search

SSSD / sssd

A daemon to manage identity, authentication and authorization for centrally-managed systems.
https://sssd.io
GNU General Public License v3.0
603 stars 247 forks source link

2.9.4: build fails on use openssl command from openssl 3.2.1 #7179

Closed kloczek closed 9 months ago

kloczek commented 9 months ago

Looks like something is wrong and I;m not sure is it openssl command issue or sssd

[tkloczko@pers-jacek sssd-2.9.4]$ make
fatal: not a git repository (or any parent up to mount point /home/tkloczko)
Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set).
./sbus_generate.sh /home/tkloczko/rpmbuild/BUILD/sssd-2.9.4
Generating sbus code for: sbus/codegen/dbus.xml
Generating sbus code for: sss_iface/sss_iface.xml
Generating sbus code for: responder/ifp/ifp_iface/ifp_iface.xml
make -C src/tests/test_CA ca_all
make[1]: Entering directory '/home/tkloczko/rpmbuild/BUILD/sssd-2.9.4/src/tests/test_CA'
Making clean in intermediate_CA
make[2]: Entering directory '/home/tkloczko/rpmbuild/BUILD/sssd-2.9.4/src/tests/test_CA/intermediate_CA'
test -z "index.txt  index.txt.attr index.txt.attr.old  index.txt.old SSSD_test_intermediate_CA.pem SSSD_test_intermediate_CA_req.pem SSSD_test_intermediate_CA_full_db.pem SSSD_test_CA.pem pwdfile SSSD_test_intermediate_CA_cert_x509_0001.pem SSSD_test_intermediate_CA_cert_x509_0001.h SSSD_test_intermediate_CA_cert_pubsshkey_0001.pub SSSD_test_intermediate_CA_cert_pubsshkey_0001.h SSSD_test_intermediate_CA_cert_pkcs12_0001.pem softhsm2_*.conf " || rm -f index.txt  index.txt.attr index.txt.attr.old  index.txt.old SSSD_test_intermediate_CA.pem SSSD_test_intermediate_CA_req.pem SSSD_test_intermediate_CA_full_db.pem SSSD_test_CA.pem pwdfile SSSD_test_intermediate_CA_cert_x509_0001.pem SSSD_test_intermediate_CA_cert_x509_0001.h SSSD_test_intermediate_CA_cert_pubsshkey_0001.pub SSSD_test_intermediate_CA_cert_pubsshkey_0001.h SSSD_test_intermediate_CA_cert_pkcs12_0001.pem softhsm2_*.conf
rm -rf .libs _libs
rm -rf newcerts
rm -rf softhsm*
rm -rf serial*
rm -f *.lo
make[2]: Leaving directory '/home/tkloczko/rpmbuild/BUILD/sssd-2.9.4/src/tests/test_CA/intermediate_CA'
make[2]: Entering directory '/home/tkloczko/rpmbuild/BUILD/sssd-2.9.4/src/tests/test_CA'
test -z "index.txt  index.txt.attr index.txt.attr.old  index.txt.old serial  serial.old SSSD_test_CA.pem pwdfile SSSD_test_CA_expired_crl.pem SSSD_test_CA_crl.pem SSSD_test_cert_x509_0001.pem SSSD_test_cert_x509_0002.pem SSSD_test_cert_x509_0003.pem SSSD_test_cert_x509_0004.pem SSSD_test_cert_x509_0005.pem SSSD_test_cert_x509_0006.pem SSSD_test_cert_x509_0007.pem SSSD_test_cert_x509_0001.h SSSD_test_cert_x509_0002.h SSSD_test_cert_x509_0003.h SSSD_test_cert_x509_0004.h SSSD_test_cert_x509_0005.h SSSD_test_cert_x509_0006.h SSSD_test_cert_x509_0007.h SSSD_test_cert_pubsshkey_0001.pub SSSD_test_cert_pubsshkey_0002.pub SSSD_test_cert_pubsshkey_0003.pub SSSD_test_cert_pubsshkey_0004.pub SSSD_test_cert_pubsshkey_0005.pub SSSD_test_cert_pubsshkey_0006.pub SSSD_test_cert_pubsshkey_0007.pub SSSD_test_cert_pubsshkey_0001.h SSSD_test_cert_pubsshkey_0002.h SSSD_test_cert_pubsshkey_0003.h SSSD_test_cert_pubsshkey_0004.h SSSD_test_cert_pubsshkey_0005.h SSSD_test_cert_pubsshkey_0006.h SSSD_test_cert_pubsshkey_0007.h SSSD_test_cert_pkcs12_0001.pem SSSD_test_cert_pkcs12_0002.pem SSSD_test_cert_pkcs12_0003.pem SSSD_test_cert_pkcs12_0004.pem SSSD_test_cert_pkcs12_0005.pem SSSD_test_cert_pkcs12_0006.pem SSSD_test_cert_pkcs12_0007.pem softhsm2_*.conf SSSD_test_*.der " || rm -f index.txt  index.txt.attr index.txt.attr.old  index.txt.old serial  serial.old SSSD_test_CA.pem pwdfile SSSD_test_CA_expired_crl.pem SSSD_test_CA_crl.pem SSSD_test_cert_x509_0001.pem SSSD_test_cert_x509_0002.pem SSSD_test_cert_x509_0003.pem SSSD_test_cert_x509_0004.pem SSSD_test_cert_x509_0005.pem SSSD_test_cert_x509_0006.pem SSSD_test_cert_x509_0007.pem SSSD_test_cert_x509_0001.h SSSD_test_cert_x509_0002.h SSSD_test_cert_x509_0003.h SSSD_test_cert_x509_0004.h SSSD_test_cert_x509_0005.h SSSD_test_cert_x509_0006.h SSSD_test_cert_x509_0007.h SSSD_test_cert_pubsshkey_0001.pub SSSD_test_cert_pubsshkey_0002.pub SSSD_test_cert_pubsshkey_0003.pub SSSD_test_cert_pubsshkey_0004.pub SSSD_test_cert_pubsshkey_0005.pub SSSD_test_cert_pubsshkey_0006.pub SSSD_test_cert_pubsshkey_0007.pub SSSD_test_cert_pubsshkey_0001.h SSSD_test_cert_pubsshkey_0002.h SSSD_test_cert_pubsshkey_0003.h SSSD_test_cert_pubsshkey_0004.h SSSD_test_cert_pubsshkey_0005.h SSSD_test_cert_pubsshkey_0006.h SSSD_test_cert_pubsshkey_0007.h SSSD_test_cert_pkcs12_0001.pem SSSD_test_cert_pkcs12_0002.pem SSSD_test_cert_pkcs12_0003.pem SSSD_test_cert_pkcs12_0004.pem SSSD_test_cert_pkcs12_0005.pem SSSD_test_cert_pkcs12_0006.pem SSSD_test_cert_pkcs12_0007.pem softhsm2_*.conf SSSD_test_*.der
rm -rf .libs _libs
rm -rf newcerts
rm -rf softhsm*
rm -f *.lo
make[2]: Leaving directory '/home/tkloczko/rpmbuild/BUILD/sssd-2.9.4/src/tests/test_CA'
touch index.txt
touch index.txt.attr
mkdir newcerts
echo -n 01 > serial
/usr/bin/openssl req -batch -config ./SSSD_test_CA.config -x509 -new -nodes -key SSSD_test_CA_key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out SSSD_test_CA.pem
/usr/bin/openssl ca -gencrl -out SSSD_test_CA_crl.pem -keyfile ./SSSD_test_CA_key.pem -config ./SSSD_test_CA.config -crldays 99999
Using configuration from ./SSSD_test_CA.config
if [ 1 -eq 0 ]; then \
        /usr/bin/openssl req -new -nodes -key SSSD_test_cert_key_0001.pem -config ./SSSD_test_cert_0001.config -out SSSD_test_cert_req_0001.pem ; \
else \
        /usr/bin/openssl req -new -nodes -key SSSD_test_cert_key_0001.pem -reqexts req_exts -config ./SSSD_test_cert_0001.config -out SSSD_test_cert_req_0001.pem ; \
fi
/usr/bin/openssl ca -config ./SSSD_test_CA.config -batch -notext -keyfile ./SSSD_test_CA_key.pem -in SSSD_test_cert_req_0001.pem -days 200 -extensions usr_cert -out SSSD_test_cert_x509_0001.pem
Using configuration from ./SSSD_test_CA.config
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Feb 11 10:04:22 2024 GMT
            Not After : Aug 29 10:04:22 2024 GMT
        Subject:
            organizationName          = SSSD
            organizationalUnitName    = SSSD test
            commonName                = SSSD test cert 0001
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                18:37:2E:B1:66:56:ED:F8:F7:57:CA:CD:20:24:36:E0:99:16:57:AD
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Cert Type:
                SSL Client, S/MIME
            Netscape Comment:
                SSSD test Certificate
            X509v3 Subject Key Identifier:
                BA:99:9A:94:DB:3A:05:73:F0:A4:AC:AC:95:F1:C3:35:BD:F8:71:99
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Client Authentication, E-mail Protection
            X509v3 Subject Alternative Name:
                email:sssd-devel@lists.fedorahosted.org, URI:https://github.com/SSSD/sssd//
Certificate is to be certified until Aug 29 10:04:22 2024 GMT (200 days)

