send(status, message, context, this.getTargetURL(system))
}
private def send(status, message, context, url) {
this.pipeline.githubNotify status: status,
context: context,
description: message,
targetUrl: url
}
private def getTargetURL(system) {
if (system) {
return String.format(
'%s/%s/%s/%s/index.html',
this.aws_url,
this.pipeline.env.BRANCH_NAME,
this.pipeline.env.BUILD_ID,
system
)
}
return this.details_url
}
}
/* Manage test run. */
class Test {
def pipeline
String system
Notification notification
String artifactsdir
String basedir
String codedir
String target
/* @param pipeline Jenkins pipeline context.
* @param system System to test on.
* @param notification Notification object.
*/
Test(pipeline, system, notification) {
this.pipeline = pipeline
this.system = system
this.notification = notification
this.basedir = "/home/fedora"
this.target = pipeline.env.CHANGE_TARGET
}
def handleCmdError(rc) {
if (rc == 255) {
this.pipeline.error "Timeout reached."
} else if (rc != 0) {
this.pipeline.error "Some tests failed."
}
}
/* Test entry point. */
def run(command=null) {
/* These needs to be set here in order to get correct workspace. */
this.artifactsdir = "${this.pipeline.env.WORKSPACE}/artifacts/${this.system}"
this.codedir = "${this.pipeline.env.WORKSPACE}/sssd"
/* Clean-up previous artifacts just to be sure there are no leftovers. */
this.pipeline.sh "rm -fr ${this.artifactsdir} || :"
try {
this.pipeline.echo "Running on ${this.pipeline.env.NODE_NAME}"
this.notify('PENDING', 'Build is in progress.')
this.checkout()
try {
this.rebase()
} catch (e) {
this.pipeline.error "Unable to rebase on ${this.target}."
}
this.pipeline.echo "Executing tests, started at ${this.getCurrentTime()}"
if (command == null) {
command = String.format(
'%s/sssd-test-suite -c "%s" run --sssd "%s" --artifacts "%s" --update --prune',
"${this.basedir}/sssd-test-suite",
"${this.basedir}/configs/${this.system}.json",
this.codedir,
this.artifactsdir
)
}
def rc = this.pipeline.sh script: command, returnStatus: true
this.handleCmdError(rc)
this.pipeline.echo "Finished at ${this.getCurrentTime()}"
this.notify('SUCCESS', 'Success.')
} catch (FlowInterruptedException e) {
this.notify('ERROR', 'Aborted.')
throw e
} catch (AbortException e) {
this.notify('ERROR', e.getMessage())
throw e
} catch (e) {
this.notify('ERROR', 'Build failed.')
throw e
} finally {
this.archive()
}
}
def getCurrentTime() {
def date = new Date()
return date.format('dd. MM. yyyy HH:mm:ss')
}
def checkout() {
this.pipeline.dir('sssd') {
this.pipeline.checkout this.pipeline.scm
}
}
def rebase() {
/* Do not rebase if there is no target (not a pull request). */
if (!this.target) {
return
}
this.pipeline.echo "Rebasing on ${this.target}"
// Fetch refs
this.git(String.format(
"fetch --no-tags --progress origin +refs/heads/%s:refs/remotes/origin/%s",
this.target, this.target
))
// Remove left overs from previous rebase if there are any
this.git("rebase --abort || :")
// Just to be sure
this.pipeline.sh "rm -fr '${this.codedir}/.git/rebase-apply' || :"
// Rebase
this.git("rebase origin/${this.target}")
}
def git(command) {
this.pipeline.sh "git -C '${this.codedir}' ${command}"
}
def archive() {
this.pipeline.archiveArtifacts artifacts: "artifacts/**",
allowEmptyArchive: true
this.pipeline.sh String.format(
'%s/sssd-ci archive --name "%s" --system "%s" --artifacts "%s"',
"${this.basedir}/sssd-ci",
"${pipeline.env.BRANCH_NAME}/${pipeline.env.BUILD_ID}",
this.system,
"${artifactsdir}"
)
this.pipeline.sh "rm -fr ${this.artifactsdir}"
}
def notify(status, message) {
this.notification.notify(status, message, this.system)
}
}
/* Manage test run for on demand test. */
class OnDemandTest extends Test {
String repo
String branch
/* @param pipeline Jenkins pipeline context.
* @param system System to test on.
* @param notification Notification object.
* @param repo Repository fetch URL.
* @param branch Branch to checkout.
