From 4dcfca8ec4590ab056b19fe495f5715aa8f27385 Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/patches/softhsm.patch         | 30 ++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch   | 21 +++++++++
 srcpkgs/sssd/template                      | 52 ++++++++++++---------
 srcpkgs/sssd/update                        |  1 -
 7 files changed, 115 insertions(+), 102 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..22d4e771bb97 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,21 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+make_check_args="VERBOSE=yes"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
- ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ nss-devel ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel
+ glib-devel libnfsidmap-devel p11-kit-devel jansson-devel python3-devel
+ libcurl-devel libunistring-devel"
+checkdepends="bc openssh softhsm gnutls-tools"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,29 +23,38 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+# * Requires to manually make CA for tests, although it should be
+#   done by default.
+#make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+export CK_TIMEOUT_MULTIPLIER=10
+
+if [ "$XBPS_TARGET_LIBC" != glibc ]; then
 	broken="nscd is glibc only"
 fi
 
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
+if [ "$XBPS_CHECK_PKGS" ]; then
+	makedepends+=" cmocka-devel check-devel"
+fi
 
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"