-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update SSSD, move to portage-stable #2501
Conversation
First CI run succeeded, but I kicked off another one, since I added another user-patch and dropped two now-unused packages. |
Build action triggered: https://github.com/flatcar/scripts/actions/runs/12141170502 |
@@ -1 +1,11 @@ | |||
export ac_cv_member_struct_ldap_conncb_lc_arg=no |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wouldn't it be better to just keep this instead of adding the patch? Or if you're confident about this check being redundant, I could just add this line to Gentoo.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wanted to switch it to "yes", because our version of OpenLDAP has the lc_arg
member in struct ldap_conncb
and using it seems to allow SSSD to track some referrals or something (in general this seems to be preferred). But the "yes" case has a runtime check for a bug that was fixed 16 years ago. And we know that runtime checks and cross-compilation do go along.
I think that long-term my preferences would be in this order:
- Upstream to drop the runtime check, just like my user-patch is doing.
- Upstream adding a
--enable-ldap-conncb-i-know-what-i-am-doing
flag that skips the runtime check. - Gentoo taking my patch.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, I had it backwards. In that case, a better option may be to populate the 4th AC_RUN_IFELSE
argument, which is currently []
, to simply assume HAVE_LDAP_CONNCB=1
when cross-compiling. This seems like a reasonable compromise given how old that release is now. Upstream may be more willing to do that than drop the check entirely.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have filed a PR to SSSD, let's see how it goes - SSSD/sssd#7743
...c/third_party/coreos-overlay/coreos/user-patches/sys-auth/sssd/0001-enable-nss-lookups.patch
Outdated
Show resolved
Hide resolved
It's from Gentoo commit 2093b3c01a818dc3721376c181e7ae9b74f88508.
89101d4
to
9e68fda
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can wait on the outcome of our sssd patch discussion, but this is fine as-is in any case.
Spotted when dealing with updating sys-auth/sssd.
It's from Gentoo commit 2cc662627fc0706dd3f422180f0121afd3d8bdc5.
9e68fda
to
9cf97a6
Compare
CI: http://jenkins.infra.kinvolk.io:8080/job/container/job/packages_all_arches/5083/cldsv/
Closes flatcar/Flatcar#1489
--
sys-auth/sssd: [PROD] [DEV]
net-dns/bind-tools:
net-nds/openldap:
net-fs/samba:
profiles:
--
changelog/
directory (user-facing change, bug fix, security fix, update)/boot
and/usr
size, packages, list files for any missing binaries, kernel modules, config files, kernel modules, etc.