From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 0B44215813A for ; Wed, 15 Jan 2025 11:19:52 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 40E53E077D; Wed, 15 Jan 2025 11:19:51 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 251E9E077D for ; Wed, 15 Jan 2025 11:19:51 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 5087A342FE8 for ; Wed, 15 Jan 2025 11:19:50 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 7897B1677 for ; Wed, 15 Jan 2025 11:19:48 +0000 (UTC) From: "James Le Cuirot" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "James Le Cuirot" Message-ID: <1736939980.9db809c247db30d4e25e4d61f7b6092633349a94.chewi@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: sys-auth/sssd/, sys-auth/sssd/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: sys-auth/sssd/files/sssd-2.9.6-conditional-python-install.patch sys-auth/sssd/sssd-2.10.1.ebuild sys-auth/sssd/sssd-2.9.6-r1.ebuild X-VCS-Directories: sys-auth/sssd/files/ sys-auth/sssd/ X-VCS-Committer: chewi X-VCS-Committer-Name: James Le Cuirot X-VCS-Revision: 9db809c247db30d4e25e4d61f7b6092633349a94 X-VCS-Branch: master Date: Wed, 15 Jan 2025 11:19:48 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 587cbf2f-3679-44ff-8d40-cc306aae140e X-Archives-Hash: 59fbec14a1536cf7dbb193eb3999b9d2 commit: 9db809c247db30d4e25e4d61f7b6092633349a94 Author: James Le Cuirot gentoo org> AuthorDate: Tue Jan 14 12:12:52 2025 +0000 Commit: James Le Cuirot gentoo org> CommitDate: Wed Jan 15 11:19:40 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9db809c2 sys-auth/sssd: Make Python optional at runtime again I can't see any reason why this was changed. No upstream changes have been made in this area recently. Flatcar needs sssd but needs to avoid Python at runtime. Signed-off-by: James Le Cuirot gentoo.org> .../sssd-2.9.6-conditional-python-install.patch | 16 +++ sys-auth/sssd/sssd-2.10.1.ebuild | 34 +++++-- .../{sssd-2.10.1.ebuild => sssd-2.9.6-r1.ebuild} | 113 ++++++++------------- 3 files changed, 80 insertions(+), 83 deletions(-) diff --git a/sys-auth/sssd/files/sssd-2.9.6-conditional-python-install.patch b/sys-auth/sssd/files/sssd-2.9.6-conditional-python-install.patch new file mode 100644 index 000000000000..ff479dee7f5b --- /dev/null +++ b/sys-auth/sssd/files/sssd-2.9.6-conditional-python-install.patch @@ -0,0 +1,16 @@ +diff '--color=auto' -Naur a/Makefile.am b/Makefile.am +--- a/Makefile.am 2024-12-05 12:16:16.000000000 +0000 ++++ b/Makefile.am 2025-01-14 12:31:45.831435116 +0000 +@@ -21,7 +21,11 @@ + endif + + SUBDIRS += . src/tests/cwrap src/tests/intg src/tests/test_CA \ +- src/tests/test_ECC_CA src/tools/analyzer ++ src/tests/test_ECC_CA ++ ++if BUILD_PYTHON_BINDINGS ++SUBDIRS += src/tools/analyzer ++endif + + # Some old versions of automake don't define builddir + builddir ?