Write out database with 1 new entries
Database updated
if [ 1 -eq 0 ]; then \
        /usr/bin/openssl req -new -nodes -key SSSD_test_cert_key_0002.pem -config ./SSSD_test_cert_0002.config -out SSSD_test_cert_req_0002.pem ; \
else \
        /usr/bin/openssl req -new -nodes -key SSSD_test_cert_key_0002.pem -reqexts req_exts -config ./SSSD_test_cert_0002.config -out SSSD_test_cert_req_0002.pem ; \
fi
/usr/bin/openssl ca -config ./SSSD_test_CA.config -batch -notext -keyfile ./SSSD_test_CA_key.pem -in SSSD_test_cert_req_0002.pem -days 200 -extensions usr_cert -out SSSD_test_cert_x509_0002.pem
Using configuration from ./SSSD_test_CA.config
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 2 (0x2)
        Validity
            Not Before: Feb 11 10:04:22 2024 GMT
            Not After : Aug 29 10:04:22 2024 GMT
        Subject:
            organizationName          = SSSD
            organizationalUnitName    = SSSD test
            commonName                = SSSD test cert 0002
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                18:37:2E:B1:66:56:ED:F8:F7:57:CA:CD:20:24:36:E0:99:16:57:AD
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Cert Type:
                SSL Client
            Netscape Comment:
                SSSD test Certificate
            X509v3 Subject Key Identifier:
                D6:79:87:DA:7D:AF:DE:41:EE:CD:56:23:CE:29:98:FE:D4:7D:A6:DC
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Client Authentication
            X509v3 Subject Alternative Name:
                email:sssd-devel@lists.fedorahosted.org, URI:https://github.com/SSSD/sssd//
Certificate is to be certified until Aug 29 10:04:22 2024 GMT (200 days)

