looking good!
** Changed in: sssd (Ubuntu)
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/903752
Title:
[MIR] sssd
To manage
Seeded it again and promoted sssd to main, we'll see what happens in
c-m.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/903752
Title:
[MIR] sssd
To manage notifications about this
alrighty, the transition is now done and 1.11.2-1 built against the new
samba, so seeding it should succeed now
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/903752
Title:
[MIR] sssd
Ok, I tried to seed it again, and I was thinking the seed would grab samba4
which is stuck in proposed, but it seems not:
o samba4: libdcerpc-dev libdcerpc-server-dev libdcerpc-server0 libdcerpc0
libgensec-dev libgensec0 libndr-dev libndr-standard-dev libndr-standard0
libndr0
forget samba4, it's obsoleted by the new samba :)
samba, OTOH is stuck in proposed for other reasons, mainly bug #1250463
blocking it (AIUI) from moving out of proposed. But sssd got built
against samba-dev which was right.
--
You received this bug notification because you are a member of
On Tue, Nov 19, 2013 at 07:10:17AM -, Didier Roche wrote:
Everything is green but samba4 (when I tried to seed it yesterday). Just
ping me once the MIR is approved and I'll handle it.
The samba4 source package should no longer be necessary in trusty, just the
samba source
package (which is
From my yesterday trying to seed sssd, there are some components
mismatched:
o samba4: libdcerpc-dev libdcerpc-server-dev libdcerpc-server0 libdcerpc0
libgensec-dev libgensec0 libndr-dev libndr-standard-dev libndr-standard0
libndr0 libparse-pidl-perl libregistry-dev libregistry0
the new samba is still in proposed, but I should probably upload a new
sssd to build against samba-dev instead of the old packages
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/903752
synced 1.11.1-1 from unstable, 1.11.2-1 will follow later.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/903752
Title:
[MIR] sssd
To manage notifications about this bug go to:
1.11.1-1 drops the build-dep entirely or should I wait on 1.11.2-1?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/903752
Title:
[MIR] sssd
To manage notifications about this bug go
so.. I realized that I could've synced 1.11.1-1 earlier, it was the
first release to build with the new samba source package based on 4.0.x
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
It build-depends on samba-dev, which is all that the new samba package
provides :) The old packages are no more.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/903752
Title:
[MIR]
as you see, it has built successfully:
https://launchpad.net/ubuntu/trusty/+source/sssd/1.11.1-1
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/903752
Title:
[MIR] sssd
To manage
Everything is green but samba4 (when I tried to seed it yesterday). Just
ping me once the MIR is approved and I'll handle it.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/903752
@Timo: something needs to pin sssd in main. So either seeding it in
the supported seed or installed by default. It seems you want the first
one, right?
Just waiting on djing-libs to be fixed/acked and if you agree with
seeding that one to the support seed, I'll promote/do it.
--
You received
ok, forget about:
* libdhash-dev binary and source package is in universe
* libcollection-dev binary and source package is in universe
* libini-config-dev binary and source package is in universe
they are all from djing-libs (not obvious from the name) ;)
However, there are still the 2 (now
Hum, I just ran check-mir on sssd and it seems quite some build-deps are
still not in main with the latest release, Timo can you have look
please?
* libpam-dev does not exist (pure virtual?)
* libdhash-dev binary and source package is in universe
* libcollection-dev binary and source package
thanks for the review, now the answers;
libpam-dev is build-depended by 82 packages, but I've changed it in git
now to use 'libpam0g-dev | libpam-dev'
I don't think this will be seeded (in the image?), it was just generally
requested that SSSD to be moved in main to make it clear it's supported.
samba 4.0.10 is now in depwait (due to ldb, libparse-yapp-perl,
faketime)
** Changed in: samba (Ubuntu)
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
dropped ldb from here, it has a MIR of it's own:
https://bugs.launchpad.net/ubuntu/+source/ldb/+bug/1250463
** No longer affects: ldb (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
and now ding-libs has one too: https://bugs.launchpad.net/ubuntu/+source
/ding-libs/+bug/1250467
** No longer affects: ding-libs (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
..and libpwquality already had an old MIR where the pam-module was not
promoted at that time, but I've reopened it now:
https://bugs.launchpad.net/ubuntu/+source/libpwquality/+bug/1017285
** No longer affects: libpwquality (Ubuntu)
--
You received this bug notification because you are a member
no need to move samba4 in main, we'll need to merge samba 4.0.x from
debian instead
** Package changed: samba4 (Ubuntu) = samba (Ubuntu)
** Changed in: samba (Ubuntu)
Importance: Undecided = Medium
--
You received this bug notification because you are a member of Ubuntu
Server Team, which
Didier, can you look at this bug again and figure out what needs to
happen next?