*/
OnDemandTest(pipeline, system, notification, repo, branch) {
super(pipeline, system, notification)
this.repo = repo
this.branch = branch
}
def handleCmdError(rc) {
super.handleCmdError(rc)
}
def run() {
this.pipeline.echo "Repository: ${this.repo}"
this.pipeline.echo "Branch: ${this.branch}"
super.run()
}
def checkout() {
this.pipeline.dir('sssd') {
this.pipeline.git branch: this.branch, url: this.repo
}
}
def rebase() {
/* Do nothing. */
}
def archive() {
this.pipeline.echo 'On demand run. Artifacts are not stored in the cloud.'
this.pipeline.echo 'They are accessible only from Jenkins.'
this.pipeline.echo "${this.pipeline.env.BUILD_URL}/artifact/artifacts/${this.system}"
this.pipeline.archiveArtifacts artifacts: "artifacts/**",
allowEmptyArchive: true
this.pipeline.sh "rm -fr ${this.artifactsdir}"
}
}
/* Manage test run for internal covscan test.
* Can be triggered for PRs, ondemand and branch runs */
class Covscan extends Test {
String repo
String branch
String basedir
String pr_number
boolean on_demand
String artifactsdir
/* @param pipeline Jenkins pipeline context.
* @param notification Notification object.
* @param repo Repository fetch URL.
* @param branch Branch to checkout.
* @param pr_number Pull Request Number, null if not inside a PR.
* @param on_demand true for on_demand runs, false otherwise.
*/
Covscan(pipeline, notification, repo, branch, pr_number, on_demand) {
super(pipeline, "covscan", notification)
this.repo = repo
this.branch = branch
this.pr_number = pr_number
this.basedir = "/home/fedora"
this.on_demand = on_demand
}
/* Errors returned from covscan.sh */
def handleCmdError(rc) {
if (rc == 0) { return }
switch (rc) {
case 1:
this.pipeline.error "Covscan diff shows new errors!"
break
case 2:
this.pipeline.error "Covscan task FAILED"
break
case 3:
this.pipeline.error "Covscan task INTERRUPTED"
break
case 4:
this.pipeline.error "Covscan task CANCELLED"
break
case 255:
this.pipeline.error "Timeout reached."
break
default:
this.pipeline.error "Generic Failure, unknown return code"
break
}
}
def run() {
def version = this.pr_number ? this.pr_number : this.branch.trim()
this.pipeline.echo "Executing covscan script with version: ${version}_${this.pipeline.env.BUILD_ID}"
def command = String.format(
'%s/scripts/covscan.sh "%s%s_%s" "%s"',
this.basedir,
this.pr_number ? "pr" : "",
version,
this.pipeline.env.BUILD_ID,
this.pipeline.env.WORKSPACE,
)
super.run(command)
}
def checkout() {
if (on_demand) {
this.pipeline.echo "Checkout ${this.branch}"
this.pipeline.dir('sssd') {
this.pipeline.git branch: this.branch, url: this.repo
}
} else {
this.pipeline.dir('sssd') {
this.pipeline.checkout this.pipeline.scm
}
}
}
def rebase() {
super.rebase()
}
def archive() {
if (on_demand) {
this.pipeline.echo 'On demand run. Artifacts are not stored in the cloud.'
this.pipeline.echo 'They are accessible only from Jenkins.'
this.pipeline.echo "${this.pipeline.env.BUILD_URL}/artifact/artifacts/${this.system}"
this.pipeline.archiveArtifacts artifacts: "artifacts/**",
allowEmptyArchive: true
this.pipeline.sh "rm -fr ${this.artifactsdir}"
} else {
super.archive()
}
}
def notify(status, message) {
this.notification.notify(status, message, "covscan")
}
}
def systems = []
def pr_labels = []
def with_tests_label = false
def with_tests_title = false
def on_demand = params.ON_DEMAND ? true : false
def notification = new Notification(
this, 'sssd-ci',
'https://github.com/SSSD/sssd/blob/master/contrib/test-suite/README.md',
'https://s3.eu-central-1.amazonaws.com/sssd-ci',
on_demand
)
this.properties([
buildDiscarder(logRotator(daysToKeepStr: '30', numToKeepStr: '70')),
])
try {
stage('Get system list') {
node('master') {
if (params.SYSTEMS && params.SYSTEMS != 'all') {
/* This is a parametrized custom build. System list is taken
* from provided parameter. */
systems = params.SYSTEMS.split()
} else {
/* This is automated build or custom build that requested
* tests on all systems (i.e. same systems as master branch) */
def branch = env.CHANGE_TARGET ? env.CHANGE_TARGET : 'master'
def config = "systems-${branch}"
echo "Using configuration: ${config}"
/* Configuration is read from Jenkins-managed configuration file.
