Accepting request 1044142 from network:ldap

- Take systemd units off the restart list that have
  RefuseManualStart=yes
- Add symvers.patch

OBS-URL: https://build.opensuse.org/request/show/1044142
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=124
This commit is contained in:
Dominique Leuenberger 2022-12-24 13:50:50 +00:00 committed by Git OBS Bridge
commit a51fc7b5d7
3 changed files with 202 additions and 14 deletions

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Wed Dec 21 19:29:45 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
- Take systemd units off the restart list that have
RefuseManualStart=yes [boo#1206592]
- Add symvers.patch [boo#1206592]
-------------------------------------------------------------------
Sun Dec 11 14:17:23 UTC 2022 - Jan Engelhardt <jengelh@inai.de>

View File

@ -20,7 +20,7 @@ Name: sssd
Version: 2.8.2
Release: 0
Summary: System Security Services Daemon
License: GPL-3.0-or-later and LGPL-3.0-or-later
License: GPL-3.0-or-later AND LGPL-3.0-or-later
Group: System/Daemons
URL: https://github.com/SSSD/sssd
#Git-Clone: https://github.com/SSSD/sssd
@ -29,8 +29,9 @@ Source2: https://github.com/SSSD/sssd/releases/download/%version/%name-%v
Source3: baselibs.conf
Source5: %name.keyring
Patch1: krb-noversion.diff
Patch2: harden_sssd-ifp.service.patch
Patch3: harden_sssd-kcm.service.patch
Patch2: harden_sssd-ifp.service.patch
Patch3: harden_sssd-kcm.service.patch
Patch4: symvers.patch
BuildRequires: autoconf >= 2.59
BuildRequires: automake
BuildRequires: bind-utils
@ -40,6 +41,7 @@ BuildRequires: cyrus-sasl-devel
BuildRequires: docbook-xsl-stylesheets
BuildRequires: krb5-devel >= 1.12
BuildRequires: libcmocka-devel
BuildRequires: libsubid-devel
BuildRequires: libtool
BuildRequires: libunistring-devel
BuildRequires: libxml2-tools
@ -66,6 +68,7 @@ BuildRequires: pkgconfig(libnfsidmap)
BuildRequires: pkgconfig(libnl-3.0) >= 3.0
BuildRequires: pkgconfig(libnl-route-3.0) >= 3.0
BuildRequires: pkgconfig(libpcre2-8)
BuildRequires: pkgconfig(libsemanage)
BuildRequires: pkgconfig(libsystemd)
BuildRequires: pkgconfig(ndr_krb5pac)
BuildRequires: pkgconfig(ndr_nbt)
@ -77,11 +80,9 @@ BuildRequires: pkgconfig(talloc)
BuildRequires: pkgconfig(tdb) >= 1.1.3
BuildRequires: pkgconfig(tevent)
BuildRequires: pkgconfig(uuid)
BuildRequires: pkgconfig(libsemanage)
BuildRequires: libsubid-devel
%{?systemd_ordering}
Requires: sssd-ldap = %version-%release
Requires(postun): pam-config
Requires(postun):pam-config
Provides: libsss_sudo = %version-%release
Provides: sssd-client = %version-%release
Obsoletes: libsss_sudo < %version-%release
@ -103,7 +104,7 @@ Obsoletes: libsss_sudo < %version-%release
%define cifs_idmap_name cifs-idmap-plugin
%define cifs_idmap_priority 10
Requires(post): update-alternatives
Requires(postun): update-alternatives
Requires(postun):update-alternatives
%description
Provides a set of daemons to manage access to remote directories and
@ -199,7 +200,7 @@ and/or PAM modules to leverage SSSD caching.
%package tools
Summary: Commandline tools for sssd
License: GPL-3.0-or-later and LGPL-3.0-or-later
License: GPL-3.0-or-later AND LGPL-3.0-or-later
Group: System/Management
Requires: python3-sssd-config = %version
Requires: sssd = %version
@ -356,7 +357,7 @@ libsss_nss_idmap can be used by Python applications.
%package -n python3-sssd-config
Summary: Python API for configuring sssd
License: GPL-3.0-or-later and LGPL-3.0-or-later
License: GPL-3.0-or-later AND LGPL-3.0-or-later
Group: Development/Libraries/Python
Requires: python3
@ -426,20 +427,19 @@ ln -sfv %_sysconfdir/alternatives/%cifs_idmap_name %buildroot/%cifs_idmap_plugin
%make_build check || :
%pre
%global services sssd.service sssd-autofs.service sssd-autofs.socket sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket sssd-pam-priv.socket sssd-pam.service sssd-pam.socket sssd-ssh.service sssd-ssh.socket sssd-sudo.service sssd-sudo.socket
%service_add_pre %services
%service_add_pre sssd.service
%post
/sbin/ldconfig
# migrate config variable krb5_kdcip to krb5_server (bnc#851048)
/bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' %_sysconfdir/sssd/sssd.conf
%service_add_post %services
%service_add_post sssd.service
# install SSSD cifs-idmap plugin as an alternative
update-alternatives --install %cifs_idmap_plugin %cifs_idmap_name %cifs_idmap_lib %cifs_idmap_priority
%preun
%service_del_preun %services
%service_del_preun sssd.service
%postun
/sbin/ldconfig
@ -447,7 +447,7 @@ if [ "$1" = "0" -a -x "%_sbindir/pam-config" ]; then
"%_sbindir/pam-config" -d --sss || :
fi
# del_postun includes a try-restart
%service_del_postun %services
%service_del_postun sssd.service
if [ ! -f "%cifs_idmap_lib" ]; then
update-alternatives --remove %cifs_idmap_name %cifs_idmap_lib

