install -m 0644 /wrkdirs/usr/ports/security/sssd/work/sssd-1.11.7/src/examples/sssd-example.conf /wrkdirs/usr/ports/security/sssd/work/stage/usr/local/etc/sssd/sssd.conf.sample /bin/ln -sf nss_sss.so /wrkdirs/usr/ports/security/sssd/work/stage/usr/local/lib/nss_sss.so.1 ====> Compressing man pages (compress-man) ===> Staging rc.d startup script(s) ----------------------------------------------------------------------- ...security/sssd # make showconfig ===> The following configuration options are available for sssd-1.11.7_19: DOCS=off: Build and/or install documentation SMB=on: Install IPA and AD providers (requires Samba4) ===> Use 'make config' to modify these settings ----------------------------------------------------------------------- ...security/sssd # make package ===> Building package for sssd-1.11.7_19 pkg-static: Unable to access file /wrkdirs/usr/ports/security/sssd/work/stageusr/local/lib/krb5/plugins/authdata/sssd_pac_plugin.so:No such file or directory pkg-static: Unable to access file /wrkdirs/usr/ports/security/sssd/work/stageusr/local/libexec/sssd/sssd_pac:No such file or directory pkg-static: Warning: @unexec is deprecated, please use @[pre|post]unexec *** Error code 1 Stop. make: stopped in /usr/ports/security/sssd
Created attachment 212367 [details] patch for pkg-plist
Created attachment 212446 [details] additional improvements on top of submitter's patch I added some improvements: * Regenerate patches with make makepatch * Reorder some variables in Makefile * use @postexec instead of @unexec
(In reply to Tommy P from comment #1) Thanks for bringing this to our attention! I attached a new patch with a few more changes. My intention is to commit them in a couple of days if the maintainer doesn't show up first. Cheers.
There's a PR opened to update the port. I think we should go with that and close this one. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241347
A commit references this bug: Author: fernape Date: Sun Mar 29 18:16:35 UTC 2020 New revision: 529824 URL: https://svnweb.freebsd.org/changeset/ports/529824 Log: security/sssd: fix package with SMB=on When the option SMB is ON, the port fails to package. While here: * Reorder Makefile variables * Change obsolete @unexec to @postexec * Rework patches to comply with makepatch format PR: 244778 Submitted by: tommyhp2@gmail.com Approved by: lukas.slebodnik@intrak.sk (maintainer, timeout) Changes: head/security/sssd/Makefile head/security/sssd/files/patch-Makefile.am head/security/sssd/files/patch-configure.ac head/security/sssd/files/patch-src__confdb__confdb.c head/security/sssd/files/patch-src__external__inotify.m4 head/security/sssd/files/patch-src__external__krb5.m4 head/security/sssd/files/patch-src__providers__krb5__krb5_delayed_online_authentication.c head/security/sssd/files/patch-src__providers__ldap__ldap_auth.c head/security/sssd/files/patch-src__providers__ldap__sdap_access.c head/security/sssd/files/patch-src__sss_client__common.c head/security/sssd/files/patch-src__sss_client__nss_group.c head/security/sssd/files/patch-src__sss_client__sss_nss.exports head/security/sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c head/security/sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c head/security/sssd/files/patch-src__util__find_uid.c head/security/sssd/files/patch-src__util__server.c head/security/sssd/files/patch-src__util__signal.c head/security/sssd/files/patch-src__util__sss_ldap.c head/security/sssd/files/patch-src__util__util.h head/security/sssd/pkg-plist
Committed, Thanks! bug #241347 doesn't seem to take off.
Sorry, r529824 breaks environments that require sssd_pac, by unconditionally removing it from pkg-plist. It is then built during the compilation but not installed. Trying to start sssd in such an environment leads to: (Tue Jul 14 22:38:57 2020) [sssd] [service_startup_handler] (0x0010): Could not exec /usr/local/libexec/sssd/sssd_pac -d 0x00f0 --debug-to-files, reason: No such file or directory I don't pretend to understand all the relationships between the individual parts of sssd, but simply dropping sssd_pac is obviously not a usable solution either. In my case (client attached to a RedHat IPA server), I had to roll back the port to r528058 in order to get a working sssd again. My guess is that sssd_pac depends on both, krb5 as well as SMB, so pkg-plist might have to take that into account. Reopening the PR since the current state is clearly "broken".
