[ubuntu/focal-proposed] sssd 2.2.3-3ubuntu0.4 (Accepted)
Marco Trevisan (Treviño)
marco at ubuntu.com
Fri Feb 19 17:10:59 UTC 2021
sssd (2.2.3-3ubuntu0.4) focal; urgency=medium
[ Marco Trevisan ]
* debian/control:
- Add missing (test) dependencies as per libcrypto usage (LP: #1905790)
- Update Maintainer to Ubuntu devs
* debian/rules: Compile using libcrypto as crypto backend (LP: #1905790)
* debian/nss-database-pem-exporter: Add to sssd-common and run on postinst.
When upgrading from previous versions (that were compiled using the NSS
crypto backend) we need to migrate the trusted CA certificates that the
user may have added to the SSSD's NSS system database (that defaults to
/etc/pki/nssdb).
To do this, and not to introduce a new dependency on libnss3-tools
(which is not shipped by default, other than making the parsing not
working in some scenarios) I've added a small C tool that we compile and
install as part of the sssd-common package which is able to get all the
trusted CA certificates for a NSS database and export them in PEM
format.
The nss-database-pem-exporter is then used in the postinst script where
we now:
1. Read the SSSD settings
2. Convert all the certificates in the configured NSS databases
3. Store them all, appending them to the (new) default location
(/etc/sssd/pki/sssd_auth_ca_db.pem)
4. Disables the configured locations if pointing to NSS dbs (needed or
we'll leave the configuration with broken values).
At this point nss-database-pem-exporter is then the only binary in the
package that still depends on NSS libraries. (LP: #1905790)
* debian/patches:
- Get libsofthsm2 from right path for each architecture, this is now used
for real (wasn't before) to test p11k components with libcrypto and
p11-kit, also avoids a test build failure on armhf (LP: #1905790)
[ Valters Jansons ]
* Avoid sending malformed SYSLOG_IDENTIFIER to journald (LP: #1908065):
- d/rules: Set --with-syslog=journald in override_dh_auto_configure.
- d/p/lp-1908065-01-debug_prg_name-format.patch:
Upstream patch to clean up program names.
- d/p/lp-1908065-02-syslog_identifier-format.patch:
Upstream patch to include "sssd[]" identifier in program names.
- d/p/lp-1908065-03-remove-syslog_identifier.patch:
Upstream patch to remove custom SYSLOG_IDENTIFIER from Journald.
Date: Thu, 11 Feb 2021 15:31:14 -0500
Changed-By: Marco Trevisan (Treviño) <marco at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Sergio Durigan Junior <sergio.durigan at canonical.com>
https://launchpad.net/ubuntu/+source/sssd/2.2.3-3ubuntu0.4
-------------- next part --------------
Format: 1.8
Date: Thu, 11 Feb 2021 15:31:14 -0500
Source: sssd
Architecture: source
Version: 2.2.3-3ubuntu0.4
Distribution: focal
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marco Trevisan (Treviño) <marco at ubuntu.com>
Launchpad-Bugs-Fixed: 1905790 1908065
Changes:
sssd (2.2.3-3ubuntu0.4) focal; urgency=medium
.
[ Marco Trevisan ]
* debian/control:
- Add missing (test) dependencies as per libcrypto usage (LP: #1905790)
- Update Maintainer to Ubuntu devs
* debian/rules: Compile using libcrypto as crypto backend (LP: #1905790)
* debian/nss-database-pem-exporter: Add to sssd-common and run on postinst.
When upgrading from previous versions (that were compiled using the NSS
crypto backend) we need to migrate the trusted CA certificates that the
user may have added to the SSSD's NSS system database (that defaults to
/etc/pki/nssdb).
To do this, and not to introduce a new dependency on libnss3-tools
(which is not shipped by default, other than making the parsing not
working in some scenarios) I've added a small C tool that we compile and
install as part of the sssd-common package which is able to get all the
trusted CA certificates for a NSS database and export them in PEM
format.
The nss-database-pem-exporter is then used in the postinst script where
we now:
1. Read the SSSD settings
2. Convert all the certificates in the configured NSS databases
3. Store them all, appending them to the (new) default location
(/etc/sssd/pki/sssd_auth_ca_db.pem)
4. Disables the configured locations if pointing to NSS dbs (needed or
we'll leave the configuration with broken values).
At this point nss-database-pem-exporter is then the only binary in the
package that still depends on NSS libraries. (LP: #1905790)
* debian/patches:
- Get libsofthsm2 from right path for each architecture, this is now used
for real (wasn't before) to test p11k components with libcrypto and
p11-kit, also avoids a test build failure on armhf (LP: #1905790)
.
[ Valters Jansons ]
* Avoid sending malformed SYSLOG_IDENTIFIER to journald (LP: #1908065):
- d/rules: Set --with-syslog=journald in override_dh_auto_configure.
- d/p/lp-1908065-01-debug_prg_name-format.patch:
Upstream patch to clean up program names.
- d/p/lp-1908065-02-syslog_identifier-format.patch:
Upstream patch to include "sssd[]" identifier in program names.
- d/p/lp-1908065-03-remove-syslog_identifier.patch:
Upstream patch to remove custom SYSLOG_IDENTIFIER from Journald.
Checksums-Sha1:
c17fb5b209e78566b3faacfae37df10aa3418a51 4955 sssd_2.2.3-3ubuntu0.4.dsc
b0ec330db3c51a552ce7123806b3c0745309b85d 133943 sssd_2.2.3-3ubuntu0.4.diff.gz
2e870fdb259a4bdec2619129c0dc08df55de79e1 9424 sssd_2.2.3-3ubuntu0.4_source.buildinfo
Checksums-Sha256:
6dabf5a46759c273c79e5525a01d436b2d8981e98cdac3c8328ee62cfa260f74 4955 sssd_2.2.3-3ubuntu0.4.dsc
32e4fa2b01213e6a6539048e53a0878a6bbf948966da61edebfea493a13efc63 133943 sssd_2.2.3-3ubuntu0.4.diff.gz
a05ed6a5cf77c7572ff50da5dd0335457bd280bbe311448bb8dd07edb07c811c 9424 sssd_2.2.3-3ubuntu0.4_source.buildinfo
Files:
e4be26b3114e925a6687759a8f8bf97a 4955 utils optional sssd_2.2.3-3ubuntu0.4.dsc
93905fae5b5fa502218e46ab078d056d 133943 utils optional sssd_2.2.3-3ubuntu0.4.diff.gz
2c1895ad546188a0fdfd33ac068f94dc 9424 utils optional sssd_2.2.3-3ubuntu0.4_source.buildinfo
Original-Maintainer: Debian SSSD Team <pkg-sssd-devel at alioth-lists.debian.net>
More information about the Focal-changes
mailing list