Merge ~sergiodj/ubuntu/+source/sssd:merge-2.7.1-2-kinetic into ubuntu/+source/sssd:debian/sid

Proposed by Sergio Durigan Junior
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merge reported by: Sergio Durigan Junior
Merged at revision: 35712e4711fbb023a05e53791f2839d478d93b8b
Proposed branch: ~sergiodj/ubuntu/+source/sssd:merge-2.7.1-2-kinetic
Merge into: ubuntu/+source/sssd:debian/sid
Diff against target: 309 lines (+234/-3)
2 files modified
debian/changelog (+230/-0)
debian/control (+4/-3)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Andreas Hasenack (community) Approve
Canonical Server Pending
Review via email: mp+424698@code.staging.launchpad.net

Description of the change

This is the merge of sssd 2.7.1-2 from Debian unstable.

The merge itself was simple, and we're actually able to even drop one of our deltas (the LTO one). The rest of our delta is very Ubuntu-specific and I don't see us getting rid of it anytime soon, but it's also very easy to maintain.

This new upstream release fixes a bunch of bugs, including one that I reported to upstream a while ago and is causing authentication failures (see bug #1934997). I looked at the current list of bugs for the package and couldn't find anything else that may be fixed by this new release.

There was a problem with version 2.7.1-1 (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012502) but that's been fixed by 2.7.1-2 which backports an upstream patch (https://github.com/SSSD/sssd/pull/6204). This should be part of the next minor release.

There's a PPA with the proposed changes here:

https://launchpad.net/~sergiodj/+archive/ubuntu/sssd-merge/+packages

The builds are still running. Once they finish, I'll trigger autopkgtests and post the results here.

To post a comment you must log in.
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Hm, the i386 build has failed due to missing dependencies. sssd unfortunately has this problem... I will check with the AA and see if it's possible to include those deps on i386.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Status update: the new sssd introduces a new binary package called sssd-idp, which provides Kerberos plugins that are required to enable authentication against external identity providers. It also provides a helper program to handle the OAuth 2.0 Device Authorization Grant is provided.

This new binary package requires a few more Build-Dependends to be built:

- libcurl4-openssl-dev
- libjose-dev
- libkrad-dev

Of those, only libjose-dev isn't available on i386, and that's what's causing the FTBFS right now. I pinged vorlon on IRC and asked him if it's possible to add the jose package to i386, given that jose's build dependencies are all available on i386, and the fact that this is not the first time this i386 conundrun has happened.

I'm waiting on his reply to proceed with this MP.

I also think it's important to mention that this new binary package, once accepted, will land in universe. I talked to Andreas in private and we think that it should be fine to keep sssd-idp in universe for this cycle while we gather more information about its role in the bigger sssd picture. We can certainly revisit this next cycle and consider doing an MRI for it.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

<vorlon> | sergiodj: I would prefer you do the upload first so we can see via update_excuses what needs to be done and follow through

Therefore, I'm marking this MP as Needs Review again. Bear in mind that the build is currently failing on i386.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I'll grab this

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

> I talked to Andreas in private and we think that it should be fine to keep sssd-idp in universe
> for this cycle

Just reiterating this. Check out these upstream release notes about sssd-idp[1]:
"""
Added a new krb5 plugin idp and a new binary oidc_child which performs OAuth2 authentication against FreeIPA. This, however, can not be tested yet because this feature is still under development on the FreeIPA server side. Nevertheless, we have decided to include this in the release in order to enable the functionality on the clients immediately when the FreeIPA project delivers this feature without the need to update the clients.
"""

1. https://sssd.io/release-notes/sssd-2.7.0.html

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I think you can merge these two commits. Usually in logical, but if you want to do it now on top of debian/sid that's also fine:

commit d36036c652ab62d942eb2a8f8fa800fea6a78e3e
Author: Sergio Durigan Junior <email address hidden>
Date: Mon Feb 14 16:16:18 2022 -0500

        - Remember how architecture lists in debian/control work.

commit 0d33597c0bec4a96959d9a770b7d2681707ab8e9
Author: Sergio Durigan Junior <email address hidden>
Date: Mon Feb 14 16:15:29 2022 -0500

        - d/control: Don't build sssd-tools on i386, now uninstallable due
          to added python3-{click,systemd} dependencies.

DEP8 tests look good as well. I'm unsure what vorlon expects to see after the upload, since i386 won't build, and thus won't migrate.

+1

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

On Monday, June 20 2022, Andreas Hasenack wrote:

> Review: Approve

Thanks for the review, Andreas.

> I think you can merge these two commits. Usually in logical, but if you want to do it now on top of debian/sid that's also fine:
>
> commit d36036c652ab62d942eb2a8f8fa800fea6a78e3e
> Author: Sergio Durigan Junior <email address hidden>
> Date: Mon Feb 14 16:16:18 2022 -0500
>
> - Remember how architecture lists in debian/control work.
>
> commit 0d33597c0bec4a96959d9a770b7d2681707ab8e9
> Author: Sergio Durigan Junior <email address hidden>
> Date: Mon Feb 14 16:15:29 2022 -0500
>
> - d/control: Don't build sssd-tools on i386, now uninstallable due
> to added python3-{click,systemd} dependencies.
>

Done, thanks.

> DEP8 tests look good as well. I'm unsure what vorlon expects to see after the upload, since i386 won't build, and thus won't migrate.

Uploaded:

$ dput sssd_2.7.1-2ubuntu1_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/sssd/sssd_2.7.1-2ubuntu1_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/sssd/sssd_2.7.1-2ubuntu1.dsc: Valid signature from 106DA1C8C3CBBF14
Package includes an .orig.tar.gz file although the debian revision suggests
that it might not be required. Multiple uploads of the .orig.tar.gz may be
rejected by the upload queue management software.
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading sssd_2.7.1-2ubuntu1.dsc: done.
  Uploading sssd_2.7.1.orig.tar.gz: done.
  Uploading sssd_2.7.1.orig.tar.gz.asc: done.
  Uploading sssd_2.7.1-2ubuntu1.debian.tar.xz: done.
  Uploading sssd_2.7.1-2ubuntu1_source.buildinfo: done.
  Uploading sssd_2.7.1-2ubuntu1_source.changes: done.
Successfully uploaded packages.

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: sergiodj, ahasenack
Uploaders: sergiodj, ahasenack
MP auto-approved

review: Approve

There was an error fetching revisions from git servers. Please try again in a few minutes. If the problem persists, contact Launchpad support.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches