forked from jengelh/sssd
Accepting request 1044142 from network:ldap
- Take systemd units off the restart list that have RefuseManualStart=yes - Add symvers.patch OBS-URL: https://build.opensuse.org/request/show/1044142 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=124
This commit is contained in:
commit
a51fc7b5d7
@ -1,3 +1,10 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Dec 21 19:29:45 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Take systemd units off the restart list that have
|
||||||
|
RefuseManualStart=yes [boo#1206592]
|
||||||
|
- Add symvers.patch [boo#1206592]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sun Dec 11 14:17:23 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
|
Sun Dec 11 14:17:23 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
28
sssd.spec
28
sssd.spec
@ -20,7 +20,7 @@ Name: sssd
|
|||||||
Version: 2.8.2
|
Version: 2.8.2
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: System Security Services Daemon
|
Summary: System Security Services Daemon
|
||||||
License: GPL-3.0-or-later and LGPL-3.0-or-later
|
License: GPL-3.0-or-later AND LGPL-3.0-or-later
|
||||||
Group: System/Daemons
|
Group: System/Daemons
|
||||||
URL: https://github.com/SSSD/sssd
|
URL: https://github.com/SSSD/sssd
|
||||||
#Git-Clone: https://github.com/SSSD/sssd
|
#Git-Clone: https://github.com/SSSD/sssd
|
||||||
@ -29,8 +29,9 @@ Source2: https://github.com/SSSD/sssd/releases/download/%version/%name-%v
|
|||||||
Source3: baselibs.conf
|
Source3: baselibs.conf
|
||||||
Source5: %name.keyring
|
Source5: %name.keyring
|
||||||
Patch1: krb-noversion.diff
|
Patch1: krb-noversion.diff
|
||||||
Patch2: harden_sssd-ifp.service.patch
|
Patch2: harden_sssd-ifp.service.patch
|
||||||
Patch3: harden_sssd-kcm.service.patch
|
Patch3: harden_sssd-kcm.service.patch
|
||||||
|
Patch4: symvers.patch
|
||||||
BuildRequires: autoconf >= 2.59
|
BuildRequires: autoconf >= 2.59
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
BuildRequires: bind-utils
|
BuildRequires: bind-utils
|
||||||
@ -40,6 +41,7 @@ BuildRequires: cyrus-sasl-devel
|
|||||||
BuildRequires: docbook-xsl-stylesheets
|
BuildRequires: docbook-xsl-stylesheets
|
||||||
BuildRequires: krb5-devel >= 1.12
|
BuildRequires: krb5-devel >= 1.12
|
||||||
BuildRequires: libcmocka-devel
|
BuildRequires: libcmocka-devel
|
||||||
|
BuildRequires: libsubid-devel
|
||||||
BuildRequires: libtool
|
BuildRequires: libtool
|
||||||
BuildRequires: libunistring-devel
|
BuildRequires: libunistring-devel
|
||||||
BuildRequires: libxml2-tools
|
BuildRequires: libxml2-tools
|
||||||
@ -66,6 +68,7 @@ BuildRequires: pkgconfig(libnfsidmap)
|
|||||||
BuildRequires: pkgconfig(libnl-3.0) >= 3.0
|
BuildRequires: pkgconfig(libnl-3.0) >= 3.0
|
||||||
BuildRequires: pkgconfig(libnl-route-3.0) >= 3.0
|
BuildRequires: pkgconfig(libnl-route-3.0) >= 3.0
|
||||||
BuildRequires: pkgconfig(libpcre2-8)
|
BuildRequires: pkgconfig(libpcre2-8)
|
||||||
|
BuildRequires: pkgconfig(libsemanage)
|
||||||
BuildRequires: pkgconfig(libsystemd)
|
