From 6698d40512e55e7c2d03e14c227c51b1edc77ffa Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Tue, 28 Mar 2017 15:24:01 +0200 Subject: ci: do not build secrets on rhel6 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We require newer libcurl version than is available on rhel6. We don't ship secrets responder in rhel6 so we just disable its build. Reviewed-by: Lukáš Slebodník --- contrib/ci/configure.sh | 1 + contrib/sssd.spec.in | 15 +++++++++++++++ src/tests/intg/test_secrets.py | 4 ++++ 3 files changed, 20 insertions(+) diff --git a/contrib/ci/configure.sh b/contrib/ci/configure.sh index 7590743c2..9d18d0c18 100644 --- a/contrib/ci/configure.sh +++ b/contrib/ci/configure.sh @@ -38,6 +38,7 @@ if [[ "$DISTRO_BRANCH" == -redhat-redhatenterprise*-6.*- || "--disable-cifs-idmap-plugin" "--with-syslog=syslog" "--without-python3-bindings" + "--without-secrets" "--without-kcm" ) fi diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index af14d4e3d..39a974ede 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -112,6 +112,12 @@ %global enable_systemtap_opt --enable-systemtap %endif +%if (0%{?fedora} || 0%{?epel} >= 7) + %global with_secrets 1 +%else + %global with_secret_responder --without-secrets +%endif + %if (0%{?fedora} >= 23 || 0%{?rhel} >= 7) %global with_kcm 1 %global with_kcm_option --with-kcm @@ -220,8 +226,10 @@ BuildRequires: libsmbclient-devel %if (0%{?enable_systemtap} == 1) BuildRequires: systemtap-sdt-devel %endif +%if (0%{?with_secrets} == 1) BuildRequires: http-parser-devel BuildRequires: jansson-devel +%endif BuildRequires: libuuid-devel BuildRequires: libcurl-devel @@ -727,6 +735,7 @@ autoreconf -ivf %{?with_python3_option} \ %{?enable_polkit_rules_option} \ %{?enable_systemtap_opt} \ + %{?with_secret_responder} \ %{?with_kcm_option} \ %{?experimental} @@ -865,7 +874,9 @@ done %{_libexecdir}/%{servicename}/sssd_nss %{_libexecdir}/%{servicename}/sssd_pam %{_libexecdir}/%{servicename}/sssd_autofs +%if (0%{?with_secrets} == 1) %{_libexecdir}/%{servicename}/sssd_secrets +%endif %{_libexecdir}/%{servicename}/sssd_ssh %{_libexecdir}/%{servicename}/sssd_sudo %{_libexecdir}/%{servicename}/p11_child @@ -900,7 +911,9 @@ done %dir %{_localstatedir}/cache/krb5rcache %attr(700,sssd,sssd) %dir %{dbpath} %attr(755,sssd,sssd) %dir %{mcpath} +%if (0%{?with_secrets} == 1) %attr(700,root,root) %dir %{secdbpath} +%endif %ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/passwd %ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/group %ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/initgroups @@ -933,7 +946,9 @@ done %{_mandir}/man5/sssd.conf.5* %{_mandir}/man5/sssd-simple.5* %{_mandir}/man5/sssd-sudo.5* +%if (0%{?with_secrets} == 1) %{_mandir}/man5/sssd-secrets.5* +%endif %{_mandir}/man5/sss_rpcidmapd.5* %{_mandir}/man8/sssd.8* %{_mandir}/man8/sss_cache.8* diff --git a/src/tests/intg/test_secrets.py b/src/tests/intg/test_secrets.py index d71c19045..202f43e61 100644 --- a/src/tests/intg/test_secrets.py +++ b/src/tests/intg/test_secrets.py @@ -46,6 +46,10 @@ def create_sssd_secrets_fixture(request): raise Exception("failed to regenerate confdb") resp_path = os.path.join(config.LIBEXEC_PATH, "sssd", "sssd_secrets") + if not os.access(resp_path, os.X_OK): + # It would be cleaner to use pytest.mark.skipif on the package level + # but upstream insists on supporting RHEL-6. + pytest.skip("No Secrets responder, skipping") secpid = os.fork() assert secpid >= 0 -- cgit