Write out database with 1 new entries
Database updated
if [ 1 -eq 0 ]; then \
        /usr/bin/openssl req -new -nodes -key SSSD_test_cert_key_0003.pem -config ./SSSD_test_cert_0003.config -out SSSD_test_cert_req_0003.pem ; \
else \
        /usr/bin/openssl req -new -nodes -key SSSD_test_cert_key_0003.pem -reqexts req_exts -config ./SSSD_test_cert_0003.config -out SSSD_test_cert_req_0003.pem ; \
fi
/usr/bin/openssl ca -config ./SSSD_test_CA.config -batch -notext -keyfile ./SSSD_test_CA_key.pem -in SSSD_test_cert_req_0003.pem -days 200 -extensions usr_cert -out SSSD_test_cert_x509_0003.pem
Using configuration from ./SSSD_test_CA.config
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 3 (0x3)
        Validity
            Not Before: Feb 11 10:04:22 2024 GMT
            Not After : Aug 29 10:04:22 2024 GMT
        Subject:
            organizationName          = SSSD
            organizationalUnitName    = SSSD test
            commonName                = SSSD test cert 0003
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                18:37:2E:B1:66:56:ED:F8:F7:57:CA:CD:20:24:36:E0:99:16:57:AD
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Cert Type:
                SSL Client
            Netscape Comment:
                SSSD test Certificate
            X509v3 Subject Key Identifier:
                28:3E:BB:D6:D9:5C:FE:C1:FB:7C:49:3B:19:B4:D6:63:B2:44:8C:41
            X509v3 Key Usage:
                Digital Signature, Key Encipherment
Certificate is to be certified until Aug 29 10:04:22 2024 GMT (200 days)

Write out database with 1 new entries
Database updated
if [ 1 -eq 0 ]; then \
        /usr/bin/openssl req -new -nodes -key SSSD_test_cert_key_0004.pem -config ./SSSD_test_cert_0004.config -out SSSD_test_cert_req_0004.pem ; \
else \
        /usr/bin/openssl req -new -nodes -key SSSD_test_cert_key_0004.pem -reqexts req_exts -config ./SSSD_test_cert_0004.config -out SSSD_test_cert_req_0004.pem ; \
fi
/usr/bin/openssl ca -config ./SSSD_test_CA.config -batch -notext -keyfile ./SSSD_test_CA_key.pem -in SSSD_test_cert_req_0004.pem -days 200 -extensions usr_cert -out SSSD_test_cert_x509_0004.pem
Using configuration from ./SSSD_test_CA.config
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 4 (0x4)
        Validity
            Not Before: Feb 11 10:04:22 2024 GMT
            Not After : Aug 29 10:04:22 2024 GMT
        Subject:
            organizationName          = SSSD
            organizationalUnitName    = SSSD test
            commonName                = SSSD test cert 0004
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                18:37:2E:B1:66:56:ED:F8:F7:57:CA:CD:20:24:36:E0:99:16:57:AD
            X509v3 Subject Key Identifier:
                DD:09:78:8E:E6:50:B3:E3:3B:0D:FB:9F:CB:6D:66:48:95:1D:AA:52
Certificate is to be certified until Aug 29 10:04:22 2024 GMT (200 days)

Write out database with 1 new entries
Database updated
if [ 1 -eq 0 ]; then \
        /usr/bin/openssl req -new -nodes -key SSSD_test_cert_key_0005.pem -config ./SSSD_test_cert_0005.config -out SSSD_test_cert_req_0005.pem ; \
else \
        /usr/bin/openssl req -new -nodes -key SSSD_test_cert_key_0005.pem -reqexts req_exts -config ./SSSD_test_cert_0005.config -out SSSD_test_cert_req_0005.pem ; \
fi
/usr/bin/openssl ca -config ./SSSD_test_CA.config -batch -notext -keyfile ./SSSD_test_CA_key.pem -in SSSD_test_cert_req_0005.pem -days 200 -extensions usr_cert -out SSSD_test_cert_x509_0005.pem
Using configuration from ./SSSD_test_CA.config
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 5 (0x5)
        Validity
            Not Before: Feb 11 10:04:23 2024 GMT
            Not After : Aug 29 10:04:23 2024 GMT
        Subject:
            organizationName          = SSSD
            organizationalUnitName    = SSSD test
            commonName                = SSSD test cert 0005
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                18:37:2E:B1:66:56:ED:F8:F7:57:CA:CD:20:24:36:E0:99:16:57:AD
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Cert Type:
                SSL Client
            Netscape Comment:
                SSSD test Certificate
            X509v3 Subject Key Identifier:
                A2:64:ED:FA:8C:CD:08:AB:B9:18:C9:04:E7:08:4C:47:5F:BC:7A:49
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Client Authentication
            X509v3 Subject Alternative Name:
                email:sssd-devel@lists.fedorahosted.org, URI:https://github.com/SSSD/sssd//
            Authority Information Access:
                OCSP - URI:http://ocsp.my.server.test/
Certificate is to be certified until Aug 29 10:04:23 2024 GMT (200 days)

Write out database with 1 new entries
Database updated
if [ 1 -eq 0 ]; then \
        /usr/bin/openssl req -new -nodes -key SSSD_test_cert_key_0001.pem -config ./SSSD_test_cert_0006.config -out SSSD_test_cert_req_0006.pem ; \
else \
        /usr/bin/openssl req -new -nodes -key SSSD_test_cert_key_0001.pem -reqexts req_exts -config ./SSSD_test_cert_0006.config -out SSSD_test_cert_req_0006.pem ; \
fi
/usr/bin/openssl ca -config ./SSSD_test_CA.config -batch -notext -keyfile ./SSSD_test_CA_key.pem -in SSSD_test_cert_req_0006.pem -days 200 -extensions usr_cert -out SSSD_test_cert_x509_0006.pem
Using configuration from ./SSSD_test_CA.config
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 6 (0x6)
        Validity
            Not Before: Feb 11 10:04:23 2024 GMT
            Not After : Aug 29 10:04:23 2024 GMT
        Subject:
            organizationName          = SSSD
            organizationalUnitName    = SSSD test
            commonName                = SSSD test cert 0006
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                18:37:2E:B1:66:56:ED:F8:F7:57:CA:CD:20:24:36:E0:99:16:57:AD
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Cert Type:
                SSL Client, S/MIME
            Netscape Comment:
                SSSD test Certificate
            X509v3 Subject Key Identifier:
                BA:99:9A:94:DB:3A:05:73:F0:A4:AC:AC:95:F1:C3:35:BD:F8:71:99
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Client Authentication, E-mail Protection
            X509v3 Subject Alternative Name:
                email:sssd-devel@lists.fedorahosted.org, URI:https://github.com/SSSD/sssd//
Certificate is to be certified until Aug 29 10:04:23 2024 GMT (200 days)