* Path to the configuration is loaded into env.CONFIG_PATH */
configFileProvider([
configFile(fileId: config, variable: 'CONFIG_PATH')
]) {
def contents = readFile "${env.CONFIG_PATH}"
systems = contents.split()
}
}
echo 'Test will be done on following systems:'
echo systems.join(', ')
}
}
/* Setup nice build description so pull request are easy to find. */
stage('Setup description') {
node('master') {
if (on_demand) {
/* user: branch */
def build = currentBuild.rawBuild
def cause = build.getCause(hudson.model.Cause.UserIdCause.class)
def user = cause.getUserId()
currentBuild.description = "${user}: ${params.REPO_BRANCH}"
} else {
if (env.CHANGE_TARGET) {
/* PR XXX: pull request name */
def title = sh returnStdout: true, script: """
curl -s https://api.github.com/repos/SSSD/sssd/pulls/${env.CHANGE_ID} | \
python -c "import sys, json; print(json.load(sys.stdin).get('title'))"
"""
currentBuild.description = "PR ${env.CHANGE_ID}: ${title}"
if (title.toLowerCase().contains('tests: ')) {
with_tests_title = true
}
} else {
/* Branch: name */
currentBuild.description = "Branch: ${env.BRANCH_NAME}"
}
}
}
}
stage('Retrieve labels') {
node('master') {
if (env.CHANGE_TARGET) {
def labels = sh returnStdout: true, script: """
curl -s https://api.github.com/repos/SSSD/sssd/pulls/${env.CHANGE_ID}
"""
def props = readJSON text: labels
props['labels'].each { key, value ->
pr_labels.add(key['name'])
if (key['name'] == 'Tests') {
with_tests_label = true
}
}
}
}
}
stage('Prepare systems') {
notification.notify('PENDING', 'Pending.')
/* Notify that all systems are pending. */
for (system in systems) {
notification.notify('PENDING', 'Awaiting executor', system)
}
if ((with_tests_label == false) && (with_tests_title == false)) {
notification.notify('PENDING', 'Pending.', "covscan")
}
}
/* Run tests on multiple systems in parallel. */
stage('Run Tests') {
def stages = [:]
for (system in systems) {
def test = null
if (!on_demand) {
test = new Test(this, system, notification)
} else {
test = new OnDemandTest(
this, system, notification,
params.REPO_URL, params.REPO_BRANCH
)
}
stages.put("${system}", {
node("sssd-ci") {
stage("${system}") {
test.run()
}
}
})
}
/* Run covscan against non-test related PRs */
if ((with_tests_label == false) && (with_tests_title == false)) {
stages.put("covscan", {
node("sssd-ci") {
stage("covscan") {
covscan = new Covscan(this, notification, params.REPO_URL, params.REPO_BRANCH, env.CHANGE_ID, on_demand)
covscan.run()
}
}
})
}
parallel(stages)
}
stage('Report results') {
notification.notify('SUCCESS', 'All tests succeeded.')
}
} catch (FlowInterruptedException e) {
stage('Report results') {
notification.notify('ERROR', 'Aborted.')
throw e
}
} catch (e) {
stage('Report results') {
notification.notify('ERROR', 'Some tests failed.')
