Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • mika/sssd
  • guillem/debian-pkg-sssd
  • john.veitch/sssd
  • jgullberg/sssd
  • gioele/sssd
  • oktay454/sssd
  • sergiodj/sssd
  • 3v1n0/sssd
  • jfalk-guest/sssd
  • sathieu/sssd
  • dpward/sssd
  • sssd-team/sssd
  • ahasenack/sssd
  • jbicha/sssd
  • yrro-guest/sssd
15 results
Show changes
Commits on Source (533)
Showing
with 1145 additions and 444 deletions
/**
* Remember that the build failed because one of the untrusted files were
* modified.
*/
untrusted = false
/**
* SSSD CI.
*
* This class hold SSSD CI settings and defines several helper methods
* that helps reducing code duplication. Unfortunately, it does not
* seem to be possible to run those methods directly from the pipeline
* as CI.MethodName() as it produces 'Expected a symbol' error therefore
* functions outside this class scope must be defined as well. These functions
* can be then called directly from the pipeline.
*/
class CI {
/**
* Absolute path to directory that holds the workspace on Jenkins slave.
*/
public static String BaseDir = '/home/fedora'
/**
* Github status context name that is visible in pull request statuses.
*/
public static String GHContext = 'sssd-ci'
/**
* URL that will be opened when user clicks on 'details' on 'sssd-ci' status.
*/
public static String GHUrl = 'https://pagure.io/SSSD/sssd'
/**
* URL that will be opened when user clicks on 'details' on specific
* build status (e.g. sssd-ci/fedora28).
*/
public static String AWS = 'https://s3.eu-central-1.amazonaws.com/sssd-ci'
/**
* Path to SSSD Test Suite on Jenkins slave.
*/
public static String SuiteDir = this.BaseDir + '/sssd-test-suite'
/**
* Workaround for https://issues.jenkins-ci.org/browse/JENKINS-39203
*
* At this moment if one stage in parallel block fails, failure branch in
* post block is run in all stages even though they might have been successful.
*
* We remember result of test stages in this variable so we can correctly
* report a success or error even if one of the stages that are run in
* parallel failed.
*/
public static def Results = [:]
/**
* Mark build as successfull.
*/
public static def BuildSuccessful(build) {
this.Results[build] = "success"
}
/**
* Return true if the build was successful.
*/
public static def IsBuildSuccessful(build) {
return this.Results[build] == "success"
}
/**
* Send commit status to Github for sssd-ci context.
*/
public static def Notify(ctx, status, message) {
ctx.githubNotify status: status,
context: this.GHContext,
description: message,
targetUrl: this.GHUrl
}
/**
* Send commit status to Github for specific build (e.g. sssd-ci/fedora28).
*/
public static def NotifyBuild(ctx, status, message) {
ctx.githubNotify status: status,
context: String.format('%s/%s', this.GHContext, ctx.env.TEST_SYSTEM),
description: message,
targetUrl: String.format(
'%s/%s/%s/%s/index.html',
this.AWS,
ctx.env.BRANCH_NAME,
ctx.env.BUILD_ID,
ctx.env.TEST_SYSTEM
)
}
/**
* Run tests. TEST_SYSTEM environment variable must be defined.
*/
public static def RunTests(ctx) {
this.NotifyBuild(ctx, 'PENDING', 'Build is in progress.')
ctx.sh String.format(
'./sssd/contrib/test-suite/run.sh %s %s %s %s',
"${ctx.env.WORKSPACE}/sssd",
"${this.SuiteDir}",
"${ctx.env.WORKSPACE}/artifacts/${ctx.env.TEST_SYSTEM}",
"${this.BaseDir}/configs/${ctx.env.TEST_SYSTEM}.json"
)
this.BuildSuccessful(ctx.env.TEST_SYSTEM)
}
/**
* Archive artifacts and notify Github about build result.
*/
public static def WhenCompleted(ctx) {
ctx.archiveArtifacts artifacts: "artifacts/**", allowEmptyArchive: true
ctx.sh String.format(
"${this.BaseDir}/scripts/archive.sh %s %s %s",
ctx.env.TEST_SYSTEM,
"${ctx.env.WORKSPACE}/artifacts/${ctx.env.TEST_SYSTEM}",
"${ctx.env.BRANCH_NAME}/${ctx.env.BUILD_ID}"
)
ctx.sh "rm -fr ${ctx.env.WORKSPACE}/artifacts/${ctx.env.TEST_SYSTEM}"
if (this.IsBuildSuccessful(ctx.env.TEST_SYSTEM)) {
this.NotifyBuild(ctx, 'SUCCESS', 'Success.')
return
}
this.NotifyBuild(ctx, 'FAILURE', 'Build failed.')
}
/**
* Notify Github that the build was aborted.
*/
public static def WhenAborted(ctx) {
this.NotifyBuild(ctx, 'ERROR', 'Aborted.')
}
}
/**
* CI class methods cannot be called directly from the pipeline as it
* yield 'Expected a symbol' error for some reason. This is a workaround
* for this issue.