181
symvers.patch Normal file
View File

@ -0,0 +1,181 @@
From: Jan Engelhardt <jengelh@inai.de>
Date: 2022-12-22 00:09:20.375896408 +0100
References: https://bugzilla.suse.com/show_bug.cgi?id=1206592
The theory for this sssd crash is that during rpm upgrading it,
sssd-2.8.2 gets installed, %post runs to restart it, but oh no,
sssd-ldap-2.7.4 is still in the system. sssd_be(-2.8.2) then falls
over its feet when it loads 2.7.4 .so files. Addin symvers like below
should prevent this and pin the modules to another: sssd_be's attempt
to dlopen libsss_ldap.so(-2.7.4) will fail because
libsss_ldap.so(-2.7.4) cannot find a libsss_util.so(-2.7.4), since
the system only has libsss_util.so(-2.8.2) at this point.
---
Makefile.am | 47 ++++++++++++++++++++++++++++++++---------------
1 file changed, 32 insertions(+), 15 deletions(-)
Index: sssd-2.8.2/Makefile.am
===================================================================
--- sssd-2.8.2.orig/Makefile.am
+++ sssd-2.8.2/Makefile.am
@@ -941,7 +941,11 @@ libsss_debug_la_SOURCES = \
libsss_debug_la_LIBADD = \
$(SYSLOG_LIBS)
libsss_debug_la_LDFLAGS = \
- -avoid-version
+ -avoid-version ${symv}
+EXTRA_libsss_debug_la_DEPENDENCIES = x.sym
+symv = -Wl,--version-script=${builddir}/x.sym
+x.sym: ${top_builddir}/config.status
+ echo "V_${PACKAGE_VERSION} { global: *; };" >$@
pkglib_LTLIBRARIES += libsss_child.la
libsss_child_la_SOURCES = src/util/child_common.c
@@ -951,7 +955,8 @@ libsss_child_la_LIBADD = \
$(DHASH_LIBS) \
libsss_debug.la \
$(NULL)
-libsss_child_la_LDFLAGS = -avoid-version
+libsss_child_la_LDFLAGS = -avoid-version ${symv}
+EXTRA_libsss_child_la_DEPENDENCIES = x.sym
pkglib_LTLIBRARIES += libsss_crypt.la
@@ -990,7 +995,8 @@ libsss_crypt_la_LIBADD = \
libsss_debug.la \
$(NULL)
libsss_crypt_la_LDFLAGS = \
- -avoid-version
+ -avoid-version ${symv}
+EXTRA_libsss_crypt_la_DEPENDENCIES = x.sym
pkglib_LTLIBRARIES += libsss_cert.la
@@ -1015,8 +1021,9 @@ libsss_cert_la_LIBADD = \
libsss_debug.la \
$(NULL)
libsss_cert_la_LDFLAGS = \
- -avoid-version \
+ -avoid-version ${symv} \
$(NULL)
+EXTRA_libsss_cert_la_DEPENDENCIES = x.sym
generate-sbus-code:
$(builddir)/sbus_generate.sh $(abs_srcdir)
@@ -1117,8 +1124,9 @@ libsss_sbus_la_CFLAGS = \
$(DBUS_CFLAGS) \
$(NULL)
libsss_sbus_la_LDFLAGS = \
- -avoid-version \
+ -avoid-version ${symv} \
$(NULL)
+EXTRA_libsss_sbus_la_DEPENDENCIES = x.sym
pkglib_LTLIBRARIES += libsss_sbus_sync.la
libsss_sbus_sync_la_SOURCES = \
@@ -1153,8 +1161,9 @@ libsss_sbus_sync_la_CFLAGS = \
$(UNICODE_LIBS) \
$(NULL)
libsss_sbus_sync_la_LDFLAGS = \
- -avoid-version \
+ -avoid-version ${symv} \
$(NULL)
+EXTRA_libsss_sbus_sync_la_DEPENDENCIES = x.sym
