Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package yast2-auth-client for openSUSE:Factory checked in at 2024-10-23 21:08:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2-auth-client (Old) and /work/SRC/openSUSE:Factory/.yast2-auth-client.new.26871 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-auth-client" Wed Oct 23 21:08:30 2024 rev:51 rq:1216918 version:5.0.1 Changes: -------- --- /work/SRC/openSUSE:Factory/yast2-auth-client/yast2-auth-client.changes 2023-10-20 23:18:03.781356945 +0200 +++ /work/SRC/openSUSE:Factory/.yast2-auth-client.new.26871/yast2-auth-client.changes 2024-10-23 21:09:51.205632628 +0200 @@ -1,0 +2,8 @@ +Wed Sep 25 11:14:02 UTC 2024 - Samuel Cabrero <scabr...@suse.de> + +- Use new smb.conf parameter "sync machine password to keytab" + (gh#yast/yast-auth-client#122). +- Skip whitespace-only lines when parsing krb5.conf +- 5.0.1 + +------------------------------------------------------------------- Old: ---- yast2-auth-client-5.0.0.tar.bz2 New: ---- yast2-auth-client-5.0.1.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-auth-client.spec ++++++ --- /var/tmp/diff_new_pack.LwcdmY/_old 2024-10-23 21:09:52.781698060 +0200 +++ /var/tmp/diff_new_pack.LwcdmY/_new 2024-10-23 21:09:52.789698392 +0200 @@ -1,7 +1,7 @@ # # spec file for package yast2-auth-client # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: yast2-auth-client -Version: 5.0.0 +Version: 5.0.1 Release: 0 URL: https://github.com/yast/yast-auth-client Summary: YaST2 - Centralised System Authentication Configuration ++++++ yast2-auth-client-5.0.0.tar.bz2 -> yast2-auth-client-5.0.1.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-5.0.0/.github/workflows/ci.yml new/yast2-auth-client-5.0.1/.github/workflows/ci.yml --- old/yast2-auth-client-5.0.0/.github/workflows/ci.yml 2023-10-18 23:14:09.000000000 +0200 +++ new/yast2-auth-client-5.0.1/.github/workflows/ci.yml 2024-10-22 09:08:28.000000000 +0200 @@ -1,9 +1,8 @@ - # See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions name: CI -on: [push, pull_request] +on: [ push, pull_request ] jobs: Tests: @@ -12,33 +11,32 @@ strategy: fail-fast: false matrix: - distro: [ "tumbleweed", "leap_latest" ] + distro: [ "tumbleweed" ] container: image: registry.opensuse.org/yast/head/containers_${{matrix.distro}}/yast-ruby steps: + - name: Git Checkout + uses: actions/checkout@v2 - - name: Git Checkout - uses: actions/checkout@v2 - - # just for easier debugging... - - name: Inspect Installed Packages - run: rpm -qa | sort - - - name: Unit Tests - run: rake test:unit - # enable code coverage reporting - env: - COVERAGE: 1 - - # send the coverage report to coveralls.io - - name: Coveralls Report - # send it only from the TW build to avoid duplicate submits - if: ${{ matrix.distro == 'tumbleweed' }} - uses: coverallsapp/github-action@master - with: - github-token: ${{ secrets.GITHUB_TOKEN }} + # just for easier debugging... + - name: Inspect Installed Packages + run: rpm -qa | sort + + - name: Unit Tests + run: rake test:unit + # enable code coverage reporting + env: + COVERAGE: 1 + + # send the coverage report to coveralls.io + - name: Coveralls Report + # send it only from the TW build to avoid duplicate submits + if: ${{ matrix.distro == 'tumbleweed' }} + uses: coverallsapp/github-action@master + with: + github-token: ${{ secrets.GITHUB_TOKEN }} # FIXME: Rubocop is not used # Rubocop: @@ -54,23 +52,25 @@ # run: rake check:rubocop Package: + # skip in master, but run in forks + if: github.ref_name != 'master' || github.repository_owner != 'yast' + runs-on: ubuntu-latest strategy: fail-fast: false matrix: - distro: [ "tumbleweed", "leap_latest" ] + distro: [ "tumbleweed" ] container: image: registry.opensuse.org/yast/head/containers_${{matrix.distro}}/yast-ruby steps: + - name: Git Checkout + uses: actions/checkout@v2 - - name: Git Checkout - uses: actions/checkout@v2 - - - name: Package Build - run: yast-ci-ruby -o package + - name: Package Build + run: yast-ci-ruby -o package Yardoc: runs-on: ubuntu-latest @@ -78,18 +78,17 @@ strategy: fail-fast: false matrix: - distro: [ "leap_latest" ] + distro: [ "tumbleweed" ] container: image: registry.opensuse.org/yast/head/containers_${{matrix.distro}}/yast-ruby steps: + - name: Git Checkout + uses: actions/checkout@v2 - - name: Git Checkout - uses: actions/checkout@v2 - - - name: Yardoc - run: rake check:doc + - name: Yardoc + run: rake check:doc # downloading the Docker image takes