Sync changes to SLFO-1.2 branch

- Update to release 2.10.2

OBS-URL: https://build.opensuse.org/request/show/1243227
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=143

sssd.changes

@@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Tue Mar 25 17:42:38 UTC 2025 - Samuel Cabrero <scabrero@suse.de>
+
+- Add python3-setuptools build dependency
+- Drop nscd build dependency
+
+-------------------------------------------------------------------
+Tue Jan 21 16:33:00 UTC 2025 - Samuel Cabrero <scabrero@suse.de>
+
+- Migrate away from update-alternatives, replaced by package
+  conflicts; (bsc#1235789); (bsc#1216739);
+
+-------------------------------------------------------------------
+Tue Oct  1 10:15:07 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
+
+- Update filelists involving memberof.so and idmap/sss.so to
+  avoid gobbling up one file into multiple sssd subpackages.
+  (Between samba-4.20 and 4.21, %ldbdir changes from
+  /usr/lib64/ldb2/modules/ldb to /usr/lib64/samba/ldb, so now
+  `%_libdir/samba` is a bit too broad.)
+
+-------------------------------------------------------------------
+Wed Jul 17 09:19:20 UTC 2024 - Samuel Cabrero <scabrero@suse.de>
+
+- Fix spec file for openSUSE ALP and SUSE SLFO, where the
+  python3_fix_shebang_path RPM macro is not available
+
+-------------------------------------------------------------------
+Thu Jul 11 09:41:21 UTC 2024 - Samuel Cabrero <scabrero@suse.de>
+
+- Revert the change dropping the default configuration file. If
+  /usr/etc exists will be installed there, otherwise in /etc.
+  (bsc#1226157);
+
 -------------------------------------------------------------------
 Thu May 16 12:13:02 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
 

sssd.spec

@@ -48,7 +48,6 @@ BuildRequires:  libtool
 BuildRequires:  libunistring-devel
 BuildRequires:  libxml2-tools
 BuildRequires:  libxslt-tools
-BuildRequires:  nscd
 BuildRequires:  nss_wrapper
 BuildRequires:  openldap2-devel
 BuildRequires:  pam-devel
@@ -86,6 +85,14 @@ BuildRequires:  pkgconfig(talloc)
 BuildRequires:  pkgconfig(tdb) >= 1.1.3
 BuildRequires:  pkgconfig(tevent)
 BuildRequires:  pkgconfig(uuid)
+BuildRequires:  python3-setuptools
+%if 0%{?suse_version} && 0%{?suse_version} < 1600
+# samba-client-devel pulls samba-client-libs pulls libldap-2_4-2 wants libldap-data(-2.4);
+# this conflicts with
+# openldap2-devel pulls libldap2 wants libldap-data(-2.6)
+# Package contains just config files, not needed for build.
+#!BuildIgnore: libldap-data
+%endif
 %{?systemd_ordering}
 Requires:       sssd-ldap = %version-%release
 Requires(postun): pam-config
@@ -103,16 +110,8 @@ Obsoletes:      sssd-common < %version-%release
 %define gpocachepath	%sssdstatedir/gpo_cache
 %define ldbdir %(pkg-config ldb --variable=modulesdir)
 
-# Both SSSD and cifs-utils provide an idmap plugin for cifs.ko
-# %_sysconfdir/cifs-utils/idmap-plugin should be a symlink to one of the 2 idmap plugins
-# * cifs-utils one is the default (priority 20)
-# * installing SSSD should NOT switch to SSSD plugin (priority 10)
 %define cifs_idmap_plugin       %_sysconfdir/cifs-utils/idmap-plugin
 %define cifs_idmap_lib          %_libdir/cifs-utils/cifs_idmap_sss.so
-%define cifs_idmap_name         cifs-idmap-plugin
-%define cifs_idmap_priority     10
-Requires(post): update-alternatives
-Requires(postun): update-alternatives
 
 %description
 Provides a set of daemons to manage access to remote directories and
@@ -225,6 +224,23 @@ Group:          System/Libraries
 The idmap_sss module provides a way for Winbind to call SSSD to map
 UIDs/GIDs and SIDs.
 
+%package cifs-idmap-plugin
+Summary:        The sssd idmap plugin for cifs.idmap
+Group:          System/Libraries
+# Conflict as per https://bugzilla.suse.com/1235789
+Provides:       cifs-idmap-plugin
+Conflicts:      cifs-idmap-plugin
+
+%description cifs-idmap-plugin
+The cifs.idmap(8) userspace helper relies on a plugin to handle the
+ID mapping. This package contains the ID mapping plugin that will use
+sssd.
+
+In SUSE systems, only one such plugin can be installed at a time
+(either the one from sssd, or from cifs-utils).
+Without the plugin, file objects in a mounted share have UID/GID of
+the original mounting process.
+
 %package -n libsss_certmap0
 Summary:        FreeIPA ID mapping library
 License:        LGPL-3.0-or-later
@@ -382,8 +398,6 @@ Security Services Daemon (sssd).
 %autosetup -p1
 
 %build
-# help configure find nscd
-export PATH="$PATH:/usr/sbin"
 
 autoreconf -fiv
 %configure \
@@ -420,6 +434,13 @@ perl -i -lpe 's{%_bindir/python\b}{%_bindir/python3}' src/tools/sss_obfuscate
 b="%buildroot"
 
