|Summary:||security/sssd: fails to package|
|Product:||Ports & Packages||Reporter:||Tommy P <tommyhp2>|
|Component:||Individual Port(s)||Assignee:||Fernando Apesteguía <fernape>|
|Severity:||Affects Only Me||CC:||fernape, joerg, lukas.slebodnik|
Description Tommy P 2020-03-12 21:43:49 UTC
install -m 0644 /wrkdirs/usr/ports/security/sssd/work/sssd-1.11.7/src/examples/sssd-example.conf /wrkdirs/usr/ports/security/sssd/work/stage/usr/local/etc/sssd/sssd.conf.sample /bin/ln -sf nss_sss.so /wrkdirs/usr/ports/security/sssd/work/stage/usr/local/lib/nss_sss.so.1 ====> Compressing man pages (compress-man) ===> Staging rc.d startup script(s) ----------------------------------------------------------------------- ...security/sssd # make showconfig ===> The following configuration options are available for sssd-1.11.7_19: DOCS=off: Build and/or install documentation SMB=on: Install IPA and AD providers (requires Samba4) ===> Use 'make config' to modify these settings ----------------------------------------------------------------------- ...security/sssd # make package ===> Building package for sssd-1.11.7_19 pkg-static: Unable to access file /wrkdirs/usr/ports/security/sssd/work/stageusr/local/lib/krb5/plugins/authdata/sssd_pac_plugin.so:No such file or directory pkg-static: Unable to access file /wrkdirs/usr/ports/security/sssd/work/stageusr/local/libexec/sssd/sssd_pac:No such file or directory pkg-static: Warning: @unexec is deprecated, please use @[pre|post]unexec *** Error code 1 Stop. make: stopped in /usr/ports/security/sssd
Comment 2 Fernando Apesteguía 2020-03-16 17:39:35 UTC
Created attachment 212446 [details] additional improvements on top of submitter's patch I added some improvements: * Regenerate patches with make makepatch * Reorder some variables in Makefile * use @postexec instead of @unexec
Comment 3 Fernando Apesteguía 2020-03-16 17:40:46 UTC
(In reply to Tommy P from comment #1) Thanks for bringing this to our attention! I attached a new patch with a few more changes. My intention is to commit them in a couple of days if the maintainer doesn't show up first. Cheers.
Comment 4 Fernando Apesteguía 2020-03-19 11:31:31 UTC
There's a PR opened to update the port. I think we should go with that and close this one. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241347
Comment 5 commit-hook 2020-03-29 18:17:19 UTC
A commit references this bug: Author: fernape Date: Sun Mar 29 18:16:35 UTC 2020 New revision: 529824 URL: https://svnweb.freebsd.org/changeset/ports/529824 Log: security/sssd: fix package with SMB=on When the option SMB is ON, the port fails to package. While here: * Reorder Makefile variables * Change obsolete @unexec to @postexec * Rework patches to comply with makepatch format PR: 244778 Submitted by: email@example.com Approved by: firstname.lastname@example.org (maintainer, timeout) Changes: head/security/sssd/Makefile head/security/sssd/files/patch-Makefile.am head/security/sssd/files/patch-configure.ac head/security/sssd/files/patch-src__confdb__confdb.c head/security/sssd/files/patch-src__external__inotify.m4 head/security/sssd/files/patch-src__external__krb5.m4 head/security/sssd/files/patch-src__providers__krb5__krb5_delayed_online_authentication.c head/security/sssd/files/patch-src__providers__ldap__ldap_auth.c head/security/sssd/files/patch-src__providers__ldap__sdap_access.c head/security/sssd/files/patch-src__sss_client__common.c head/security/sssd/files/patch-src__sss_client__nss_group.c head/security/sssd/files/patch-src__sss_client__sss_nss.exports head/security/sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c head/security/sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c head/security/sssd/files/patch-src__util__find_uid.c head/security/sssd/files/patch-src__util__server.c head/security/sssd/files/patch-src__util__signal.c head/security/sssd/files/patch-src__util__sss_ldap.c head/security/sssd/files/patch-src__util__util.h head/security/sssd/pkg-plist
Comment 6 Fernando Apesteguía 2020-03-29 18:21:39 UTC
Committed, Thanks! bug #241347 doesn't seem to take off.