throw e
}
}
......@@ -1621,6 +1621,7 @@ sssd_pac_SOURCES = \
src/responder/pac/pacsrv.c \
src/responder/pac/pacsrv_cmd.c \
src/providers/ad/ad_pac_common.c \
src/util/pac_utils.c \
$(SSSD_RESPONDER_OBJ)
sssd_pac_CFLAGS = \
$(AM_CFLAGS) \
......@@ -1765,12 +1766,10 @@ sssd_kcm_CFLAGS = \
$(KRB5_CFLAGS) \
$(UUID_CFLAGS) \
$(CURL_CFLAGS) \
$(JANSSON_CFLAGS) \
$(NULL)
sssd_kcm_LDADD = \
$(LIBADD_DL) \
$(KRB5_LIBS) \
$(JANSSON_LIBS) \
$(SSSD_LIBS) \
$(UUID_LIBS) \
$(SYSTEMD_DAEMON_LIBS) \
......@@ -1921,6 +1920,7 @@ sssctl_LDADD = \
$(LIBADD_DL) \
libsss_certmap.la \
libifp_iface_sync.la \
libsss_iface.la \
libsss_iface_sync.la \
libsss_sbus_sync.la \
$(NULL)
......@@ -3004,7 +3004,8 @@ ad_access_filter_tests_LDADD = \
$(NULL)
ad_gpo_tests_SOURCES = \
src/tests/cmocka/test_ad_gpo.c
src/tests/cmocka/test_ad_gpo.c \
src/providers/ad/ad_gpo_child_utils.c
ad_gpo_tests_CFLAGS = \
$(AM_CFLAGS) \
$(NDR_NBT_CFLAGS) \
......@@ -3025,6 +3026,8 @@ ad_gpo_tests_LDADD = \
libsss_sbus.la \
$(NULL)
dist_noinst_DATA += src/tests/cmocka/GPT.INI
ad_common_tests_SOURCES = \
$(libsss_krb5_common_la_SOURCES) \
src/tests/cmocka/common_mock_krb5.c \
......@@ -3791,7 +3794,6 @@ test_kcm_marshalling_CFLAGS = \
$(UUID_CFLAGS) \
$(NULL)
test_kcm_marshalling_LDADD = \
$(JANSSON_LIBS) \
$(UUID_LIBS) \
$(KRB5_LIBS) \
$(CMOCKA_LIBS) \
......@@ -3854,7 +3856,6 @@ test_kcm_renewals_LDFLAGS = \
test_kcm_renewals_LDADD = \
$(LIBADD_DL) \
$(UUID_LIBS) \
$(JANSSON_LIBS) \
$(KRB5_LIBS) \
$(CARES_LIBS) \
$(CMOCKA_LIBS) \
......@@ -4236,6 +4237,7 @@ libsss_krb5_common_la_SOURCES = \
src/util/sss_krb5.c \
src/util/sss_iobuf.c \
src/util/become_user.c \
src/util/pac_utils.c \
$(NULL)
libsss_krb5_common_la_CFLAGS = \
$(AM_CFLAGS) \
......@@ -4606,6 +4608,7 @@ endif
gpo_child_SOURCES = \
src/providers/ad/ad_gpo_child.c \
src/providers/ad/ad_gpo_child_utils.c \
src/util/atomic_io.c \
src/util/util.c \
src/util/util_ext.c \
......@@ -5375,9 +5378,12 @@ if BUILD_PYTHON2_BINDINGS
rm -f $(builddir)/src/config/SSSDConfig/sssdoptions.py ; \
fi
rm -f $(builddir)/src/config/SSSDConfig/*.pyc
cd $(builddir)/src/config; $(PYTHON2) setup.py build --build-base $(abs_builddir)/src/config clean --all
rm -fr "$(builddir)/src/config/dist"
rm -fr "$(builddir)/src/config/SSSDConfig.egg-info"
rm -fr "$(builddir)/src/config/SSSDConfig/__pycache__"
find "$(builddir)/src/config/SSSDConfig" -name "*.py[co]" -delete
endif
if BUILD_PYTHON3_BINDINGS
if [ ! $(srcdir)/src/config/SSSDConfig/ipachangeconf.py -ef $(builddir)/src/config/SSSDConfig/ipachangeconf.py ]; then \
......@@ -5388,9 +5394,12 @@ if BUILD_PYTHON3_BINDINGS
rm -f $(builddir)/src/config/SSSDConfig/sssdoptions.py ; \
fi
rm -f $(builddir)/src/config/SSSDConfig/__pycache__/*.pyc
cd $(builddir)/src/config; $(PYTHON3) setup.py build --build-base $(abs_builddir)/src/config clean --all
rm -fr "$(builddir)/src/config/dist"
rm -fr "$(builddir)/src/config/SSSDConfig.egg-info"
rm -fr "$(builddir)/src/config/SSSDConfig/__pycache__"
find "$(builddir)/src/config/SSSDConfig" -name "*.py[co]" -delete
endif
for doc in $(SSSD_DOCS); do \
rm -Rf $$doc; \
......