(In reply to Joerg Wunsch from comment #7) Hi Joerg, Do you have some solution to this?
(In reply to Fernando Apesteguía from comment #8) Sorry, I don't. I could only share my observation that the patch breaks it. I think the really best fix would be to proceed getting PR 241347 resolved, as this also finally resolves the "depends on Python 2.7" issue.
(In reply to Joerg Wunsch from comment #7) I checked and sssd_pac is not built for me, not even if configured with SMB. How do you see it is built but not installed? Thanks.
All I can say is it simply failed to work for me, due to the missing sssd_pac component. (Tue Jul 14 22:37:19:921420 2020) [sssd] [server_setup] (0x0040): Becoming a daemon. (Tue Jul 14 22:37:19 2020) [sssd] [service_startup_handler] (0x0010): Could not exec /usr/local/libexec/sssd/sssd_pac -d 0x0 0f0 --debug-to-files, reason: No such file or directory It took me quite a while to realize that sssd_pac was actually built but not installed, due to the previous commit. So I reverted the port to the second-to-last version, and everything went fine. I'm going to attach my build log for reference.
Created attachment 216875 [details] Build log showing sssd_pac is being built.
(In reply to Joerg Wunsch from comment #12) Thanks for the log. Just to sum up: * The port was broken before ports r529824. It failed to build with SMB=on because it did not install neither sssd_pac nor sssd_pac_plugin.so * I can't make it build those files regardless of the value of the SMB option * In the attached log, sssd_pac is not only built but installed in the staging area: libtool: install: /bin/sh /usr/ports/security/sssd/work/sssd-1.11.7/build/install-sh -c -s .libs/sssd_pac /usr/ports/security/sssd/work/stage/usr/local/libexec/sssd/sssd_pac It should be failing. It doesn't seem you are building this in poudriere, are you? If so, could you build with DEVELOPER=yes in /etc/make.conf to pass extra checks? I think there is an extra dependency that is needed to build sssd_pac that is in your host but not recorded in the ports Makefile so the configure script does not build that executable. I just can't find out what that is (the port already depends and installs security/krb5).
Created attachment 216885 [details] Patch to the ports tree I got it. security/sssd/files contains a patch in which the acceptable versions of kerberus are listed. In ports r526479 the default version for security/krb5 was bumped to 1.18 but the patch in security/sssd was not update. So it never met the conditions to build sssd_pac. I think in your case it builds and packs because you have installed security/krb5 < 1.18. I tested in poudriere: SMB=on * Builds OK and sssd_pac files are generated: root@12_1amd64-default:~ # pkg info -l sssd | grep sssd_pac /usr/local/lib/krb5/plugins/authdata/sssd_pac_plugin.so /usr/local/libexec/sssd/sssd_pac SMB=off * PAC files are not generated as expected.
Hi Joerg, Would you try the new patch? Thanks in advance.
As you have guessed, yes, this did not happen in a Poudriere here, but on a live system. I had to rebuild sssd after a security update on some other port – but krb5 was not updated (no security issues). I'll give your new patch a try.
Thanks, I can confirm this also works for krb5-1.17.1 (which is installed here). Since you tested it in Poudriere with krb5-1.18, I think all is fine now.
