Ubuntu
sssd package

Merge sssd from Debian unstable for mantic

Bug #2018112 reported by Bryce Harrington
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
sssd (Ubuntu)
Fix Released
Undecided
Sergio Durigan Junior
Ubuntu ubuntu-23.07

Bug Description

Upstream: tbd
Debian: 2.8.2-4
Ubuntu: 2.8.1-1ubuntu1

Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.

If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired.

### New Debian Changes ###

sssd (2.8.2-4) unstable; urgency=medium

  [ Sam Morris ]
  * Don't add subid to /etc/nsswitch.conf (Closes: #1032990)

 -- Timo Aaltonen <email address hidden> Tue, 11 Apr 2023 15:19:36 +0300

sssd (2.8.2-3) unstable; urgency=medium

  [ Gioele Barabucci ]
  * d/libnss-sss.nss: Update to `database-add`
  * d/libsss-sudo.nss: Install `sss` service for sudoers via dh-nss (Closes: #783889)
  * d/libsss-sudo.post{inst,rm}: Remove now that the services are installed via dh-nss
  * d/sssd-common.nss: Use new directive name `database-add`
  * Install dbus policy in /usr instead of /etc (Closes: #1031547)

  [ Sam Morris ]
  * sssd-common: add lintian overrides for libsubid_sss.so

 -- Timo Aaltonen <email address hidden> Sun, 26 Feb 2023 16:35:48 +0200

sssd (2.8.2-2) unstable; urgency=medium

  [ Sam Morris ]
  * Ship libsubid_sss.so in sssd-common package

 -- Timo Aaltonen <email address hidden> Tue, 14 Feb 2023 17:48:19 +0200

sssd (2.8.2-1) unstable; urgency=medium

  * New upstream release.

 -- Timo Aaltonen <email address hidden> Tue, 14 Feb 2023 17:40:37 +0200

sssd (2.8.1-2) unstable; urgency=medium

  * d/rules: Fix 'find' syntax to remove '*.egg-info' files/directories.
    (Closes: #1026490)

 -- Sergio Durigan Junior <email address hidden> Tue, 03 Jan 2023 16:36:00 -0500

sssd (2.8.1-1) unstable; urgency=medium

  * New upstream release.
  * watch: Updated for current github behaviour.
  * support-krb5-1.20.diff: Dropped, upstream.

 -- Timo Aaltonen <email address hidden> Wed, 23 Nov 2022 10:10:41 +0200

sssd (2.7.4-1) unstable; urgency=medium

  [ Timo Aaltonen ]
  * New upstream release.
  * control: Add bind9-dnsutils to sssd-common Recommends, and rename
    dnsutils build-dep. (Closes: #1018144)

  [ Sergio Durigan Junior ]
  * Simplify logic to add 'automount' database into nsswitch.
    - d/libnss-sss.nss: Add 'automount database' directive.
    - d/libnss-sss.postinst: Remove logic to insert 'automount' database
      into nsswitch; not necessary anymore now that the package uses dh-nss.

 -- Timo Aaltonen <email address hidden> Thu, 22 Sep 2022 15:34:06 +0300

sssd (2.7.3-2) unstable; urgency=medium

  [ Timo Aaltonen ]
  * patches: Allow building the pac_responder with krb5 1.20. (Closes:
    #1016220)

  [ Gioele Barabucci ]
  * d/libnss-sss.post{inst,rm}: Add DPKG_ROOT support
  * d/libnss-sss.postinst: Fix use of outdated `automounter` instead of `automount`
  * d/libnss-sss.nss: Install NSS service `sss` via dh_installnss

 -- Timo Aaltonen <email address hidden> Wed, 17 Aug 2022 16:46:47 +0300

sssd (2.7.3-1) unstable; urgency=medium

  * New upstream release.

 -- Timo Aaltonen <email address hidden> Wed, 06 Jul 2022 08:52:58 +0300

sssd (2.7.2-3) unstable; urgency=medium

  * d/p/fix-shebang-on-sss_analyze.patch: Fix shebang on sss_analyze.

 -- Sergio Durigan Junior <email address hidden> Wed, 22 Jun 2022 11:00:11 -0400

sssd (2.7.2-2) unstable; urgency=medium

  * rules, install: Fix python install directory. (LP: #1979453)

 -- Timo Aaltonen <email address hidden> Wed, 22 Jun 2022 16:54:42 +0300

sssd (2.7.2-1) unstable; urgency=medium

  * New upstream release.
  * pac-relax-default-for-pac_check-option.diff: Dropped, upstream.