*/
def CI_RunTests() { CI.RunTests(this) }
def CI_Post() { CI.WhenCompleted(this) }
def CI_Aborted() { CI.WhenAborted(this) }
def CI_Notify(status, message) { CI.Notify(this, status, message) }
pipeline {
agent none
options {
timeout(time: 10, unit: 'HOURS')
checkoutToSubdirectory('sssd')
}
stages {
stage('Prepare') {
steps {
CI_Notify('PENDING', 'Running tests.')
}
}
stage('Read trusted files') {
steps {
readTrusted './contrib/test-suite/run.sh'
readTrusted './contrib/test-suite/run-client.sh'
}
post {
failure {
script {
untrusted = true
}
}
}
}
stage('Run Tests') {
parallel {
stage('Test on Fedora 28') {
agent {label "sssd-ci"}
environment { TEST_SYSTEM = "fedora28" }
steps { CI_RunTests() }
post {
always { CI_Post() }
aborted { CI_Aborted() }
}
}
stage('Test on Fedora 29') {
agent {label "sssd-ci"}
environment { TEST_SYSTEM = "fedora29" }
steps { CI_RunTests() }
post {
always { CI_Post() }
aborted { CI_Aborted() }
}
}
stage('Test on Fedora 30') {
agent {label "sssd-ci"}
environment { TEST_SYSTEM = "fedora30" }
steps { CI_RunTests() }
post {
always { CI_Post() }
aborted { CI_Aborted() }
}
}
stage('Test on Fedora Rawhide') {
agent {label "sssd-ci"}
environment { TEST_SYSTEM = "fedora-rawhide" }
steps { CI_RunTests() }
post {
always { CI_Post() }
aborted { CI_Aborted() }
}
}
}
}
}
post {
failure {
script {
if (untrusted) {
CI_Notify('ERROR', 'Untrusted files were modified.')
} else {
CI_Notify('FAILURE', 'Some tests failed.')
}
}
}
aborted {
CI_Notify('ERROR', 'Builds were aborted.')
}
success {
CI_Notify('SUCCESS', 'All tests succeeded.')
}
}
}
This diff is collapsed.
......@@ -209,9 +209,11 @@ m4_include([src/external/intgcheck.m4])
m4_include([src/external/systemtap.m4])
m4_include([src/external/service.m4])
m4_include([src/external/test_ca.m4])
m4_include([src/external/ax_valgrind_check.m4])
if test x$with_secrets = xyes; then
m4_include([src/external/libhttp_parser.m4])
m4_include([src/external/libcurl.m4])
fi
if test x$with_kcm = xyes; then
......@@ -219,10 +221,14 @@ if test x$with_kcm = xyes; then
fi
if test x$with_kcm = xyes -o x$with_secrets = xyes; then
m4_include([src/external/libcurl.m4])
BUILD_WITH_LIBSECRET=1
AC_DEFINE_UNQUOTED(BUILD_WITH_LIBSECRET, 1, [libsecret will be built])
m4_include([src/external/libjansson.m4])
fi
AM_CONDITIONAL([BUILD_WITH_LIBSECRET],
[test x"$BUILD_WITH_LIBSECRET" != "x"])
# This variable is defined by external/libcurl.m4, but conditionals
# must be always evaluated
AM_CONDITIONAL([BUILD_WITH_LIBCURL],
......@@ -368,6 +374,13 @@ them please use argument --without-python3-bindings when running configure.])])
SSS_CLEAN_PYTHON_VARIABLES
fi
if test x$HAVE_PYTHON3_BINDINGS = x1; then
PYTHON_EXEC=$PYTHON3
else
PYTHON_EXEC=$PYTHON2
fi
AC_SUBST(PYTHON_EXEC)
AM_CONDITIONAL([BUILD_PYTHON_BINDINGS],
[test x"$with_python2_bindings" = xyes \
-o x"$with_python3_bindings" = xyes])
......@@ -483,7 +496,9 @@ AM_CONDITIONAL([HAVE_CHECK], [test x$have_check != x])
AM_CHECK_CMOCKA
AM_CHECK_UID_WRAPPER
AM_CHECK_NSS_WRAPPER
AM_CHECK_PAM_WRAPPER
AM_CHECK_TEST_CA
AX_VALGRIND_CHECK
# Check if the user wants SSSD to be compiled with systemtap probes
AM_CHECK_SYSTEMTAP
......@@ -508,6 +523,7 @@ AC_CONFIG_FILES([Makefile contrib/sssd.spec src/examples/rwtab src/doxy.config
src/sysv/sssd src/sysv/gentoo/sssd src/sysv/SUSE/sssd
po/Makefile.in src/man/Makefile src/tests/cwrap/Makefile
src/tests/intg/Makefile src/tests/test_CA/Makefile
src/tests/test_ECC_CA/Makefile
src/lib/ipa_hbac/ipa_hbac.pc src/lib/ipa_hbac/ipa_hbac.doxy
src/lib/idmap/sss_idmap.pc src/lib/idmap/sss_idmap.doxy
src/lib/certmap/sss_certmap.pc src/lib/certmap/sss_certmap.doxy
......@@ -519,4 +535,5 @@ AC_CONFIG_FILES([Makefile contrib/sssd.spec src/examples/rwtab src/doxy.config
src/config/setup.py
src/systemtap/sssd.stp
src/config/SSSDConfig/__init__.py])
AC_CONFIG_FILES([sbus_generate.sh], [chmod +x sbus_generate.sh])
AC_OUTPUT
......@@ -46,13 +46,30 @@ if [[ "$DISTRO_BRANCH" == -redhat-* ]]; then
pyldb
rpm-build
uid_wrapper
pam_wrapper
python-requests
curl-devel
krb5-server
krb5-workstation
dbus-python
python-pep8
)
if [[ "$DISTRO_BRANCH" == -redhat-fedora-3[1-9]* ]]; then
DEPS_LIST+=(
python3-pep8
)
else
DEPS_LIST+=(
python-pep8
)
fi
if [[ "$DISTRO_BRANCH" == -redhat-fedora-* ]]; then
DEPS_LIST+=(
http-parser-devel
)
fi
_DEPS_LIST_SPEC=`
sed -e 's/@PACKAGE_VERSION@/0/g' \
-e 's/@PACKAGE_NAME@/package-name/g' \
......@@ -117,6 +134,7 @@ if [[ "$DISTRO_BRANCH" == -debian-* ]]; then
fakeroot
libnss-wrapper
libuid-wrapper
libpam-wrapper
python-pytest
python-ldap
python-ldb
......