BuildRequires: pkgconfig(libsystemd)
|
||||||
BuildRequires: pkgconfig(ndr_krb5pac)
|
BuildRequires: pkgconfig(ndr_krb5pac)
|
||||||
BuildRequires: pkgconfig(ndr_nbt)
|
BuildRequires: pkgconfig(ndr_nbt)
|
||||||
@ -77,11 +80,9 @@ BuildRequires: pkgconfig(talloc)
|
|||||||
BuildRequires: pkgconfig(tdb) >= 1.1.3
|
BuildRequires: pkgconfig(tdb) >= 1.1.3
|
||||||
BuildRequires: pkgconfig(tevent)
|
BuildRequires: pkgconfig(tevent)
|
||||||
BuildRequires: pkgconfig(uuid)
|
BuildRequires: pkgconfig(uuid)
|
||||||
BuildRequires: pkgconfig(libsemanage)
|
|
||||||
BuildRequires: libsubid-devel
|
|
||||||
%{?systemd_ordering}
|
%{?systemd_ordering}
|
||||||
Requires: sssd-ldap = %version-%release
|
Requires: sssd-ldap = %version-%release
|
||||||
Requires(postun): pam-config
|
Requires(postun):pam-config
|
||||||
Provides: libsss_sudo = %version-%release
|
Provides: libsss_sudo = %version-%release
|
||||||
Provides: sssd-client = %version-%release
|
Provides: sssd-client = %version-%release
|
||||||
Obsoletes: libsss_sudo < %version-%release
|
Obsoletes: libsss_sudo < %version-%release
|
||||||
@ -103,7 +104,7 @@ Obsoletes: libsss_sudo < %version-%release
|
|||||||
%define cifs_idmap_name cifs-idmap-plugin
|
%define cifs_idmap_name cifs-idmap-plugin
|
||||||
%define cifs_idmap_priority 10
|
%define cifs_idmap_priority 10
|
||||||
Requires(post): update-alternatives
|
Requires(post): update-alternatives
|
||||||
Requires(postun): update-alternatives
|
Requires(postun):update-alternatives
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Provides a set of daemons to manage access to remote directories and
|
Provides a set of daemons to manage access to remote directories and
|
||||||
@ -199,7 +200,7 @@ and/or PAM modules to leverage SSSD caching.
|
|||||||
|
|
||||||
%package tools
|
%package tools
|
||||||
Summary: Commandline tools for sssd
|
Summary: Commandline tools for sssd
|
||||||
License: GPL-3.0-or-later and LGPL-3.0-or-later
|
License: GPL-3.0-or-later AND LGPL-3.0-or-later
|
||||||
Group: System/Management
|
Group: System/Management
|
||||||
Requires: python3-sssd-config = %version
|
Requires: python3-sssd-config = %version
|
||||||
Requires: sssd = %version
|
Requires: sssd = %version
|
||||||
@ -356,7 +357,7 @@ libsss_nss_idmap can be used by Python applications.
|
|||||||
|
|
||||||
%package -n python3-sssd-config
|
%package -n python3-sssd-config
|
||||||
Summary: Python API for configuring sssd
|
Summary: Python API for configuring sssd
|
||||||
License: GPL-3.0-or-later and LGPL-3.0-or-later
|
License: GPL-3.0-or-later AND LGPL-3.0-or-later
|
||||||
Group: Development/Libraries/Python
|
Group: Development/Libraries/Python
|
||||||
Requires: python3
|
Requires: python3
|
||||||
|
|
||||||
@ -426,20 +427,19 @@ ln -sfv %_sysconfdir/alternatives/%cifs_idmap_name %buildroot/%cifs_idmap_plugin
|
|||||||
%make_build check || :
|
%make_build check || :
|
||||||
|
|
||||||
%pre
|
%pre
|
||||||