### Old Ubuntu Delta ###

sssd (2.8.1-1ubuntu1) lunar; urgency=medium

  * Merge with Debian unstable (LP: #1993448). Remaining changes:
    - d/control: Drop libgdm-dev Build-Depend on i386.
    - d/control: Don't build sssd-tools on i386, now uninstallable due
      to added python3-{click,systemd} dependencies.
  * Drop changes:
    - Revert dh_nss usage; the feature is still being polished.
      + d/control: Don't Build-Depend on dh-sequence-installnss.
      + d/libnss-sss.nss: Remove file.
      + d/libnss-sss.postinst: Revert changes to use dh-nss.
      + d/libnss-sss.postrm: Likewise.
      [ Fixed in Debian. ]
    - d/p/initialize-uid-gid-main-functions.patch: Initialize UID/GID
      variables in 'main' functions, preventing inadvertent changes in
      p11_child.log file permissions. (LP #1989356)
      [ Incorporated by upstream. ]
  * Add changes:
    - d/rules: Fix 'find' syntax to remove '*.egg-info'
      files/directories.
      [ Submitted to Debian. ]

 -- Sergio Durigan Junior <email address hidden> Tue, 03 Jan 2023 16:42:10 -0500

Bryce Harrington (bryce)
Changed in sssd (Ubuntu):
milestone: none → ubuntu-23.07
Sergio Durigan Junior (sergiodj)
Changed in sssd (Ubuntu):
assignee: nobody → Sergio Durigan Junior (sergiodj)
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

There's a new version in NEW:

sssd | 2.9.1-1 | new | source, amd64

I'll wait for it to be accepted before proceeding with the merge.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

The new version was accepted into Debian unstable two days ago. Unfortunately, git-ubuntu is currently having problems importing some packages due to a regression in ubuntu-dev-tools. It seems that I'll only be able to start this merge next week.

Sergio Durigan Junior (sergiodj)
Changed in sssd (Ubuntu):
status: New → In Progress
Revision history for this message
Sebastien Bacher (seb128) wrote :

A newer version was uploaded but it's blocked in mantic-proposed because it creates a regression for gdm3 autopkgtests

https://autopkgtest.ubuntu.com/packages/g/gdm3/mantic/amd64

It's not flakyness and it doesn't need to be retried again but debugged. I'm tagged the bug update-excuses

The error it hits is one doing 'systemctl restart sssd', confirmed in a local container env. The journal includes that error

systemd[1]: Starting sssd.service - System Security Services Daemon...
sssd[3784]: SSSD couldn't load the configuration database [1432158246]: No domain is enabled
systemd[1]: sssd.service: Main process exited, code=exited, status=4/NOPERMISSION

Downgrading the sssd packages to the mantic version resolves the issue. It could be a regression or something the tests are doing wrong. I don't plan to investigate more since I don't really know sssd but I hope the details help somehow

tags: added: update-excuse
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks, Seb. I failed to notify here that I'm already on top of this. The same issue is affecting Debian, BTW.

Revision history for this message
Sebastien Bacher (seb128) wrote :

The configuration used by gdm is

[sssd]
enable_files_domain = True
services = pam
#certificate_verification =

[certmap/implicit_files/tester]
matchrule = <SUBJECT>.*Test Organization.*

[pam]
pam_cert_db_path = /tmp/sssd/example.pem
pam_cert_verification =
pam_cert_auth = True
pam_verbosity = 10
debug_level = 10

Could it be a behaviour change after https://github.com/SSSD/sssd/commit/b38fdc81 ? Should the configuration include a domain?

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Filed https://github.com/SSSD/sssd/issues/6838 asking for more details from upstream.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sssd - 2.9.1-2ubuntu1

---------------
sssd (2.9.1-2ubuntu1) mantic; urgency=medium

  * Merge with Debian unstable (LP: #2028722). Remaining changes:
    - d/control: Drop libgdm-dev Build-Depend on i386.
    - d/control: Don't build sssd-tools on i386, now uninstallable due
      to added python3-{click,systemd} dependencies.

sssd (2.9.1-2) unstable; urgency=medium

  [ Sergio Durigan Junior ]
  * Enable files provider.
    SSSD 2.9.0 has deprecated "id_provider = files", but that's still
    needed for smartcard authentication of local users.
    - d/rules: Build with "--with-files-provider".
    - d/sssd-common.install: Install libsss_files.so and sssd-files.5.
    (Closes: #1041438) (LP: #2028084)
  * d/rules: Remove deprecated options "--disable-files-domain".

sssd (2.9.1-1ubuntu1) mantic; urgency=medium

  * Merge with Debian unstable (LP: #2018112). Remaining changes:
    - d/control: Drop libgdm-dev Build-Depend on i386.
    - d/control: Don't build sssd-tools on i386, now uninstallable due
      to added python3-{click,systemd} dependencies.
  * Drop change:
    - d/rules: Fix 'find' syntax to remove '*.egg-info'
      files/directories.
      [ Incorporated by Debian. ]

 -- Sergio Durigan Junior <email address hidden> Wed, 26 Jul 2023 16:04:29 -0400

Changed in sssd (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.