some time so bundling several fast # checks into one job avoids that overhead @@ -99,18 +98,17 @@ strategy: fail-fast: false matrix: - distro: [ "leap_latest" ] + distro: [ "tumbleweed" ] container: image: registry.opensuse.org/yast/head/containers_${{matrix.distro}}/yast-ruby steps: + - name: Git Checkout + uses: actions/checkout@v2 - - name: Git Checkout - uses: actions/checkout@v2 - - - name: Perl Syntax - run: yast-ci-ruby -o perl_syntax + - name: Perl Syntax + run: yast-ci-ruby -o perl_syntax - - name: POT Check - run: rake check:pot + - name: POT Check + run: rake check:pot diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-5.0.0/.github/workflows/submit.yml new/yast2-auth-client-5.0.1/.github/workflows/submit.yml --- old/yast2-auth-client-5.0.0/.github/workflows/submit.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-auth-client-5.0.1/.github/workflows/submit.yml 2024-10-22 09:08:28.000000000 +0200 @@ -0,0 +1,29 @@ +# See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions + +name: OBS + +on: + # only when committing to master + push: + branches: master + + # allow running manually from GitHub Web + workflow_dispatch: + +jobs: + submit: + # do not run in forks + if: github.repository_owner == 'yast' + + runs-on: ubuntu-latest + + # the default timeout is 6 hours, do not wait for that long if osc gets stucked + timeout-minutes: 30 + + steps: + - name: Submit the package + # see https://github.com/yast/actions/blob/master/submit/action.yml + uses: yast/actions/submit@master + with: + obs_user: ${{ secrets.OBS_USER }} + obs_password: ${{ secrets.OBS_PASSWORD }} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-5.0.0/README.md new/yast2-auth-client-5.0.1/README.md --- old/yast2-auth-client-5.0.0/README.md 2023-10-18 23:14:09.000000000 +0200 +++ new/yast2-auth-client-5.0.1/README.md 2024-10-22 09:08:28.000000000 +0200 @@ -3,9 +3,6 @@ []( https://github.com/yast/yast-auth-client/actions?query=branch%3Amaster) -[]( -https://ci.opensuse.org/view/Yast/job/yast-yast-auth-client-master/) - With this YaST2 module you can configure the authentication on your machine diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-5.0.0/package/yast2-auth-client.changes new/yast2-auth-client-5.0.1/package/yast2-auth-client.changes --- old/yast2-auth-client-5.0.0/package/yast2-auth-client.changes 2023-10-18 23:14:09.000000000 +0200 +++ new/yast2-auth-client-5.0.1/package/yast2-auth-client.changes 2024-10-22 09:08:28.000000000 +0200 @@ -1,4 +1,12 @@ ------------------------------------------------------------------- +Wed Sep 25 11:14:02 UTC 2024 - Samuel Cabrero <scabr...@suse.de> + +- Use new smb.conf parameter "sync machine password to keytab" + (gh#yast/yast-auth-client#122). +- Skip whitespace-only lines when parsing krb5.conf +- 5.0.1 + +------------------------------------------------------------------- Wed Aug 30 20:16:10 UTC 2023 - Josef Reidinger <jreidin...@suse.cz> - 5.0.0 (bsc#1185510) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-5.0.0/package/yast2-auth-client.spec new/yast2-auth-client-5.0.1/package/yast2-auth-client.spec --- old/yast2-auth-client-5.0.0/package/yast2-auth-client.spec 2023-10-18 23:14:09.000000000 +0200 +++ new/yast2-auth-client-5.0.1/package/yast2-auth-client.spec 2024-10-22 09:08:28.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2-auth-client -Version: 5.0.0 +Version: 5.0.1 Release: 0 Url: https://github.com/yast/yast-auth-client Summary: YaST2 - Centralised System Authentication Configuration diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-5.0.0/src/lib/auth/authconf.rb new/yast2-auth-client-5.0.1/src/lib/auth/authconf.rb --- old/yast2-auth-client-5.0.0/src/lib/auth/authconf.rb 2023-10-18 23:14:09.000000000 +0200 +++ new/yast2-auth-client-5.0.1/src/lib/auth/authconf.rb 2024-10-22 09:08:28.000000000 +0200 @@ -26,6 +26,8 @@ require 'fileutils' require 'date' require 'auth/krbparse' +require 'shellwords' +require "yast2/execute" module Auth # Manage system-wide authentication configuration from Kerberos, LDAP, Samba, and SSSD's perspectives. @@ -33,6 +35,7 @@ include Yast::I18n include Yast::Logger include Yast::UIShortcuts + include Yast::Logger attr_accessor(:krb_conf, :krb_pam, :ldap_pam, :ldap_nss, :sssd_conf, :sssd_pam, :sssd_nss, :sssd_enabled) attr_accessor(:autofs_enabled, :nscd_enabled, :mkhomedir_pam) @@ -755,10 +758,57 @@ service_disable_stop('nscd') end end - + + def is_installed_version_newer_or_equal?