From 72957e6cab425242170d34b8108222e50cc3bf276c6fd2744b6d27bff70f174d Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 31 Oct 2023 11:18:57 +0000 Subject: [PATCH 1/3] - Default config is unworkable, just stop installing it altogether [boo#1216739] OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=291 --- sssd.changes | 6 ++++++ sssd.spec | 9 +++------ 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/sssd.changes b/sssd.changes index d5c86de..1b046d3 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Oct 31 11:04:57 UTC 2023 - Jan Engelhardt + +- Default config is unworkable, just stop installing it altogether + [boo#1216739] + ------------------------------------------------------------------- Thu Sep 7 12:07:10 UTC 2023 - Jan Engelhardt diff --git a/sssd.spec b/sssd.spec index 6ceab64..03302f0 100644 --- a/sssd.spec +++ b/sssd.spec @@ -382,8 +382,6 @@ perl -i -lpe 's{%_bindir/python\b}{%_bindir/python3}' src/tools/sss_obfuscate b="%buildroot" # Copy some defaults -mkdir -pv "$b/%_sysconfdir/sssd" "$b/%_sysconfdir/sssd/conf.d" -install -m600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf" install -d "$b/%_unitdir" %if 0%{?suse_version} > 1500 install -d "$b/%_distconfdir/logrotate.d" @@ -420,7 +418,9 @@ done %post /sbin/ldconfig # migrate config variable krb5_kdcip to krb5_server (bnc#851048) -/bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' %_sysconfdir/sssd/sssd.conf +if [ -f "%_sysconfdir/sssd/sssd.conf" ]; then + /bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' "%_sysconfdir/sssd/sssd.conf" +fi %service_add_post sssd.service # install SSSD cifs-idmap plugin as an alternative @@ -574,8 +574,6 @@ done %attr(755,root,root) %dir %sssdstatedir/mc/ %attr(700,root,root) %dir %sssdstatedir/keytabs/ %attr(750,root,root) %dir %_localstatedir/log/%name/ -%dir %_sysconfdir/sssd/ -%config(noreplace) %_sysconfdir/sssd/sssd.conf %if 0%{?suse_version} > 1500 %_distconfdir/logrotate.d/sssd %_pam_vendordir/sssd-shadowutils @@ -583,7 +581,6 @@ done %config(noreplace) %_sysconfdir/logrotate.d/sssd %config(noreplace) %_pam_confdir/sssd-shadowutils %endif -%dir %_sysconfdir/sssd/conf.d %dir %_datadir/%name/ %_datadir/%name/cfg_rules.ini %_datadir/%name/sssd.api.conf From aa747329c7b1cb6ea2feb2636f26e4a023a65938fffde113fe7e874e91d8111f Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 31 Oct 2023 16:18:26 +0000 Subject: [PATCH 2/3] Accepting request 1121467 from home:scabrero:branches:network:ldap - Update dependencies to require the same subpackages version and release - Fix /usr/etc migration fragment in wrong "%pre kcm" instead of "%pre" - Move sss_analyze to sssd-tools package OBS-URL: https://build.opensuse.org/request/show/1121467 OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=292 --- sssd.changes | 14 ++++++++++++-- sssd.spec | 34 ++++++++++++++-------------------- 2 files changed, 26 insertions(+), 22 deletions(-) diff --git a/sssd.changes b/sssd.changes index 1b046d3..2ba755f 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Tue Oct 31 15:20:37 UTC 2023 - Samuel Cabrero + +- Update dependencies to require the same subpackages version and + release +- Fix /usr/etc migration fragment in wrong "%pre kcm" instead of + "%pre" +- Move sss_analyze to sssd-tools package + ------------------------------------------------------------------- Tue Oct 31 11:04:57 UTC 2023 - Jan Engelhardt @@ -49,7 +58,7 @@ Thu Jan 26 15:23:54 UTC 2023 - Callum Farmer ------------------------------------------------------------------- Tue Jan 3 12:01:41 UTC 2023 - Stefan Schubert -- Migration of PAM settings to /usr/lib/pam.d. +- Migration of PAM settings to /usr/lib/pam.d. ------------------------------------------------------------------- Wed Dec 21 19:29:45 UTC 2022 - Jan Engelhardt @@ -93,7 +102,7 @@ Fri Oct 7 12:05:29 UTC 2022 - Jan Engelhardt Thu Sep 1 13:45:36 UTC 2022 - Stefan Schubert - Migration to /usr/etc: Saving user changed configuration files - in /etc and restoring them while an RPM update. + in /etc and restoring them while an RPM update. ------------------------------------------------------------------- Fri Aug 26 20:54:33 UTC 2022 - Jan Engelhardt @@ -1955,3 +1964,4 @@ Fri Sep 4 08:59:21 UTC 2009 - rhafer@novell.com Tue Sep 1 08:58:37 UTC 2009 - rhafer@novell.com - initial package submission + diff --git a/sssd.spec b/sssd.spec index 03302f0..9c6d260 100644 --- a/sssd.spec +++ b/sssd.spec @@ -117,7 +117,7 @@ services for projects like FreeIPA. Summary: The ActiveDirectory backend plugin for sssd License: GPL-3.0-or-later Group: System/Daemons -Requires: %name-krb5-common = %version +Requires: %name-krb5-common = %{version}-%{release} Requires: adcli %description ad @@ -163,7 +163,7 @@ caches. Summary: The Kerberos authentication backend plugin for sssd License: GPL-3.0-or-later Group: System/Daemons -Requires: %name-krb5-common = %version-%release +Requires: %name-krb5-common = %{version}-%{release} %description krb5 Provides the Kerberos back end that the SSSD can utilize authenticate @@ -183,7 +183,7 @@ use for Kerberos user or host authentication. Summary: The LDAP backend plugin for sssd License: GPL-3.0-or-later Group: System/Daemons -Requires: %name-krb5-common = %version-%release +Requires: %name-krb5-common = %{version}-%{release} %description ldap Provides the LDAP back end that the SSSD can utilize to fetch @@ -202,7 +202,7 @@ and/or PAM modules to leverage SSSD caching. Summary: Commandline tools for sssd License: GPL-3.0-or-later AND LGPL-3.0-or-later Group: System/Management -Requires: python3-sssd-config = %version +Requires: python3-sssd-config = %{version}-%{release} Requires: sssd = %version %description tools @@ -410,7 +410,7 @@ ln -sfv %_sysconfdir/alternatives/%cifs_idmap_name %buildroot/%cifs_idmap_plugin %service_add_pre sssd.service %if 0%{?suse_version} > 1500 # Prepare for migration to /usr/etc; save any old .rpmsave -for i in pam.d/sssd-shadowutils ; do +for i in pam.d/sssd-shadowutils logrotate.d/sssd ; do test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: done %endif @@ -473,20 +473,6 @@ fi %pre kcm %service_add_pre sssd-kcm.service sssd-kcm.socket -%if 0%{?suse_version} > 1500 -# Prepare for migration to /usr/etc; save any old .rpmsave -for i in logrotate.d/sssd ; do - test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: -done -%endif - -%if 0%{?suse_version} > 1500 -%posttrans -# Migration to /usr/etc, restore just created .rpmsave -for i in logrotate.d/sssd pam.d/sssd-shadowutils ; do - test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: -done -%endif %post kcm %service_add_post sssd-kcm.service sssd-kcm.socket @@ -497,6 +483,14 @@ done %postun kcm %service_del_postun sssd-kcm.service sssd-kcm.socket +%if 0%{?suse_version} > 1500 +%posttrans +# Migration to /usr/etc, restore just created .rpmsave +for i in logrotate.d/sssd pam.d/sssd-shadowutils ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: +done +%endif + %files -f sssd.lang %license COPYING %_unitdir/sssd.service @@ -560,7 +554,6 @@ done %_libexecdir/%name/sssd_pam %_libexecdir/%name/sssd_ssh %_libexecdir/%name/sssd_sudo -%_libexecdir/%name/sss_analyze %_libexecdir/%name/sss_signal %_libexecdir/%name/sssd_check_socket_activated_responders %_libexecdir/%name/selinux_child @@ -703,6 +696,7 @@ done %_sbindir/sss_seed %_sbindir/sss_obfuscate %_sbindir/sss_override +%_libexecdir/%name/sss_analyze %dir %_mandir/??/man8/ %_mandir/??/man8/sssctl.8* %_mandir/??