# SSSD 2.6.2
The SSSD team is proud to announce the release of version 2.6.2 of the System Security Services Daemon. The tarball can be downloaded from: https://github.com/SSSD/sssd/releases/tag/2.6.2
See the full release notes at: https://sssd.io/release-notes/sssd-2.6.2.html
## Feedback
Please provide comments, bugs and other feedback via the sssd-devel or sssd-users mailing lists: https://lists.fedorahosted.org/mailman/listinfo/sssd-devel https://lists.fedorahosted.org/mailman/listinfo/sssd-users
## Highlights
### Important fixes
* Quick log out and log in did not correctly refresh user's initgroups in `no_session` PAM schema due to lingering systemd processes.
On Thursday 2021-12-23 16:03, Alexey Tikhonov wrote:
The SSSD team is proud to announce the release of version 2.6.2 of the System Security Services Daemon. The tarball can be downloaded from: https://github.com/SSSD/sssd/releases/tag/2.6.2
-rw-r--r-- 1 jengelh users 7598580 Dec 23 15:46+0100 sssd-2.6.2.tar.gz -rw-r--r-- 1 jengelh users 833 Dec 23 15:46+0100 sssd-2.6.2.tar.gz.asc md5sum: a07f6c77fa846b910bf2d8662b010717 1.gz c883aa3c4b161595f593d88b949371b1 1.gz.asc gpg: Signature made 2021-12-23T15:33:39 CET gpg: using RSA key 1597174989DDD7EE68DACCBD75FBD239B5E3AF9B
Later, build.opensuse.org rejected the submission because something sneakily changed upstream
-rw-r--r-- 1 jengelh users 7598580 Dec 23 15:46+0100 sssd-2.6.2.tar.gz -rw-r--r-- 1 jengelh users 833 Dec 23 16:22+0100 sssd-2.6.2.tar.gz.asc a07f6c77fa846b910bf2d8662b010717 sssd-2.6.2.tar.gz 548cff73689925889f040f4b38e613ca sssd-2.6.2.tar.gz.asc gpg: Signature made 2021-12-23T16:21:08 CET gpg: using RSA key 930201AAB42DD1947210B7838D7326351A726211
Besides that, where can we get the GPG keys? The keyserver infrastructure is a bit in disarray (keys.openpgp.net is the only modern instance left, and it needs some extra steps from key owners) and does not seem to hold either key with a name.
I am currently out of the office, but plan to return to my desk on Monday, January 3, 2022 at 7am.
If you require assistance with a server that is hosted by VCU Infrastructure Services, please submit a support ticket https://itsupport.vcu.edu/CherwellPortal.
If this is an emergency, please contact the Network Operations Center at (804) 828-1802.
I apologise for any inconvenience.
Make it be a great day,
*J. Adam Craig* Lead Linux Operating Systems Analyst VCU Infrastructure Services https://www.ucc.vcu.edu/ Technology Services Department 804.828.4886 jacraig@vcu.edu
https://adminmicro2.questionpro.com/?t_340030260=J.%20Adam%20Craig&u_65977055=351791134 *Don't be a phishing victim -- VCU and other reputable organisations will never use email to request that you reply with your password, social security number or confidential personal information. For more details, visit https://ts.vcu.edu/about-us/information-security/common-questions/what-is-ph... https://ts.vcu.edu/about-us/information-security/common-questions/what-is-phishing*
On Thu, Dec 23, 2021 at 11:25 PM Jan Engelhardt jengelh@inai.de wrote:
The SSSD team is proud to announce the release of version 2.6.2 of the System Security Services Daemon. The tarball can be downloaded from: https://github.com/SSSD/sssd/releases/tag/2.6.2
-rw-r--r-- 1 jengelh users 7598580 Dec 23 15:46+0100 sssd-2.6.2.tar.gz -rw-r--r-- 1 jengelh users 833 Dec 23 15:46+0100 sssd-2.6.2.tar.gz.asc md5sum: a07f6c77fa846b910bf2d8662b010717 1.gz c883aa3c4b161595f593d88b949371b1 1.gz.asc gpg: Signature made 2021-12-23T15:33:39 CET gpg: using RSA key 1597174989DDD7EE68DACCBD75FBD239B5E3AF9B
Later, build.opensuse.org rejected the submission because something sneakily changed upstream
-rw-r--r-- 1 jengelh users 7598580 Dec 23 15:46+0100 sssd-2.6.2.tar.gz -rw-r--r-- 1 jengelh users 833 Dec 23 16:22+0100 sssd-2.6.2.tar.gz.asc a07f6c77fa846b910bf2d8662b010717 sssd-2.6.2.tar.gz 548cff73689925889f040f4b38e613ca sssd-2.6.2.tar.gz.asc gpg: Signature made 2021-12-23T16:21:08 CET gpg: using RSA key 930201AAB42DD1947210B7838D7326351A726211
My fault: once I published this release and we started Fedora rebase, we realized that I used different keys to sign 2.6.2 tag and tarball. That's why I created and uploaded a new tarball signature. This time using the same key as was used to sign the tag.
Besides that, where can we get the GPG keys? The keyserver infrastructure
is a
bit in disarray (keys.openpgp.net is the only modern instance left, and it needs some extra steps from key owners) and does not seem to hold either
key
with a name.
We used keys.gnupg.net but it seems to be broken now. keys.openpgp.net doesn't work for me either. We will discuss this topic within the maintainers team in January and will announce decisions made. Meanwhile I uploaded this key to https://keys.openpgp.org/
This is not ideal but what you can check right now:
(1) if you click on a green "check" near the "2.6.2" tag label in release at GitHub, you can see: - "This tag was signed with the committer’s verified signature." - GPG key ID: 8D7326351A726211 -- this is the same key ID as you see in (updated) sssd-2.6.2.tar.gz.asc (compare last 16 chars) So, if I understand correctly, at least you can be sure tarball is signed with the same key as uploaded to github.com/alexey-tikhonov profile - member of SSSD org.
(2) Not a real argument, of course, but you can check that this tarball was used for a Fedora rebase: - https://bodhi.fedoraproject.org/updates/FEDORA-2021-5558bc3b55 - https://koji.fedoraproject.org/koji/buildinfo?buildID=1869895 - https://kojipkgs.fedoraproject.org//packages/sssd/2.6.2/1.fc36/src/sssd-2.6.... -- see content
(3) you can compare sources with the 2.6.2 tag upstream. There is also `scripts/release.sh` that is used to generate tarballs, but the result might differ a bit depending on the autotools version.
Sorry for the confusion I created - this was the first time I published an upstream release.
sssd-users@lists.fedorahosted.org
-
Alexey Tikhonov -
jacraig@vcu.edu -
Jan Engelhardt