Hi, I found these issues while I was packaging the rootless sssd builds for downstream. I hope the commit messages explain well what's going on.
>From ffc864c41b55d0da81884db14f7972e5459eeadb Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <[email protected]> Date: Wed, 5 Nov 2014 17:57:44 +0100 Subject: [PATCH 1/3] BUILD: Use separate chown to make changing ownership to the sssd user non-fatal
When the SSSD is built in the build system using a non-root user, the user doesn't exist in the build system and file ownership will be maintained by the downstream packaging instead. We need to make sure that setting the ownership to the sssd user is a separate step from creating the directories in this case in order to make failure to set the ownership non-fatal. Related: https://fedorahosted.org/sssd/ticket/2370 --- Makefile.am | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/Makefile.am b/Makefile.am index 5325d51e7240ae39a546e68b2a2aea202b3dfdfa..6ce3a42f3833fc9041efd908c2e3de4a85193d42 100644 --- a/Makefile.am +++ b/Makefile.am @@ -82,11 +82,6 @@ INSTALL = @INSTALL@ SSSD_USER = @SSSD_USER@ -INSTALL_USER_DIR_FLAGS = -d -if SSSD_USER -INSTALL_USER_DIR_FLAGS += -o $(SSSD_USER) -g $(SSSD_USER) -endif - AM_CFLAGS = if WANT_AUX_INFO AM_CFLAGS += -aux-info [email protected] @@ -2798,6 +2793,18 @@ src/sysv/systemd/journal.conf: src/sysv/systemd/journal.conf.in Makefile @$(MKDIR_P) src/sysv/systemd/ $(replace_script) +SSSD_USER_DIRS = \ + $(DESTDIR)$(dbpath) \ + $(DESTDIR)$(mcpath) \ + $(DESTDIR)$(pipepath) \ + $(DESTDIR)$(pipepath)/private \ + $(DESTDIR)$(pubconfpath) \ + $(DESTDIR)$(pubconfpath)/krb5.include.d \ + $(DESTDIR)$(gpocachepath) \ + $(DESTDIR)$(sssdconfdir) \ + $(DESTDIR)$(logpath) \ + $(NULL) + installsssddirs:: $(MKDIR_P) \ $(DESTDIR)$(includedir) \ @@ -2815,18 +2822,12 @@ installsssddirs:: $(DESTDIR)$(sssddatadir) \ $(DESTDIR)$(sudolibdir) \ $(DESTDIR)$(autofslibdir) \ - $(NULL); \ - $(INSTALL) $(INSTALL_USER_DIR_FLAGS) \ - $(DESTDIR)$(dbpath) \ - $(DESTDIR)$(mcpath) \ - $(DESTDIR)$(pipepath) \ - $(DESTDIR)$(pipepath)/private \ - $(DESTDIR)$(pubconfpath) \ - $(DESTDIR)$(pubconfpath)/krb5.include.d \ - $(DESTDIR)$(gpocachepath) \ - $(DESTDIR)$(sssdconfdir) \ - $(DESTDIR)$(logpath) \ - $(NULL) + $(SSSD_USER_DIRS) \ + $(NULL); +if SSSD_USER + -chown $(SSSD_USER):$(SSSD_USER) \ + $(SSSD_USER_DIRS) +endif if HAVE_DOXYGEN docs: -- 1.9.3
>From fd4e213abfd9cfec9a23a5547b3a3a9623dc8e61 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <[email protected]> Date: Tue, 11 Nov 2014 15:39:57 +0100 Subject: [PATCH 2/3] BUILD: Make chown of files to sssd user non-fatal In build environments, we can't assume the sssd user will be created prior to installing the package, so we can't chown the files. RPM will own the files instead in this case. Related: https://fedorahosted.org/sssd/ticket/2370 --- Makefile.am | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile.am b/Makefile.am index 6ce3a42f3833fc9041efd908c2e3de4a85193d42..d58fcb9501c44ccf0d5814e1f2070cd82fa8be61 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2884,12 +2884,12 @@ else endif if SSSD_USER - chgrp $(SSSD_USER) $(sssdlibexecdir)/ldap_child + -chgrp $(SSSD_USER) $(sssdlibexecdir)/ldap_child chmod 4750 $(sssdlibexecdir)/ldap_child - chgrp $(SSSD_USER) $(sssdlibexecdir)/krb5_child + -chgrp $(SSSD_USER) $(sssdlibexecdir)/krb5_child chmod 4750 $(sssdlibexecdir)/krb5_child if BUILD_SEMANAGE - chgrp $(SSSD_USER) $(sssdlibexecdir)/selinux_child + -chgrp $(SSSD_USER) $(sssdlibexecdir)/selinux_child chmod 4750 $(sssdlibexecdir)/selinux_child endif endif -- 1.9.3
>From f7529e9f8efd51646570487b8efbf428a379d868 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <[email protected]> Date: Tue, 11 Nov 2014 15:59:22 +0100 Subject: [PATCH 3/3] BUILD: Touch files in DESTDIR Related: https://fedorahosted.org/sssd/ticket/2370 --- Makefile.am | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Makefile.am b/Makefile.am index d58fcb9501c44ccf0d5814e1f2070cd82fa8be61..156ef3c4eab1510126d2bfb47c06163885b8acfe 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2884,13 +2884,13 @@ else endif if SSSD_USER - -chgrp $(SSSD_USER) $(sssdlibexecdir)/ldap_child - chmod 4750 $(sssdlibexecdir)/ldap_child - -chgrp $(SSSD_USER) $(sssdlibexecdir)/krb5_child - chmod 4750 $(sssdlibexecdir)/krb5_child + -chgrp $(SSSD_USER) $(DESTDIR)$(sssdlibexecdir)/ldap_child + chmod 4750 $(DESTDIR)$(sssdlibexecdir)/ldap_child + -chgrp $(SSSD_USER) $(DESTDIR)$(sssdlibexecdir)/krb5_child + chmod 4750 $(DESTDIR)$(sssdlibexecdir)/krb5_child if BUILD_SEMANAGE - -chgrp $(SSSD_USER) $(sssdlibexecdir)/selinux_child - chmod 4750 $(sssdlibexecdir)/selinux_child + -chgrp $(SSSD_USER) $(DESTDIR)$(sssdlibexecdir)/selinux_child + chmod 4750 $(DESTDIR)$(sssdlibexecdir)/selinux_child endif endif -- 1.9.3
_______________________________________________ sssd-devel mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