......@@ -41,7 +41,7 @@ declare -r COVERAGE_MIN_FUNCS=0
# Those values are a sum up of the default warnings in all our
# supported distros in our CI.
# debian_testing: E121,E123,E126,E226,E24,E704,W503
# debian_testing: E121,E123,E126,E226,E24,E704,W503,W504,W605
# fedora22:
# fedora23:
# fedora24: E121,E123,E126,E226,E24,E704
......@@ -51,7 +51,7 @@ declare -r COVERAGE_MIN_FUNCS=0
# fedora_rawhide: E121,E123,E126,E226,E24,E704
# rhel6:
# rhel7:
declare PEP8_IGNORE="--ignore=E121,E123,E126,E226,E24,E704,W503"
declare PEP8_IGNORE="--ignore=E121,E123,E126,E226,E24,E704,W503,W504,W605"
declare BASE_PFX=""
declare DEPS=true
declare BASE_DIR=`pwd`
......
......@@ -164,12 +164,12 @@
fun:ares_init_options
fun:recreate_ares_channel
fun:resolv_init
...
fun:be_res_init
fun:be_init_failover
fun:test_ipa_server_create_trusts_setup
...
fun:_cmocka_run_group_tests
fun:main
}
# Leaks in bash if p11_child returns and error because due to libtool the
......@@ -221,3 +221,16 @@
fun:set_default_locale
fun:main
}
# glibc nsswitch (getpwuid) leak
# Seems to be affecting Fedora < F28
{
glibc-nss-getpwuid
Memcheck:Leak
fun:malloc
...
fun:getpwuid_r@@GLIBC_2.2.5
fun:getpwuid
...
fun:main
}
......@@ -118,11 +118,8 @@
%global enable_systemtap_opt --enable-systemtap
%endif
%if (0%{?fedora} || 0%{?rhel} >= 7)
%global with_secrets 1
%else
%global with_secret_responder --without-secrets
%endif
%global with_secrets 0
%global with_secret_responder --without-secrets
%if (0%{?fedora} >= 23 || 0%{?rhel} >= 7)
%global with_kcm 1
......@@ -145,6 +142,12 @@
%global with_idmap_version --with-smb-idmap-interface-version=5
%endif
%global with_local_provider 0
%if (0%{?fedora} <= 28 || 0%{?rhel <= 7})
%global with_local_provider 1
%global enable_local_provider --enable-local-provider
%endif
Name: @PACKAGE_NAME@
Version: @PACKAGE_VERSION@
Release: 0@PRERELEASE_VERSION@%{?dist}
......@@ -234,6 +237,7 @@ BuildRequires: selinux-policy-targeted
BuildRequires: libcmocka-devel >= 1.0.0
BuildRequires: uid_wrapper
BuildRequires: nss_wrapper
BuildRequires: pam_wrapper
# Test CA requires openssl independent if SSSD is build with NSS or openssl,
# openssh is needed for ssh-keygen and NSS builds need nss-tools for certutil.
......@@ -278,13 +282,13 @@ BuildRequires: systemtap-sdt-devel
%endif
%if (0%{?with_secrets} == 1)
BuildRequires: http-parser-devel
BuildRequires: libcurl-devel
%endif
%if (0%{?with_kcm} == 1)
BuildRequires: libuuid-devel
%endif
%if (0%{?with_secrets} == 1 || 0%{?with_kcm} == 1)
BuildRequires: jansson-devel
BuildRequires: libcurl-devel
%endif
%if (0%{?with_gdm_pam_extensions} == 1)
BuildRequires: gdm-pam-extensions-devel
......@@ -742,7 +746,7 @@ UIDs/GIDs to names and vice versa. It can be also used for mapping principal
(user) name to IDs(UID or GID) or to obtain groups which user are member of.
