[Bug 1120189] New: 389-ds build fail in the post-check due to modified permissions
http://bugzilla.suse.com/show_bug.cgi?id=1120189 Bug ID: 1120189 Summary: 389-ds build fail in the post-check due to modified permissions Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: varkoly@suse.com Reporter: mlin@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- 389-ds build failed in Leap 15.1 recently, it fails in the post-check due to caught modified permissions, the full build log can be found at https://build.opensuse.org/package/live_build_log/openSUSE:Leap:15.1/389-ds/... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1120189
http://bugzilla.suse.com/show_bug.cgi?id=1120189#c1
--- Comment #1 from Max Lin
From the security perspective we've reviewed 389-ds version 1.4.0.18 in bug
http://bugzilla.suse.com/show_bug.cgi?id=1120189
http://bugzilla.suse.com/show_bug.cgi?id=1120189#c4
Matthias Gerstner
http://bugzilla.suse.com/show_bug.cgi?id=1120189
http://bugzilla.suse.com/show_bug.cgi?id=1120189#c5
--- Comment #5 from Ludwig Nussel
http://bugzilla.suse.com/show_bug.cgi?id=1120189
http://bugzilla.suse.com/show_bug.cgi?id=1120189#c6
Matthias Gerstner
The package is not prepared for permissions handling at all, not even in Factory. So you either can't set that stuff in the permissions package at all or the maintainer has to fix the package.
Since we've been asked to review this in bug 1111564, the whitelisting in the permissions package was just the natural result. Therefore I suggest the maintainer adjusts the package accordingly. It shouldn't be too much effort and result is a more consistent package. Reassigning to the 389-ds maintainer. Can you please take care of this? Thank you. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1120189
http://bugzilla.suse.com/show_bug.cgi?id=1120189#c7
--- Comment #7 from Marcus Rückert
http://bugzilla.suse.com/show_bug.cgi?id=1120189
Peter Varkoly
http://bugzilla.suse.com/show_bug.cgi?id=1120189
William Brown
http://bugzilla.suse.com/show_bug.cgi?id=1120189
http://bugzilla.suse.com/show_bug.cgi?id=1120189#c8
--- Comment #8 from William Brown
http://bugzilla.suse.com/show_bug.cgi?id=1120189
Ludwig Nussel
http://bugzilla.suse.com/show_bug.cgi?id=1120189
Peter Varkoly
http://bugzilla.suse.com/show_bug.cgi?id=1120189
Peter Varkoly
http://bugzilla.suse.com/show_bug.cgi?id=1120189
Peter Varkoly
http://bugzilla.suse.com/show_bug.cgi?id=1120189
http://bugzilla.suse.com/show_bug.cgi?id=1120189#c10
--- Comment #10 from Ludwig Nussel
http://bugzilla.suse.com/show_bug.cgi?id=1120189
Ludwig Nussel
http://bugzilla.suse.com/show_bug.cgi?id=1120189
Ludwig Nussel
http://bugzilla.suse.com/show_bug.cgi?id=1120189
http://bugzilla.suse.com/show_bug.cgi?id=1120189#c11
--- Comment #11 from William Brown
http://bugzilla.suse.com/show_bug.cgi?id=1120189
http://bugzilla.suse.com/show_bug.cgi?id=1120189#c12
--- Comment #12 from Ludwig Nussel
http://bugzilla.suse.com/show_bug.cgi?id=1120189
http://bugzilla.suse.com/show_bug.cgi?id=1120189#c13
--- Comment #13 from Ludwig Nussel
http://bugzilla.suse.com/show_bug.cgi?id=1120189
http://bugzilla.suse.com/show_bug.cgi?id=1120189#c14
--- Comment #14 from William Brown
http://bugzilla.suse.com/show_bug.cgi?id=1120189
http://bugzilla.suse.com/show_bug.cgi?id=1120189#c15
--- Comment #15 from Ludwig Nussel
http://bugzilla.suse.com/show_bug.cgi?id=1120189
http://bugzilla.suse.com/show_bug.cgi?id=1120189#c16
--- Comment #16 from William Brown
Arguments why the version update is needed are still missing in this bug report. Also, the .changes file needs to refer to this bug (bsc#1120189). Then I can forward your request internally.
I sent the following text to my manager, so I'll paste it here: """ I’d like to recommend that we upgrade and repackage 389-ds for SLE-15-SP1 over the current version. As you have mentioned, the installed userbase is likely small, so making a change like this is unlikely to be disruptive. Red Hat and upstream design each series (1.4.x.x) to be able to be stable and upgraded over the course of an enterprise distributions life. This means that there should be very little changing from an administrator perspective there. However, a major changed has occured between 1.4.0.x and 1.4.1.x with regard to suse packaging of the 389-ds project. As an upstream core team member, I corrected a number of issues in the way the packaging was performed, and most notably, enabled the python administration toolkit. This has not been reflected in 1.4.0.x versions in SLE yet. It’s important to note, upstream had deprecated the perl admin tools since 1.3.x, So 1.4.x.x with perl was never an upstream supported combination. Enabling the python admin tools makes the setup process easier, and many administrative tasks become far easier to manage. An additional point is (this is my mistake) I have been working with the fantastic suse docs team, and reworking the SLE guide’s 389-ds section (from openldap) to assume the 1.4.x.x was used with the enabled python tools. This means the documentation doesn’t currently align to the packages in SLE-15-SP1. It would be awkward to rewrite the documentation to the old perl tools, only to have to bring it back to the python tools later. A risk to keep in mind is that YaST may or may not work with the python tools, however I am proactively reaching out to the YaST team to discuss this and to work with them to improve this situation. """ It's worth noting that the YAST situation is resolved, with the code approved for merge within the last 24 hours, so hopefully that can be backported without difficulty for yast-auth-server.
Nevertheless please escalate the missing access to build.suse.de. I've never seen issues related to obs login unresolved for that long.
I think it's a ticket system issue. I contacted the buildops team direct and my account works now. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1120189
http://bugzilla.suse.com/show_bug.cgi?id=1120189#c17
--- Comment #17 from Ludwig Nussel
http://bugzilla.suse.com/show_bug.cgi?id=1120189
http://bugzilla.suse.com/show_bug.cgi?id=1120189#c18
--- Comment #18 from Ludwig Nussel
It's worth noting that the YAST situation is resolved, with the code approved for merge within the last 24 hours, so hopefully that can be backported without difficulty for yast-auth-server.
Do you have a link or bug number for that? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1120189
http://bugzilla.suse.com/show_bug.cgi?id=1120189#c19
--- Comment #19 from William Brown
http://bugzilla.suse.com/show_bug.cgi?id=1120189
William Brown
http://bugzilla.suse.com/show_bug.cgi?id=1120189
http://bugzilla.suse.com/show_bug.cgi?id=1120189#c20
--- Comment #20 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1120189
http://bugzilla.suse.com/show_bug.cgi?id=1120189#c21
--- Comment #21 from Ludwig Nussel
http://bugzilla.suse.com/show_bug.cgi?id=1120189
http://bugzilla.suse.com/show_bug.cgi?id=1120189#c22
--- Comment #22 from William Brown
http://bugzilla.suse.com/show_bug.cgi?id=1120189
Frederic Crozat
http://bugzilla.suse.com/show_bug.cgi?id=1120189
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1120189
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1120189
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1120189
http://bugzilla.suse.com/show_bug.cgi?id=1120189#c33
--- Comment #33 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1120189
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1120189
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1120189
Swamp Workflow Management
participants (1)
-
bugzilla_noreply@novell.com