[PR PATCH] sssd: update to 2.8.1.

[PR PATCH] sssd: update to 2.8.1.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 643 bytes --]

There is a new pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.1.
I do not use this package, therefore any help is appreciated.

#### Testing the changes
- I tested the changes in this PR: **NO**

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 12498 bytes --]

From c5004b7ffdea16a957fa1046444522e5889f3d20 Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Tue, 29 Nov 2022 19:28:31 +0300
Subject: [PATCH] sssd: update to 2.8.1.

Dependencies:

* libwbclient is deprecated and removed upstream.

* oidc-child now requires libjose which is not present in the
repository; hence it is disabled.

* libxslt-devel is not used for building; xsltproc from libxslt is
used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
anywhere in the source code.

Patches:

* fix_test.patch is removed since I am not able to test it out.

* libressl.patch is removed due to openssl replacing libressl.

"--without-python2-bindings" can safely be omitted from configure_args.
---
 srcpkgs/sssd/patches/configure-cross.patch | 33 ++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 --------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 ----------
 srcpkgs/sssd/patches/path_hosts.patch      | 59 ++++++++++++++++++++++
 srcpkgs/sssd/patches/src.patch             | 28 ++++++++++
 srcpkgs/sssd/template                      | 29 ++++++-----
 6 files changed, 137 insertions(+), 92 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure-cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/path_hosts.patch
 create mode 100644 srcpkgs/sssd/patches/src.patch

diff --git a/srcpkgs/sssd/patches/configure-cross.patch b/srcpkgs/sssd/patches/configure-cross.patch
new file mode 100644
index 000000000000..163ad47b4e31
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure-cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+In this case it is preferred to skip execution instead of quitting.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/path_hosts.patch b/srcpkgs/sssd/patches/path_hosts.patch
new file mode 100644
index 000000000000..e659b701acd4
--- /dev/null
+++ b/srcpkgs/sssd/patches/path_hosts.patch
@@ -0,0 +1,59 @@
+The following patch was appropriated from:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/musl_fixup.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+---
+
+fix musl build failures
+
+Missing _PATH_HOSTS and some NETDB defines when musl is enabled.
+
+These are work arounds for now while we figure out where the real fix should reside (musl, gcompact, sssd):
+
+./sssd-2.5.1/src/providers/fail_over.c:1199:19: error: '_PATH_HOSTS' undeclared (first use in this function)
+|  1199 |                   _PATH_HOSTS);
+|       |                   ^~~~~~~~~~~
+
+and 
+
+i./sssd-2.5.1/src/sss_client/nss_ipnetworks.c:415:21: error: 'NETDB_INTERNAL' undeclared (first use in this function)
+|   415 |         *h_errnop = NETDB_INTERNAL;
+
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: sssd-2.5.1/src/providers/fail_over.c
+===================================================================
+--- sssd-2.5.1.orig/src/providers/fail_over.c
++++ sssd-2.5.1/src/providers/fail_over.c
+@@ -31,6 +31,10 @@
+ #include <talloc.h>
+ #include <netdb.h>
+ 
++#if !defined(_PATH_HOSTS)
++#define _PATH_HOSTS     "/etc/hosts"
++#endif
++
+ #include "util/dlinklist.h"
+ #include "util/refcount.h"
+ #include "util/util.h"
+Index: sssd-2.5.1/src/sss_client/sss_cli.h
+===================================================================
+--- sssd-2.5.1.orig/src/sss_client/sss_cli.h
++++ sssd-2.5.1/src/sss_client/sss_cli.h
+@@ -44,6 +44,14 @@ typedef int errno_t;
+ #define EOK 0
+ #endif
+ 
++#ifndef NETDB_INTERNAL
++# define NETDB_INTERNAL (-1)
++#endif
++
++#ifndef NETDB_SUCCESS
++# define NETDB_SUCCESS (0)
++#endif
++
+ #define SSS_NSS_PROTOCOL_VERSION 1
+ #define SSS_PAM_PROTOCOL_VERSION 3
+ #define SSS_SUDO_PROTOCOL_VERSION 1
diff --git a/srcpkgs/sssd/patches/src.patch b/srcpkgs/sssd/patches/src.patch
new file mode 100644
index 000000000000..991b4bbbdc04
--- /dev/null
+++ b/srcpkgs/sssd/patches/src.patch
@@ -0,0 +1,28 @@
+Source:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/0002-src.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
+index af3563e65..2d98829ad 100644
+--- a/src/confdb/confdb.h
++++ b/src/confdb/confdb.h
+@@ -22,6 +22,7 @@
+ #ifndef _CONF_DB_H
+ #define _CONF_DB_H
+ 
++#include <sys/types.h>
+ #include <stdbool.h>
+ #include <talloc.h>
+ #include <tevent.h>
+diff --git a/src/util/util.h b/src/util/util.h
+index 6dfd2540c..e54ca5bd5 100644
+--- a/src/util/util.h
++++ b/src/util/util.h
+@@ -30,6 +30,7 @@
+ #include <time.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <sys/param.h>
+ #include <netinet/in.h>
+ 
+ #include <talloc.h>
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index d57d4f47c84e..c56aabc3d534 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,19 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.1
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ nss-devel libnfsidmap-devel p11-kit-devel jansson-devel python3-devel
+ libcurl-devel cmocka-devel check-devel libunistring-devel"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,19 +21,25 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
  /etc/sssd/ 0700 root root
  /var/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=1a7835563436c8cb14c0af848750557fbba1326dd9369b53d96be484600f3188
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# src/tests/cmocka/test_negcache_2.c:113:15: error: implicit declaration of function 'fgetpwent'
+make_check="no"
+
+if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	makedepends+=" musl-nscd-devel"
+fi
+
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
 
 do_check() {
 	export CK_TIMEOUT_MULTIPLIER=10

Re: [PR PATCH] [Updated] sssd: update to 2.8.1.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 670 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.1.
I do not use this package, therefore any help is appreciated.

Related to #39083.

#### Testing the changes
- I tested the changes in this PR: **NO**

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 12638 bytes --]

From 4e0ca2076e38defe44352498f6965ab36242745d Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Tue, 29 Nov 2022 19:28:31 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* oidc-child now requires libjose which is not present in the
repository; hence it is disabled.

* libxslt-devel is not used for building; xsltproc from libxslt is
used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
anywhere in the source code.

Patches:

* fix_test.patch is removed since I am not able to test it out due to
other tests failing for unrelated reasons.

* libressl.patch is removed due to openssl replacing libressl.