** Changed in: ding-libs (Ubuntu)
Assignee: (unassigned) = Didier Roche (didrocks)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
Well, I still need to file a MIR for libpwquality, and a separate one
for ding-libs if needed (it got split off sssd some time ago)
and actually, when the new samba is merged ldb will move to main, so
having it here is probably unnecessary
--
You received this bug notification because you are a
** Changed in: tevent (Ubuntu)
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/903752
Title:
[MIR] sssd
To manage notifications about this bug
** Also affects: libpwquality (Ubuntu)
Importance: Undecided
Status: New
** No longer affects: libnl (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/903752
Title:
** Description changed:
+ sssd ding-libs (which got split off sssd at some point):
+
1. Availability:
- in universe for some time
2. Rationale:
- https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-sssd-mir
3. Security:
- no current CVE
- five CVE reports in the
closing the libnl task, sssd 1.10 will build against libnl3 anyway, and
looks like netcf got fixed as well
** Changed in: libnl (Ubuntu)
Status: Confirmed = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug
libsemanage is in main now
** Changed in: libsemanage (Ubuntu)
Status: Won't Fix = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/903752
Title:
[MIR] sssd
To
As for the rest of the packages, Didier asked earlier:
- for the remaining build-dep (as the tevent discussion was sorted), I would
appreciated pointers to MIR bugs (with the full rationale, build-dep check,
quality package check) for the 3 others introduced build-dep in main:
* ding-libs
Any chance of getting this MIR done for libnl? The new version of netcf
won't build until libnl is in main:
https://launchpad.net/ubuntu/+source/netcf/1:0.2.0-5
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
FYI, I just ACK'd ustr and libsemanage in bug #1077484.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/903752
Title:
[MIR] sssd
To manage notifications about this bug go to:
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: samba4 (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/903752
Note that samba4 build-depends on some packages that are not in main,
most notably subunit (MIR @ bug 780767), heimdal and libparse-yapp-perl.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
Adding samba4 to the mix, as the new PAC responder needs it. It's
currently disabled from the package, but I'll re-enable once R opens.
Also, I'd rather just sync it from Debian if we could get libsemanage in
main as well. There's no other diff than what's caused by the rather
artificial
Ok, finally having the time to look at it, here is my feedback:
- apparmor profile will greatly be appreciated (if not done already),
- dropping semanage buil-dep and using --without-semanage would be appreciated
seeing the implication of it and the new build-dep it introduces having
compiler
Didier, can you look at the rest of this set of MIRs? (Jamie did the
security-sensitive one it looks like.)
** Changed in: ding-libs (Ubuntu)
Assignee: (unassigned) = Didier Roche (didrocks)
** Changed in: libnl (Ubuntu)
Status: New = Confirmed
--
You received this bug
** Also affects: libnl (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/903752
Title:
[MIR] sssd
To manage notifications about this
yeah adding a profile for apparmor is a good idea, I'll add a bug about
it.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/903752
Title:
[MIR] sssd
To manage notifications about this
Security review:
While there have been CVEs, they were fixed in a reasonable amount of
time and with minimal code changes. Upstream is responsive as well.
Redhat and Fedora have sssd in there repos and they receive security
updates, so we can coordinate with others. Interestingly, rhel6 and
Interestingly, rhel6 and Debian still have sssd 1.2. This is not true
about RHEL 6 (exactly). RHEL 6.0 shipped with SSSD 1.2, but RHEL 6.1 and
6.2 shipped with SSSD 1.5. Our expectation is for RHEL 6.3 to update to
SSSD 1.8.0 (the upcoming upstream LTM release). Each Fedora release sees
the latest
Jamie, thank you for the review!
Debian will have 1.5.16 as soon as I've passed the Debian Maintainership
process, if not uploaded by a sponsor earlier. I'm also hopeful that
squeeze will get 1.8.x which is what I'm preparing for precise as well,
since it's the next LTM release as Stephen pointed
Hi Timo, Jamie,
On 02/10/2012 08:22 PM, Timo Aaltonen wrote:
Jamie, thank you for the review!
Debian will have 1.5.16 as soon as I've passed the Debian Maintainership
process, if not uploaded by a sponsor earlier. I'm also hopeful that
squeeze will get 1.8.x which is what I'm preparing for
Jelmer, that would be great. I'll ping you early next week. Ding-libs
needs to go first and sssd after that.
ps. I have a whole lot of other packages too if you're interested to
sponsor them (389ds, freeipa related) ;)
--
You received this bug notification because you are a member of Ubuntu
On 02/10/2012 09:30 PM, Timo Aaltonen wrote:
Jelmer, that would be great. I'll ping you early next week. Ding-libs
needs to go first and sssd after that.
Cool - I'm 'jelmer' on IRC.
ps. I have a whole lot of other packages too if you're interested to
sponsor them (389ds, freeipa related) ;)
Stephen,
Interestingly, rhel6 and Debian still have sssd 1.2. This is not true
about RHEL 6 (exactly). Ah, that is reassuring. I must have looked at
an old manifest. Thanks for clarifying that point.
As for upstream being responsive, I hope this qualified :) I would say
so. Thanks! :)
--
You
BTW, while not a condition of this MIR, it sounds like sssd would be a
great candidate for an apparmor profile-- runs privileged and processes
network traffic but its actions are well known and predictable. If
someone is up for it, feel free to ask for help in #ubuntu-hardened on
Freenode or
Unattaching from
https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-sssd-mir to
fix WI tracker
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/903752
Title:
[MIR] sssd
To
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: ding-libs (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: ldb (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/903752
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: libsemanage (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: sssd (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/903752
looks like the issue about tevent has been replied.
** Changed in: tevent (Ubuntu)
Status: Incomplete = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/903752
Title:
About the libsemanage dependency; as far as I understand, it's only
needed if the host is using SELinux together with sssd configured with a
'local' domain (so that pam_sssd handles local accounts). So if we are
not interested in fully supporting SELinux in main, the build-dep could
be dropped.
Notes from upstream:
1) The libsemanage dependency can be dropped by passing --without-
semanage as an argument to configure. (Similarly, we also have a
--without-selinux option that removes the other SELinux features used by
the sss_[user|group]_* tools.) These features are available so that
we just did avoid promoting libev, having libevent already in main.
libverto in main does provide an abstraction layer for all these event
libraries. please check to use either libverto, or libevent directly.
** Changed in: tevent (Ubuntu)
Status: New = Incomplete
** Changed in: sssd
libverto or libevent don't provide integration for talloc, which is one
of the key features of libtevent.
At the very least you would need a wrapper layer in libldb and sssd
around libevent or libverto.
Samba 4/OpenChange/Evolution-mapi (in universe) also rely on tevent and
the fact that libldb
58 matches
Mail list logo