%global services sssd.service sssd-autofs.service sssd-autofs.socket sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket sssd-pam-priv.socket sssd-pam.service sssd-pam.socket sssd-ssh.service sssd-ssh.socket sssd-sudo.service sssd-sudo.socket
|
%service_add_pre sssd.service
|
||||||
%service_add_pre %services
|
|
||||||
|
|
||||||
%post
|
%post
|
||||||
/sbin/ldconfig
|
/sbin/ldconfig
|
||||||
# migrate config variable krb5_kdcip to krb5_server (bnc#851048)
|
# migrate config variable krb5_kdcip to krb5_server (bnc#851048)
|
||||||
/bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' %_sysconfdir/sssd/sssd.conf
|
/bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' %_sysconfdir/sssd/sssd.conf
|
||||||
%service_add_post %services
|
%service_add_post sssd.service
|
||||||
|
|
||||||
# install SSSD cifs-idmap plugin as an alternative
|
# install SSSD cifs-idmap plugin as an alternative
|
||||||
update-alternatives --install %cifs_idmap_plugin %cifs_idmap_name %cifs_idmap_lib %cifs_idmap_priority
|
update-alternatives --install %cifs_idmap_plugin %cifs_idmap_name %cifs_idmap_lib %cifs_idmap_priority
|
||||||
|
|
||||||
%preun
|
%preun
|
||||||
%service_del_preun %services
|
%service_del_preun sssd.service
|
||||||
|
|
||||||
%postun
|
%postun
|
||||||
/sbin/ldconfig
|
/sbin/ldconfig
|
||||||
@ -447,7 +447,7 @@ if [ "$1" = "0" -a -x "%_sbindir/pam-config" ]; then
|
|||||||
"%_sbindir/pam-config" -d --sss || :
|
"%_sbindir/pam-config" -d --sss || :
|
||||||
fi
|
fi
|
||||||
# del_postun includes a try-restart
|
# del_postun includes a try-restart
|
||||||
%service_del_postun %services
|
%service_del_postun sssd.service
|
||||||
|
|
||||||
if [ ! -f "%cifs_idmap_lib" ]; then
|
if [ ! -f "%cifs_idmap_lib" ]; then
|
||||||
update-alternatives --remove %cifs_idmap_name %cifs_idmap_lib
|
update-alternatives --remove %cifs_idmap_name %cifs_idmap_lib
|
||||||
|
181
symvers.patch
Normal file
181
symvers.patch
Normal file
@ -0,0 +1,181 @@
|
|||||||
|
From: Jan Engelhardt <jengelh@inai.de>
|
||||||
|
Date: 2022-12-22 00:09:20.375896408 +0100
|
||||||
|
References: https://bugzilla.suse.com/show_bug.cgi?id=1206592
|
||||||
|
|
||||||
|
The theory for this sssd crash is that during rpm upgrading it,
|
||||||
|
sssd-2.8.2 gets installed, %post runs to restart it, but oh no,
|
||||||
|
sssd-ldap-2.7.4 is still in the system. sssd_be(-2.8.2) then falls
|
||||||
|
over its feet when it loads 2.7.4 .so files. Addin symvers like below
|
||||||
|
should prevent this and pin the modules to another: sssd_be's attempt
|
||||||
|
to dlopen libsss_ldap.so(-2.7.4) will fail because
|
||||||
|
libsss_ldap.so(-2.7.4) cannot find a libsss_util.so(-2.7.4), since
|
||||||
|
the system only has libsss_util.so(-2.8.2) at this point.
|
||||||
|
|
||||||
|
---
|
||||||
|
Makefile.am | 47 ++++++++++++++++++++++++++++++++---------------
|
||||||
|
1 file changed, 32 insertions(+), 15 deletions(-)
|
||||||
|
|
||||||
|
Index: sssd-2.8.2/Makefile.am
|
||||||
|
===================================================================
|
||||||
|
--- sssd-2.8.2.orig/Makefile.am
|
||||||
|
+++ sssd-2.8.2/Makefile.am
|