Comment 7 Joerg Wunsch 2020-07-14 21:43:41 UTC
Sorry, r529824 breaks environments that require sssd_pac, by unconditionally removing it from pkg-plist. It is then built during the compilation but not installed. Trying to start sssd in such an environment leads to: (Tue Jul 14 22:38:57 2020) [sssd] [service_startup_handler] (0x0010): Could not exec /usr/local/libexec/sssd/sssd_pac -d 0x00f0 --debug-to-files, reason: No such file or directory I don't pretend to understand all the relationships between the individual parts of sssd, but simply dropping sssd_pac is obviously not a usable solution either. In my case (client attached to a RedHat IPA server), I had to roll back the port to r528058 in order to get a working sssd again. My guess is that sssd_pac depends on both, krb5 as well as SMB, so pkg-plist might have to take that into account. Reopening the PR since the current state is clearly "broken".
Comment 8 Fernando Apesteguía 2020-07-28 17:08:41 UTC
(In reply to Joerg Wunsch from comment #7) Hi Joerg, Do you have some solution to this?
Comment 9 Joerg Wunsch 2020-07-28 19:26:28 UTC
(In reply to Fernando Apesteguía from comment #8) Sorry, I don't. I could only share my observation that the patch breaks it. I think the really best fix would be to proceed getting PR 241347 resolved, as this also finally resolves the "depends on Python 2.7" issue.
Comment 10 Fernando Apesteguía 2020-07-30 06:34:15 UTC
(In reply to Joerg Wunsch from comment #7) I checked and sssd_pac is not built for me, not even if configured with SMB. How do you see it is built but not installed? Thanks.
Comment 11 Joerg Wunsch 2020-07-30 06:53:07 UTC
All I can say is it simply failed to work for me, due to the missing sssd_pac component. (Tue Jul 14 22:37:19:921420 2020) [sssd] [server_setup] (0x0040): Becoming a daemon. (Tue Jul 14 22:37:19 2020) [sssd] [service_startup_handler] (0x0010): Could not exec /usr/local/libexec/sssd/sssd_pac -d 0x0 0f0 --debug-to-files, reason: No such file or directory It took me quite a while to realize that sssd_pac was actually built but not installed, due to the previous commit. So I reverted the port to the second-to-last version, and everything went fine. I'm going to attach my build log for reference.
Comment 12 Joerg Wunsch 2020-07-30 07:00:40 UTC
Created attachment 216875 [details] Build log showing sssd_pac is being built.
Comment 13 Fernando Apesteguía 2020-07-30 16:45:18 UTC
(In reply to Joerg Wunsch from comment #12) Thanks for the log. Just to sum up: * The port was broken before ports r529824. It failed to build with SMB=on because it did not install neither sssd_pac nor sssd_pac_plugin.so * I can't make it build those files regardless of the value of the SMB option * In the attached log, sssd_pac is not only built but installed in the staging area: libtool: install: /bin/sh /usr/ports/security/sssd/work/sssd-1.11.7/build/install-sh -c -s .libs/sssd_pac /usr/ports/security/sssd/work/stage/usr/local/libexec/sssd/sssd_pac It should be failing. It doesn't seem you are building this in poudriere, are you? If so, could you build with DEVELOPER=yes in /etc/make.conf to pass extra checks? I think there is an extra dependency that is needed to build sssd_pac that is in your host but not recorded in the ports Makefile so the configure script does not build that executable. I just can't find out what that is (the port already depends and installs security/krb5).
