sssd-devel August 2021

sssd-devel@lists.fedorahosted.org

1 participants
85 discussions

[sssd PR#5677][opened] Tests: Add test_nss_get_by_name_with_private_group.
by jakub-vavra-cz 07 Sep '21

07 Sep '21

URL: https://github.com/SSSD/sssd/pull/5677 Author: jakub-vavra-cz Title: #5677: Tests: Add test_nss_get_by_name_with_private_group. Action: opened PR body: """ Verifies Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1837090 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5677/head:pr5677 git checkout pr5677

2 5

[sssd PR#5746][opened] p11_child: do_card partially fix loop exit condition (redo of #5705)
by assafmo 06 Sep '21

06 Sep '21

URL: https://github.com/SSSD/sssd/pull/5746 Author: assafmo Title: #5746: p11_child: do_card partially fix loop exit condition (redo of #5705) Action: opened PR body: """ This PR fixes the exit condition when searching for a token in p11_child/do_card, specifically in case a token is present in a slot, but there are empty slots before it. This PR partially fixes issue #5025, thanks to this comment by @sumit-bose: https://github.com/SSSD/sssd/issues/5025#issuecomment-801842175 :relnote: p11_child does not stop at the first empty slot when searching for tokens This PR is a redo of PR #5705, because it was orphaned and changes were requested by the maintainers. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5746/head:pr5746 git checkout pr5746

4 17

[sssd PR#5760][opened] p11_child: Fixes for init_p11_ctx() and do_card()
by dpward 06 Sep '21

06 Sep '21

URL: https://github.com/SSSD/sssd/pull/5760 Author: dpward Title: #5760: p11_child: Fixes for init_p11_ctx() and do_card() Action: opened PR body: """ This restores the previous behavior of `--wait_for_card`, and fixes issues with initialization and cleanup. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5760/head:pr5760 git checkout pr5760

5 25

[sssd PR#5754][opened] Sources cleanup.
by alexey-tikhonov 02 Sep '21

02 Sep '21

URL: https://github.com/SSSD/sssd/pull/5754 Author: alexey-tikhonov Title: #5754: Sources cleanup. Action: opened PR body: """ Those are initial patches in the "cleanup" set. I expect to add more to this PR, but those already published are ready for review. Warning: this PR targets 2.6 upstream release, so it should be deferred until 2.5.3 is released. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5754/head:pr5754 git checkout pr5754

4 43

[sssd PR#5761][opened] Tests: Randomize sudo refresh timeouts
by shridhargadekar 02 Sep '21

02 Sep '21

URL: https://github.com/SSSD/sssd/pull/5761 Author: shridhargadekar Title: #5761: Tests: Randomize sudo refresh timeouts Action: opened PR body: """ Randomize smart and full sudo refresh timeouts after reconnection Veifies: #5609 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925514 Signed-off-by: Shridhar Gadekar <sgadekar(a)sgadekar.pnq.csb> """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5761/head:pr5761 git checkout pr5761

3 16

[sssd PR#5766][comment] [WiP] Sources cleanup - part 3.
by pbrezina 30 Aug '21

30 Aug '21

URL: https://github.com/SSSD/sssd/pull/5766 Title: #5766: [WiP] Sources cleanup - part 3. pbrezina commented: """ > > > * incorporate "lib secrets" into KCM since there are no other users > > > > > > If you want to touch this, it might be good to investigate if it is still needed. libsecrets was created to share code between secrets responder and kcm (since first implementation of kcm talked to secrets via its rest api). It is however affected by the rest api usage, for example it converts key to urls to dn which is not needed anymore. Perhaps it would be enough to use sysdb instead and remove libsecrets completely. > > Right, once `libsecrets` drops encryption support entirely, it might happen we can just add some helpers to sysdb instead of `libsecrets`. It's just easier for me to do this step by step. > > > > * to check if `kcm_ops_queue*` layer is still needed (most probably answer is "no" because only sync backends are now available) and remove it not > > > > > > This is questionable. Once you remove secrets backend, we can (and should) convert all tevent-based api of the backend to sync calls. But perhaps we will need some async calls in the future as well so it might be beneficial to keep the queue mechanism (or make it easily revertable). > > I can leave this intact. > I worry it adds some latency (but not sure). It can be removed for sync api, I would just like to be able to reimplement it easily if it is ever needed again. But perhaps it can be replaced by tevent_queue in which case it does not matter, I'm not sure. """ See the full comment at https://github.com/SSSD/sssd/pull/5766#issuecomment-908352571

1 0

[sssd PR#5766][comment] [WiP] Sources cleanup - part 3.
by alexey-tikhonov 30 Aug '21