%package -n libsss_certmap
Summary: SSSD Certficate Mapping Library
Summary: SSSD Certificate Mapping Library
Group: Development/Libraries
License: LGPLv3+
Requires(post): /sbin/ldconfig
......@@ -752,7 +756,7 @@ Requires(postun): /sbin/ldconfig
Library to map certificates to users based on rules
%package -n libsss_certmap-devel
Summary: SSSD Certficate Mapping Library
Summary: SSSD Certificate Mapping Library
Group: Development/Libraries
License: LGPLv3+
Requires: libsss_certmap = %{version}-%{release}
......@@ -809,6 +813,7 @@ autoreconf -ivf
%{?with_secret_responder} \
%{?with_kcm_option} \
%{?with_idmap_version} \
%{?enable_local_provider} \
%{?experimental}
make %{?_smp_mflags} all
......@@ -1015,6 +1020,15 @@ done
%{_libdir}/%{name}/libsss_ldap_common.so
%{_libdir}/%{name}/libsss_util.so
%{_libdir}/%{name}/libsss_semanage.so
%{_libdir}/%{name}/libsss_sbus.so
%{_libdir}/%{name}/libsss_sbus_sync.so
%{_libdir}/%{name}/libsss_iface.so
%{_libdir}/%{name}/libsss_iface_sync.so
%{_libdir}/%{name}/libifp_iface.so
%{_libdir}/%{name}/libifp_iface_sync.so
%if (0%{?with_secrets} == 1 || 0%{?with_kcm} == 1)
%{_libdir}/%{name}/libsss_secrets.so
%endif
%{ldb_modulesdir}/memberof.so
%{_bindir}/sss_ssh_authorizedkeys
......@@ -1025,11 +1039,11 @@ done
%dir %{sssdstatedir}
%dir %{_localstatedir}/cache/krb5rcache
%attr(700,sssd,sssd) %dir %{dbpath}
%attr(755,sssd,sssd) %dir %{mcpath}
%attr(775,sssd,sssd) %dir %{mcpath}
%attr(751,sssd,sssd) %dir %{deskprofilepath}
%ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/passwd
%ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/group
%ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/initgroups
%ghost %attr(0664,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/passwd
%ghost %attr(0664,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/group
%ghost %attr(0664,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/initgroups
%attr(755,sssd,sssd) %dir %{pipepath}
%attr(750,sssd,root) %dir %{pipepath}/private
%attr(755,sssd,sssd) %dir %{pubconfpath}
......@@ -1181,6 +1195,7 @@ done
%files tools -f sssd_tools.lang
%defattr(-,root,root,-)
%license COPYING
%if (0%{with_local_provider} == 1)
%{_sbindir}/sss_useradd
%{_sbindir}/sss_userdel
%{_sbindir}/sss_usermod
......@@ -1188,11 +1203,13 @@ done
%{_sbindir}/sss_groupdel
%{_sbindir}/sss_groupmod
%{_sbindir}/sss_groupshow
%endif
%{_sbindir}/sss_obfuscate
%{_sbindir}/sss_override
%{_sbindir}/sss_debuglevel
%{_sbindir}/sss_seed
%{_sbindir}/sssctl
%if (0%{with_local_provider} == 1)
%{_mandir}/man8/sss_groupadd.8*
%{_mandir}/man8/sss_groupdel.8*
%{_mandir}/man8/sss_groupmod.8*
......@@ -1200,6 +1217,7 @@ done
%{_mandir}/man8/sss_useradd.8*
%{_mandir}/man8/sss_userdel.8*
%{_mandir}/man8/sss_usermod.8*
%endif
%{_mandir}/man8/sss_obfuscate.8*
%{_mandir}/man8/sss_override.8*
%{_mandir}/man8/sss_debuglevel.8*
......@@ -1342,9 +1360,7 @@ done
%if (0%{?with_kcm} == 1)
%files kcm -f sssd_kcm.lang
%if (0%{?with_secrets} == 1)
%attr(700,root,root) %dir %{secdbpath}
%endif
%{_libexecdir}/%{servicename}/sssd_kcm
%if (0%{?with_secrets} == 1)
%{_libexecdir}/%{servicename}/sssd_secrets
......@@ -1353,10 +1369,10 @@ done
%{_datadir}/sssd-kcm/kcm_default_ccache
%{_unitdir}/sssd-kcm.socket
%{_unitdir}/sssd-kcm.service
%{_unitdir}/sssd-secrets.socket
%{_unitdir}/sssd-secrets.service
%{_mandir}/man8/sssd-kcm.8*
%if (0%{?with_secrets} == 1)
%{_unitdir}/sssd-secrets.socket
%{_unitdir}/sssd-secrets.service
%{_mandir}/man5/sssd-secrets.5*
%endif
%endif
......@@ -1374,7 +1390,6 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us
%systemd_post sssd-pac.socket
%systemd_post sssd-pam.socket
%systemd_post sssd-pam-priv.socket
%systemd_post sssd-secrets.socket
%systemd_post sssd-ssh.socket
%systemd_post sssd-sudo.socket
......@@ -1385,7 +1400,6 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us
%systemd_preun sssd-pac.socket
%systemd_preun sssd-pam.socket
%systemd_preun sssd-pam-priv.socket
%systemd_preun sssd-secrets.socket
%systemd_preun sssd-ssh.socket
%systemd_preun sssd-sudo.socket
......@@ -1400,8 +1414,6 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us
%systemd_postun_with_restart sssd-pam.socket
%systemd_postun_with_restart sssd-pam-priv.socket
%systemd_postun_with_restart sssd-pam.service
%systemd_postun_with_restart sssd-secrets.socket
%systemd_postun_with_restart sssd-secrets.service
%systemd_postun_with_restart sssd-ssh.socket
%systemd_postun_with_restart sssd-ssh.service
%systemd_postun_with_restart sssd-sudo.socket
......@@ -1428,6 +1440,18 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us
%systemd_postun_with_restart sssd-kcm.service
%endif
%if (0%{?with_secrets} == 1)
%post secrets
%systemd_postun_with_restart sssd-secrets.socket
%preun secrets
%systemd_preun_with_restart sssd-secrets.socket
%postun secrets
%systemd_postun_with_restart sssd-secrets.socket
%systemd_postun_with_restart sssd-secrets.service
%endif
%else
# sysv
%post common
......