"--without-python2-bindings" can safely be omitted from configure_args.
---
 srcpkgs/sssd/patches/configure-cross.patch | 33 ++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 --------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 ----------
 srcpkgs/sssd/patches/path_hosts.patch      | 59 ++++++++++++++++++++++
 srcpkgs/sssd/patches/src.patch             | 28 ++++++++++
 srcpkgs/sssd/template                      | 29 ++++++-----
 6 files changed, 135 insertions(+), 94 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure-cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/path_hosts.patch
 create mode 100644 srcpkgs/sssd/patches/src.patch

diff --git a/srcpkgs/sssd/patches/configure-cross.patch b/srcpkgs/sssd/patches/configure-cross.patch
new file mode 100644
index 000000000000..163ad47b4e31
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure-cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+In this case it is preferred to skip execution instead of quitting.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/path_hosts.patch b/srcpkgs/sssd/patches/path_hosts.patch
new file mode 100644
index 000000000000..e659b701acd4
--- /dev/null
+++ b/srcpkgs/sssd/patches/path_hosts.patch
@@ -0,0 +1,59 @@
+The following patch was appropriated from:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/musl_fixup.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+---
+
+fix musl build failures
+
+Missing _PATH_HOSTS and some NETDB defines when musl is enabled.
+
+These are work arounds for now while we figure out where the real fix should reside (musl, gcompact, sssd):
+
+./sssd-2.5.1/src/providers/fail_over.c:1199:19: error: '_PATH_HOSTS' undeclared (first use in this function)
+|  1199 |                   _PATH_HOSTS);
+|       |                   ^~~~~~~~~~~
+
+and 
+
+i./sssd-2.5.1/src/sss_client/nss_ipnetworks.c:415:21: error: 'NETDB_INTERNAL' undeclared (first use in this function)
+|   415 |         *h_errnop = NETDB_INTERNAL;
+
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: sssd-2.5.1/src/providers/fail_over.c
+===================================================================
+--- sssd-2.5.1.orig/src/providers/fail_over.c
++++ sssd-2.5.1/src/providers/fail_over.c
+@@ -31,6 +31,10 @@
+ #include <talloc.h>
+ #include <netdb.h>
+ 
++#if !defined(_PATH_HOSTS)
++#define _PATH_HOSTS     "/etc/hosts"
++#endif
++
+ #include "util/dlinklist.h"
+ #include "util/refcount.h"
+ #include "util/util.h"
+Index: sssd-2.5.1/src/sss_client/sss_cli.h
+===================================================================
+--- sssd-2.5.1.orig/src/sss_client/sss_cli.h
++++ sssd-2.5.1/src/sss_client/sss_cli.h
+@@ -44,6 +44,14 @@ typedef int errno_t;
+ #define EOK 0
+ #endif
+ 
++#ifndef NETDB_INTERNAL
++# define NETDB_INTERNAL (-1)
++#endif
++
++#ifndef NETDB_SUCCESS
++# define NETDB_SUCCESS (0)
++#endif
++
+ #define SSS_NSS_PROTOCOL_VERSION 1
+ #define SSS_PAM_PROTOCOL_VERSION 3
+ #define SSS_SUDO_PROTOCOL_VERSION 1
diff --git a/srcpkgs/sssd/patches/src.patch b/srcpkgs/sssd/patches/src.patch
new file mode 100644
index 000000000000..991b4bbbdc04
--- /dev/null
+++ b/srcpkgs/sssd/patches/src.patch
@@ -0,0 +1,28 @@
+Source:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/0002-src.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
+index af3563e65..2d98829ad 100644
+--- a/src/confdb/confdb.h
++++ b/src/confdb/confdb.h
+@@ -22,6 +22,7 @@
+ #ifndef _CONF_DB_H
+ #define _CONF_DB_H
+ 
++#include <sys/types.h>
+ #include <stdbool.h>
+ #include <talloc.h>
+ #include <tevent.h>
+diff --git a/src/util/util.h b/src/util/util.h
+index 6dfd2540c..e54ca5bd5 100644
+--- a/src/util/util.h
++++ b/src/util/util.h
+@@ -30,6 +30,7 @@
+ #include <time.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <sys/param.h>
+ #include <netinet/in.h>
+ 
+ #include <talloc.h>
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..a4056ba7a978 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,19 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ nss-devel libnfsidmap-devel p11-kit-devel jansson-devel python3-devel
+ libcurl-devel cmocka-devel check-devel libunistring-devel"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,24 +21,26 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
  /etc/sssd/ 0700 root root
  /var/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# src/tests/cmocka/test_negcache_2.c:113:15: error: implicit declaration of function 'fgetpwent'
+make_check="no"
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
+if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	makedepends+=" musl-nscd-devel"
 fi
 
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+
 do_check() {
 	export CK_TIMEOUT_MULTIPLIER=10
 	make check VERBOSE=yes

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 670 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help is appreciated.

Related to #39083.

#### Testing the changes
- I tested the changes in this PR: **NO**

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 17711 bytes --]

From a220b9c74019e06e07d7af63821cdc2c8ce566f4 Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Tue, 29 Nov 2022 19:28:31 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
test_negcache.patch

Misc:

* "--without-python2-bindings" can safely be omitted from
configure_args.

* oidc-child now requires libjose which is not present in the
repository; hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch  | 33 +++++++++
 srcpkgs/sssd/patches/fix_tests.patch        | 54 ---------------
 srcpkgs/sssd/patches/libressl.patch         | 26 --------
 srcpkgs/sssd/patches/missing_includes.patch | 28 ++++++++
 srcpkgs/sssd/patches/path_hosts.patch       | 59 ++++++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch    | 21 ++++++
 srcpkgs/sssd/patches/test_negcache_2.patch  | 27 ++++++++
 srcpkgs/sssd/patches/test_softhsm.patch     | 30 +++++++++
 srcpkgs/sssd/template                       | 74 ++++++++++++++++-----
 9 files changed, 256 insertions(+), 96 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/missing_includes.patch
 create mode 100644 srcpkgs/sssd/patches/path_hosts.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache_2.patch
 create mode 100644 srcpkgs/sssd/patches/test_softhsm.patch

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/missing_includes.patch b/srcpkgs/sssd/patches/missing_includes.patch
new file mode 100644
index 000000000000..991b4bbbdc04
--- /dev/null
+++ b/srcpkgs/sssd/patches/missing_includes.patch
@@ -0,0 +1,28 @@
+Source:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/0002-src.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
+index af3563e65..2d98829ad 100644
+--- a/src/confdb/confdb.h
++++ b/src/confdb/confdb.h
+@@ -22,6 +22,7 @@
+ #ifndef _CONF_DB_H
+ #define _CONF_DB_H
+ 
++#include <sys/types.h>
+ #include <stdbool.h>
+ #include <talloc.h>
+ #include <tevent.h>
+diff --git a/src/util/util.h b/src/util/util.h
+index 6dfd2540c..e54ca5bd5 100644
+--- a/src/util/util.h
++++ b/src/util/util.h
+@@ -30,6 +30,7 @@
+ #include <time.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <sys/param.h>
+ #include <netinet/in.h>
+ 
+ #include <talloc.h>
diff --git a/srcpkgs/sssd/patches/path_hosts.patch b/srcpkgs/sssd/patches/path_hosts.patch
new file mode 100644
index 000000000000..e659b701acd4
--- /dev/null
+++ b/srcpkgs/sssd/patches/path_hosts.patch
@@ -0,0 +1,59 @@
+The following patch was appropriated from:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/musl_fixup.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+---
+
+fix musl build failures
+
+Missing _PATH_HOSTS and some NETDB defines when musl is enabled.
+
+These are work arounds for now while we figure out where the real fix should reside (musl, gcompact, sssd):
+
+./sssd-2.5.1/src/providers/fail_over.c:1199:19: error: '_PATH_HOSTS' undeclared (first use in this function)
+|  1199 |                   _PATH_HOSTS);
+|       |                   ^~~~~~~~~~~
+
+and 
+
+i./sssd-2.5.1/src/sss_client/nss_ipnetworks.c:415:21: error: 'NETDB_INTERNAL' undeclared (first use in this function)
+|   415 |         *h_errnop = NETDB_INTERNAL;
+
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: sssd-2.5.1/src/providers/fail_over.c
+===================================================================
+--- sssd-2.5.1.orig/src/providers/fail_over.c
++++ sssd-2.5.1/src/providers/fail_over.c
+@@ -31,6 +31,10 @@
+ #include <talloc.h>
+ #include <netdb.h>
+ 
++#if !defined(_PATH_HOSTS)
++#define _PATH_HOSTS     "/etc/hosts"
++#endif
++
+ #include "util/dlinklist.h"
+ #include "util/refcount.h"
+ #include "util/util.h"
+Index: sssd-2.5.1/src/sss_client/sss_cli.h
+===================================================================
+--- sssd-2.5.1.orig/src/sss_client/sss_cli.h
++++ sssd-2.5.1/src/sss_client/sss_cli.h
+@@ -44,6 +44,14 @@ typedef int errno_t;
+ #define EOK 0
+ #endif
+ 
++#ifndef NETDB_INTERNAL
++# define NETDB_INTERNAL (-1)
++#endif
++
++#ifndef NETDB_SUCCESS
++# define NETDB_SUCCESS (0)
++#endif
++
+ #define SSS_NSS_PROTOCOL_VERSION 1
+ #define SSS_PAM_PROTOCOL_VERSION 3
+ #define SSS_SUDO_PROTOCOL_VERSION 1
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/test_negcache_2.patch b/srcpkgs/sssd/patches/test_negcache_2.patch
new file mode 100644
index 000000000000..39e2024ab3fc
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache_2.patch
@@ -0,0 +1,27 @@
+--- a/src/tests/cmocka/test_negcache_2.c
++++ b/src/tests/cmocka/test_negcache_2.c
+@@ -103,14 +103,10 @@
+ static void find_local_users(struct ncache_test_ctx *test_ctx)
+ {
+     int i;
+-    FILE *passwd_file;
+     const struct passwd *pwd;
+ 
+-    passwd_file = fopen("/etc/passwd", "r");
+-    assert_non_null(passwd_file);
+-
+     for (i = 0; i < 2; /*no-op*/) {
+-        pwd = fgetpwent(passwd_file);
++        pwd = getpwent();
+         assert_non_null(pwd);
+         if (pwd->pw_uid == 0) {
+             /* skip root */
+@@ -122,7 +118,7 @@
+         ++i;
+     }
+ 
+-    fclose(passwd_file);
++    endpwent();
+ }
+ 
+ static void find_local_groups(struct ncache_test_ctx *test_ctx)
diff --git a/srcpkgs/sssd/patches/test_softhsm.patch b/srcpkgs/sssd/patches/test_softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..25ad893ded2e 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,20 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ nss-devel libnfsidmap-devel p11-kit-devel jansson-devel python3-devel
+ libcurl-devel libunistring-devel"
+checkdepends="bc openssh softhsm gnutls-tools"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,30 +22,72 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
+if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	makedepends+=" musl-nscd-devel"
 fi
 
+if [ "$XBPS_CHECK_PKGS" ]; then
+	hostmakedepends+=" automake"
+	makedepends+=" cmocka-devel check-devel"
+fi
+
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+
 do_check() {
 	export CK_TIMEOUT_MULTIPLIER=10
 	make check VERBOSE=yes
 	unset CK_TIMEOUT_MULTIPLIER
 }
 
+post_patch() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# exclude tests depending on libnss*.so.* present with glibc only.
+		if [ "$XBPS_TARGET_LIBC" != "glibc" ]; then
+			for i in "nss-srv-tests" "test-negcache" "responder-get-domains-tests" \
+					"responder_cache_req-tests" "pam-srv-tests" "ssh-srv-tests" \
+					"test_kcm_queue"; do
+				vsed -i Makefile.am -e "/[    |	]${i}/d"
+			done
+		fi
+
+		# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+		# * test_inotify: [test_timeout] (0x0010): The test timed out!
+		# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+		# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+		# unexpectedly set to 22
+		for i in "test_sysdb_sudo" "test_inotify" "dlopen-tests" "strtonum-tests"; do
+			vsed -i Makefile.am -e "/[    |	]${i}/d"
+		done
+	fi
+}
+
+pre_configure() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		automake
+	fi
+}
+
+pre_build() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# build test CA separately for tests; for one reason or another it is
+		# not done by default, although it should be.
+		make test_CA
+	fi
+}
+
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
 

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 703 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help is appreciated.

Related to #39083.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least runs).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 17752 bytes --]

From 9fd94ab78baecedda0a303f5a627341496f3373a Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Tue, 29 Nov 2022 19:28:31 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
test_negcache.patch

Misc:

* "--without-python2-bindings" can safely be omitted from
configure_args.

* oidc-child now requires libjose which is not present in the
repository; hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch  | 33 +++++++++
 srcpkgs/sssd/patches/fix_tests.patch        | 54 ---------------
 srcpkgs/sssd/patches/libressl.patch         | 26 -------
 srcpkgs/sssd/patches/missing_includes.patch | 28 ++++++++
 srcpkgs/sssd/patches/path_hosts.patch       | 59 ++++++++++++++++
 srcpkgs/sssd/patches/softhsm.patch          | 30 +++++++++
 srcpkgs/sssd/patches/test_negcache.patch    | 21 ++++++
 srcpkgs/sssd/patches/test_negcache_2.patch  | 27 ++++++++
 srcpkgs/sssd/template                       | 75 ++++++++++++++++-----
 9 files changed, 257 insertions(+), 96 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/missing_includes.patch
 create mode 100644 srcpkgs/sssd/patches/path_hosts.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache_2.patch

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/missing_includes.patch b/srcpkgs/sssd/patches/missing_includes.patch
new file mode 100644
index 000000000000..991b4bbbdc04
--- /dev/null
+++ b/srcpkgs/sssd/patches/missing_includes.patch
@@ -0,0 +1,28 @@
+Source:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/0002-src.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
+index af3563e65..2d98829ad 100644
+--- a/src/confdb/confdb.h
++++ b/src/confdb/confdb.h
+@@ -22,6 +22,7 @@
+ #ifndef _CONF_DB_H
+ #define _CONF_DB_H
+ 
++#include <sys/types.h>
+ #include <stdbool.h>
+ #include <talloc.h>
+ #include <tevent.h>
+diff --git a/src/util/util.h b/src/util/util.h
+index 6dfd2540c..e54ca5bd5 100644
+--- a/src/util/util.h
++++ b/src/util/util.h
+@@ -30,6 +30,7 @@
+ #include <time.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <sys/param.h>
+ #include <netinet/in.h>
+ 
+ #include <talloc.h>
diff --git a/srcpkgs/sssd/patches/path_hosts.patch b/srcpkgs/sssd/patches/path_hosts.patch
new file mode 100644
index 000000000000..e659b701acd4
--- /dev/null
+++ b/srcpkgs/sssd/patches/path_hosts.patch
@@ -0,0 +1,59 @@
+The following patch was appropriated from:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/musl_fixup.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+---
+
+fix musl build failures
+
+Missing _PATH_HOSTS and some NETDB defines when musl is enabled.
+
+These are work arounds for now while we figure out where the real fix should reside (musl, gcompact, sssd):
+
+./sssd-2.5.1/src/providers/fail_over.c:1199:19: error: '_PATH_HOSTS' undeclared (first use in this function)
+|  1199 |                   _PATH_HOSTS);
+|       |                   ^~~~~~~~~~~
+
+and 
+
+i./sssd-2.5.1/src/sss_client/nss_ipnetworks.c:415:21: error: 'NETDB_INTERNAL' undeclared (first use in this function)
+|   415 |         *h_errnop = NETDB_INTERNAL;
+
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: sssd-2.5.1/src/providers/fail_over.c
+===================================================================
+--- sssd-2.5.1.orig/src/providers/fail_over.c
++++ sssd-2.5.1/src/providers/fail_over.c
+@@ -31,6 +31,10 @@
+ #include <talloc.h>
+ #include <netdb.h>
+ 
++#if !defined(_PATH_HOSTS)
++#define _PATH_HOSTS     "/etc/hosts"
++#endif
++
+ #include "util/dlinklist.h"
+ #include "util/refcount.h"
+ #include "util/util.h"
+Index: sssd-2.5.1/src/sss_client/sss_cli.h
+===================================================================
+--- sssd-2.5.1.orig/src/sss_client/sss_cli.h
++++ sssd-2.5.1/src/sss_client/sss_cli.h
+@@ -44,6 +44,14 @@ typedef int errno_t;
+ #define EOK 0
+ #endif
+ 
++#ifndef NETDB_INTERNAL
++# define NETDB_INTERNAL (-1)
++#endif
++
++#ifndef NETDB_SUCCESS
++# define NETDB_SUCCESS (0)
++#endif
++
+ #define SSS_NSS_PROTOCOL_VERSION 1
+ #define SSS_PAM_PROTOCOL_VERSION 3
+ #define SSS_SUDO_PROTOCOL_VERSION 1
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/test_negcache_2.patch b/srcpkgs/sssd/patches/test_negcache_2.patch
new file mode 100644
index 000000000000..39e2024ab3fc
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache_2.patch
@@ -0,0 +1,27 @@
+--- a/src/tests/cmocka/test_negcache_2.c
++++ b/src/tests/cmocka/test_negcache_2.c
+@@ -103,14 +103,10 @@
+ static void find_local_users(struct ncache_test_ctx *test_ctx)
+ {
+     int i;
+-    FILE *passwd_file;
+     const struct passwd *pwd;
+ 
+-    passwd_file = fopen("/etc/passwd", "r");
+-    assert_non_null(passwd_file);
+-
+     for (i = 0; i < 2; /*no-op*/) {
+-        pwd = fgetpwent(passwd_file);
++        pwd = getpwent();
+         assert_non_null(pwd);
+         if (pwd->pw_uid == 0) {
+             /* skip root */
+@@ -122,7 +118,7 @@
+         ++i;
+     }
+ 
+-    fclose(passwd_file);
++    endpwent();
+ }
+ 
+ static void find_local_groups(struct ncache_test_ctx *test_ctx)
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..8da6f94518eb 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,20 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ nss-devel libnfsidmap-devel p11-kit-devel jansson-devel python3-devel
+ libcurl-devel libunistring-devel"
+checkdepends="bc openssh softhsm gnutls-tools"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,30 +22,73 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
+if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	makedepends+=" musl-nscd-devel"
 fi
 
+if [ "$XBPS_CHECK_PKGS" ]; then
+	hostmakedepends+=" automake"
+	makedepends+=" cmocka-devel check-devel"
+fi
+
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+
 do_check() {
 	export CK_TIMEOUT_MULTIPLIER=10
 	make check VERBOSE=yes
 	unset CK_TIMEOUT_MULTIPLIER
 }
 
+post_patch() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# exclude tests depending on libnss*.so.* present with glibc only.
+		if [ "$XBPS_TARGET_LIBC" != "glibc" ]; then
+			for i in "nss-srv-tests" "test-negcache" "responder-get-domains-tests" \
+					"responder_cache_req-tests" "ssh-srv-tests" "test_kcm_queue"; do
+				vsed -i Makefile.am -e "/[    |	]${i}/d"
+			done
+		fi
+
+		# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+		# * test_inotify: [test_timeout] (0x0010): The test timed out!
+		# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+		# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+		# unexpectedly set to 22
+		# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+		for i in "test_sysdb_sudo" "test_inotify" "dlopen-tests" "strtonum-tests" \
+				"pam-srv-tests"; do
+			vsed -i Makefile.am -e "/[    |	]${i}/d"
+		done
+	fi
+}
+
+pre_configure() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		automake
+	fi
+}
+
+pre_build() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# build test CA separately for tests; for one reason or another it is
+		# not done by default, although it should be.
+		make test_CA
+	fi
+}
+
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
 

Re: [PR PATCH] [Closed]: sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 550 bytes --]

There's a closed pull request on the void-packages repository

sssd: update to 2.8.2.
https://github.com/void-linux/void-packages/pull/40846

Description:
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 18054 bytes --]

From 0cf4bab85af163e30f668356c964e3ffe02cdc94 Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
test_negcache.patch

Misc:

* "--without-python2-bindings" can safely be omitted from
configure_args.

* oidc-child now requires libjose which is not present in the
repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch  | 33 +++++++++
 srcpkgs/sssd/patches/fix_tests.patch        | 54 ---------------
 srcpkgs/sssd/patches/libressl.patch         | 26 -------
 srcpkgs/sssd/patches/missing_includes.patch | 28 ++++++++
 srcpkgs/sssd/patches/path_hosts.patch       | 59 ++++++++++++++++
 srcpkgs/sssd/patches/softhsm.patch          | 30 +++++++++
 srcpkgs/sssd/patches/test_negcache.patch    | 21 ++++++
 srcpkgs/sssd/patches/test_negcache_2.patch  | 27 ++++++++
 srcpkgs/sssd/template                       | 75 ++++++++++++++++-----
 srcpkgs/sssd/update                         |  1 -
 10 files changed, 257 insertions(+), 97 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/missing_includes.patch
 create mode 100644 srcpkgs/sssd/patches/path_hosts.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache_2.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/missing_includes.patch b/srcpkgs/sssd/patches/missing_includes.patch
new file mode 100644
index 000000000000..991b4bbbdc04
--- /dev/null
+++ b/srcpkgs/sssd/patches/missing_includes.patch
@@ -0,0 +1,28 @@
+Source:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/0002-src.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
+index af3563e65..2d98829ad 100644
+--- a/src/confdb/confdb.h
++++ b/src/confdb/confdb.h
+@@ -22,6 +22,7 @@
+ #ifndef _CONF_DB_H
+ #define _CONF_DB_H
+ 
++#include <sys/types.h>
+ #include <stdbool.h>
+ #include <talloc.h>
+ #include <tevent.h>
+diff --git a/src/util/util.h b/src/util/util.h
+index 6dfd2540c..e54ca5bd5 100644
+--- a/src/util/util.h
++++ b/src/util/util.h
+@@ -30,6 +30,7 @@
+ #include <time.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <sys/param.h>
+ #include <netinet/in.h>
+ 
+ #include <talloc.h>
diff --git a/srcpkgs/sssd/patches/path_hosts.patch b/srcpkgs/sssd/patches/path_hosts.patch
new file mode 100644
index 000000000000..e659b701acd4
--- /dev/null
+++ b/srcpkgs/sssd/patches/path_hosts.patch
@@ -0,0 +1,59 @@
+The following patch was appropriated from:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/musl_fixup.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+---
+
+fix musl build failures
+
+Missing _PATH_HOSTS and some NETDB defines when musl is enabled.
+
+These are work arounds for now while we figure out where the real fix should reside (musl, gcompact, sssd):
+
+./sssd-2.5.1/src/providers/fail_over.c:1199:19: error: '_PATH_HOSTS' undeclared (first use in this function)
+|  1199 |                   _PATH_HOSTS);
+|       |                   ^~~~~~~~~~~
+
+and 
+
+i./sssd-2.5.1/src/sss_client/nss_ipnetworks.c:415:21: error: 'NETDB_INTERNAL' undeclared (first use in this function)
+|   415 |         *h_errnop = NETDB_INTERNAL;
+
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: sssd-2.5.1/src/providers/fail_over.c
+===================================================================
+--- sssd-2.5.1.orig/src/providers/fail_over.c
++++ sssd-2.5.1/src/providers/fail_over.c
+@@ -31,6 +31,10 @@
+ #include <talloc.h>
+ #include <netdb.h>
+ 
++#if !defined(_PATH_HOSTS)
++#define _PATH_HOSTS     "/etc/hosts"
++#endif
++
+ #include "util/dlinklist.h"
+ #include "util/refcount.h"
+ #include "util/util.h"
+Index: sssd-2.5.1/src/sss_client/sss_cli.h
+===================================================================
+--- sssd-2.5.1.orig/src/sss_client/sss_cli.h
++++ sssd-2.5.1/src/sss_client/sss_cli.h
+@@ -44,6 +44,14 @@ typedef int errno_t;
+ #define EOK 0
+ #endif
+ 
++#ifndef NETDB_INTERNAL
++# define NETDB_INTERNAL (-1)
++#endif
++
++#ifndef NETDB_SUCCESS
++# define NETDB_SUCCESS (0)
++#endif
++
+ #define SSS_NSS_PROTOCOL_VERSION 1
+ #define SSS_PAM_PROTOCOL_VERSION 3
+ #define SSS_SUDO_PROTOCOL_VERSION 1
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/test_negcache_2.patch b/srcpkgs/sssd/patches/test_negcache_2.patch
new file mode 100644
index 000000000000..39e2024ab3fc
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache_2.patch
@@ -0,0 +1,27 @@
+--- a/src/tests/cmocka/test_negcache_2.c
++++ b/src/tests/cmocka/test_negcache_2.c
+@@ -103,14 +103,10 @@
+ static void find_local_users(struct ncache_test_ctx *test_ctx)
+ {
+     int i;
+-    FILE *passwd_file;
+     const struct passwd *pwd;
+ 
+-    passwd_file = fopen("/etc/passwd", "r");
+-    assert_non_null(passwd_file);
+-
+     for (i = 0; i < 2; /*no-op*/) {
+-        pwd = fgetpwent(passwd_file);
++        pwd = getpwent();
+         assert_non_null(pwd);
+         if (pwd->pw_uid == 0) {
+             /* skip root */
+@@ -122,7 +118,7 @@
+         ++i;
+     }
+ 
+-    fclose(passwd_file);
++    endpwent();
+ }
+ 
+ static void find_local_groups(struct ncache_test_ctx *test_ctx)
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..8da6f94518eb 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,20 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ nss-devel libnfsidmap-devel p11-kit-devel jansson-devel python3-devel
+ libcurl-devel libunistring-devel"
+checkdepends="bc openssh softhsm gnutls-tools"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,30 +22,73 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
+if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	makedepends+=" musl-nscd-devel"
 fi
 
+if [ "$XBPS_CHECK_PKGS" ]; then
+	hostmakedepends+=" automake"
+	makedepends+=" cmocka-devel check-devel"
+fi
+
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+
 do_check() {
 	export CK_TIMEOUT_MULTIPLIER=10
 	make check VERBOSE=yes
 	unset CK_TIMEOUT_MULTIPLIER
 }
 
+post_patch() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# exclude tests depending on libnss*.so.* present with glibc only.
+		if [ "$XBPS_TARGET_LIBC" != "glibc" ]; then
+			for i in "nss-srv-tests" "test-negcache" "responder-get-domains-tests" \
+					"responder_cache_req-tests" "ssh-srv-tests" "test_kcm_queue"; do
+				vsed -i Makefile.am -e "/[    |	]${i}/d"
+			done
+		fi
+
+		# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+		# * test_inotify: [test_timeout] (0x0010): The test timed out!
+		# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+		# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+		# unexpectedly set to 22
+		# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+		for i in "test_sysdb_sudo" "test_inotify" "dlopen-tests" "strtonum-tests" \
+				"pam-srv-tests"; do
+			vsed -i Makefile.am -e "/[    |	]${i}/d"
+		done
+	fi
+}
+
+pre_configure() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		automake
+	fi
+}
+
+pre_build() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# build test CA separately for tests; for one reason or another it is
+		# not done by default, although it should be.
+		make test_CA
+	fi
+}
+
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
 
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: sssd: update to 2.8.2.

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 191 bytes --]

New comment by klarasm on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1416121436

Comment:
Currently building for testing. Will report back.

Re: sssd: update to 2.8.2.

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 374 bytes --]

New comment by klarasm on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1416144183

Comment:
[sssd.log](https://github.com/void-linux/void-packages/files/10580992/sssd.log)

Tried this with #41948.
sssd complains that it can't find NSS symbols, more specifically libnss_files.so.2. musl-nscd does not seem to contain that.

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 18152 bytes --]

From be58a415edf249207ef72c9ceacb19b1c7768754 Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can safely be omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch  | 33 +++++++++
 srcpkgs/sssd/patches/fix_tests.patch        | 54 --------------
 srcpkgs/sssd/patches/libressl.patch         | 26 -------
 srcpkgs/sssd/patches/missing_includes.patch | 28 ++++++++
 srcpkgs/sssd/patches/path_hosts.patch       | 59 ++++++++++++++++
 srcpkgs/sssd/patches/softhsm.patch          | 30 ++++++++
 srcpkgs/sssd/patches/test_negcache.patch    | 21 ++++++
 srcpkgs/sssd/patches/test_negcache_2.patch  | 27 +++++++
 srcpkgs/sssd/template                       | 78 ++++++++++++++++-----
 srcpkgs/sssd/update                         |  1 -
 10 files changed, 260 insertions(+), 97 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/missing_includes.patch
 create mode 100644 srcpkgs/sssd/patches/path_hosts.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache_2.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/missing_includes.patch b/srcpkgs/sssd/patches/missing_includes.patch
new file mode 100644
index 000000000000..991b4bbbdc04
--- /dev/null
+++ b/srcpkgs/sssd/patches/missing_includes.patch
@@ -0,0 +1,28 @@
+Source:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/0002-src.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
+index af3563e65..2d98829ad 100644
+--- a/src/confdb/confdb.h
++++ b/src/confdb/confdb.h
+@@ -22,6 +22,7 @@
+ #ifndef _CONF_DB_H
+ #define _CONF_DB_H
+ 
++#include <sys/types.h>
+ #include <stdbool.h>
+ #include <talloc.h>
+ #include <tevent.h>
+diff --git a/src/util/util.h b/src/util/util.h
+index 6dfd2540c..e54ca5bd5 100644
+--- a/src/util/util.h
++++ b/src/util/util.h
+@@ -30,6 +30,7 @@
+ #include <time.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <sys/param.h>
+ #include <netinet/in.h>
+ 
+ #include <talloc.h>
diff --git a/srcpkgs/sssd/patches/path_hosts.patch b/srcpkgs/sssd/patches/path_hosts.patch
new file mode 100644
index 000000000000..e659b701acd4
--- /dev/null
+++ b/srcpkgs/sssd/patches/path_hosts.patch
@@ -0,0 +1,59 @@
+The following patch was appropriated from:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/musl_fixup.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+---
+
+fix musl build failures
+
+Missing _PATH_HOSTS and some NETDB defines when musl is enabled.
+
+These are work arounds for now while we figure out where the real fix should reside (musl, gcompact, sssd):
+
+./sssd-2.5.1/src/providers/fail_over.c:1199:19: error: '_PATH_HOSTS' undeclared (first use in this function)
+|  1199 |                   _PATH_HOSTS);
+|       |                   ^~~~~~~~~~~
+
+and 
+
+i./sssd-2.5.1/src/sss_client/nss_ipnetworks.c:415:21: error: 'NETDB_INTERNAL' undeclared (first use in this function)
+|   415 |         *h_errnop = NETDB_INTERNAL;
+
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: sssd-2.5.1/src/providers/fail_over.c
+===================================================================
+--- sssd-2.5.1.orig/src/providers/fail_over.c
++++ sssd-2.5.1/src/providers/fail_over.c
+@@ -31,6 +31,10 @@
+ #include <talloc.h>
+ #include <netdb.h>
+ 
++#if !defined(_PATH_HOSTS)
++#define _PATH_HOSTS     "/etc/hosts"
++#endif
++
+ #include "util/dlinklist.h"
+ #include "util/refcount.h"
+ #include "util/util.h"
+Index: sssd-2.5.1/src/sss_client/sss_cli.h
+===================================================================
+--- sssd-2.5.1.orig/src/sss_client/sss_cli.h
++++ sssd-2.5.1/src/sss_client/sss_cli.h
+@@ -44,6 +44,14 @@ typedef int errno_t;
+ #define EOK 0
+ #endif
+ 
++#ifndef NETDB_INTERNAL
++# define NETDB_INTERNAL (-1)
++#endif
++
++#ifndef NETDB_SUCCESS
++# define NETDB_SUCCESS (0)
++#endif
++
+ #define SSS_NSS_PROTOCOL_VERSION 1
+ #define SSS_PAM_PROTOCOL_VERSION 3
+ #define SSS_SUDO_PROTOCOL_VERSION 1
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/test_negcache_2.patch b/srcpkgs/sssd/patches/test_negcache_2.patch
new file mode 100644
index 000000000000..39e2024ab3fc
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache_2.patch
@@ -0,0 +1,27 @@
+--- a/src/tests/cmocka/test_negcache_2.c
++++ b/src/tests/cmocka/test_negcache_2.c
+@@ -103,14 +103,10 @@
+ static void find_local_users(struct ncache_test_ctx *test_ctx)
+ {
+     int i;
+-    FILE *passwd_file;
+     const struct passwd *pwd;
+ 
+-    passwd_file = fopen("/etc/passwd", "r");
+-    assert_non_null(passwd_file);
+-
+     for (i = 0; i < 2; /*no-op*/) {
+-        pwd = fgetpwent(passwd_file);
++        pwd = getpwent();
+         assert_non_null(pwd);
+         if (pwd->pw_uid == 0) {
+             /* skip root */
+@@ -122,7 +118,7 @@
+         ++i;
+     }
+ 
+-    fclose(passwd_file);
++    endpwent();
+ }
+ 
+ static void find_local_groups(struct ncache_test_ctx *test_ctx)
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..dc92d8a2a93f 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,20 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ nss-devel libnfsidmap-devel p11-kit-devel jansson-devel python3-devel
+ libcurl-devel libunistring-devel"
+checkdepends="bc openssh softhsm gnutls-tools"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,30 +22,76 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
+if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	makedepends+=" nss-devel"
 fi
 
+if [ "$XBPS_CHECK_PKGS" ]; then
+	hostmakedepends+=" automake"
+	makedepends+=" cmocka-devel check-devel"
+fi
+
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+
 do_check() {
 	export CK_TIMEOUT_MULTIPLIER=10
 	make check VERBOSE=yes
 	unset CK_TIMEOUT_MULTIPLIER
 }
 