Write out database with 1 new entries
Database updated
if [ 1 -eq 0 ]; then \
        /usr/bin/openssl req -new -key SSSD_test_cert_key_0007.pem -config ./SSSD_test_cert_0007.config  -sigopt rsa_padding_mode\:pss -sha256 -sigopt rsa_pss_saltlen\:20 -out SSSD_test_cert_req_0007.pem ;  \
else \
        /usr/bin/openssl req -new -key SSSD_test_cert_key_0007.pem -reqexts req_exts -config ./SSSD_test_cert_0007.config  -sigopt rsa_padding_mode\:pss -sha256 -sigopt rsa_pss_saltlen\:20 -out SSSD_test_cert_req_0007.pem ; \
fi
/usr/bin/openssl ca -config ./SSSD_test_CA.config -batch -notext -keyfile ./SSSD_test_CA_key.pem -in SSSD_test_cert_req_0007.pem -sigopt rsa_padding_mode\:pss  -sigopt rsa_pss_saltlen\:20 -days 200 -extensions usr_cert -out SSSD_test_cert_x509_0007.pem
Using configuration from ./SSSD_test_CA.config
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 7 (0x7)
        Validity
            Not Before: Feb 11 10:04:23 2024 GMT
            Not After : Aug 29 10:04:23 2024 GMT
        Subject:
            organizationName          = SSSD
            organizationalUnitName    = SSSD test
            commonName                = SSSD test cert 0007 /oddchar
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                18:37:2E:B1:66:56:ED:F8:F7:57:CA:CD:20:24:36:E0:99:16:57:AD
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Subject Key Identifier:
                93:F6:B8:C1:C4:3E:AA:E1:5D:B2:68:3E:44:E2:60:00:A5:C7:91:E6
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Client Authentication, E-mail Protection
            X509v3 Subject Alternative Name:
                email:sssd-devel@lists.fedorahosted.org, URI:https://github.com/SSSD/sssd//
            X509v3 CRL Distribution Points:
                Full Name:
                  URI:http://localhost/intCA.crl
Certificate is to be certified until Aug 29 10:04:23 2024 GMT (200 days)