[![master :: CI Status](https://img.shields.io/github/workflow/status/SSSD/sssd/ci/master?label=master%20%3A%3A%20ci)](https://github.com/SSSD/sssd/actions/workflows/ci.yml?query=branch%3Amaster)
[![master :: Analyzers](https://img.shields.io/github/workflow/status/SSSD/sssd/Static%20code%20analysis/master?label=master%20%3A%3A%20analyze)](https://github.com/SSSD/sssd/actions/workflows/static-code-analysis.yml?query=branch%3Amaster)
[![Coverity Scan](https://img.shields.io/coverity/scan/sssd-sssd?label=master%20::%20coverity)](https://scan.coverity.com/projects/sssd-sssd)
[![sssd-2-7 :: CI Status](https://img.shields.io/github/workflow/status/SSSD/sssd/ci/master?label=sssd-2-7%20%3A%3A%20ci)](https://github.com/SSSD/sssd/actions/workflows/ci.yml?query=branch%3Asssd-2-7)
[![sssd-2-7 :: Analyzers](https://img.shields.io/github/workflow/status/SSSD/sssd/Static%20code%20analysis/sssd-2-7?label=sssd-2-7%20%3A%3A%20analyze)](https://github.com/SSSD/sssd/actions/workflows/static-code-analysis.yml?query=branch%3Asssd-2-7)
# SSSD - System Security Services Daemon
## Introduction
......
......@@ -51,18 +51,39 @@ AC_CHECK_TYPES([errno_t], [], [], [[#include <errno.h>]])
m4_include([src/build_macros.m4])
BUILD_WITH_SHARED_BUILD_DIR
AC_COMPILE_IFELSE(
SAVE_LIBS=$LIBS
LIBS=
AC_LINK_IFELSE(
[AC_LANG_PROGRAM([[#include <pthread.h>]],
[[pthread_mutex_t m = PTHREAD_MUTEX_INITIALIZER;
(void) m; /* unused */
pthread_mutex_lock(&m);
pthread_mutex_unlock(&m);
]])],
[AC_DEFINE([HAVE_PTHREAD], [1], [Pthread mutexes available.])
HAVE_PTHREAD=1
],
[AC_MSG_WARN([Pthread library not found! Clients will not be thread safe...])])
[AC_MSG_WARN([Pthread mutex support not found! Clients will not be thread safe...])])
LIBS=$SAVE_LIBS
AM_CONDITIONAL([HAVE_PTHREAD], [test x"$HAVE_PTHREAD" != "x"])
AM_CONDITIONAL([HAVE_PTHREAD], [test x"$HAVE_PTHREAD" != "x"])
SAVE_LIBS=$LIBS
LIBS=
AC_LINK_IFELSE(
[AC_LANG_PROGRAM([[#include <pthread.h>]],
[[static pthread_key_t k;
static pthread_once_t f = PTHREAD_ONCE_INIT;
pthread_once(&f, NULL);
pthread_key_create(&k, NULL);
]])],
[AC_DEFINE([HAVE_PTHREAD_EXT], [1], [Extended pthread functionality is available.])
HAVE_PTHREAD_EXT=1
],
[AC_MSG_WARN([Extended pthread functionality is not available. Lock-free client feature will not be built.])])
LIBS=$SAVE_LIBS
AM_CONDITIONAL([BUILD_LOCKFREE_CLIENT], [test x"$HAVE_PTHREAD_EXT" != "x"])
# Check library for the timer_create function
SAVE_LIBS=$LIBS
......@@ -96,6 +117,9 @@ AC_CHECK_FUNCS([ utimensat \
AC_CHECK_FUNCS([ explicit_bzero ])
# Check for the timegm() function (not part of POSIX / Open Group specs)
AC_CHECK_FUNC([timegm], [], [AC_MSG_ERROR([timegm() function not found])])
#Check for endian headers
AC_CHECK_HEADERS([endian.h sys/endian.h byteswap.h])
......@@ -217,6 +241,18 @@ m4_include([src/external/libjansson.m4])
AS_IF([test x$with_oidc_child = xyes], [
m4_include([src/external/libcurl.m4])
m4_include([src/external/libjose.m4])
AS_IF([test x$found_libcurl != xyes], [
AC_MSG_ERROR([libcurl is required for building oidc_child,
please install the libcurl devel package or
use --with-oidc-child=no configure option.])
])
AS_IF([test x$found_jose != xyes], [
AC_MSG_ERROR([libjose is required for building oidc_child,
please install the libjose devel package or
use --with-oidc-child=no configure option.])
])
])
AS_IF([test x$with_kcm = xyes], [
......
......@@ -8,8 +8,8 @@ Supported host distros are Fedora 20 and later, RHEL 6.5 and later, and Debian
Testing.
The tests are executed by running `contrib/ci/run` from the source tree root.
It accepts options to choose from three test sets: "essential", "moderate" and
"rigorous" (-e/-m/-r), with the essential set selected by default.
It accepts options to choose from two test sets: "essential", "moderate"
(-e/-m), with the essential set selected by default.