A commit references this bug: Author: fernape Date: Mon Aug 3 16:31:34 UTC 2020 New revision: 544081 URL: https://svnweb.freebsd.org/changeset/ports/544081 Log: security/sssd: Fix pkg-plist to include PAC files In PR 244778 this port was reported to fail during package. sssd_pac and others were not generated by the build process. They were removed from the pkg-plist and the issue closed (maintainer timed out). Recently joerg@ reported sssd_pac should be included. It turns out, files/patch-src_external_pac__responder.m4 needs to be updated whenever a version bump of security/krb5 occurs[1]. This is kind of obscure since building security/sssd with default options does not reproduce the problem (SMB=on is needed). [1] https://svnweb.freebsd.org/changeset/ports/526479 PR: 244778 Reported by: joerg@ Approved by: maintainer (timeout) MFH: 2020Q3 (plist fix) Changes: head/security/sssd/Makefile head/security/sssd/files/patch-src_external_pac__responder.m4 head/security/sssd/pkg-plist
A commit references this bug: Author: fernape Date: Mon Aug 3 18:09:21 UTC 2020 New revision: 544095 URL: https://svnweb.freebsd.org/changeset/ports/544095 Log: MFH: r544081 security/sssd: Fix pkg-plist to include PAC files In PR 244778 this port was reported to fail during package. sssd_pac and others were not generated by the build process. They were removed from the pkg-plist and the issue closed (maintainer timed out). Recently joerg@ reported sssd_pac should be included. It turns out, files/patch-src_external_pac__responder.m4 needs to be updated whenever a version bump of security/krb5 occurs[1]. This is kind of obscure since building security/sssd with default options does not reproduce the problem (SMB=on is needed). [1] https://svnweb.freebsd.org/changeset/ports/526479 PR: 244778 Reported by: joerg@ Approved by: maintainer (timeout) Approved by: ports-secteam@ (blanket, plist fix) Changes: _U branches/2020Q3/ branches/2020Q3/security/sssd/Makefile branches/2020Q3/security/sssd/files/patch-src_external_pac__responder.m4 branches/2020Q3/security/sssd/pkg-plist
Committed Thanks to all!
A commit references this bug: Author: fernape Date: Tue Aug 4 15:47:50 UTC 2020 New revision: 544175 URL: https://svnweb.freebsd.org/changeset/ports/544175 Log: security/sssd: Add comment in case of package fail Add a comment to give a clue in case of failure during the package phase. PR: 244778 Changes: head/security/sssd/Makefile
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=11964e74b9165c24b41ac8e6960f727d36ac4241 commit 11964e74b9165c24b41ac8e6960f727d36ac4241 Author: Fernando ApesteguÃa <fernape@FreeBSD.org> AuthorDate: 2021-04-15 10:52:38 +0000 Commit: Fernando ApesteguÃa <fernape@FreeBSD.org> CommitDate: 2021-04-16 17:06:28 +0000 security/sssd: Fix package with SMB=on While here, add comment in security/krb5 to remember the obscure dependency in security/sssd so it does not break again. PR: 244778 Reported by: tommyhp2@gmail.com Tested by: tommyhp2@gmail.com MFH: 2021Q2 (build fix) security/krb5/Makefile | 2 ++ security/sssd/Makefile | 2 +- security/sssd/files/patch-src__external__pac_responder.m4 | 9 ++++----- 3 files changed, 7 insertions(+), 6 deletions(-)
A commit in branch 2021Q2 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=40b825c32468f1f672b190c448e81dcb072e1725 commit 40b825c32468f1f672b190c448e81dcb072e1725 Author: Fernando ApesteguÃa <fernape@FreeBSD.org> AuthorDate: 2021-04-15 10:52:38 +0000 Commit: Fernando ApesteguÃa <fernape@FreeBSD.org> CommitDate: 2021-04-16 17:08:00 +0000 security/sssd: Fix package with SMB=on While here, add comment in security/krb5 to remember the obscure dependency in security/sssd so it does not break again. PR: 244778 Reported by: tommyhp2@gmail.com Tested by: tommyhp2@gmail.com MFH: 2021Q2 (build fix) (cherry picked from commit 11964e74b9165c24b41ac8e6960f727d36ac4241) security/krb5/Makefile | 2 ++ security/sssd/Makefile | 2 +- security/sssd/files/patch-src__external__pac_responder.m4 | 9 ++++----- 3 files changed, 7 insertions(+), 6 deletions(-)