# Run SSSD Test Suite
Script `run.sh` will run all available SSSD test on a set of virtual machines created by vagrant. These virtual machines are part of separate project located at `https://github.com/SSSD/sssd-test-suite`.
## Automated Testing
These test are run automatically when you submit a Pull Request to SSSD project. Status report together with logs will be available in the Pull Request when testing is finished.
## Steps to run the tests manually
1. Checkout `https://github.com/SSSD/sssd-test-suite`
2. Configure and setup SSSD test suite per instructions located at project readme.
3. Make sssd-test-suite use already provisioned boxes (either manually created or maintained by SSSD team at https://app.vagrantup.com/sssd-vagrant).
4. Run `run.sh`, please note that this script will call `vagrant destroy` and it will thus destroy your existing guests.
```
run.sh SSSD-SOURCE-DIR TEST-SUITE-DIR ARTIFACTS-DIR CONFIG-FILE
SSSD-SOURCE-DIR Path to SSSD source directory.
TEST-SUITE-DIR Path to sssd-test-suite_dir directory.
ARTIFACTS-DIR Path to directory where artifacts should be stored.
CONFIG-FILE Path to sssd-test-suite_dir configuration file to use.
```
At this moment only `client` guest is required. We need to expand our test cases to test agains FreeIPA and Active Directory.
## SSSD CI Architecture
Jenkins master polls github for new branches and pull requests. When it discovers new pull request or branch or changes to existing pull request or branch it will allocate a jenkins agent and executes pipeline defined in `./Jenkinsfile` (in SSSD source) on this agent.
The pipeline executes `./contrib/test-suite/run.sh` and archives logs when testing is finished. Script `./contrib/test-suite/run.sh` prepares sssd-test-suite, starts the vagrant machines and copy SSSD source code to the client machine. Then it calls `./contrib/test-suite/run-client.sh` on the client machine which runs continuous integration tests.
### Extending current tests
To extend current testing capabilities, modify `./contrib/test-suite/run.sh` and `./contrib/test-suite/run-client.sh` to new requirements. These files can be modified by anyone but are considered untrusted from contributor that is not an administrator of SSSD repository. This means that if a public contributor submits a pull request that changes those files, Jenkins will refuse to run tests.
### Adding additional distribution to test on
You need to modify `./Jenkinsfile`. Simply copy, paste and amend existing Fedora 28 stage. This file is also considered untrusted so only administrators can modify it within a pull request.
You also need to extend `sssd-test-suite` and prepare vagrant boxes for this distro.
#!/bin/bash
#
# DO NOT RUN THIS MANUALLY
#
sssd_source="/shared/sssd"
artifacts_dir="/shared/artifacts"
archive-artifacts() {
echo "Archiving artifacts..."
cp -f $sssd_source/ci-*.log $artifacts_dir
cp -f $sssd_source/ci-build-debug/ci-*.log $artifacts_dir
cp -f $sssd_source/ci-build-debug/test-suite.log $artifacts_dir
}
success-or-die() {
ret=$1
msg=$2
if [ $ret -eq 0 ]; then
return 0
fi
echo $msg
archive-artifacts
exit $ret
}
cd $sssd_source
echo "[1/1] Running Continuous Integration Tests"
./contrib/ci/run --moderate --no-deps
success-or-die $? "CI Failed!"
archive-artifacts
exit 0
#!/bin/bash
print-usage() {
cat <<EOF
Run SSSD Continuous Integration Tests
Make sure to checkout and setup https://github.com/SSSD/sssd-test-suite
run.sh SSSD-SOURCE-DIR TEST-SUITE-DIR ARTIFACTS-DIR CONFIG-FILE
SSSD-SOURCE-DIR Path to SSSD source directory.