Essential tests include building everything and running the built-in test
suite under Valgrind, completing in under 5 minutes.
......@@ -17,11 +17,6 @@ suite under Valgrind, completing in under 5 minutes.
Moderate tests include essential tests, plus a distcheck target build. They
complete in about 15 minutes.
Rigorous tests include moderate tests, plus a pass with Clang static analyzer
over the whole build and test execution with code coverage collection and
verification, completing in 30 minutes. Static analyzer failures are ignored
for now.
Use `contrib/ci/clean` to remove test results from the source tree.
......
......@@ -61,6 +61,7 @@ fi
# sufficient to make the CI work
if [[ "$DISTRO_BRANCH" == -debian-* ]]; then
CONFIGURE_ARG_LIST+=(
"--without-python2-bindings"
"--with-smb-idmap-interface-version=5"
)
fi
......
......@@ -144,8 +144,14 @@ if [[ "$DISTRO_BRANCH" == -debian-* ]]; then
libtool-bin
libxml2-utils
make
python-dev
pycodestyle
python3-dbus
python3-dev
python3-ldap
python3-ldb
python3-psutil
python3-pytest
python3-requests
samba-dev
systemd
xml-core
......@@ -156,8 +162,6 @@ if [[ "$DISTRO_BRANCH" == -debian-* ]]; then
libnss-wrapper
libuid-wrapper
libpam-wrapper
python-pytest
python-psutil
ldap-utils
slapd
systemtap-sdt-dev
......@@ -170,8 +174,6 @@ if [[ "$DISTRO_BRANCH" == -debian-* ]]; then
krb5-user
uuid-dev
dbus
python-dbus
pep8
libssl-dev
gnutls-bin
softhsm2
......@@ -179,20 +181,6 @@ if [[ "$DISTRO_BRANCH" == -debian-* ]]; then
libunistring-dev
)
if [[ "$DISTRO_BRANCH" == -debian-ubuntu-* ]]; then
DEPS_LIST+=(
python3-ldap
python3-ldb
python3-requests
)
else
DEPS_LIST+=(
python-ldap
python-ldb
python-requests
)
fi
DEPS_INTGCHECK_SATISFIED=true
fi
......
......@@ -39,7 +39,7 @@ def get_centos_matrix():
def get_other_matrix():
return ['debian-10']
return ['debian-latest']
if __name__ == "__main__":
......
......@@ -34,43 +34,16 @@ export LC_ALL=C
. misc.sh
declare -r DEBUG_CFLAGS="-g3 -O2"
declare -r COVERAGE_CFLAGS="-g3 -O0 --coverage"
declare -r ARCH=`uname -m`
declare -r CPU_NUM=`getconf _NPROCESSORS_ONLN`
declare -r TITLE_WIDTH=24
declare -r RESULT_WIDTH=18
# Minimum percentage of code lines covered by tests
declare -r COVERAGE_MIN_LINES=15
# Minimum percentage of code functions covered by tests
declare -r COVERAGE_MIN_FUNCS=0
# Those values are a sum up of the default warnings in all our
# supported distros in our CI.
# debian_testing: E121,E123,E126,E226,E24,E704,W503,W504,W605
# fedora22:
# fedora23:
# fedora24: E121,E123,E126,E226,E24,E704
# fedora25: E121,E123,E126,E226,E24,E704
# fedora26: E121,E123,E126,E226,E24,E704
# fedora27: E121,E123,E126,E226,E24,E704
# fedora_rawhide: E121,E123,E126,E226,E24,E704
# rhel6:
# rhel7:
declare PEP8_IGNORE="--ignore=E121,E123,E126,E226,E24,E704,W503,W504,W605"
declare PEP8_MAX_LENGTH="--max-line-length=119"
declare BASE_PFX=""
declare DEPS=true
declare DEPS_ONLY=false
declare BASE_DIR=`pwd`
declare MODERATE=false
declare RIGOROUS=false
# pep8 was renamed to pycodestyle
declare PEP8_BIN="pep8"
if command -v pycodestyle &> /dev/null; then
PEP8_BIN="pycodestyle"
fi
# Additional valgrind flags
declare VALGRIND_FLAGS=""
......@@ -93,8 +66,6 @@ Options:
-d, --deps-only Only install dependencies, don't run tests.
-e, --essential Run the essential subset of tests.
-m, --moderate Run the moderate subset of tests.
-r, --rigorous,
-f, --full Run the rigorous (full) set of tests.