30 Aug '21

URL: https://github.com/SSSD/sssd/pull/5766 Title: #5766: [WiP] Sources cleanup - part 3. alexey-tikhonov commented: """ > > * incorporate "lib secrets" into KCM since there are no other users > > If you want to touch this, it might be good to investigate if it is still needed. libsecrets was created to share code between secrets responder and kcm (since first implementation of kcm talked to secrets via its rest api). It is however affected by the rest api usage, for example it converts key to urls to dn which is not needed anymore. Perhaps it would be enough to use sysdb instead and remove libsecrets completely. Right, once `libsecrets` drops encryption support entirely, it might happen we can just add some helpers to sysdb instead of `libsecrets`. It's just easier for me to do this step by step. > > * to check if `kcm_ops_queue*` layer is still needed (most probably answer is "no" because only sync backends are now available) and remove it not > > This is questionable. Once you remove secrets backend, we can (and should) convert all tevent-based api of the backend to sync calls. But perhaps we will need some async calls in the future as well so it might be beneficial to keep the queue mechanism (or make it easily revertable). I can leave this intact. I worry it adds some latency (but not sure). """ See the full comment at https://github.com/SSSD/sssd/pull/5766#issuecomment-908273496

1 0

[sssd PR#5766][comment] [WiP] Sources cleanup - part 3.
by pbrezina 30 Aug '21

30 Aug '21

URL: https://github.com/SSSD/sssd/pull/5766 Title: #5766: [WiP] Sources cleanup - part 3. pbrezina commented: """ > Sorry I didn't indicate this is work-in-progress yet. > > Remaining steps here are: > > * incorporate "lib secrets" into KCM since there are no other users If you want to touch this, it might be good to investigate if it is still needed. libsecrets was created to share code between secrets responder and kcm (since first implementation of kcm talked to secrets via its rest api). It is however affected by the rest api usage, for example it converts key to urls to dn which is not needed anymore. Perhaps it would be enough to use sysdb instead and remove libsecrets completely. > * to check if `kcm_ops_queue*` layer is still needed (most probably answer is "no" because only sync backends are now available) and remove it not This is questionable. Once you remove secrets backend, we can (and should) convert all tevent-based api of the backend to sync calls. But perhaps we will need some async calls in the future as well so it might be beneficial to keep the queue mechanism (or make it easily revertable). > * get rid of encrypted/JSON payload support in KCM +1 > Then "lib secrets" can drop support of encrypted payload, and probably utils crypto can drop some helpers, etc, but I didn't check it yet. +1 (if not replaced by sysdb) """ See the full comment at https://github.com/SSSD/sssd/pull/5766#issuecomment-908254353

1 0

[sssd PR#5766][+Changes requested] [WiP] Sources cleanup - part 3.
by alexey-tikhonov 30 Aug '21

30 Aug '21

URL: https://github.com/SSSD/sssd/pull/5766 Title: #5766: [WiP] Sources cleanup - part 3. Label: +Changes requested

1 0

[sssd PR#5766][comment] [WiP] Sources cleanup - part 3.
by alexey-tikhonov 30 Aug '21

30 Aug '21

URL: https://github.com/SSSD/sssd/pull/5766 Title: #5766: [WiP] Sources cleanup - part 3. alexey-tikhonov commented: """ Also there is an issues with a spec file: ``` /usr/bin/install -p -m 644 src/sysv/systemd/sssd.service src/sysv/systemd/sssd-nss.socket src/sysv/systemd/sssd-nss.service src/sysv/systemd/sssd-pam.socket src/sysv/systemd/sssd-pam-priv.socket src/sysv/systemd/sssd-pam.service src/sysv/systemd/sssd-autofs.socket src/sysv/systemd/sssd-autofs.service src/sysv/systemd/sssd-ifp.service src/sysv/systemd/sssd-pac.socket src/sysv/systemd/sssd-pac.service src/sysv/systemd/sssd-ssh.socket src/sysv/systemd/sssd-ssh.service src/sysv/systemd/sssd-sudo.socket src/sysv/systemd/sssd-sudo.service ./src/sysv/systemd/sssd-kcm.socket src/sysv/systemd/sssd-kcm.service '/builddir/build/BUILDROOT/sssd-2.5.3-0.210827.210238.git9841f13e6.fc34.x86_64/usr/lib/systemd/system' /usr/bin/install: cannot stat './src/sysv/systemd/sssd-kcm.socket': No such file or directory ``` """ See the full comment at https://github.com/SSSD/sssd/pull/5766#issuecomment-908203913

1 0

← Newer
1
2
3
4
5
6
7
8
9
Older →

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

sssd-devel August 2021