sssd/0084-ci-do-not-build-secrets-on-rhel6.patch

From 6698d40512e55e7c2d03e14c227c51b1edc77ffa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Tue, 28 Mar 2017 15:24:01 +0200
Subject: [PATCH 84/97] ci: do not build secrets on rhel6
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We require newer libcurl version than is available on rhel6. We don't
ship secrets responder in rhel6 so we just disable its build.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
---
 contrib/ci/configure.sh        |  1 +
 contrib/sssd.spec.in           | 15 +++++++++++++++
 src/tests/intg/test_secrets.py |  4 ++++
 3 files changed, 20 insertions(+)

diff --git a/contrib/ci/configure.sh b/contrib/ci/configure.sh
index 7590743c2aa5fe31bcdf1a3e92a3f482dbec699b..9d18d0c187561a2dc3bc47d3e8913626e7ff3046 100644
--- a/contrib/ci/configure.sh
+++ b/contrib/ci/configure.sh
@@ -38,6 +38,7 @@ if [[ "$DISTRO_BRANCH" == -redhat-redhatenterprise*-6.*- ||
         "--disable-cifs-idmap-plugin"
         "--with-syslog=syslog"
         "--without-python3-bindings"
+        "--without-secrets"
         "--without-kcm"
     )
 fi
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index af14d4e3d6b9ffeb4696f1517113b8daa575cb99..39a974edebba3dbcd7625d1729b4a7330eaa8a27 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -112,6 +112,12 @@
     %global enable_systemtap_opt --enable-systemtap
 %endif
 
+%if (0%{?fedora} || 0%{?epel} >= 7)
+    %global with_secrets 1
+%else
+    %global with_secret_responder --without-secrets
+%endif
+
 %if (0%{?fedora} >= 23 || 0%{?rhel} >= 7)
     %global with_kcm 1
     %global with_kcm_option --with-kcm
@@ -220,8 +226,10 @@ BuildRequires: libsmbclient-devel
 %if (0%{?enable_systemtap} == 1)
 BuildRequires: systemtap-sdt-devel
 %endif
+%if (0%{?with_secrets} == 1)
 BuildRequires: http-parser-devel
 BuildRequires: jansson-devel
+%endif
 BuildRequires: libuuid-devel
 BuildRequires: libcurl-devel
 
@@ -727,6 +735,7 @@ autoreconf -ivf
     %{?with_python3_option} \
     %{?enable_polkit_rules_option} \
     %{?enable_systemtap_opt} \
+    %{?with_secret_responder} \
     %{?with_kcm_option} \
     %{?experimental}
 
@@ -865,7 +874,9 @@ done
 %{_libexecdir}/%{servicename}/sssd_nss
 %{_libexecdir}/%{servicename}/sssd_pam
 %{_libexecdir}/%{servicename}/sssd_autofs
+%if (0%{?with_secrets} == 1)
 %{_libexecdir}/%{servicename}/sssd_secrets
+%endif
 %{_libexecdir}/%{servicename}/sssd_ssh
 %{_libexecdir}/%{servicename}/sssd_sudo
 %{_libexecdir}/%{servicename}/p11_child
@@ -900,7 +911,9 @@ done
 %dir %{_localstatedir}/cache/krb5rcache
 %attr(700,sssd,sssd) %dir %{dbpath}
 %attr(755,sssd,sssd) %dir %{mcpath}
+%if (0%{?with_secrets} == 1)
 %attr(700,root,root) %dir %{secdbpath}
+%endif
 %ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/passwd
 %ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/group
 %ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/initgroups
@@ -933,7 +946,9 @@ done
 %{_mandir}/man5/sssd.conf.5*
 %{_mandir}/man5/sssd-simple.5*
 %{_mandir}/man5/sssd-sudo.5*
+%if (0%{?with_secrets} == 1)
 %{_mandir}/man5/sssd-secrets.5*
+%endif
 %{_mandir}/man5/sss_rpcidmapd.5*
 %{_mandir}/man8/sssd.8*
 %{_mandir}/man8/sss_cache.8*
diff --git a/src/tests/intg/test_secrets.py b/src/tests/intg/test_secrets.py
index d71c1904558cc6f8a6eee36c4049582705bc30ac..202f43e61cb0e4986394ad2b32da5abdcb0be3e9 100644
--- a/src/tests/intg/test_secrets.py
+++ b/src/tests/intg/test_secrets.py
@@ -46,6 +46,10 @@ def create_sssd_secrets_fixture(request):
         raise Exception("failed to regenerate confdb")
 
     resp_path = os.path.join(config.LIBEXEC_PATH, "sssd", "sssd_secrets")
+    if not os.access(resp_path, os.X_OK):
+        # It would be cleaner to use pytest.mark.skipif on the package level
+        # but upstream insists on supporting RHEL-6.
+        pytest.skip("No Secrets responder, skipping")
 
     secpid = os.fork()
     assert secpid >= 0
-- 
2.12.2