Write out database with 1 new entries
Database updated
Warning: Reading certificate from stdin since no -in or -new option is given
Warning: Reading certificate from stdin since no -in or -new option is given
Warning: Reading certificate from stdin since no -in or -new option is given
Warning: Reading certificate from stdin since no -in or -new option is given
Warning: Reading certificate from stdin since no -in or -new option is given
Warning: Reading certificate from stdin since no -in or -new option is given
Warning: Reading certificate from stdin since no -in or -new option is given
Warning: Reading certificate from stdin since no -in or -new option is given
Warning: Reading certificate from stdin since no -in or -new option is given
Warning: Reading certificate from stdin since no -in or -new option is given
Warning: Reading certificate from stdin since no -in or -new option is given
Warning: Reading certificate from stdin since no -in or -new option is given
Warning: Reading certificate from stdin since no -in or -new option is given
Warning: Reading certificate from stdin since no -in or -new option is given
Warning: Reading certificate from stdin since no -in or -new option is given
Warning: Reading certificate from stdin since no -in or -new option is given
Warning: Reading certificate from stdin since no -in or -new option is given
Warning: Reading certificate from stdin since no -in or -new option is given
Warning: Reading certificate from stdin since no -in or -new option is given
Warning: Reading certificate from stdin since no -in or -new option is given
Warning: Reading certificate from stdin since no -in or -new option is given
/usr/bin/openssl x509 -in SSSD_test_cert_x509_0001.pem -pubkey -noout > SSSD_test_cert_pubkey_0001.pem
/usr/bin/ssh-keygen -i -m PKCS8 -f SSSD_test_cert_pubkey_0001.pem > SSSD_test_cert_pubsshkey_0001.pub
/usr/bin/openssl x509 -in SSSD_test_cert_x509_0002.pem -pubkey -noout > SSSD_test_cert_pubkey_0002.pem
/usr/bin/ssh-keygen -i -m PKCS8 -f SSSD_test_cert_pubkey_0002.pem > SSSD_test_cert_pubsshkey_0002.pub
/usr/bin/openssl x509 -in SSSD_test_cert_x509_0003.pem -pubkey -noout > SSSD_test_cert_pubkey_0003.pem
/usr/bin/ssh-keygen -i -m PKCS8 -f SSSD_test_cert_pubkey_0003.pem > SSSD_test_cert_pubsshkey_0003.pub
/usr/bin/openssl x509 -in SSSD_test_cert_x509_0004.pem -pubkey -noout > SSSD_test_cert_pubkey_0004.pem
/usr/bin/ssh-keygen -i -m PKCS8 -f SSSD_test_cert_pubkey_0004.pem > SSSD_test_cert_pubsshkey_0004.pub
/usr/bin/openssl x509 -in SSSD_test_cert_x509_0005.pem -pubkey -noout > SSSD_test_cert_pubkey_0005.pem
/usr/bin/ssh-keygen -i -m PKCS8 -f SSSD_test_cert_pubkey_0005.pem > SSSD_test_cert_pubsshkey_0005.pub
/usr/bin/openssl x509 -in SSSD_test_cert_x509_0006.pem -pubkey -noout > SSSD_test_cert_pubkey_0006.pem
/usr/bin/ssh-keygen -i -m PKCS8 -f SSSD_test_cert_pubkey_0006.pem > SSSD_test_cert_pubsshkey_0006.pub
/usr/bin/openssl x509 -in SSSD_test_cert_x509_0007.pem -pubkey -noout > SSSD_test_cert_pubkey_0007.pem
/usr/bin/ssh-keygen -i -m PKCS8 -f SSSD_test_cert_pubkey_0007.pem > SSSD_test_cert_pubsshkey_0007.pub
/usr/bin/openssl pkcs12 -export -in SSSD_test_cert_x509_0001.pem -inkey ./SSSD_test_cert_key_0001.pem -nodes -passout file:pwdfile -out SSSD_test_cert_pkcs12_0001.pem
Warning: output encryption option -nodes ignored with -export
/usr/bin/openssl pkcs12 -export -in SSSD_test_cert_x509_0002.pem -inkey ./SSSD_test_cert_key_0002.pem -nodes -passout file:pwdfile -out SSSD_test_cert_pkcs12_0002.pem
Warning: output encryption option -nodes ignored with -export
/usr/bin/openssl pkcs12 -export -in SSSD_test_cert_x509_0003.pem -inkey ./SSSD_test_cert_key_0003.pem -nodes -passout file:pwdfile -out SSSD_test_cert_pkcs12_0003.pem
Warning: output encryption option -nodes ignored with -export
/usr/bin/openssl pkcs12 -export -in SSSD_test_cert_x509_0004.pem -inkey ./SSSD_test_cert_key_0004.pem -nodes -passout file:pwdfile -out SSSD_test_cert_pkcs12_0004.pem
Warning: output encryption option -nodes ignored with -export
/usr/bin/openssl pkcs12 -export -in SSSD_test_cert_x509_0005.pem -inkey ./SSSD_test_cert_key_0005.pem -nodes -passout file:pwdfile -out SSSD_test_cert_pkcs12_0005.pem
Warning: output encryption option -nodes ignored with -export
/usr/bin/openssl pkcs12 -export -in SSSD_test_cert_x509_0006.pem -inkey ./SSSD_test_cert_key_0001.pem -nodes -passout file:pwdfile -out SSSD_test_cert_pkcs12_0006.pem
Warning: output encryption option -nodes ignored with -export
/usr/bin/openssl pkcs12 -export -in SSSD_test_cert_x509_0007.pem -inkey ./SSSD_test_cert_key_0007.pem -nodes -passout file:pwdfile -out SSSD_test_cert_pkcs12_0007.pem
Warning: output encryption option -nodes ignored with -export