= . diff --git a/sys-auth/sssd/sssd-2.10.1.ebuild b/sys-auth/sssd/sssd-2.10.1.ebuild index 471fd5425c7f..ac25e1ae37a2 100644 --- a/sys-auth/sssd/sssd-2.10.1.ebuild +++ b/sys-auth/sssd/sssd-2.10.1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2024 Gentoo Authors +# Copyright 1999-2025 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -23,8 +23,8 @@ fi LICENSE="GPL-3" SLOT="0" -IUSE="doc +netlink nfsv4 nls passkey samba selinux systemd systemtap test" -REQUIRED_USE=" ( ${PYTHON_REQUIRED_USE} ) " +IUSE="doc +netlink nfsv4 nls passkey python samba selinux systemd systemtap test" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" RESTRICT="!test? ( test )" DEPEND=" @@ -54,11 +54,13 @@ DEPEND=" nfsv4? ( >=net-fs/nfs-utils-2.3.1-r2 ) nls? ( >=sys-devel/gettext-0.18 ) passkey? ( dev-libs/libfido2:= ) - ${PYTHON_DEPS} - systemd? ( - $(python_gen_cond_dep ' - dev-python/python-systemd[${PYTHON_USEDEP}] - ') + python? ( + ${PYTHON_DEPS} + systemd? ( + $(python_gen_cond_dep ' + dev-python/python-systemd[${PYTHON_USEDEP}] + ') + ) ) samba? ( >=net-fs/samba-4.10.2[winbind] ) selinux? ( @@ -102,6 +104,7 @@ CONFIG_CHECK="~KEYS" PATCHES=( "${FILESDIR}/${PN}-2.8.2-krb5_pw_locked.patch" + "${FILESDIR}/${PN}-2.9.6-conditional-python-install.patch" "${FILESDIR}/${PN}-2.10.0_beta2-fix-systemd-systemconfdir.patch" ) @@ -250,7 +253,7 @@ multilib_src_configure() { --with-subid $(use_enable systemtap) --without-python2-bindings - $(multilib_native_with python3-bindings) + $(multilib_native_use_with python python3-bindings) # Annoyingly configure requires that you pick systemd XOR sysv --with-initscript=$(usex systemd systemd sysv) --with-sssd-user=sssd @@ -305,8 +308,10 @@ multilib_src_test() { multilib_src_install() { if multilib_is_native_abi; then emake -j1 DESTDIR="${D}" install - python_fix_shebang "${ED}" - python_optimize + if use python; then + python_fix_shebang "${ED}" + python_optimize + fi else # easier than playing with automake... dopammod .libs/pam_sss.so @@ -362,8 +367,15 @@ multilib_src_install_all() { pkg_postinst() { tmpfiles_process sssd-tmpfiles.conf + echo elog "You must set up sssd.conf (default installed into /etc/sssd)" elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" elog "features." + echo optfeature "Kerberos keytab renew (see krb5_renew_interval)" app-crypt/adcli + + if ! use python; then + echo + ewarn "sssctl analyze will not work because the python USE flag is disabled." + fi } diff --git a/sys-auth/sssd/sssd-2.10.1.ebuild b/sys-auth/sssd/sssd-2.9.6-r1.ebuild similarity index 78% copy from sys-auth/sssd/sssd-2.10.1.ebuild copy to sys-auth/sssd/sssd-2.9.6-r1.ebuild index 471fd5425c7f..a34213b26ee2 100644 --- a/sys-auth/sssd/sssd-2.10.1.ebuild +++ b/sys-auth/sssd/sssd-2.9.6-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2024 Gentoo Authors +# Copyright 1999-2025 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -9,12 +9,13 @@ PLOCALE_BACKUP="sv" PYTHON_COMPAT=( python3_{10..12} ) inherit autotools linux-info multilib-minimal optfeature plocale \ - python-single-r1 pam systemd tmpfiles udev toolchain-funcs + python-single-r1 pam systemd toolchain-funcs DESCRIPTION="System Security Services Daemon provides access to identity and authentication" HOMEPAGE="https://github.com/SSSD/sssd" if [[ ${PV} != 9999 ]]; then SRC_URI="https://github.com/SSSD/sssd/releases/download/${PV}/${P}.tar.gz" + KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" else inherit git-r3 EGIT_REPO_URI="https://github.com/SSSD/sssd.git" @@ -23,8 +24,8 @@ fi LICENSE="GPL-3" SLOT="0" -IUSE="doc +netlink nfsv4 nls passkey samba selinux systemd systemtap