Wrong installation path for the sssd Python module
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sssd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Sergio Durigan Junior | ||
Kinetic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[ Impact ]
sssd users who try to invoke the "sssctl analyze" command on Ubuntu Jammy will experience the following error:
/usr/bin/env: ‘python’: No such file or directory
This happens because "sssctl analyze" will call /usr/libexec/
When this bug is fixed, another one pops up:
Traceback (most recent call last):
File "/usr/libexec/
from sssd import sss_analyze
ModuleNotFoundE
This bug is happening because sssd-tools currently installs its Python files inside /usr/lib/
[ Test Plan ]
$ lxc launch ubuntu-daily:jammy sssd-bug1979453
$ lxc shell sssd-bug1979453
# apt update
# apt install -y sssd sssd-tools
# cat > /etc/sssd/sssd.conf << _EOF_
[sssd]
config_file_version = 2
services = pam
domains = example.com
[pam]
[domain/
id_provider = proxy
proxy_lib_name = files
auth_provider = krb5
krb5_server = localhost
krb5_realm = EXAMPLE.COM
_EOF_
# chmod 0600 /etc/sssd/sssd.conf
# sssctl analyze
With the current version of sssd available in Jammy, you should see the error messages listed above (in the "Impact") section. With a fixed sssd, you will see:
# sssctl analyze
usage: sss_analyze [-h] [--source {files,journald}] [--logdir LOGDIR] COMMANDS ...
Analyzer tool to assist with SSSD log parsing
options:
-h, --help show this help message and exit
--source {files,journald}
--logdir LOGDIR SSSD Log directory to parse log files from
COMMANDS
Modules
request Request tracking
[ Where problems could occur ]
This fix changes the path where sssd's Python files are installed. I believe this is the most problematic part of this SRU: although we doing "the right thing" here, there is always the possibility that someone might have a local script that somehow relies on the Python files to be where they currently are. This would obviously be an unsupported scenario, but nonetheless it could break this person's script. I find it highly unlikely that this will happen, though, because this bug did not exist until very recently ("sssctl analyze" has been introduced only on Jammy).
[ Original Description ]
Context
---------
```
# lsb_release -rd
Description: Ubuntu 22.04 LTS
Release: 22.04
```
Symptoms
----------
The `/usr/libexec/
```
# sssctl analyze --help
Traceback (most recent call last):
File "/usr/libexec/
from sssd import sss_analyze
ModuleNotFoundE
Command '/usr/libexec/
```
Cause
-------
The tool is brought by the `sssd-tools` package, which also comes with the expected Python module named `sssd`:
```
# dpkg -S /usr/libexec/
sssd-tools: /usr/libexec/
# apt-cache show sssd-tools
Package: sssd-tools
Architecture: amd64
Version: 2.6.3-1ubuntu3
Priority: extra
Section: utils
Source: sssd
Origin: Ubuntu
...
Depends: python3, python3-sss, python3-systemd, sssd-common (= 2.6.3-1ubuntu3), libc6 (>= 2.34), libdhash1 (>= 0.4.0), libldb2 (>= 0.9.21), libpam0g (>= 0.99.7.1), libpopt0 (>= 1.14), libref-array1 (>= 0.4.0), libsss-certmap0 (>= 2.6.3), libtalloc2 (>= 2.0.4~git20101213)
...
Filename: pool/main/
Size: 92454
MD5sum: ed023079efa434d
SHA1: 28f44521c11ae93
SHA256: b4954b7ec32bbc2
SHA512: 693eaa32af1dd9f
...
# dpkg -L sssd-tools
...
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
...
```
Unfortunately, it gets installed into the `site-packages` subdirectory of `/usr/lib/
```
# python
Python 3.10.4 (main, Apr 2 2022, 09:04:19) [GCC 11.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys
>>> sys.path
['', '/usr/lib/
```
Solution proposal
-------------------
Ship a new release of the package with the module installed into `dist-packages` instead of `site-packages` under `/usr/lib/
Related branches
- Andreas Hasenack: Approve
- git-ubuntu bot: Approve
- Canonical Server Reporter: Pending requested
- Canonical Server Reporter: Pending requested
- Canonical Server Reporter: Pending requested
- Canonical Server: Pending requested
-
Diff: 448 lines (+372/-6)10 files modifieddebian/changelog (+18/-0)
debian/patches/lp1934997-authentication-fails-gpo-non-existent.patch (+169/-0)
debian/patches/lp1979350-GPO-ignore-non-ascii-symbols-in-GPT.INI.patch (+152/-0)
debian/patches/lp1979453-fix-shebang-on-sss_analyze.patch (+22/-0)
debian/patches/series (+3/-0)
debian/python3-libipa-hbac.install (+1/-1)
debian/python3-libsss-nss-idmap.install (+1/-1)
debian/python3-sss.install (+3/-3)
debian/rules (+2/-0)
debian/sssd-tools.install (+1/-1)
description: | updated |
tags: | added: server-todo |
Changed in sssd (Ubuntu Jammy): | |
status: | New → Confirmed |
Changed in sssd (Ubuntu Kinetic): | |
status: | New → Confirmed |
Changed in sssd (Ubuntu Jammy): | |
status: | Confirmed → Triaged |
Changed in sssd (Ubuntu Kinetic): | |
status: | Confirmed → Triaged |
Changed in sssd (Ubuntu Jammy): | |
assignee: | nobody → Sergio Durigan Junior (sergiodj) |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
Changed in sssd (Ubuntu Jammy): | |
status: | Triaged → In Progress |
usr.sbin.sssd Caching disabled on Kinetic Mate
Just getting that warning while upgrading apparmor:
Reloading AppArmor profiles d/disable: usr.sbin.rsyslogd d/force- complain, forcing complain mode d/usr.sbin. sssd line 60): Caching disabled for: 'usr.sbin.sssd' due to force complain
Skipping profile in /etc/apparmor.
Warning: found usr.sbin.sssd in /etc/apparmor.
Warning from /etc/apparmor.d (/etc/apparmor.