Comment 14 Fernando Apesteguía 2020-07-30 17:56:17 UTC
Created attachment 216885 [details] Patch to the ports tree I got it. security/sssd/files contains a patch in which the acceptable versions of kerberus are listed. In ports r526479 the default version for security/krb5 was bumped to 1.18 but the patch in security/sssd was not update. So it never met the conditions to build sssd_pac. I think in your case it builds and packs because you have installed security/krb5 < 1.18. I tested in poudriere: SMB=on * Builds OK and sssd_pac files are generated: root@12_1amd64-default:~ # pkg info -l sssd | grep sssd_pac /usr/local/lib/krb5/plugins/authdata/sssd_pac_plugin.so /usr/local/libexec/sssd/sssd_pac SMB=off * PAC files are not generated as expected.
Comment 15 Fernando Apesteguía 2020-07-30 17:58:28 UTC
Hi Joerg, Would you try the new patch? Thanks in advance.
Comment 16 Joerg Wunsch 2020-07-30 20:14:20 UTC
As you have guessed, yes, this did not happen in a Poudriere here, but on a live system. I had to rebuild sssd after a security update on some other port – but krb5 was not updated (no security issues). I'll give your new patch a try.
Comment 17 Joerg Wunsch 2020-07-30 21:40:14 UTC
Thanks, I can confirm this also works for krb5-1.17.1 (which is installed here). Since you tested it in Poudriere with krb5-1.18, I think all is fine now.
Comment 18 commit-hook 2020-08-03 16:32:32 UTC
A commit references this bug: Author: fernape Date: Mon Aug 3 16:31:34 UTC 2020 New revision: 544081 URL: https://svnweb.freebsd.org/changeset/ports/544081 Log: security/sssd: Fix pkg-plist to include PAC files In PR 244778 this port was reported to fail during package. sssd_pac and others were not generated by the build process. They were removed from the pkg-plist and the issue closed (maintainer timed out). Recently joerg@ reported sssd_pac should be included. It turns out, files/patch-src_external_pac__responder.m4 needs to be updated whenever a version bump of security/krb5 occurs. This is kind of obscure since building security/sssd with default options does not reproduce the problem (SMB=on is needed).  https://svnweb.freebsd.org/changeset/ports/526479 PR: 244778 Reported by: joerg@ Approved by: maintainer (timeout) MFH: 2020Q3 (plist fix) Changes: head/security/sssd/Makefile head/security/sssd/files/patch-src_external_pac__responder.m4 head/security/sssd/pkg-plist
Comment 19 commit-hook 2020-08-03 18:09:55 UTC
A commit references this bug: Author: fernape Date: Mon Aug 3 18:09:21 UTC 2020 New revision: 544095 URL: https://svnweb.freebsd.org/changeset/ports/544095 Log: MFH: r544081 security/sssd: Fix pkg-plist to include PAC files In PR 244778 this port was reported to fail during package. sssd_pac and others were not generated by the build process. They were removed from the pkg-plist and the issue closed (maintainer timed out). Recently joerg@ reported sssd_pac should be included. It turns out, files/patch-src_external_pac__responder.m4 needs to be updated whenever a version bump of security/krb5 occurs. This is kind of obscure since building security/sssd with default options does not reproduce the problem (SMB=on is needed).  https://svnweb.freebsd.org/changeset/ports/526479 PR: 244778 Reported by: joerg@ Approved by: maintainer (timeout) Approved by: ports-secteam@ (blanket, plist fix) Changes: _U branches/2020Q3/ branches/2020Q3/security/sssd/Makefile branches/2020Q3/security/sssd/files/patch-src_external_pac__responder.m4 branches/2020Q3/security/sssd/pkg-plist
Comment 20 Fernando Apesteguía 2020-08-03 18:11:19 UTC
Committed Thanks to all!
Comment 21 commit-hook 2020-08-04 15:48:49 UTC
A commit references this bug: Author: fernape Date: Tue Aug 4 15:47:50 UTC 2020 New revision: 544175 URL: https://svnweb.freebsd.org/changeset/ports/544175 Log: security/sssd: Add comment in case of package fail Add a comment to give a clue in case of failure during the package phase. PR: 244778 Changes: head/security/sssd/Makefile