test" -REQUIRED_USE=" ( ${PYTHON_REQUIRED_USE} ) " +IUSE="acl doc +netlink nfsv4 nls passkey python samba selinux systemd systemtap test" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" RESTRICT="!test? ( test )" DEPEND=" @@ -40,25 +41,26 @@ DEPEND=" >=net-dns/bind-tools-9.9[gssapi] >=net-dns/c-ares-1.10.0-r1:=[${MULTILIB_USEDEP}] >=net-nds/openldap-2.4.30:=[sasl,experimental] - net-fs/cifs-utils[acl] >=sys-apps/dbus-1.6 >=sys-apps/keyutils-1.5:= - sys-libs/libcap >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] >=sys-libs/talloc-2.0.7 >=sys-libs/tdb-1.2.9 >=sys-libs/tevent-0.9.16 virtual/ldb:= virtual/libintl + acl? ( net-fs/cifs-utils[acl] ) netlink? ( dev-libs/libnl:3 ) nfsv4? ( >=net-fs/nfs-utils-2.3.1-r2 ) nls? ( >=sys-devel/gettext-0.18 ) passkey? ( dev-libs/libfido2:= ) - ${PYTHON_DEPS} - systemd? ( - $(python_gen_cond_dep ' - dev-python/python-systemd[${PYTHON_USEDEP}] - ') + python? ( + ${PYTHON_DEPS} + systemd? ( + $(python_gen_cond_dep ' + dev-python/python-systemd[${PYTHON_USEDEP}] + ') + ) ) samba? ( >=net-fs/samba-4.10.2[winbind] ) selinux? ( @@ -71,19 +73,16 @@ DEPEND=" ) systemtap? ( dev-debug/systemtap )" RDEPEND="${DEPEND} - acct-user/sssd - acct-group/sssd passkey? ( sys-apps/pcsc-lite[policykit] ) selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )" BDEPEND=" - acct-user/sssd - acct-group/sssd - sys-libs/libcap virtual/pkgconfig + app-text/docbook-xml-dtd:4.4 + >=dev-libs/libxslt-1.1.26 ${PYTHON_DEPS} doc? ( app-text/doxygen ) - nls? ( app-text/po4a - sys-devel/gettext ) + nls? ( sys-devel/gettext + app-text/po4a ) test? ( dev-libs/check dev-libs/softhsm:2 @@ -94,15 +93,13 @@ BDEPEND=" sys-libs/pam_wrapper sys-libs/uid_wrapper ) - app-text/docbook-xml-dtd:4.4 - >=dev-libs/libxslt-1.1.26 " CONFIG_CHECK="~KEYS" PATCHES=( "${FILESDIR}/${PN}-2.8.2-krb5_pw_locked.patch" - "${FILESDIR}/${PN}-2.10.0_beta2-fix-systemd-systemconfdir.patch" + "${FILESDIR}/${PN}-2.9.6-conditional-python-install.patch" ) MULTILIB_WRAPPED_HEADERS=( @@ -116,41 +113,9 @@ MULTILIB_WRAPPED_HEADERS=( /usr/include/sss_certmap.h ) -sssd_migrate_files() { - if has_version "<=sys-auth/sssd-2.9.9999" - then - einfo "Checking if sssd is running" - if [ -f /run/sssd.pid ] - then - elog "Please stop sssd after installing before" - elog "performing the migration process" - fi - einfo "Checking if /var/lib/sss ownership" - if [ -d /var/lib/sss ] && [ $(stat -c "%U:%G" /var/lib/sss) != "sssd:sssd" ] - then - elog "After installing, please execute" - elog "chown -R sssd:sssd /var/lib/sss" - fi - einfo "Checking if /var/log/sssd ownership" - if [ -d /var/log/sssd ] && [ $(stat -c "%U:%G" /var/log/sssd) != "sssd:sssd" ] - then - elog "After installing, please execute" - elog "chown -R sssd:sssd /var/log/sssd" - fi - einfo "Checking if /etc/sssd ownership" - if ! use systemd && [ -d /etc/sssd ] && [ $(stat -c "%U:%G" /etc/sssd) != "root:sssd" ] - then - elog "After installing, please execute" - elog "chown -R root:sssd /etc/sssd" - fi - fi -} - pkg_setup() { linux-info_pkg_setup python-single-r1_pkg_setup - - sssd_migrate_files } src_prepare() { @@ -187,12 +152,6 @@ src_prepare() { Makefile.am \ || die - # requires valgrind headers installed - sed -i \ - -e '/^\s*test_iobuf[ \\]*$/d' \ - Makefile.am \ - || die - eautoreconf multilib_copy_sources @@ -201,6 +160,11 @@ src_prepare() { src_configure() { local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1 || die) + # Workaround for bug #938302 + if use systemtap && has_version "dev-debug/systemtap[-dtrace-symlink(+)]" ; then + export DTRACE="${BROOT}"/usr/bin/stap-dtrace + fi + multilib-minimal_src_configure } @@ -212,9 +176,9 @@ multilib_src_configure() { --localstatedir="${EPREFIX}"/var --runstatedir="${EPREFIX}"/run --sbindir="${EPREFIX}"/usr/sbin - --with-pid-path="${EPREFIX}"/run/sssd + --with-pid-path="${EPREFIX}"/run --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd - --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir) + --enable-pammoddir="${EPREFIX}$(getpam_mod_dir)" --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb --with-db-path="${EPREFIX}"/var/lib/sss/db --with-gpo-cache-path="${EPREFIX}"/var/lib/sss/gpo_cache @@ -223,8 +187,6 @@ multilib_src_configure() { --with-mcache-path="${EPREFIX}"/var/lib/sss/mc --with-secrets-db-path="${EPREFIX}"/var/lib/sss/secrets --with-log-path="${EPREFIX}"/var/log/sssd - --with-tmpfilesdir=/usr/lib/tmpfiles.d - --with-udevrulesdir="$(get_udevdir)/rules.d" --with-kcm --enable-kcm-renewal --with-os=gentoo @@ -234,8 +196,9 @@ multilib_src_configure() { --disable-valgrind $(use_with samba) --with-smb-idmap-interface-version=6 - --enable-cifs-idmap-plugin + $(multilib_native_use_enable acl cifs-idmap-plugin) $(multilib_native_use_with selinux) + $(multilib_native_use_with selinux semanage) --enable-krb5-locator-plugin $(use_enable samba pac-responder) $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin) @@ -250,11 +213,12 @@ multilib_src_configure() { --with-subid $(use_enable systemtap) --without-python2-bindings - $(multilib_native_with python3-bindings) + $(multilib_native_use_with python python3-bindings) # Annoyingly configure requires that you pick systemd XOR sysv --with-initscript=$(usex systemd systemd sysv) - --with-sssd-user=sssd - CPPFLAGS="${CPPFLAGS} -I/usr/include/samba-4.0" + KRB5_CONFIG="${ESYSROOT}"/usr/bin/krb5-config + # Needed for Samba 4.21 + CPPFLAGS="${CPPFLAGS} -I${ESYSROOT}/usr/include/samba-4.0" ) use systemd && myconf+=( @@ -305,8 +269,10 @@ multilib_src_test() { multilib_src_install() { if multilib_is_native_abi; then emake -j1 DESTDIR="${D}" install - python_fix_shebang "${ED}" - python_optimize + if use python; then + python_fix_shebang "${ED}" + python_optimize + fi else # easier than playing with automake... dopammod .libs/pam_sss.so @@ -347,8 +313,6 @@ multilib_src_install_all() { keepdir /var/lib/sss/pubconf/krb5.include.d keepdir /var/lib/sss/secrets keepdir /var/log/sssd - keepdir /etc/sssd/conf.d - keepdir /etc/sssd/pki # strip empty dirs if ! use doc; then @@ -361,9 +325,14 @@ multilib_src_install_all() { } pkg_postinst() { - tmpfiles_process sssd-tmpfiles.conf elog "You must set up sssd.conf (default installed into /etc/sssd)" elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" elog "features." + echo optfeature "Kerberos keytab renew (see krb5_renew_interval)" app-crypt/adcli + + if ! use python; then + echo + ewarn "sssctl analyze will not work because the python USE flag is disabled." + fi }