On Tue, 2020-05-19 at 13:09 +0200, Pavel Březina wrote: Tried to build 2.3.0 and got this: ./configure --prefix=/usr --build=i686-pc-linux-gnu --host=i686-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --disable-dependency-tracking --disable-silent-rules --docdir=/usr/share/doc/sssd-2.3.0 --htmldir=/usr/share/doc/sssd-2.3.0/html --with-sysroot=/ --libdir=/usr/lib32 --localstatedir=/var --enable-nsslibdir=/lib32 --with-plugin-path=/usr/lib32/sssd --enable-pammoddir=//lib32/security --with-ldb-lib-dir=/usr/lib32/samba/ldb --with-os=gentoo --with-nscd --with-unicode-lib=glib2 --disable-rpath --disable-silent-rules --sbindir=/usr/sbin --without-kcm --with-libwbclient --with-smb-idmap-interface-version=6 --with-secrets --without-samba --disable-cifs-idmap-plugin --without-selinux --without-semanage --enable-krb5-locator-plugin --without-nfsv4-idmapd-plugin --enable-nls --without-libnl --without-manpages --without-sudo --without-autofs --without-ssh --with-crypto=nss --with-initscript=sysv --without-python2-bindings --without-python3-bindings KRB5_CONFIG=/usr/bin/i686-pc-linux-gnu-krb5-config POPT_CFLAGS= POPT_LIBS= TALLOC_CFLAGS= TALLOC_LIBS= TDB_CFLAGS= TDB_LIBS= TEVENT_CFLAGS= TEVENT_LIBS= LDB_CFLAGS= LDB_LIBS= DHASH_CFLAGS= DHASH_LIBS= COLLECTION_CFLAGS= COLLECTION_LIBS= INI_CONFIG_V0_CFLAGS= INI_CONFIG_V0_LIBS= INI_CONFIG_V1_CFLAGS= INI_CONFIG_V1_LIBS= INI_CONFIG_V1_1_CFLAGS= INI_CONFIG_V1_1_LIBS= PCRE_CFLAGS= PCRE_LIBS= CARES_CFLAGS= CARES_LIBS= SYSTEMD_LOGIN_CFLAGS= SYSTEMD_LOGIN_LIBS= SASL_CFLAGS= SASL_LIBS= GLIB2_CFLAGS= GLIB2_LIBS= DBUS_CFLAGS= DBUS_LIBS= CRYPTO_CFLAGS= CRYPTO_LIBS= DBUS_CFLAGS=-I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include ac_cv_lib_ldap_ldap_search=yes --without-secrets --without-libwbclient --without-kcm --with-crypto= configure: loading site script /usr/share/config.site checking for i686-pc-linux-gnu-gcc... x86_64-pc-linux-gnu-gcc -m32 checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether x86_64-pc-linux-gnu-gcc -m32 accepts -g... yes checking for x86_64-pc-linux-gnu-gcc -m32 option to accept ISO C89... none needed checking whether x86_64-pc-linux-gnu-gcc -m32 understands -c and -o together... yes checking how to run the C preprocessor... x86_64-pc-linux-gnu-gcc -m32 -E checking for grep that handles long lines and -e... /bin/grep checking for egrep... /bin/grep -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking minix/config.h usability... no checking minix/config.h presence... no checking for minix/config.h... no checking whether it is safe to define __EXTENSIONS__... yes checking for a BSD-compatible install... /usr/lib/portage/python3.6/ebuild-helpers/xattr/install -c checking whether build environment is sane... yes checking for a thread-safe mkdir -p... /bin/mkdir -p checking for gawk... gawk checking whether make sets $(MAKE)... yes checking whether make supports the include directive... yes (GNU style) checking whether make supports nested variables... yes checking how to create a pax tar archive... gnutar checking dependency style of x86_64-pc-linux-gnu-gcc -m32... none checking for i686-pc-linux-gnu-ar... no checking for i686-pc-linux-gnu-lib... no checking for i686-pc-linux-gnu-link... no checking for ar... ar checking the archiver (ar) interface... ar checking build system type... i686-pc-linux-gnu checking host system type... i686-pc-linux-gnu checking how to print strings... printf checking for a sed that does not truncate output... /bin/sed checking for fgrep... /bin/grep -F checking for ld used by x86_64-pc-linux-gnu-gcc -m32... x86_64-pc-linux-gnu-ld -m elf_i386 checking if the linker (x86_64-pc-linux-gnu-ld -m elf_i386) is GNU ld... yes checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B checking the name lister (/usr/bin/nm -B) interface... BSD nm checking whether ln -s works... yes checking the maximum length of command line arguments... 