Backport PR #900 to fix RHBZ #1755643

0001-SSS_CLIENT-got-rid-of-using-PRNG.patch

@@ -0,0 +1,49 @@
+From e47f143bcb86d04aa053c17373f9d9991fc63913 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Mon, 14 Oct 2019 11:38:06 +0200
+Subject: [PATCH] SSS_CLIENT: got rid of using PRNG
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+1) no reason to expect "thundering herd issue"
+2) randomization as it was done (strictly 1 or 2 secs)
+   would not help much anyway
+3) usage of PRNG might break app that depends on deterministic
+   PRNG behaviour
+
+Resolves: https://pagure.io/SSSD/sssd/issue/4094
+
+Reviewed-by: Michal Židek <mzidek@redhat.com>
+---
+ src/sss_client/common.c | 7 +------
+ 1 file changed, 1 insertion(+), 6 deletions(-)
+
+diff --git a/src/sss_client/common.c b/src/sss_client/common.c
+index 930efe4a1..270ca8b54 100644
+--- a/src/sss_client/common.c
++++ b/src/sss_client/common.c
+@@ -566,11 +566,6 @@ static int sss_cli_open_socket(int *errnop, const char *socket_name, int timeout
+     /* this piece is adapted from winbind client code */
+     wait_time = 0;
+     sleep_time = 0;
+-    /* This is not security relevant functionality and
+-     * it is undesirable to pull unnecessary dependency (util/crypto)
+-     * so plain srand() & rand() are used here.
+-     */
+-    srand(time(NULL) * getpid());
+     while (inprogress) {
+         int connect_errno = 0;
+         socklen_t errnosize;
+@@ -605,7 +600,7 @@ static int sss_cli_open_socket(int *errnop, const char *socket_name, int timeout
+             break;
+         case EAGAIN:
+             if (wait_time < timeout) {
+-                sleep_time = rand() % 2 + 1;
++                sleep_time = 1;
+                 sleep(sleep_time);
+             }
+             break;
+-- 
+2.23.0
+

sssd.spec

@@ -36,7 +36,7 @@
 
 Name: sssd
 Version: 2.2.2
-Release: 2%{?dist}
+Release: 3%{?dist}
 Summary: System Security Services Daemon
 License: GPLv3+
 URL: https://pagure.io/SSSD/sssd/
@@ -48,6 +48,10 @@ Source0: https://releases.pagure.org/SSSD/sssd/%{name}-%{version}.tar.gz
 # https://github.com/SSSD/sssd/pull/904
 # https://bugzilla.redhat.com/show_bug.cgi?id=1757224
 Patch0: 0001-KCM-Set-kdc_offset-to-zero-initially.patch
+# Workaround a problem setting up replica in containers
+# https://github.com/SSSD/sssd/pull/900
+# https://bugzilla.redhat.com/show_bug.cgi?id=1755643
+Patch1: 0001-SSS_CLIENT-got-rid-of-using-PRNG.patch
 
 ### Downstream only patches ###
 Patch0502: 0502-SYSTEMD-Use-capabilities.patch
@@ -1212,6 +1216,10 @@ fi
                                 %{_libdir}/%{name}/modules/libwbclient.so
 
 %changelog
+* Tue Oct 22 2019 Adam Williamson <awilliam@redhat.com> - 2.2.2-3
+- Resolves: rhbz#1755643 - Upgrade to sssd 2.2.2-1.fc30 breaks setting
+                           up FreeIPA replica in containers
+
 * Tue Oct 22 2019 Adam Williamson <awilliam@redhat.com> - 2.2.2-2
 - Resolves: rhbz#1757224 - Tickets act like they're expiring prematurely
                            when using KCM cache