mkdir softhsm2_none
SOFTHSM2_CONF=./softhsm2_none.conf /usr/bin/softhsm2-util --init-token  --label "SSSD Test Token" --pin 123456 --so-pin 123456 --free
Slot 0 has a free/uninitialized token.
The token has been initialized and is reassigned to slot 2007345878
mkdir softhsm2_one
SOFTHSM2_CONF=./softhsm2_one.conf /usr/bin/softhsm2-util --init-token  --label "SSSD Test Token" --pin 123456 --so-pin 123456 --free
Slot 0 has a free/uninitialized token.
The token has been initialized and is reassigned to slot 2123374327
GNUTLS_PIN=123456 SOFTHSM2_CONF=./softhsm2_one.conf /usr/bin/p11tool --provider=/usr/lib64/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0001.pem --login  --label 'SSSD test cert 0001' --id 'C554C9F82C2A9D58B70921C143304153A8A42F17'
GNUTLS_PIN=123456 SOFTHSM2_CONF=./softhsm2_one.conf /usr/bin/p11tool --provider=/usr/lib64/softhsm/libsofthsm2.so --write --load-privkey=./SSSD_test_cert_key_0001.pem --login  --label 'SSSD test cert 0001' --id 'C554C9F82C2A9D58B70921C143304153A8A42F17'
mkdir softhsm2_two
SOFTHSM2_CONF=./softhsm2_two.conf /usr/bin/softhsm2-util --init-token  --label "SSSD Test Token" --pin 123456 --so-pin 123456 --free
Slot 0 has a free/uninitialized token.
The token has been initialized and is reassigned to slot 1648150235
GNUTLS_PIN=123456 SOFTHSM2_CONF=./softhsm2_two.conf /usr/bin/p11tool --provider=/usr/lib64/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0002.pem --login  --label 'SSSD test cert 0002' --id '5405842D56CF31F0BB025A695C5F3E907051C5B9'
GNUTLS_PIN=123456 SOFTHSM2_CONF=./softhsm2_two.conf /usr/bin/p11tool --provider=/usr/lib64/softhsm/libsofthsm2.so --write --load-privkey=./SSSD_test_cert_key_0002.pem --login  --label 'SSSD test cert 0002' --id '5405842D56CF31F0BB025A695C5F3E907051C5B9'
GNUTLS_PIN=123456 SOFTHSM2_CONF=./softhsm2_two.conf /usr/bin/p11tool --provider=/usr/lib64/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0001.pem --login  --label 'SSSD test cert 0001' --id 'C554C9F82C2A9D58B70921C143304153A8A42F17'
GNUTLS_PIN=123456 SOFTHSM2_CONF=./softhsm2_two.conf /usr/bin/p11tool --provider=/usr/lib64/softhsm/libsofthsm2.so --write --load-privkey=./SSSD_test_cert_key_0001.pem --login  --label 'SSSD test cert 0001' --id 'C554C9F82C2A9D58B70921C143304153A8A42F17'
mkdir softhsm2_2tokens
SOFTHSM2_CONF=./softhsm2_2tokens.conf /usr/bin/softhsm2-util --init-token  --label "SSSD Test Token" --pin 123456 --so-pin 123456 --free
Slot 0 has a free/uninitialized token.
The token has been initialized and is reassigned to slot 126940159
GNUTLS_PIN=123456 SOFTHSM2_CONF=./softhsm2_2tokens.conf /usr/bin/p11tool --provider=/usr/lib64/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0001.pem --login  --label 'SSSD test cert 0001' --id 'C554C9F82C2A9D58B70921C143304153A8A42F17' pkcs11:token=SSSD%20Test%20Token
GNUTLS_PIN=123456 SOFTHSM2_CONF=./softhsm2_2tokens.conf /usr/bin/p11tool --provider=/usr/lib64/softhsm/libsofthsm2.so --write --load-privkey=./SSSD_test_cert_key_0001.pem --login  --label 'SSSD test cert 0001' --id 'C554C9F82C2A9D58B70921C143304153A8A42F17' pkcs11:token=SSSD%20Test%20Token
SOFTHSM2_CONF=./softhsm2_2tokens.conf /usr/bin/softhsm2-util --init-token  --label "SSSD Test Token Number 2" --pin 654321 --so-pin 654321 --free
Slot 1 has a free/uninitialized token.
The token has been initialized and is reassigned to slot 1238850424
GNUTLS_PIN=654321 SOFTHSM2_CONF=./softhsm2_2tokens.conf /usr/bin/p11tool --provider=/usr/lib64/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0002.pem --login  --label 'SSSD test cert 0002' --id '5405842D56CF31F0BB025A695C5F3E907051C5B9' pkcs11:token=SSSD%20Test%20Token%20Number%202
GNUTLS_PIN=654321 SOFTHSM2_CONF=./softhsm2_2tokens.conf /usr/bin/p11tool --provider=/usr/lib64/softhsm/libsofthsm2.so --write --load-privkey=./SSSD_test_cert_key_0002.pem --login  --label 'SSSD test cert 0002' --id '5405842D56CF31F0BB025A695C5F3E907051C5B9' pkcs11:token=SSSD%20Test%20Token%20Number%202
mkdir softhsm2_ocsp
SOFTHSM2_CONF=./softhsm2_ocsp.conf /usr/bin/softhsm2-util --init-token  --label "SSSD Test Token" --pin 123456 --so-pin 123456 --free
Slot 0 has a free/uninitialized token.
The token has been initialized and is reassigned to slot 1515052823
GNUTLS_PIN=123456 SOFTHSM2_CONF=./softhsm2_ocsp.conf /usr/bin/p11tool --provider=/usr/lib64/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0005.pem --login  --label 'SSSD test cert 0005' --id '1195833C424AB00297F582FC43FFFFAB47A64CC9'
GNUTLS_PIN=123456 SOFTHSM2_CONF=./softhsm2_ocsp.conf /usr/bin/p11tool --provider=/usr/lib64/softhsm/libsofthsm2.so --write --load-privkey=./SSSD_test_cert_key_0005.pem --login  --label 'SSSD test cert 0005' --id '1195833C424AB00297F582FC43FFFFAB47A64CC9'