||||||
|
@@ -941,7 +941,11 @@ libsss_debug_la_SOURCES = \
|
||||||
|
libsss_debug_la_LIBADD = \
|
||||||
|
$(SYSLOG_LIBS)
|
||||||
|
libsss_debug_la_LDFLAGS = \
|
||||||
|
- -avoid-version
|
||||||
|
+ -avoid-version ${symv}
|
||||||
|
+EXTRA_libsss_debug_la_DEPENDENCIES = x.sym
|
||||||
|
+symv = -Wl,--version-script=${builddir}/x.sym
|
||||||
|
+x.sym: ${top_builddir}/config.status
|
||||||
|
+ echo "V_${PACKAGE_VERSION} { global: *; };" >$@
|
||||||
|
|
||||||
|
pkglib_LTLIBRARIES += libsss_child.la
|
||||||
|
libsss_child_la_SOURCES = src/util/child_common.c
|
||||||
|
@@ -951,7 +955,8 @@ libsss_child_la_LIBADD = \
|
||||||
|
$(DHASH_LIBS) \
|
||||||
|
libsss_debug.la \
|
||||||
|
$(NULL)
|
||||||
|
-libsss_child_la_LDFLAGS = -avoid-version
|
||||||
|
+libsss_child_la_LDFLAGS = -avoid-version ${symv}
|
||||||
|
+EXTRA_libsss_child_la_DEPENDENCIES = x.sym
|
||||||
|
|
||||||
|
pkglib_LTLIBRARIES += libsss_crypt.la
|
||||||
|
|
||||||
|
@@ -990,7 +995,8 @@ libsss_crypt_la_LIBADD = \
|
||||||
|
libsss_debug.la \
|
||||||
|
$(NULL)
|
||||||
|
libsss_crypt_la_LDFLAGS = \
|
||||||
|
- -avoid-version
|
||||||
|
+ -avoid-version ${symv}
|
||||||
|
+EXTRA_libsss_crypt_la_DEPENDENCIES = x.sym
|
||||||
|
|
||||||
|
pkglib_LTLIBRARIES += libsss_cert.la
|
||||||
|
|
||||||
|
@@ -1015,8 +1021,9 @@ libsss_cert_la_LIBADD = \
|
||||||
|
libsss_debug.la \
|
||||||
|
$(NULL)
|
||||||
|
libsss_cert_la_LDFLAGS = \
|
||||||
|
- -avoid-version \
|
||||||
|
+ -avoid-version ${symv} \
|
||||||
|
$(NULL)
|
||||||
|
+EXTRA_libsss_cert_la_DEPENDENCIES = x.sym
|
||||||
|
|
||||||
|
generate-sbus-code:
|
||||||
|
$(builddir)/sbus_generate.sh $(abs_srcdir)
|
||||||
|
@@ -1117,8 +1124,9 @@ libsss_sbus_la_CFLAGS = \
|
||||||
|
$(DBUS_CFLAGS) \
|
||||||
|
$(NULL)
|
||||||
|
libsss_sbus_la_LDFLAGS = \
|
||||||
|
- -avoid-version \
|
||||||
|
+ -avoid-version ${symv} \
|
||||||
|
$(NULL)
|
||||||
|
+EXTRA_libsss_sbus_la_DEPENDENCIES = x.sym
|
||||||
|
|
||||||
|
pkglib_LTLIBRARIES += libsss_sbus_sync.la
|
||||||
|
libsss_sbus_sync_la_SOURCES = \
|
||||||
|
@@ -1153,8 +1161,9 @@ libsss_sbus_sync_la_CFLAGS = \
|
||||||
|
$(UNICODE_LIBS) \
|
||||||
|
$(NULL)
|
||||||
|
libsss_sbus_sync_la_LDFLAGS = \
|
||||||
|
- -avoid-version \
|
||||||
|
+ -avoid-version ${symv} \
|
||||||
|
$(NULL)
|
||||||
|
+EXTRA_libsss_sbus_sync_la_DEPENDENCIES = x.sym
|
||||||
|
|
||||||
|
pkglib_LTLIBRARIES += libsss_iface.la
|
||||||
|
libsss_iface_la_SOURCES = \
|
||||||
|
@@ -1183,8 +1192,9 @@ libsss_iface_la_CFLAGS = \
|
||||||
|
$(DBUS_CFLAGS) \
|
||||||
|
$(NULL)
|
||||||
|
libsss_iface_la_LDFLAGS = \
|
||||||
|
- -avoid-version \
|
||||||
|
+ -avoid-version ${symv} \
|
||||||
|
$(NULL)
|
||||||
|
+EXTRA_libsss_iface_la_DEPENDENCIES = x.sym
|
||||||
|
|
||||||
|
pkglib_LTLIBRARIES += libsss_iface_sync.la
|
||||||
|
libsss_iface_sync_la_SOURCES = \
|
||||||
|
@@ -1211,8 +1221,9 @@ libsss_iface_sync_la_CFLAGS = \
|
||||||
|
$(DBUS_CFLAGS) \
|
||||||
|
$(NULL)
|
||||||
|
libsss_iface_sync_la_LDFLAGS = \
|
||||||
|
- -avoid-version \
|
||||||