1572864 checking how to convert i686-pc-linux-gnu file names to i686-pc-linux-gnu format... func_convert_file_noop checking how to convert i686-pc-linux-gnu file names to toolchain format... func_convert_file_noop checking for x86_64-pc-linux-gnu-ld -m elf_i386 option to reload object files... -r checking for i686-pc-linux-gnu-objdump... no checking for objdump... objdump checking how to recognize dependent libraries... pass_all checking for i686-pc-linux-gnu-dlltool... no checking for dlltool... no checking how to associate runtime and link libraries... printf %s\n checking for i686-pc-linux-gnu-ar... ar checking for archiver @FILE support... @ checking for i686-pc-linux-gnu-strip... no checking for strip... strip checking for i686-pc-linux-gnu-ranlib... no checking for ranlib... ranlib checking command to parse /usr/bin/nm -B output from x86_64-pc-linux-gnu-gcc -m32 object... ok checking for sysroot... / checking for a working dd... /bin/dd checking how to truncate binary pipes... /bin/dd bs=4096 count=1 checking for i686-pc-linux-gnu-mt... no checking for mt... no checking if : is a manifest tool... no checking for dlfcn.h... yes checking for objdir... .libs checking if x86_64-pc-linux-gnu-gcc -m32 supports -fno-rtti -fno-exceptions... no checking for x86_64-pc-linux-gnu-gcc -m32 option to produce PIC... -fPIC -DPIC checking if x86_64-pc-linux-gnu-gcc -m32 PIC flag -fPIC -DPIC works... yes checking if x86_64-pc-linux-gnu-gcc -m32 static flag -static works... yes checking if x86_64-pc-linux-gnu-gcc -m32 supports -c -o file.o... yes checking if x86_64-pc-linux-gnu-gcc -m32 supports -c -o file.o... (cached) yes checking whether the x86_64-pc-linux-gnu-gcc -m32 linker (x86_64-pc-linux-gnu-ld -m elf_i386) supports shared libraries... yes checking whether -lc should be explicitly linked in... no checking dynamic linker characteristics... GNU/Linux ld.so checking how to hardcode library paths into programs... immediate checking whether stripping libraries is possible... yes checking if libtool supports shared libraries... yes checking whether to build shared libraries... yes checking whether to build static libraries... no checking for library containing dlopen... -ldl checking for dlerror... yes checking for shl_load... no checking for shl_load in -ldld... no checking for dld_link in -ldld... no checking whether NLS is requested... yes checking for msgfmt... /usr/bin/msgfmt checking for gmsgfmt... /usr/bin/gmsgfmt checking for xgettext... /usr/bin/xgettext checking for msgmerge... /usr/bin/msgmerge checking for ld used by GCC... x86_64-pc-linux-gnu-ld -m elf_i386 checking if the linker (x86_64-pc-linux-gnu-ld -m elf_i386) is GNU ld... yes checking for shared library run path origin... done checking for CFPreferencesCopyAppValue... no checking for CFLocaleCopyCurrent... no checking whether NLS is requested... yes checking for GNU gettext in libc... yes checking whether to use NLS... yes checking where the gettext function comes from... libc checking whether make supports nested variables... (cached) yes checking for stdint.h... (cached) yes checking for dlfcn.h... (cached) yes checking for errno_t... no checking for library containing timer_create... -lrt checking for library containing clock_gettime... none required checking for utimensat... yes checking for futimens... yes checking for explicit_bzero... yes checking endian.h usability... yes checking endian.h presence... yes checking for endian.h... yes checking sys/endian.h usability... no checking sys/endian.h presence... no checking for sys/endian.h... no checking byteswap.h usability... yes checking