Default options: --essential
EOF
......@@ -164,9 +135,7 @@ function build_debug()
declare -r valgrind_test_pattern+="*/double_semicolon_test)"
export CFLAGS="$DEBUG_CFLAGS"
declare test_dir
declare test_dir_distcheck
declare intgcheck_configure_args
declare distcheck_configure_args
declare status
test_dir=`mktemp --directory /dev/shm/ci-test-dir.XXXXXXXX`
......@@ -174,9 +143,6 @@ function build_debug()
"${CONFIGURE_ARG_LIST[@]}" \
--with-test-dir="$test_dir"
# Not building "tests" due to https://fedorahosted.org/sssd/ticket/2350
stage make-tests make -j $CPU_NUM check LOG_COMPILER=true
status=0
CK_FORK=no \
DEBUGINFOD_URLS="" \
......@@ -206,86 +172,12 @@ function build_debug()
$intgcheck_configure_args"
fi
test_dir_distcheck=`mktemp --directory /dev/shm/ci-test-dir.XXXXXXXX`
# Single thread due to https://fedorahosted.org/sssd/ticket/2354
status=0
printf -v distcheck_configure_args " %q" \
"${CONFIGURE_ARG_LIST[@]}" \
"--with-test-dir=$test_dir_distcheck"
stage make-distcheck make distcheck \
AUX_DISTCHECK_CONFIGURE_FLAGS=" \
$distcheck_configure_args" ||
status=$?
mv "$test_dir_distcheck" ci-test-dir-distcheck
((status == 0))
fi
unset CFLAGS
}
# Run coverage build checks.
function build_coverage()
{
declare -r coverage_report_dir="ci-report-coverage"
declare extra_CFLAGS=""
declare test_dir
declare status
if [[ "$DISTRO_BRANCH" == -redhat-redhatenterprise*-6.*- ||
"$DISTRO_BRANCH" == -redhat-centos-6.*- ]]; then
# enable optimisation to avoid bug in gcc < 4.6.0
# gcc commit 7959b7e646b493f48a2ea7228fbf1c43f84bedea
# git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@162384
# 138bc75d-0d04-0410-961f-82ee72b054a4
extra_CFLAGS=" -O1"
fi
export CFLAGS="$COVERAGE_CFLAGS $extra_CFLAGS"
test_dir=`mktemp --directory /dev/shm/ci-test-dir.XXXXXXXX`
stage configure "$BASE_DIR/configure" \
"${CONFIGURE_ARG_LIST[@]}" \
--with-test-dir="$test_dir"
# Build everything, including tests
# Not building "tests" due to https://fedorahosted.org/sssd/ticket/2350
stage make-tests make -j $CPU_NUM check LOG_COMPILER=true
stage lcov-pre lcov --capture --initial --directory . \
--base-directory "$BASE_DIR" \
--output-file ci-base.info
# Run tests
status=$?
stage make-check make -j $CPU_NUM check || status=$?
mv "$test_dir" ci-test-dir
((status == 0))
stage lcov-post lcov --capture --directory . \
--base-directory "$BASE_DIR" \
--output-file ci-check.info
stage lcov-merge lcov --add-tracefile ci-base.info \
--add-tracefile ci-check.info \
--output-file ci-dirty.info
stage lcov-clean lcov --remove ci-dirty.info \
"/usr/*" "src/tests/*" "/tmp/*" \
"*dtrace-temp.c" \
--output-file ci.info
stage genhtml eval 'genhtml --output-directory \
"$coverage_report_dir" \
--title "sssd" --show-details \
--legend --prefix "$BASE_DIR" \
ci.info |& tee ci-genhtml.out'
printf "%-$((TITLE_WIDTH + RESULT_WIDTH))s%s\n" \
"coverage report:" \
"`disppath \"\$coverage_report_dir/index.html\"`"
stage lcov-check eval 'lcov_check "$COVERAGE_MIN_LINES" \
"$COVERAGE_MIN_FUNCS" \
< ci-genhtml.out'