mkdir softhsm2_2certs_same_id
SOFTHSM2_CONF=./softhsm2_2certs_same_id.conf /usr/bin/softhsm2-util --init-token  --label "SSSD Test Token" --pin 123456 --so-pin 123456 --free
Slot 0 has a free/uninitialized token.
The token has been initialized and is reassigned to slot 596614606
GNUTLS_PIN=123456 SOFTHSM2_CONF=./softhsm2_2certs_same_id.conf /usr/bin/p11tool --provider=/usr/lib64/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0006.pem --login  --label 'SSSD test cert 0006' --id '11111111'
GNUTLS_PIN=123456 SOFTHSM2_CONF=./softhsm2_2certs_same_id.conf /usr/bin/p11tool --provider=/usr/lib64/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0001.pem --login  --label 'SSSD test cert 0001' --id '11111111'
GNUTLS_PIN=123456 SOFTHSM2_CONF=./softhsm2_2certs_same_id.conf /usr/bin/p11tool --provider=/usr/lib64/softhsm/libsofthsm2.so --write --load-privkey=./SSSD_test_cert_key_0001.pem --login  --label 'SSSD test cert 0001' --id '11111111'
mkdir softhsm2_pss_one
SOFTHSM2_CONF=./softhsm2_pss_one.conf /usr/bin/softhsm2-util --init-token  --label "SSSD Test Token" --pin 123456 --so-pin 123456 --free
Slot 0 has a free/uninitialized token.
The token has been initialized and is reassigned to slot 1934241977
GNUTLS_PIN=123456 SOFTHSM2_CONF=./softhsm2_pss_one.conf /usr/bin/p11tool --provider=/usr/lib64/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0007.pem --login  --label 'SSSD test cert 0007' --id 'C554C9F82C2A9D58B70921C143304153A8A42F17'
GNUTLS_PIN=123456 SOFTHSM2_CONF=./softhsm2_pss_one.conf /usr/bin/p11tool --provider=/usr/lib64/softhsm/libsofthsm2.so --write --load-privkey=./SSSD_test_cert_key_0007.pem --login  --label 'SSSD test cert 0007' --id 'C554C9F82C2A9D58B70921C143304153A8A42F17'
ID_VAR=pkcs11:model=SoftHSM%20v2
ID_VAR=pkcs11:model=SoftHSM%20v2
rm SSSD_test_cert_req_0007.pem SSSD_test_cert_pubkey_0002.pem SSSD_test_cert_pubkey_0003.pem SSSD_test_cert_req_0004.pem SSSD_test_cert_req_0006.pem SSSD_test_cert_req_0005.pem SSSD_test_cert_req_0003.pem SSSD_test_cert_pubkey_0007.pem SSSD_test_cert_req_0002.pem SSSD_test_cert_pubkey_0005.pem SSSD_test_cert_pubkey_0004.pem SSSD_test_cert_pubkey_0006.pem SSSD_test_cert_pubkey_0001.pem SSSD_test_cert_req_0001.pem
make[1]: Leaving directory '/home/tkloczko/rpmbuild/BUILD/sssd-2.9.4/src/tests/test_CA'
make -C src/tests/test_CA/intermediate_CA ca_all
make[1]: Entering directory '/home/tkloczko/rpmbuild/BUILD/sssd-2.9.4/src/tests/test_CA/intermediate_CA'
test -z "index.txt  index.txt.attr index.txt.attr.old  index.txt.old SSSD_test_intermediate_CA.pem SSSD_test_intermediate_CA_req.pem SSSD_test_intermediate_CA_full_db.pem SSSD_test_CA.pem pwdfile SSSD_test_intermediate_CA_cert_x509_0001.pem SSSD_test_intermediate_CA_cert_x509_0001.h SSSD_test_intermediate_CA_cert_pubsshkey_0001.pub SSSD_test_intermediate_CA_cert_pubsshkey_0001.h SSSD_test_intermediate_CA_cert_pkcs12_0001.pem softhsm2_*.conf " || rm -f index.txt  index.txt.attr index.txt.attr.old  index.txt.old SSSD_test_intermediate_CA.pem SSSD_test_intermediate_CA_req.pem SSSD_test_intermediate_CA_full_db.pem SSSD_test_CA.pem pwdfile SSSD_test_intermediate_CA_cert_x509_0001.pem SSSD_test_intermediate_CA_cert_x509_0001.h SSSD_test_intermediate_CA_cert_pubsshkey_0001.pub SSSD_test_intermediate_CA_cert_pubsshkey_0001.h SSSD_test_intermediate_CA_cert_pkcs12_0001.pem softhsm2_*.conf
rm -rf .libs _libs
rm -rf newcerts
rm -rf softhsm*
rm -rf serial*
rm -f *.lo
make -C ./.. SSSD_test_CA.pem
make[2]: Entering directory '/home/tkloczko/rpmbuild/BUILD/sssd-2.9.4/src/tests/test_CA'
/usr/bin/openssl req -batch -config ./SSSD_test_CA.config -x509 -new -nodes -key SSSD_test_CA_key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out SSSD_test_CA.pem
make[2]: Leaving directory '/home/tkloczko/rpmbuild/BUILD/sssd-2.9.4/src/tests/test_CA'
ln -s ./../SSSD_test_CA.pem
/usr/bin/openssl req -batch -config ./SSSD_test_intermediate_CA.config -new -nodes -key /home/tkloczko/rpmbuild/BUILD/sssd-2.9.4/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_key.pem -sha256 -extensions v3_ca -out SSSD_test_intermediate_CA_req.pem
Error adding request extensions from section v3_ca
80D2D154697F0000:error:11000079:X509 V3 routines:v2i_AUTHORITY_KEYID:no issuer certificate:crypto/x509/v3_akid.c:156:
80D2D154697F0000:error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension:crypto/x509/v3_conf.c:48:section=v3_ca, name=authorityKeyIdentifier, value=keyid:always,issuer:always
make[1]: *** [Makefile:760: SSSD_test_intermediate_CA_req.pem] Error 1
make[1]: Leaving directory '/home/tkloczko/rpmbuild/BUILD/sssd-2.9.4/src/tests/test_CA/intermediate_CA'
sumit-bose commented 9 months ago