 # Copy some defaults
+%if "%{?_distconfdir}" != ""
+install -D -p -m 0600 src/examples/sssd-example.conf "$b/%_distconfdir/sssd/sssd.conf"
+install -d -m 0755 "$b/%_distconfdir/sssd/conf.d"
+%else
+install -D -p -m 0600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf"
+install -d -m 0755 "$b/%_sysconfdir/sssd/conf.d"
+%endif
 install -d "$b/%_unitdir"
 %if 0%{?suse_version} > 1500
 install -d "$b/%_distconfdir/logrotate.d"
@@ -441,12 +462,11 @@ find "$b" -type f -name "*.la" -print -delete
 %find_lang %name --all-name
 
 # dummy target for cifs-idmap-plugin
-mkdir -pv %buildroot/%_sysconfdir/alternatives %buildroot/%_sysconfdir/cifs-utils
+mkdir -p %{buildroot}%{_sysconfdir}/cifs-utils
-ln -sfv %_sysconfdir/alternatives/%cifs_idmap_name %buildroot/%cifs_idmap_plugin
+ln -s -f %{cifs_idmap_lib} %{buildroot}%{cifs_idmap_plugin}
+
 %python3_fix_shebang
-%if %{suse_version} >= 1600
+%python3_fix_shebang_path %buildroot/%_libexecdir/%name/sss_analyze
-%python3_fix_shebang_path %{buildroot}/%{_libexecdir}/%{name}/
-%endif
 
 %check
 # sss_config-tests fails
@@ -454,10 +474,12 @@ ln -sfv %_sysconfdir/alternatives/%cifs_idmap_name %buildroot/%cifs_idmap_plugin
 
 %pre
 %service_add_pre sssd.service
+%if "%{?_distconfdir}" != ""
 # Prepare for migration to /usr/etc; save any old .rpmsave
 for i in sssd/sssd.conf pam.d/sssd-shadowutils logrotate.d/sssd ; do
-	test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
+	test -f "%_sysconfdir/$i.rpmsave" && mv -v "%_sysconfdir/$i.rpmsave" "%_sysconfdir/$i.rpmsave.old" || :
 done
+%endif
 
 %post
 /sbin/ldconfig
@@ -467,9 +489,6 @@ if [ -f "%_sysconfdir/sssd/sssd.conf" ]; then
 fi
 %service_add_post sssd.service
 
-# install SSSD cifs-idmap plugin as an alternative
-update-alternatives --install %cifs_idmap_plugin %cifs_idmap_name %cifs_idmap_lib %cifs_idmap_priority
-
 %preun
 %service_del_preun sssd.service
 
@@ -481,9 +500,6 @@ fi
 # del_postun includes a try-restart
 %service_del_postun sssd.service
 
-if [ ! -f "%cifs_idmap_lib" ]; then
-	update-alternatives --remove %cifs_idmap_name %cifs_idmap_lib
-fi
 
 %post   -n libsss_certmap0 -p /sbin/ldconfig
 %postun -n libsss_certmap0 -p /sbin/ldconfig
@@ -545,10 +561,12 @@ touch /run/systemd/rpm/sssd-was-active
 fi
 
 %posttrans
+%if "%{?_distconfdir}" != ""
 # Migration to /usr/etc, restore just created .rpmsave
 for i in sssd/sssd.conf logrotate.d/sssd pam.d/sssd-shadowutils ; do
-	test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
+	test -f "%_sysconfdir/$i.rpmsave" && mv -v "%_sysconfdir/$i.rpmsave" "%_sysconfdir/$i" || :
 done
+%endif
 # Migrate sssd.service from sssd-common to sssd
 if [ -e /run/systemd/rpm/sssd-was-enabled ]; then
 systemctl is-enabled sssd.service > /dev/null
@@ -657,6 +675,15 @@ fi
 %attr(755,root,root) %dir %sssdstatedir/mc/
 %attr(700,root,root) %dir %sssdstatedir/keytabs/
 %attr(750,root,root) %dir %_localstatedir/log/%name/
+%if "%{?_distconfdir}" != ""
+%dir %_distconfdir/sssd/
+%%dir %_distconfdir/sssd/conf.d
+%config(noreplace) %_distconfdir/sssd/sssd.conf
+%else
+%dir %_sysconfdir/sssd/
+%%dir %_sysconfdir/sssd/conf.d
+%config(noreplace) %_sysconfdir/sssd/sssd.conf
+%endif
 %if 0%{?suse_version} > 1500
 %_distconfdir/logrotate.d/sssd
 %_pam_vendordir/sssd-shadowutils
@@ -695,12 +722,7 @@ fi
 %_mandir/man8/sssd_krb5_localauth_plugin.8*
 %_mandir/??/man8/sssd_krb5_localauth_plugin.8*
 %_mandir/man8/sssd_krb5_locator_plugin.8*
-# cifs idmap plugin
+
-%dir %_sysconfdir/cifs-utils
-%cifs_idmap_plugin
-%dir %_libdir/cifs-utils
-%cifs_idmap_lib
-%ghost %_sysconfdir/alternatives/%cifs_idmap_name
 
 %files ad
 %dir %_libdir/%name/
@@ -802,9 +824,16 @@ fi
 %python3_sitelib/sssd/
 
 %files winbind-idmap
-%_libdir/samba/
+%dir %_libdir/samba/
+%_libdir/samba/idmap/
 %_mandir/man8/idmap_sss.8*
 
+%files cifs-idmap-plugin
+%dir %_sysconfdir/cifs-utils
+%cifs_idmap_plugin
+%dir %_libdir/cifs-utils
+%cifs_idmap_lib
+
 %files -n libipa_hbac0
 %_libdir/libipa_hbac.so.0*