pkglib_LTLIBRARIES += libsss_iface.la
libsss_iface_la_SOURCES = \
@@ -1183,8 +1192,9 @@ libsss_iface_la_CFLAGS = \
$(DBUS_CFLAGS) \
$(NULL)
libsss_iface_la_LDFLAGS = \
- -avoid-version \
+ -avoid-version ${symv} \
$(NULL)
+EXTRA_libsss_iface_la_DEPENDENCIES = x.sym
pkglib_LTLIBRARIES += libsss_iface_sync.la
libsss_iface_sync_la_SOURCES = \
@@ -1211,8 +1221,9 @@ libsss_iface_sync_la_CFLAGS = \
$(DBUS_CFLAGS) \
$(NULL)
libsss_iface_sync_la_LDFLAGS = \
- -avoid-version \
+ -avoid-version ${symv} \
$(NULL)
+EXTRA_libsss_iface_sync_la_DEPENDENCIES = x.sym
pkglib_LTLIBRARIES += libsss_util.la
libsss_util_la_SOURCES = \
@@ -1303,7 +1314,8 @@ endif
if BUILD_SYSTEMTAP
libsss_util_la_LIBADD += stap_generated_probes.lo
endif
-libsss_util_la_LDFLAGS = -avoid-version
+libsss_util_la_LDFLAGS = -avoid-version ${symv}
+EXTRA_libsss_util_la_DEPENDENCIES = x.sym
pkglib_LTLIBRARIES += libsss_semanage.la
libsss_semanage_la_CFLAGS = \
@@ -1322,7 +1334,8 @@ libsss_semanage_la_LIBADD += $(SEMANAGE_
endif
libsss_semanage_la_LDFLAGS = \
- -avoid-version
+ -avoid-version ${symv}
+EXTRA_libsss_semanage_la_DEPENDENCIES = x.sym
SSSD_INTERNAL_LTLIBS = \
libsss_util.la \
@@ -1338,7 +1351,7 @@ lib_LTLIBRARIES = libipa_hbac.la \
$(NULL)
pkgconfig_DATA += src/lib/ipa_hbac/ipa_hbac.pc
-libipa_hbac_la_DEPENDENCIES = src/lib/ipa_hbac/ipa_hbac.exports
+EXTRA_libipa_hbac_la_DEPENDENCIES = src/lib/ipa_hbac/ipa_hbac.exports
libipa_hbac_la_SOURCES = \
src/lib/ipa_hbac/hbac_evaluator.c \
src/util/sss_utf8.c
@@ -1664,8 +1677,9 @@ libifp_iface_la_CFLAGS = \
$(DBUS_CFLAGS) \
$(NULL)
libifp_iface_la_LDFLAGS = \
- -avoid-version \
+ -avoid-version ${symv} \
$(NULL)
+EXTRA_libifp_iface_la_DEPENDENCIES = x.sym
pkglib_LTLIBRARIES += libifp_iface_sync.la
libifp_iface_sync_la_SOURCES = \
@@ -1690,8 +1704,9 @@ libifp_iface_sync_la_CFLAGS = \
$(DBUS_CFLAGS) \
$(NULL)
libifp_iface_sync_la_LDFLAGS = \
- -avoid-version \
+ -avoid-version ${symv} \
$(NULL)
+EXTRA_libifp_iface_sync_la_DEPENDENCIES = x.sym
sssd_ifp_SOURCES = \
src/responder/ifp/ifpsrv.c \
@@ -4196,8 +4211,9 @@ libsss_ldap_common_la_LIBADD = \
$(SSSD_INTERNAL_LTLIBS) \
$(NULL)
libsss_ldap_common_la_LDFLAGS = \
- -avoid-version \
+ -avoid-version ${symv} \
$(NULL)
+EXTRA_libsss_ldap_common_la_DEPENDENCIES = x.sym
if BUILD_SYSTEMTAP
libsss_ldap_common_la_LIBADD += stap_generated_probes.lo
endif
@@ -4254,7 +4270,8 @@ libsss_krb5_common_la_LIBADD = \
$(SSSD_INTERNAL_LTLIBS) \
$(NULL)
libsss_krb5_common_la_LDFLAGS = \
- -avoid-version
+ -avoid-version ${symv}
+EXTRA_libsss_krb5_common_la_DEPENDENCIES = x.sym
libsss_ldap_la_SOURCES = \
src/providers/ldap/ldap_init.c \