TEST-SUITE-DIR Path to sssd-test-suite_dir directory.
ARTIFACTS-DIR Path to directory where artifacts should be stored.
CONFIG-FILE Path to sssd-test-suite_dir configuration file to use.
EOF
}
print-help-if-asked() {
while test $# -gt 0
do
case "$1" in
--help)
print-usage ; exit 0
;;
-h) print-usage ; exit 0
;;
-?) print-usage ; exit 0
;;
esac
shift
done
}
success-or-die() {
if [ $1 -ne 0 ]; then
echo $2
exit 1
fi
}
print-help-if-asked "$@"
if [[ $# -ne 4 ]]; then
print-usage
exit 1
fi
sssd_source=$1
suite_dir=$2
artifacts_dir=$3
config=$4
guest_source="/shared/sssd"
guest_artifacts="/shared/artifacts"
# Currently only client machine is needed.
guests="client"
run-vagrant() {
VAGRANT_CWD="$suite_dir" \
SSSD_TEST_SUITE_RSYNC="$sssd_source:$guest_source" \
SSSD_TEST_SUITE_SSHFS="$artifacts_dir:$guest_artifacts" \
SSSD_TEST_SUITE_CONFIG="$config" \
vagrant "$@"
}
start-guest() {
# This may fail if guest's box was not yet downloaded. We will ignore it.
run-vagrant destroy $1 &> /dev/null
run-vagrant box update $1
success-or-die $? "Unable to update guest: $1"
run-vagrant up $1
success-or-die $? "Unable to start guest: $1"
}
stop-guest() {
run-vagrant halt $1
success-or-die $? "Unable to halt guest: $1"
}
echo "[1/5] Creating $artifacts_dir"
mkdir -p "$artifacts_dir"
success-or-die $? "Unable to create directory: $artifacts_dir"
echo "[2/5] Updating sssd-test-suite"
git -C "$suite_dir" pull --rebase
success-or-die $? "Unable to rebase sssd-test-suite at: $suite_dir"
echo "[3/5] Preparing vagrant machines"
for guest in $guests; do
start-guest $guest
done
echo "[4/5] Running tests"
run-vagrant ssh client -- "$guest_source/contrib/test-suite/run-client.sh"
success-or-die $? "SSSD Test Suite Failed: $?"
echo "[5/5] Shutdown machines"
for guest in $guests; do
stop-guest $guest
done
sssd (1.16.3-4) unstable; urgency=medium
sssd (2.2.0-1) unstable; urgency=medium
[ Victor Tapia ]
* d/p/GPO_CROND-customization.diff: Set GPO_CROND to cron for Debian
and Ubuntu (LP: #1572908)
* New upstream release.
* control: Bump policy to 4.4.0.
* control, compat, rules: Bump debhelper to 12.
* *.install: Updated, some files moved to /usr/libexec.
-- Timo Aaltonen <tjaalton@debian.org> Wed, 10 Jul 2019 10:14:09 +0300
sssd (2.1.0-1) experimental; urgency=medium
* New upstream release.
* sssd-tools.install: Local domain support is deprecated and not
built by default anymore, so drop the files.
* control, sssd-common.install: Secrets responder is dropped, deprecated.
* control: Add ldap-utils to build-depends, tests need it.
* sssd-common.install: Add new internal libs for iface/sbus.
* fix-whitespace-test.diff: Fix ignoring the debian dir.
* rules: Update the clean target.
-- Timo Aaltonen <tjaalton@debian.org> Mon, 27 May 2019 13:55:38 +0300
sssd (1.16.4-1~exp1) experimental; urgency=medium
[ Timo Aaltonen ]
* New upstream release. (LP: #1572908)
* Drop patches, all upstream.
* Enable systemd responders. (Closes: #925026, #923882)
[ Dominik George ]
* Acknowledge NMU.
* Add myself to Uploaders.
-- Dominik George <natureshadow@debian.org> Thu, 28 Feb 2019 22:39:44 +0100
-- Timo Aaltonen <tjaalton@debian.org> Wed, 03 Apr 2019 09:56:33 +0300
sssd (1.16.3-3.1) unstable; urgency=high
......@@ -778,7 +801,7 @@ sssd (1.2.1-3) unstable; urgency=low
_kerberos TXT record in DNS if it exist.
* Recommend bind9-host used by generate-config for SRV and TXT
lookups.
[ Morten Werner Forsbring ]
* Check if /etc/default/sssd is a file and executable, not a directory,
before sourcing in init-script. Thanks to lintian.
......