(installed_rpm_version, test_rpm_version) + installed_rpm_version_l = installed_rpm_version + .split(/[-.+]/) + .select { |i| i.match?(/^\d+$/) } + .map(&:to_i) + + test_rpm_version_l = test_rpm_version + .split(/[-.+]/) + .select { |i| i.match?(/^\d+$/) } + .map(&:to_i) + + log.info( + "Evaluating installed #{installed_rpm_version_l} and test #{test_rpm_version_l} versions" + ) + + comparison_result = installed_rpm_version_l <=> test_rpm_version_l + installed_version_is_equal_or_newer = comparison_result != -1 + + log.info( + "#{installed_rpm_version} >= #{test_rpm_version} -> #{installed_version_is_equal_or_newer}" + ) + installed_version_is_equal_or_newer + end + + # @return [String, nil] + def samba_version + cmd = "/bin/rpm -q --queryformat %{VERSION} samba" + bin, *args = cmd.split + Yast::Execute.locally!(bin, *args, stdout: :capture) + rescue Cheetah::ExecutionFailed + log.warn("Cannot check the installed samba version: #{cmd}") + nil + end + # Create a temporary file holding smb.conf for the specified AD domain. # @return [File] a closed file, caller should #unlink after it is no longer used. def ad_create_tmp_smb_conf(ad_domain_name, workgroup_name) + installed_rpm_version = samba_version + if !installed_rpm_version + Yast::Report.Error(_('Failed to check the installed samba version.')) + return + end + + system_keytab = krb_get_default(:default_keytab_name) + if is_installed_version_newer_or_equal?(installed_rpm_version, "4.21.0") + system_keytab_param = "sync machine password to keytab = #{system_keytab}:account_name:sync_etypes:sync_kvno:machine_password" + else + system_keytab_param = "kerberos method = secrets and keytab" + end + out = Tempfile.new("tempfile") out.write(" [global] @@ -766,7 +816,7 @@ realm = #{ad_domain_name} workgroup = #{workgroup_name} log file = /var/log/samba/%m.log - kerberos method = secrets and keytab + #{system_keytab_param} client signing = yes client use spnego = yes ") @@ -814,6 +864,9 @@ return [false, false] end smb_conf = ad_create_tmp_smb_conf(ad_domain_name, ad_get_workgroup_name(ad_domain_name)) + if smb_conf.nil? + return [false, false] + end _, status = Open3.capture2("net -s #{smb_conf.path} ads testjoin") ad_has_computer = status.exitstatus == 0 klist, _ = Open3.capture2("klist -k") @@ -871,6 +924,9 @@ # Create a temporary smb.conf to join this computer smb_conf = ad_create_tmp_smb_conf(@ad_domain, ad_get_workgroup_name(@ad_domain)) + if smb_conf.nil? + return [false, _('Failed to create temporary smb.conf')] + end output = '' exitstatus = 0 ou_param = @ad_ou.to_s == '' ? '' : "createcomputer=#{@ad_ou}" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-5.0.0/src/lib/auth/krbparse.rb new/yast2-auth-client-5.0.1/src/lib/auth/krbparse.rb --- old/yast2-auth-client-5.0.0/src/lib/auth/krbparse.rb 2023-10-18 23:14:09.000000000 +0200 +++ new/yast2-auth-client-5.0.1/src/lib/auth/krbparse.rb 2024-10-22 09:08:28.000000000 +0200 @@ -34,6 +34,8 @@ if comment_match next end + # Skip empty lines + next if line.match?(/^\s+$/) # Remember include/includedir directives include_match = /^(includedir|include|module)\s+(.+)$/.match(line) if include_match diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-5.0.0/test/authconf_test.rb new/yast2-auth-client-5.0.1/test/authconf_test.rb --- old/yast2-auth-client-5.0.0/test/authconf_test.rb 2023-10-18 23:14:09.000000000 +0200 +++ new/yast2-auth-client-5.0.1/test/authconf_test.rb 2024-10-22 09:08:28.000000000 +0200 @@ -32,6 +32,20 @@ end authconf = Auth::AuthConfInst + describe 'Samba' do + it 'Detect samba version' do + expect(authconf.is_installed_version_newer_or_equal?("4.20.1", "4.21.0")).to eq(false) + expect(authconf.is_installed_version_newer_or_equal?("4.21.0", "4.20.1")).to eq(true) + expect(authconf.is_installed_version_newer_or_equal?("4.21.0", "4.21.0")).to eq(true) + expect(authconf.is_installed_version_newer_or_equal?("4.20.1", "4.21")).to eq(false) + expect(authconf.is_installed_version_newer_or_equal?("4.21.0", "4.20")).to eq(true) + expect(authconf.is_installed_version_newer_or_equal?("4.21.0", "4.21")).to eq(true) + expect(authconf.is_installed_version_newer_or_equal?("4.20", "4.21.0")).to eq(false) + expect(authconf.is_installed_version_newer_or_equal?("4.21", "4.20.1")).to eq(true) + expect(authconf.is_installed_version_newer_or_equal?("4.21", "4.20.0")).to eq(true) + end + end + describe 'SSSD' do it 'Read, lint, and export SSSD configuration' do authconf.sssd_read