byteswap.h presence... yes checking for byteswap.h... yes checking whether byte ordering is bigendian... no checking for struct ucred.pid... yes checking for struct ucred.uid... yes checking for struct ucred.gid... yes checking pkg-config is at least version 0.9.0... yes checking for POPT... yes checking for TALLOC... yes checking for TDB... yes checking for TEVENT... yes checking for LDB... yes checking ldb.h usability... yes checking ldb.h presence... yes checking for ldb.h... yes checking for ldb_init in -lldb... no checking ldb_module.h usability... yes checking ldb_module.h presence... yes checking for ldb_module.h... yes checking for ldb_init in -lldb... (cached) no checking feature ldb runtime version check... no configure: ldb lib directory: /usr/lib32/samba/ldb checking for DHASH... yes checking for COLLECTION... yes checking for INI_CONFIG_V0... yes checking for INI_CONFIG_V1... yes checking for INI_CONFIG_V1_1... yes checking for INI_CONFIG_V1_3... no configure: WARNING: libini_config-devel >= 1.3.0 not available, using older version checking security/pam_appl.h usability... yes checking security/pam_appl.h presence... yes checking for security/pam_appl.h... yes checking for pam_get_item in -lpam... yes checking security/pam_modules.h usability... yes checking security/pam_modules.h presence... yes checking for security/pam_modules.h... yes checking for pam_get_item in -lpam... (cached) yes checking security/pam_ext.h usability... yes checking security/pam_ext.h presence... yes checking for security/pam_ext.h... yes checking security/pam_modutil.h usability... yes checking security/pam_modutil.h presence... yes checking for security/pam_modutil.h... yes checking security/pam_misc.h usability... yes checking security/pam_misc.h presence... yes checking for security/pam_misc.h... yes checking security/_pam_macros.h usability... yes checking security/_pam_macros.h presence... yes checking for security/_pam_macros.h... yes checking for security/openpam.h... no checking for misc_conv in -lpam_misc... yes checking for pam_modutil_getlogin... yes checking for pam_vsyslog... yes checking for GDM_PAM_EXTENSIONS... no configure: gdm-pam-extensions were not found. gdm support for multiple certificates will not be build.
checking for ldap_search in -lldap... (cached) yes checking for ber_pvt_opt_on in -llber... no checking for ldap_control_create... no checking for ldap_init_fd... no checking for ldap_create_deref_control_value... no checking for ldap_parse_derefresponse_control... no checking for ldap_derefresponse_free... no checking for struct ldap_conncb.lc_arg... yes configure: WARNING: Found broken callback implementation checking for LDAPDerefRes... yes checking for slapd... no checking for ldapmodify... yes checking for PCRE... yes configure: PCRE version is 7 or higher checking for i686-pc-linux-gnu-krb5-config... /usr/bin/i686-pc-linux-gnu-krb5-config checking for working krb5-config... yes checking krb5.h usability... yes checking krb5.h presence... yes checking for krb5.h... yes checking krb5/krb5.h usability... yes checking krb5/krb5.h presence... yes checking for krb5/krb5.h... yes checking for krb5_ticket_times... yes checking for krb5_times... no checking for krb5_trace_info... yes checking for krb5_get_init_creds_opt_alloc... yes checking for krb5_get_error_message... yes checking for krb5_free_unparsed_name... yes checking for krb5_get_init_creds_opt_set_expire_callback... yes checking for krb5_get_init_creds_opt_set_fast_ccache_name... yes checking for krb5_get_init_creds_opt_set_fast_flags... yes checking for krb5_get_init_creds_opt_set_canonicalize... yes checking for krb5_get_init_creds_opt_set_responder... yes checking for krb5_parse_name_flags... yes checking for