Hi,

thank you for the report, this should be already fixed by https://github.com/SSSD/sssd/pull/7151.

bye, Sumit

kloczek commented 9 months ago

OK .. one sec will try to test that PR 😋

kloczek commented 9 months ago

Just tested that and indeed it fixes the issue. Thank you.

PS. However still it is problem with linking many test suite binaries when sssd is build with LTO (we've discussed that in #5575). Did you found maybe in mean time some way how to deal with that? 🤔

```console make[3]: 'responder-get-domains-tests' is up to date. make[3]: 'config_check-tests' is up to date. /bin/sh ./libtool --tag=CC --mode=link /usr/bin/gcc -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wundef -Werror-implicit-function-declaration -Winit-self -Wmissing-include-dirs -fno-strict-aliasing -std=gnu99 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -O2 -g -grecord-gcc-switches -pipe -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -fdata-sections -ffunction-sections -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -Wall -Werror=format-security -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--gc-sections -Wl,--as-needed -Wl,--build-id=sha1 -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-z,pack-relative-relocs -o test_search_bases src/tests/cmocka/test_search_bases.o -lcmocka -ltalloc libsss_util.la libsss_crypt.la libsss_debug.la libsss_child.la libsss_ldap_common.la libsss_test_common.la libdlopen_test_providers.la libsss_iface.la libsss_sbus.la libtool: link: /usr/bin/gcc -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wundef -Werror-implicit-function-declaration -Winit-self -Wmissing-include-dirs -fno-strict-aliasing -std=gnu99 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -O2 -g -grecord-gcc-switches -pipe -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -fdata-sections -ffunction-sections -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -Wall -Werror=format-security -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--gc-sections -Wl,--as-needed -Wl,--build-id=sha1 -Wl,-z -Wl,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-z -Wl,pack-relative-relocs -o .libs/test_search_bases src/tests/cmocka/test_search_bases.o -lcmocka ./.libs/libsss_util.so -L/usr/lib64 ./.libs/libsss_crypt.so ./.libs/libsss_debug.so ./.libs/libsss_child.so ./.libs/libsss_ldap_common.so -llber -lldap /home/tkloczko/rpmbuild/BUILD/sssd-2.9.3/.libs/libsss_krb5_common.so -lkrb5 -lk5crypto -lcom_err /home/tkloczko/rpmbuild/BUILD/sssd-2.9.3/.libs/libsss_idmap.so /home/tkloczko/rpmbuild/BUILD/sssd-2.9.3/.libs/libsss_certmap.so ./.libs/libsss_test_common.a /home/tkloczko/rpmbuild/BUILD/sssd-2.9.3/.libs/libsss_util.so -lpopt -lldb -lselinux -ltdb -lpcre2-8 -lini_config -lbasicobjects -lref_array -lcollection /home/tkloczko/rpmbuild/BUILD/sssd-2.9.3/.libs/libsss_cert.so /home/tkloczko/rpmbuild/BUILD/sssd-2.9.3/.libs/libsss_crypt.so -lcrypto /home/tkloczko/rpmbuild/BUILD/sssd-2.9.3/.libs/libsss_child.so /home/tkloczko/rpmbuild/BUILD/sssd-2.9.3/.libs/libsss_debug.so -lsystemd ./.libs/libdlopen_test_providers.a ./.libs/libsss_iface.so /home/tkloczko/rpmbuild/BUILD/sssd-2.9.3/.libs/libsss_sbus.so ./.libs/libsss_sbus.so -ldhash -ltevent -ltalloc -ldbus-1 -lunistring -Wl,-rpath -Wl,/usr/lib64/sssd /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `resolv_gethostbyname_recv' /usr/bin/ld: /home/tkloczko/rpmbuild/BUILD/sssd-2.9.3/.libs/libsss_krb5_common.so: undefined reference to `fo_server_first' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_nsupdate_create_fwd_msg' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `resolv_gethostbyname_send' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `dp_sbus_invalidate_group_memcache' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `_dp_opt_set_string' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_mark_offline' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `nsupdate_get_addrs_recv' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_fo_add_service' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `_dp_opt_get_bool' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `_dp_opt_set_int' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `dp_get_options' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_req2str' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_fo_add_srv_server' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_resolve_server_recv' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `_dp_opt_get_int' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_ptask_create' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `fo_is_srv_lookup' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `sss_iface_addr_list_as_str_list' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_ptask_destroy' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `resolv_get_sockaddr_address_index' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_resolve_server_send' /usr/bin/ld: /home/tkloczko/rpmbuild/BUILD/sssd-2.9.3/.libs/libsss_krb5_common.so: undefined reference to `be_fo_run_callbacks_at_next_request' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `_dp_opt_set_blob' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `_dp_opt_get_cstring' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_ptask_postpone' /usr/bin/ld: /home/tkloczko/rpmbuild/BUILD/sssd-2.9.3/.libs/libsss_krb5_common.so: undefined reference to `fo_is_server_primary' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `dp_error_to_ret' /usr/bin/ld: /home/tkloczko/rpmbuild/BUILD/sssd-2.9.3/.libs/libsss_krb5_common.so: undefined reference to `fo_server_count' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `fo_get_server_hostent' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `dp_reply_std_set' /usr/bin/ld: /home/tkloczko/rpmbuild/BUILD/sssd-2.9.3/.libs/libsss_krb5_common.so: undefined reference to `fo_server_next' /usr/bin/ld: /home/tkloczko/rpmbuild/BUILD/sssd-2.9.3/.libs/libsss_krb5_common.so: undefined reference to `fo_get_use_search_list' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_nsupdate_send' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_ptask_running' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_fo_service_add_callback' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `_dp_set_method' /usr/bin/ld: /home/tkloczko/rpmbuild/BUILD/sssd-2.9.3/.libs/libsss_krb5_common.so: undefined reference to `resolv_get_string_address_index' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_fo_reset_svc' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_ptask_create_sync' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `_be_fo_set_port_status' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_fo_get_server_count' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `fo_get_server_user_data' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `fo_get_server_port' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `_dp_opt_get_blob' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_nsupdate_create_ptr_msg' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_refresh_ctx_init_with_callbacks' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `default_host_dbs' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `sss_iface_addr_list_get' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_run_unconditional_online_cb' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `fo_get_server_str_name' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `_dp_target_enabled' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_nsupdate_recv' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `sss_get_dualstack_addresses' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `nsupdate_get_addrs_send' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `_dp_opt_get_string' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_run_online_cb' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `resolv_strerror' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `sss_iface_addr_concatenate' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `dp_option_inherit_match' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_add_offline_cb' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_fo_is_srv_identifier' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_add_reconnect_cb' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_is_offline' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_refresh_acct_req' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `fo_get_server_name' /usr/bin/ld: /home/tkloczko/rpmbuild/BUILD/sssd-2.9.3/.libs/libsss_krb5_common.so: undefined reference to `be_mark_dom_offline' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_add_online_cb' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_fo_add_server' /usr/bin/ld: ./.libs/libsss_ldap_common.so: undefined reference to `be_fo_try_next_server' collect2: error: ld returned 1 exit status make[3]: *** [Makefile:20058: test_search_bases] Error 1 ```
kloczek commented 9 months ago

No wait .. above fail on linking is with disabled LTO 🤔

kloczek commented 9 months ago

I found in my notes that I've already opened thicket for above #5710

alexey-tikhonov commented 9 months ago

Pushed PR: https://github.com/SSSD/sssd/pull/7151