10
12
......@@ -8,7 +8,7 @@ Build-Depends:
autopoint,
check,
cifs-utils,
debhelper (>= 10),
debhelper (>= 12),
dh-apparmor,
dh-python,
dnsutils,
......@@ -16,16 +16,15 @@ Build-Depends:
docbook-xsl,
dpkg-dev (>= 1.16.1~),
krb5-config,
ldap-utils,
libaugeas-dev,
libc-ares-dev,
libcmocka-dev [amd64 armhf i386],
libcollection-dev,
libcurl4-gnutls-dev,
libdbus-1-dev,
libdhash-dev,
libgdm-dev [!s390x !kfreebsd-any !hurd-any],
libglib2.0-dev,
libhttp-parser-dev,
libini-config-dev,
libjansson-dev,
libkeyutils-dev [linux-any],
......@@ -64,7 +63,7 @@ Build-Depends:
uuid-dev,
xml-core,
xsltproc
Standards-Version: 4.1.3
Standards-Version: 4.4.0
Vcs-Git: https://salsa.debian.org/sssd-team/sssd.git
Vcs-Browser: https://salsa.debian.org/sssd-team/sssd
Homepage: https://pagure.io/SSSD/sssd/
......
From bc65ba9a07a924a58b13a0d5a935114ab72b7524 Mon Sep 17 00:00:00 2001
From: Victor Tapia <victor.tapia@canonical.com>
Date: Fri, 22 Feb 2019 14:54:13 +0100
Subject: [PATCH] GPO: Allow customization of GPO_CROND per OS
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
For both Debian and Ubuntu, the cron PAM service is named "cron" instead
of "crond", denying the use of the service by default.
This patch enables the HAVE_$OS (HAVE_DEBIAN/HAVE_FEDORA...) macros to select
the service name during build, allowing further customization if required.
Resolves:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908
Reviewed-by: Michal Židek <mzidek@redhat.com>
---
src/external/platform.m4 | 8 ++++++++
src/providers/ad/ad_gpo.c | 4 ++++
2 files changed, 12 insertions(+)
diff --git a/src/external/platform.m4 b/src/external/platform.m4
index c67e08144..75853622f 100644
--- a/src/external/platform.m4
+++ b/src/external/platform.m4
@@ -36,6 +36,14 @@ AM_CONDITIONAL([HAVE_SUSE], [test x"$osname" = xsuse])
AM_CONDITIONAL([HAVE_DEBIAN], [test x"$osname" = xdebian])
AM_CONDITIONAL([HAVE_GENTOO], [test x"$osname" = xgentoo])
+AS_CASE([$osname],
+ [redhat], [AC_DEFINE_UNQUOTED([HAVE_REDHAT], 1, [Build with redhat config])],
+ [fedora], [AC_DEFINE_UNQUOTED([HAVE_FEDORA], 1, [Build with fedora config])],
+ [suse], [AC_DEFINE_UNQUOTED([HAVE_SUSE], 1, [Build with suse config])],
+ [gentoo], [AC_DEFINE_UNQUOTED([HAVE_GENTOO], 1, [Build with gentoo config])],
+ [debian], [AC_DEFINE_UNQUOTED([HAVE_DEBIAN], 1, [Build with debian config])],
+ [AC_MSG_NOTICE([Build with $osname config])])
+
AC_CHECK_MEMBERS([struct ucred.pid, struct ucred.uid, struct ucred.gid], , ,
[[#include <sys/socket.h>]])
diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
index f3be7238e..3b472e0e9 100644
--- a/src/providers/ad/ad_gpo.c
+++ b/src/providers/ad/ad_gpo.c
@@ -200,7 +200,11 @@ int ad_gpo_process_cse_recv(struct tevent_req *req);
#define GPO_SSHD "sshd"
#define GPO_FTP "ftp"
#define GPO_SAMBA "samba"
+#ifdef HAVE_DEBIAN
+#define GPO_CROND "cron"
+#else
#define GPO_CROND "crond"
+#endif
#define GPO_POLKIT "polkit-1"
#define GPO_SUDO "sudo"
#define GPO_SUDO_I "sudo-i"
--
2.17.1
commit 1ee12b05570fcfb8e4190c9ec704c5563138344d
Author: Lukas Slebodnik <lslebodn@redhat.com>
Date: Wed Nov 7 23:06:10 2018 +0000
UTIL: Fix compilation with curl 7.62.0
The macro CURLE_SSL_CACERT is deprecated in upstream curl
since commit 3f3b26d6feb0667714902e836af608094235fca2.
commit 3f3b26d6feb0667714902e836af608094235fca2
Author: Han Han <hhan@thousandeyes.com>
Date: Wed Aug 22 11:13:32 2018 -0700
ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code
Long live CURLE_PEER_FAILED_VERIFICATION
sh$ git tag --contains 3f3b26d6feb0667714902e836af608094235fca2
curl-7_62_0
It was not removed. It is just an alias to
CURLE_PEER_FAILED_VERIFICATION which causes compile time failures in
switch/case.