krb5_unparse_name_flags... yes checking for krb5_get_init_creds_opt_set_change_password_prompt... yes checking for krb5_free_keytab_entry_contents... yes checking for krb5_kt_free_entry... yes checking for krb5_princ_realm... no checking for krb5_get_time_offsets... yes checking for krb5_principal_get_realm... no checking for krb5_cc_cache_match... yes checking for krb5_timestamp_to_sfstring... yes checking for krb5_set_trace_callback... yes checking for krb5_find_authdata... yes checking for krb5_kt_have_content... yes checking for krb5_cc_get_full_name... yes checking for krb5/locate_plugin.h... yes checking for krb5/localauth_plugin.h... yes checking for CARES... yes checking for long long... yes checking size of int... 4 checking size of char... 1 checking size of short... 2 checking size of long... 4 checking size of long long... 8 checking size of uid_t... 4 checking size of gid_t... 4 checking size of id_t... 4 checking for uint_t... no checking for int8_t... yes checking for uint8_t... yes checking for int16_t... yes checking for uint16_t... yes checking for int32_t... yes checking for uint32_t... yes checking for int64_t... yes checking for uint64_t... yes checking for size_t... yes checking for ssize_t... yes checking size of off_t... 8 checking size of size_t... 4 checking size of ssize_t... 4 checking for intptr_t... yes checking for uintptr_t... yes checking for ptrdiff_t... yes checking for nscd... /usr/sbin/nscd checking for nscd... yes checking for nsupdate... /usr/bin/nsupdate checking for executable nsupdate... yes checking for nsupdate 'realm' support'... yes checking keyutils.h usability... yes checking keyutils.h presence... yes checking for keyutils.h... yes checking for add_key in -lkeyutils... yes checking for krb5-config... (cached) /usr/bin/i686-pc-linux-gnu-krb5-config checking for supported MIT krb5 version... yes configure: WARNING: Cannot build PAC responder without Samba checking for sigprocmask... yes checking for sigblock... yes checking for sigaction... yes checking for getpgrp... yes checking for prctl... yes checking for struct PAC_LOGON_INFO.resource_groups... no checking for SASL... yes checking for ns_name_compress in -lresolv... yes checking for fakeroot... yes checking for GLIB2... yes checking for g_utf8_validate... no configure: Will use init script type: sysv checking for service... /sbin/service checking for the executable "service"... yes checking for DBUS... yes setting -DDBUS_API_SUBJECT_TO_CHANGE checking for dbus_watch_get_unix_fd... no checking for DBusBasicValue... yes checking for python2... yes checking for python2... /usr/bin/python2 checking for python3... yes checking for python3... /usr/bin/python3 checking for CRYPTO... yes checking for SSL... yes checking for P11_KIT... configure: error: Package requirements (p11-kit-1 >= 0.23.3) were not met: No package 'p11-kit-1' found Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables P11_KIT_CFLAGS and P11_KIT_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. This works in my terminal: pkg-config --exists --print-errors "p11-kit-1 >= 0.23.3" > > # SSSD 2.3.0 > > The SSSD team is proud to announce the release of version 2.3.0 of the > System Security Services Daemon. The tarball can be downloaded from: > > https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FSSSD%2Fsssd%2Freleases%2Ftag%2Fsssd-2_3_0&data=02%7C01%7Cjoakim.tjernlund%40infinera.com%7C40708cf7b5fc431db9ee08d7fbe53149%7C285643de5f5b4b03a1530ae2dc8aaf77%7C1%7C0%7C637254834105855853&sdata=eNpFDDeD72Xyord6eWW9VEMJBbpSN8kMwxSo3AAiT24%3D&reserved=0 > > See the full release notes at: > > https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsssd.github.io%2Fdocs%2Fusers%2Frelnotes%2Fnotes_2_3_0&data=02%7C01%7Cjoakim.tjernlund%40infinera.com%7C40708cf7b5fc431db9ee08d7fbe53149%7C285643de5f5b4b03a1530ae2dc8aaf77%7C1%7C0%7C637254834105855853&sdata=Yq5aw1Jv64scBrOpiHWse33lrpibnV3EJSbIlga4QRA%3D&reserved=0 > > RPM packages will be made available for Fedora shortly. > > ## Feedback > > Please provide comments, bugs and other feedback via the sssd-devel > or sssd-users mailing lists: > > https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedorahosted.org%2Fmailman%2Flistinfo%2Fsssd-devel&data=02%7C01%7Cjoakim.tjernlund%40infinera.com%7C40708cf7b5fc431db9ee08d7fbe53149%7C285643de5f5b4b03a1530ae2dc8aaf77%7C1%7C0%7C637254834105865848&sdata=mPtZ144Y1fwcmNJZsMoTk4TiSwJEj%2F2j79Pvr1Hfprk%3D&reserved=0 > > https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedorahosted.org%2Fmailman%2Flistinfo%2Fsssd-users&data=02%7C01%7Cjoakim.tjernlund%40infinera.com%7C40708cf7b5fc431db9ee08d7fbe53149%7C285643de5f5b4b03a1530ae2dc8aaf77%7C1%7C0%7C637254834105865848&sdata=mVv8bSSUZdPjDaS6j3t%2BqyoiveKezMvlk7xjxEYV6QQ%3D&reserved=0 > > ## Highlights > > ### New features > > - SSSD can now handle `hosts` and `networks` nsswitch databases (see > `resolve_provider` option) > - By default, authentication request only refresh user's initgroups if > it is expired or there is not active user's session (see > `pam_initgroups_scheme` option) > - OpenSSL is used as default crypto provider, NSS is deprecated > - Active Directory provider now defaults to GSS-SPNEGO SASL mechanism > (see `ldap_sasl_mech` option) > - Active Directory provider can now be configured to use only `ldaps` > port (see `ad_use_ldaps` option) > - SSSD now accepts host entries from GPO's security filter > - Format of debug messages has changed to be shorter and better sortable > - New debug level (`0x10000`) was added for low level ldb messages only > (see `sssd.conf` man page) > > ### Packaging changes > > - New configure option `--enable-gss-spnego-for-zero-maxssf` > > ### Documentation Changes > > - Default value of `ldap_sasl_mech` has changed to `GSS-SPNEGO` for AD > provider > - Return code of `pam_sss.so` are documented in `pam_sss` manpage > - Added option `ad_update_samba_machine_account_password` > - Added option `ad_use_ldaps` > - Added option `ldap_iphost_object_class` > - Added option `ldap_iphost_name` > - Added option `ldap_iphost_number` > - Added option `ldap_ipnetwork_object_class` > - Added option `ldap_ipnetwork_name` > - Added option `ldap_ipnetwork_number` > - Added option `ldap_iphost_search_base` > - Added option `ldap_ipnetwork_search_base` > - Added option `ldap_connection_expire_offset` > - Added option `ldap_sasl_maxssf` > - Added option `pam_initgroups_scheme` > - Added option `entry_cache_resolver_timeout` > - Added option `entry_cache_computer_timeout` > - Added option `resolver_provider` > - Added option `proxy_resolver_lib_name` > - Minor text improvements > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=02%7C01%7Cjoakim.tjernlund%40infinera.com%7C40708cf7b5fc431db9ee08d7fbe53149%7C285643de5f5b4b03a1530ae2dc8aaf77%7C1%7C0%7C637254834105865848&sdata=5m6AQEYRxYz6XZT0rsDQC1cXSnnGQ4aHsnwaKPaJvMg%3D&reserved=0 > List Guidelines: > https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cjoakim.tjernlund%40infinera.com%7C40708cf7b5fc431db9ee08d7fbe53149%7C285643de5f5b4b03a1530ae2dc8aaf77%7C1%7C0%7C637254834105865848&sdata=Q5HfVktPTA9yQwrR7Ua0IqNUABw5KoMRN7LXyWyBNbw%3D&reserved=0 > List Archives: > https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahosted.org&data=02%7C01%7Cjoakim.tjernlund%40infinera.com%7C40708cf7b5fc431db9ee08d7fbe53149%7C285643de5f5b4b03a1530ae2dc8aaf77%7C1%7C0%7C637254834105865848&sdata=1XCJUxZ3ekegB8Ap0TSjZrO%2BK5UAbzGTTNU%2F2bFH8VQ%3D&reserved=0 _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