/man8/sss_*.8* From cdb36fb4bbe8b38769812f2d5b0f22c448ae5a614dde157ad90256277f8f16c2 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 31 Oct 2023 16:22:04 +0000 Subject: [PATCH 3/3] avoid combining && and || drop init-dir OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=293 --- sssd.spec | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/sssd.spec b/sssd.spec index 9c6d260..33dad27 100644 --- a/sssd.spec +++ b/sssd.spec @@ -96,7 +96,7 @@ Obsoletes: libsss_sudo < %version-%release %define ldbdir %(pkg-config ldb --variable=modulesdir) # Both SSSD and cifs-utils provide an idmap plugin for cifs.ko -# /etc/cifs-utils/idmap-plugin should be a symlink to one of the 2 idmap plugins +# %_sysconfdir/cifs-utils/idmap-plugin should be a symlink to one of the 2 idmap plugins # * cifs-utils one is the default (priority 20) # * installing SSSD should NOT switch to SSSD plugin (priority 10) %define cifs_idmap_plugin %_sysconfdir/cifs-utils/idmap-plugin @@ -117,7 +117,7 @@ services for projects like FreeIPA. Summary: The ActiveDirectory backend plugin for sssd License: GPL-3.0-or-later Group: System/Daemons -Requires: %name-krb5-common = %{version}-%{release} +Requires: %name-krb5-common = %version-%release Requires: adcli %description ad @@ -163,7 +163,7 @@ caches. Summary: The Kerberos authentication backend plugin for sssd License: GPL-3.0-or-later Group: System/Daemons -Requires: %name-krb5-common = %{version}-%{release} +Requires: %name-krb5-common = %version-%release %description krb5 Provides the Kerberos back end that the SSSD can utilize authenticate @@ -183,7 +183,7 @@ use for Kerberos user or host authentication. Summary: The LDAP backend plugin for sssd License: GPL-3.0-or-later Group: System/Daemons -Requires: %name-krb5-common = %{version}-%{release} +Requires: %name-krb5-common = %version-%release %description ldap Provides the LDAP back end that the SSSD can utilize to fetch @@ -202,7 +202,7 @@ and/or PAM modules to leverage SSSD caching. Summary: Commandline tools for sssd License: GPL-3.0-or-later AND LGPL-3.0-or-later Group: System/Management -Requires: python3-sssd-config = %{version}-%{release} +Requires: python3-sssd-config = %version-%release Requires: sssd = %version %description tools @@ -358,7 +358,6 @@ autoreconf -fiv --with-pipe-path="%pipepath" \ --with-pubconf-path="%pubconfpath" \ --with-gpo-cache-path="%gpocachepath" \ - --with-init-dir="%_initrddir" \ --with-environment-file="%_sysconfdir/sysconfig/sssd" \ --with-initscript=systemd \ --with-syslog=journald \ @@ -378,7 +377,7 @@ autoreconf -fiv %install # sss_obfuscate is compatible with both python 2 and 3 perl -i -lpe 's{%_bindir/python\b}{%_bindir/python3}' src/tools/sss_obfuscate -%make_install dbuspolicydir=%{_datadir}/dbus-1/system.d +%make_install dbuspolicydir=%_datadir/dbus-1/system.d b="%buildroot" # Copy some defaults @@ -411,7 +410,9 @@ ln -sfv %_sysconfdir/alternatives/%cifs_idmap_name %buildroot/%cifs_idmap_plugin %if 0%{?suse_version} > 1500 # Prepare for migration to /usr/etc; save any old .rpmsave for i in pam.d/sssd-shadowutils logrotate.d/sssd ; do - test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: + if [ -f "%_sysconfdir/$i.rpmsave" ]; then + mv -v "%_sysconfdir/$i.rpmsave" "%_sysconfdir/$i.rpmsave.old" || : + fi done %endif @@ -450,7 +451,7 @@ fi %post -n libsss_nss_idmap0 -p /sbin/ldconfig %postun -n libsss_nss_idmap0 -p /sbin/ldconfig -%triggerun -- %{name} < %{version}-%{release} +%triggerun -- %name < %version-%release # sssd takes care of upgrading the database but it doesn't handle downgrades. # Clear caches when downgrading the package, which may have an # incompatible format afterwards preventing the daemon from startup. @@ -487,7 +488,9 @@ fi %posttrans # Migration to /usr/etc, restore just created .rpmsave for i in logrotate.d/sssd pam.d/sssd-shadowutils ; do - test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: + if [ -f "%_sysconfdir/$i.rpmsave" ]; then + mv -v "%_sysconfdir/$i.rpmsave" "%_sysconfdir/$i.rpmsave.old" || : + fi done %endif @@ -579,7 +582,7 @@ done %_datadir/%name/sssd.api.conf %dir %_datadir/%name/sssd.api.d/ %_datadir/%name/sssd.api.d/sssd-simple.conf -%exclude /usr/share/man/*/*/sssd-files.5.gz +%exclude %_mandir/*/*/sssd-files.5.gz # # sssd-client #