|
+ -avoid-version ${symv} \
|
||||||
|
$(NULL)
|
||||||
|
+EXTRA_libsss_iface_sync_la_DEPENDENCIES = x.sym
|
||||||
|
|
||||||
|
pkglib_LTLIBRARIES += libsss_util.la
|
||||||
|
libsss_util_la_SOURCES = \
|
||||||
|
@@ -1303,7 +1314,8 @@ endif
|
||||||
|
if BUILD_SYSTEMTAP
|
||||||
|
libsss_util_la_LIBADD += stap_generated_probes.lo
|
||||||
|
endif
|
||||||
|
-libsss_util_la_LDFLAGS = -avoid-version
|
||||||
|
+libsss_util_la_LDFLAGS = -avoid-version ${symv}
|
||||||
|
+EXTRA_libsss_util_la_DEPENDENCIES = x.sym
|
||||||
|
|
||||||
|
pkglib_LTLIBRARIES += libsss_semanage.la
|
||||||
|
libsss_semanage_la_CFLAGS = \
|
||||||
|
@@ -1322,7 +1334,8 @@ libsss_semanage_la_LIBADD += $(SEMANAGE_
|
||||||
|
endif
|
||||||
|
|
||||||
|
libsss_semanage_la_LDFLAGS = \
|
||||||
|
- -avoid-version
|
||||||
|
+ -avoid-version ${symv}
|
||||||
|
+EXTRA_libsss_semanage_la_DEPENDENCIES = x.sym
|
||||||
|
|
||||||
|
SSSD_INTERNAL_LTLIBS = \
|
||||||
|
libsss_util.la \
|
||||||
|
@@ -1338,7 +1351,7 @@ lib_LTLIBRARIES = libipa_hbac.la \
|
||||||
|
$(NULL)
|
||||||
|
|
||||||
|
pkgconfig_DATA += src/lib/ipa_hbac/ipa_hbac.pc
|
||||||
|
-libipa_hbac_la_DEPENDENCIES = src/lib/ipa_hbac/ipa_hbac.exports
|
||||||
|
+EXTRA_libipa_hbac_la_DEPENDENCIES = src/lib/ipa_hbac/ipa_hbac.exports
|
||||||
|
libipa_hbac_la_SOURCES = \
|
||||||
|
src/lib/ipa_hbac/hbac_evaluator.c \
|
||||||
|
src/util/sss_utf8.c
|
||||||
|
@@ -1664,8 +1677,9 @@ libifp_iface_la_CFLAGS = \
|
||||||
|
$(DBUS_CFLAGS) \
|
||||||
|
$(NULL)
|
||||||
|
libifp_iface_la_LDFLAGS = \
|
||||||
|
- -avoid-version \
|
||||||
|
+ -avoid-version ${symv} \
|
||||||
|
$(NULL)
|
||||||
|
+EXTRA_libifp_iface_la_DEPENDENCIES = x.sym
|
||||||
|
|
||||||
|
pkglib_LTLIBRARIES += libifp_iface_sync.la
|
||||||
|
libifp_iface_sync_la_SOURCES = \
|
||||||
|
@@ -1690,8 +1704,9 @@ libifp_iface_sync_la_CFLAGS = \
|
||||||
|
$(DBUS_CFLAGS) \
|
||||||
|
$(NULL)
|
||||||
|
libifp_iface_sync_la_LDFLAGS = \
|
||||||
|
- -avoid-version \
|
||||||
|
+ -avoid-version ${symv} \
|
||||||
|
$(NULL)
|
||||||
|
+EXTRA_libifp_iface_sync_la_DEPENDENCIES = x.sym
|
||||||
|
|
||||||
|
sssd_ifp_SOURCES = \
|
||||||
|
src/responder/ifp/ifpsrv.c \
|
||||||
|
@@ -4196,8 +4211,9 @@ libsss_ldap_common_la_LIBADD = \
|
||||||
|
$(SSSD_INTERNAL_LTLIBS) \
|
||||||
|
$(NULL)
|
||||||
|
libsss_ldap_common_la_LDFLAGS = \
|
||||||
|
- -avoid-version \
|
||||||
|
+ -avoid-version ${symv} \
|
||||||
|
$(NULL)
|
||||||
|
+EXTRA_libsss_ldap_common_la_DEPENDENCIES = x.sym
|
||||||
|
if BUILD_SYSTEMTAP
|
||||||
|
libsss_ldap_common_la_LIBADD += stap_generated_probes.lo
|
||||||
|
endif
|
||||||
|
@@ -4254,7 +4270,8 @@ libsss_krb5_common_la_LIBADD = \
|
||||||
|
$(SSSD_INTERNAL_LTLIBS) \
|
||||||
|
$(NULL)
|
||||||
|
libsss_krb5_common_la_LDFLAGS = \
|
||||||
|
- -avoid-version
|
||||||
|
+ -avoid-version ${symv}
|
||||||
|
+EXTRA_libsss_krb5_common_la_DEPENDENCIES = x.sym
|
||||||
|
|
||||||
|
libsss_ldap_la_SOURCES = \
|
||||||
|
src/providers/ldap/ldap_init.c \
|
Loading…
Reference in New Issue
Block a user