./src/util/tev_curl.c: In function 'curl_code2errno':
./src/util/tev_curl.c:113:5: error: duplicate case value
case CURLE_PEER_FAILED_VERIFICATION:
^~~~
./src/util/tev_curl.c: 100:5: note: previously used here
case CURLE_SSL_CACERT:
^~~~
Merges: https://pagure.io/SSSD/sssd/pull-request/3878
Resolves:
https://pagure.io/SSSD/sssd/issue/3875
Reviewed-by: Sumit Bose <sbose@redhat.com>
diff --git a/src/util/tev_curl.c b/src/util/tev_curl.c
index 6a7a580d5..d70a42972 100644
--- a/src/util/tev_curl.c
+++ b/src/util/tev_curl.c
@@ -97,7 +97,9 @@ static errno_t curl_code2errno(CURLcode crv)
return ETIMEDOUT;
case CURLE_SSL_ISSUER_ERROR:
case CURLE_SSL_CACERT_BADFILE:
+#if LIBCURL_VERSION_NUM < 0x073e00
case CURLE_SSL_CACERT:
+#endif
case CURLE_SSL_CERTPROBLEM:
return ERR_INVALID_CERT;
diff --git a/src/tests/whitespace_test b/src/tests/whitespace_test
index f055ed4c2..fa95494be 100755
--- a/src/tests/whitespace_test
+++ b/src/tests/whitespace_test
@@ -4,7 +4,7 @@ set -e -u -o pipefail
# An AWK regex matching tracked file paths to be excluded from the search.
# Example: '.*\.po|README'
-PATH_EXCLUDE_REGEX='.*\.po|.*\.patch|.*\.diff|\/debian\/.*'
+PATH_EXCLUDE_REGEX='.*\.po|.*\.patch|.*\.diff|debian\/.*'
export GIT_DIR="$ABS_TOP_SRCDIR/.git"
export GIT_WORK_TREE="$ABS_TOP_SRCDIR"
@@ -16,7 +16,7 @@ fi
{
# Look for lines with trailing whitespace in all files tracked by Git
- git grep -n -I '\s\+$' -- "$(git rev-parse --show-toplevel)" ||
+ git grep --full-name -n -I '\s\+$' -- "$(git rev-parse --show-toplevel)" ||
# Don't fail if no such lines were found anywhere
[[ $? == 1 ]]
} |
From: Dominik George <natureshadow@debian.org>
Subject: Allow building authdata plugin with krb5 1.17
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923125
--- a/src/external/pac_responder.m4
+++ b/src/external/pac_responder.m4
@@ -18,7 +18,8 @@ then
Kerberos\ 5\ release\ 1.13* | \
Kerberos\ 5\ release\ 1.14* | \
Kerberos\ 5\ release\ 1.15* | \
- Kerberos\ 5\ release\ 1.16*)
+ Kerberos\ 5\ release\ 1.16* | \
+ Kerberos\ 5\ release\ 1.17*)
krb5_version_ok=yes
AC_MSG_RESULT([yes])
;;
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 22 Nov 2018 11:36:57 +0100
Subject: tests: fix mocking krb5_creds in test_copy_ccache
To just test some ccache related functionality without talking to an
actual KDC to get the tickets some needed libkrb5 structs were mocked
based on tests from the MIT Kerberos source code. One struct member
(is_skey) was so far not regarded by libkrb5 for out test case. But a
recent fix for http://krbdev.mit.edu/rt/Ticket/Display.html?id=8718
changed this and we have to change the mocking.
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921761
Origin: https://github.com/SSSD/sssd/commit/08bba3a6e3e4e21f2e20b71cca463d50420aa9ee.patch
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
diff --git a/src/tests/cmocka/test_copy_ccache.c b/src/tests/cmocka/test_copy_ccache.c
index 84225b6bff..7c76c00e8f 100644
--- a/src/tests/cmocka/test_copy_ccache.c
+++ b/src/tests/cmocka/test_copy_ccache.c
@@ -88,7 +88,7 @@ static int setup_ccache(void **state)
test_creds.times.starttime = 2222;
test_creds.times.endtime = 3333;
test_creds.times.renew_till = 4444;
- test_creds.is_skey = 1;
+ test_creds.is_skey = 0;
test_creds.ticket_flags = 5555;
test_creds.addresses = addrs;
fix-curl-ftbfs.diff
fix_copy_ccache_test.diff
fix_authdata_krb5_1.17.diff
GPO_CROND-customization.diff
fix-whitespace-test.diff
#!/usr/bin/make -f
%:
dh $@ --with quilt,autoreconf,python2,python3,systemd \
dh $@ --with quilt,autoreconf,python2,python3 \
--builddirectory=build
DPKG_EXPORT_BUILDFLAGS = 1
......@@ -73,11 +73,6 @@ override_dh_install:
# match nn/nn/nnnn, replace with the date from changelog
sed -i 's/[0-1][0-9]\/[0-3][0-9]\/[0-9][0-9][0-9][0-9]/${PKGDATE}/g' $(CURDIR)/debian/tmp/usr/share/man/man*/*
for responder in autofs ifp nss pac pam-priv pam ssh sudo; do \
rm -f $(CURDIR)/debian/tmp/lib/systemd/system/sssd-$$responder.service \
$(CURDIR)/debian/tmp/lib/systemd/system/sssd-$$responder.socket; \
done
dh_install
override_dh_missing:
......@@ -103,3 +98,4 @@ override_dh_auto_clean:
rm -f $(CURDIR)/po/*.gmo
rm -f $(CURDIR)/src/config/*.pyc
rm -f $(CURDIR)/po/stamp-po
rm -f $(CURDIR)/src/sbus/codegen/__pycache__/*.pyc