+post_patch() {
+	if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	   cp "${FILESDIR}/nss.h" ${build_wrksrc}/src
+	fi
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# exclude tests depending on libnss*.so.* present with glibc only.
+		if [ "$XBPS_TARGET_LIBC" != "glibc" ]; then
+			for i in "nss-srv-tests" "test-negcache" "responder-get-domains-tests" \
+					"responder_cache_req-tests" "ssh-srv-tests" "test_kcm_queue"; do
+				vsed -i Makefile.am -e "/[    |	]${i}/d"
+			done
+		fi
+
+		# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+		# * test_inotify: [test_timeout] (0x0010): The test timed out!
+		# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+		# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+		# unexpectedly set to 22
+		# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+		for i in "test_sysdb_sudo" "test_inotify" "dlopen-tests" "strtonum-tests" \
+				"pam-srv-tests"; do
+			vsed -i Makefile.am -e "/[    |	]${i}/d"
+		done
+	fi
+}
+
+pre_configure() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		automake
+	fi
+}
+
+pre_build() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# build test CA separately for tests; for one reason or another it is
+		# not done by default, although it should be.
+		make test_CA
+	fi
+}
+
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
 
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 18672 bytes --]

From 000978aec84f3320a851e89bfbede19d1767209d Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can safely be omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/files/nss.h                    | 15 ++++
 srcpkgs/sssd/patches/configure_cross.patch  | 33 +++++++++
 srcpkgs/sssd/patches/fix_tests.patch        | 54 --------------
 srcpkgs/sssd/patches/libressl.patch         | 26 -------
 srcpkgs/sssd/patches/missing_includes.patch | 28 ++++++++
 srcpkgs/sssd/patches/path_hosts.patch       | 59 ++++++++++++++++
 srcpkgs/sssd/patches/softhsm.patch          | 30 ++++++++
 srcpkgs/sssd/patches/test_negcache.patch    | 21 ++++++
 srcpkgs/sssd/patches/test_negcache_2.patch  | 27 +++++++
 srcpkgs/sssd/template                       | 78 ++++++++++++++++-----
 srcpkgs/sssd/update                         |  1 -
 11 files changed, 275 insertions(+), 97 deletions(-)
 create mode 100644 srcpkgs/sssd/files/nss.h
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/missing_includes.patch
 create mode 100644 srcpkgs/sssd/patches/path_hosts.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache_2.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/files/nss.h b/srcpkgs/sssd/files/nss.h
new file mode 100644
index 000000000000..e15ee3ee34e0
--- /dev/null
+++ b/srcpkgs/sssd/files/nss.h
@@ -0,0 +1,15 @@
+#ifndef NSS__H
+#define NSS__H
+
+#include <nss/nss.h>
+
+enum nss_status
+{
+    NSS_STATUS_TRYAGAIN = -2,
+    NSS_STATUS_UNAVAIL = -1,
+    NSS_STATUS_NOTFOUND = 0,
+    NSS_STATUS_SUCCESS = 1,
+    NSS_STATUS_RETURN = 2
+};
+
+#endif
diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/missing_includes.patch b/srcpkgs/sssd/patches/missing_includes.patch
new file mode 100644
index 000000000000..991b4bbbdc04
--- /dev/null
+++ b/srcpkgs/sssd/patches/missing_includes.patch
@@ -0,0 +1,28 @@
+Source:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/0002-src.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
+index af3563e65..2d98829ad 100644
+--- a/src/confdb/confdb.h
++++ b/src/confdb/confdb.h
+@@ -22,6 +22,7 @@
+ #ifndef _CONF_DB_H
+ #define _CONF_DB_H
+ 
++#include <sys/types.h>
+ #include <stdbool.h>
+ #include <talloc.h>
+ #include <tevent.h>
+diff --git a/src/util/util.h b/src/util/util.h
+index 6dfd2540c..e54ca5bd5 100644
+--- a/src/util/util.h
++++ b/src/util/util.h
+@@ -30,6 +30,7 @@
+ #include <time.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <sys/param.h>
+ #include <netinet/in.h>
+ 
+ #include <talloc.h>
diff --git a/srcpkgs/sssd/patches/path_hosts.patch b/srcpkgs/sssd/patches/path_hosts.patch
new file mode 100644
index 000000000000..e659b701acd4
--- /dev/null
+++ b/srcpkgs/sssd/patches/path_hosts.patch
@@ -0,0 +1,59 @@
+The following patch was appropriated from:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/musl_fixup.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+---
+
+fix musl build failures
+
+Missing _PATH_HOSTS and some NETDB defines when musl is enabled.
+
+These are work arounds for now while we figure out where the real fix should reside (musl, gcompact, sssd):
+
+./sssd-2.5.1/src/providers/fail_over.c:1199:19: error: '_PATH_HOSTS' undeclared (first use in this function)
+|  1199 |                   _PATH_HOSTS);
+|       |                   ^~~~~~~~~~~
+
+and 
+
+i./sssd-2.5.1/src/sss_client/nss_ipnetworks.c:415:21: error: 'NETDB_INTERNAL' undeclared (first use in this function)
+|   415 |         *h_errnop = NETDB_INTERNAL;
+
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: sssd-2.5.1/src/providers/fail_over.c
+===================================================================
+--- sssd-2.5.1.orig/src/providers/fail_over.c
++++ sssd-2.5.1/src/providers/fail_over.c
+@@ -31,6 +31,10 @@
+ #include <talloc.h>
+ #include <netdb.h>
+ 
++#if !defined(_PATH_HOSTS)
++#define _PATH_HOSTS     "/etc/hosts"
++#endif
++
+ #include "util/dlinklist.h"
+ #include "util/refcount.h"
+ #include "util/util.h"
+Index: sssd-2.5.1/src/sss_client/sss_cli.h
+===================================================================
+--- sssd-2.5.1.orig/src/sss_client/sss_cli.h
++++ sssd-2.5.1/src/sss_client/sss_cli.h
+@@ -44,6 +44,14 @@ typedef int errno_t;
+ #define EOK 0
+ #endif
+ 
++#ifndef NETDB_INTERNAL
++# define NETDB_INTERNAL (-1)
++#endif
++
++#ifndef NETDB_SUCCESS
++# define NETDB_SUCCESS (0)
++#endif
++
+ #define SSS_NSS_PROTOCOL_VERSION 1
+ #define SSS_PAM_PROTOCOL_VERSION 3
+ #define SSS_SUDO_PROTOCOL_VERSION 1
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/test_negcache_2.patch b/srcpkgs/sssd/patches/test_negcache_2.patch
new file mode 100644
index 000000000000..39e2024ab3fc
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache_2.patch
@@ -0,0 +1,27 @@
+--- a/src/tests/cmocka/test_negcache_2.c
++++ b/src/tests/cmocka/test_negcache_2.c
+@@ -103,14 +103,10 @@
+ static void find_local_users(struct ncache_test_ctx *test_ctx)
+ {
+     int i;
+-    FILE *passwd_file;
+     const struct passwd *pwd;
+ 
+-    passwd_file = fopen("/etc/passwd", "r");
+-    assert_non_null(passwd_file);
+-
+     for (i = 0; i < 2; /*no-op*/) {
+-        pwd = fgetpwent(passwd_file);
++        pwd = getpwent();
+         assert_non_null(pwd);
+         if (pwd->pw_uid == 0) {
+             /* skip root */
+@@ -122,7 +118,7 @@
+         ++i;
+     }
+ 
+-    fclose(passwd_file);
++    endpwent();
+ }
+ 
+ static void find_local_groups(struct ncache_test_ctx *test_ctx)
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..dc92d8a2a93f 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,20 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ nss-devel libnfsidmap-devel p11-kit-devel jansson-devel python3-devel
+ libcurl-devel libunistring-devel"
+checkdepends="bc openssh softhsm gnutls-tools"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,30 +22,76 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
+if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	makedepends+=" nss-devel"
 fi
 