unset CFLAGS
}
# Run a build inside a sub-directory.
# Args: id cmd [arg...]
function run_build()
......@@ -309,7 +201,7 @@ declare args_expr
args_expr=`getopt --name \`basename "\$0"\` \
--options hp:dnemrf \
--longoptions help,prefix:,no-deps,deps-only \
--longoptions essential,moderate,rigorous,full \
--longoptions essential,moderate \
-- "$@"`
eval set -- "$args_expr"
......@@ -324,11 +216,9 @@ while true; do
-n|--no-deps)
DEPS=false; shift;;
-e|--essential)
MODERATE=false; RIGOROUS=false; shift;;
MODERATE=false; shift;;
-m|--moderate)
MODERATE=true; RIGOROUS=false; shift;;
-r|--rigorous|-f|--full)
MODERATE=true; RIGOROUS=true; shift;;
MODERATE=true; shift;;
--)
shift; break;;
*)
......@@ -356,19 +246,8 @@ if "$DEPS_ONLY"; then
exit
fi
if [[ "$DISTRO_BRANCH" != redhat-* ]]; then
# Ignore "E722 do not use bare except" exceptions
# that are only raised on debian_testing machines.
PEP8_IGNORE+=",E722"
fi
stage pep8 find . -path ./src/config -prune -o \
-name \*.py -exec $PEP8_BIN $PEP8_IGNORE \
$PEP8_MAX_LENGTH {} +
stage autoreconf autoreconf --install --force
run_build debug build_debug
if "$RIGOROUS"; then
run_build coverage build_coverage
fi
unset V
trap - EXIT
echo SUCCESS
......@@ -58,7 +58,7 @@ class LdbMessageElementPrinter(StringPrinter):
for i in range(nvals):
ldbval = LdbValPrinter(self.val['values'][i])
ret += "\n%s" % (ldbval.as_string(indent+1))
ret += "\n%s" % (ldbval.as_string(indent + 1))
return indent_string("{ <%s>\t%s }" % (self.val.type, ret), indent)
......@@ -78,7 +78,7 @@ class LdbMessagePrinter(StringPrinter):
for i in range(nels):
el = LdbMessageElementPrinter(self.val['elements'][i])
ret += "\n%s" % (el.as_string(indent+1))
ret += "\n%s" % (el.as_string(indent + 1))
return indent_string("{ <%s>\n%s }" % (self.val.type, ret), indent)
......@@ -97,7 +97,7 @@ class LdbResultPrinter(StringPrinter):
for i in range(count):
msg = LdbMessagePrinter(self.val['msgs'][i])
ret += "\n%s" % (msg.as_string(indent+1))
ret += "\n%s" % (msg.as_string(indent + 1))
return indent_string("{ <%s>\t%s }" % (self.val.type, ret), indent)
......@@ -116,7 +116,7 @@ class SysdbAttrsPrinter(StringPrinter):
for i in range(num):
el = LdbMessageElementPrinter(self.val['a'][i])
ret += "\n%s" % (el.as_string(indent+1))
ret += "\n%s" % (el.as_string(indent + 1))
return indent_string("{ <%s>\t%s }" % (self.val.type, ret), indent)
......
......@@ -311,7 +311,6 @@ License: GPLv3+
Requires: samba-client-libs >= %{samba_package_version}
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
Requires: sssd-idp = %{version}-%{release}
Requires: libipa_hbac%{?_isa} = %{version}-%{release}
Requires: libsss_certmap = %{version}-%{release}
Recommends: bind-utils
......@@ -504,13 +503,14 @@ An implementation of a Kerberos KCM server. Use this package if you want to
use the KCM: Kerberos credentials cache.
%package idp
Summary: Kerberos plugins for external identity providers.
Summary: Kerberos plugins and OIDC helper for external identity providers.
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
%description idp
This package provides Kerberos plugins that are required to enable
authentication against external identity providers.
authentication against external identity providers. Additionally a helper
program to handle the OAuth 2.0 Device Authorization Grant is provided.
%prep
%autosetup -p1
......@@ -598,7 +598,7 @@ rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name}
# Older versions of rpmbuild can only handle one -f option
# So we need to append to the sssd*.lang file
for file in `ls $RPM_BUILD_ROOT/%{python3_sitelib}/*.egg-info 2> /dev/null`
for file in `find $RPM_BUILD_ROOT/%{python3_sitelib} -maxdepth 1 -name "*.egg-info" 2> /dev/null`
do
echo %{python3_sitelib}/`basename $file` >> python3_sssdconfig.lang
done
......@@ -877,6 +877,7 @@ done
%{_mandir}/man8/pam_sss.8*
%{_mandir}/man8/pam_sss_gss.8*
%{_mandir}/man8/sssd_krb5_locator_plugin.8*
%{_mandir}/man8/sssd_krb5_localauth_plugin.8*
%files -n libsss_sudo
%license src/sss_client/COPYING
......
......@@ -24,3 +24,4 @@ zh_CN
zh_TW
ko
ka
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.