+if [ "$XBPS_CHECK_PKGS" ]; then
+	hostmakedepends+=" automake"
+	makedepends+=" cmocka-devel check-devel"
+fi
+
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+
 do_check() {
 	export CK_TIMEOUT_MULTIPLIER=10
 	make check VERBOSE=yes
 	unset CK_TIMEOUT_MULTIPLIER
 }
 
+post_patch() {
+	if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	   cp "${FILESDIR}/nss.h" ${build_wrksrc}/src
+	fi
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# exclude tests depending on libnss*.so.* present with glibc only.
+		if [ "$XBPS_TARGET_LIBC" != "glibc" ]; then
+			for i in "nss-srv-tests" "test-negcache" "responder-get-domains-tests" \
+					"responder_cache_req-tests" "ssh-srv-tests" "test_kcm_queue"; do
+				vsed -i Makefile.am -e "/[    |	]${i}/d"
+			done
+		fi
+
+		# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+		# * test_inotify: [test_timeout] (0x0010): The test timed out!
+		# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+		# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+		# unexpectedly set to 22
+		# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+		for i in "test_sysdb_sudo" "test_inotify" "dlopen-tests" "strtonum-tests" \
+				"pam-srv-tests"; do
+			vsed -i Makefile.am -e "/[    |	]${i}/d"
+		done
+	fi
+}
+
+pre_configure() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		automake
+	fi
+}
+
+pre_build() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# build test CA separately for tests; for one reason or another it is
+		# not done by default, although it should be.
+		make test_CA
+	fi
+}
+
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
 
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 18672 bytes --]

From e3f49b6461f30de5992c84e706d1df40a2bade37 Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can safely be omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/files/nss.h                    | 15 ++++
 srcpkgs/sssd/patches/configure_cross.patch  | 33 +++++++++
 srcpkgs/sssd/patches/fix_tests.patch        | 54 --------------
 srcpkgs/sssd/patches/libressl.patch         | 26 -------
 srcpkgs/sssd/patches/missing_includes.patch | 28 ++++++++
 srcpkgs/sssd/patches/path_hosts.patch       | 59 ++++++++++++++++
 srcpkgs/sssd/patches/softhsm.patch          | 30 ++++++++
 srcpkgs/sssd/patches/test_negcache.patch    | 21 ++++++
 srcpkgs/sssd/patches/test_negcache_2.patch  | 27 +++++++
 srcpkgs/sssd/template                       | 78 ++++++++++++++++-----
 srcpkgs/sssd/update                         |  1 -
 11 files changed, 275 insertions(+), 97 deletions(-)
 create mode 100644 srcpkgs/sssd/files/nss.h
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/missing_includes.patch
 create mode 100644 srcpkgs/sssd/patches/path_hosts.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache_2.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/files/nss.h b/srcpkgs/sssd/files/nss.h
new file mode 100644
index 000000000000..e15ee3ee34e0
--- /dev/null
+++ b/srcpkgs/sssd/files/nss.h
@@ -0,0 +1,15 @@
+#ifndef NSS__H
+#define NSS__H
+
+#include <nss/nss.h>
+
+enum nss_status
+{
+    NSS_STATUS_TRYAGAIN = -2,
+    NSS_STATUS_UNAVAIL = -1,
+    NSS_STATUS_NOTFOUND = 0,
+    NSS_STATUS_SUCCESS = 1,
+    NSS_STATUS_RETURN = 2
+};
+
+#endif
diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/missing_includes.patch b/srcpkgs/sssd/patches/missing_includes.patch
new file mode 100644
index 000000000000..991b4bbbdc04
--- /dev/null
+++ b/srcpkgs/sssd/patches/missing_includes.patch
@@ -0,0 +1,28 @@
+Source:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/0002-src.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
+index af3563e65..2d98829ad 100644
+--- a/src/confdb/confdb.h
++++ b/src/confdb/confdb.h
+@@ -22,6 +22,7 @@
+ #ifndef _CONF_DB_H
+ #define _CONF_DB_H
+ 
++#include <sys/types.h>
+ #include <stdbool.h>
+ #include <talloc.h>
+ #include <tevent.h>
+diff --git a/src/util/util.h b/src/util/util.h
+index 6dfd2540c..e54ca5bd5 100644
+--- a/src/util/util.h
++++ b/src/util/util.h
+@@ -30,6 +30,7 @@
+ #include <time.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <sys/param.h>
+ #include <netinet/in.h>
+ 
+ #include <talloc.h>
diff --git a/srcpkgs/sssd/patches/path_hosts.patch b/srcpkgs/sssd/patches/path_hosts.patch
new file mode 100644
index 000000000000..e659b701acd4
--- /dev/null
+++ b/srcpkgs/sssd/patches/path_hosts.patch
@@ -0,0 +1,59 @@
+The following patch was appropriated from:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/musl_fixup.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+---
+
+fix musl build failures
+
+Missing _PATH_HOSTS and some NETDB defines when musl is enabled.
+
+These are work arounds for now while we figure out where the real fix should reside (musl, gcompact, sssd):
+
+./sssd-2.5.1/src/providers/fail_over.c:1199:19: error: '_PATH_HOSTS' undeclared (first use in this function)
+|  1199 |                   _PATH_HOSTS);
+|       |                   ^~~~~~~~~~~
+
+and 
+
+i./sssd-2.5.1/src/sss_client/nss_ipnetworks.c:415:21: error: 'NETDB_INTERNAL' undeclared (first use in this function)
+|   415 |         *h_errnop = NETDB_INTERNAL;
+
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: sssd-2.5.1/src/providers/fail_over.c
+===================================================================
+--- sssd-2.5.1.orig/src/providers/fail_over.c
++++ sssd-2.5.1/src/providers/fail_over.c
+@@ -31,6 +31,10 @@
+ #include <talloc.h>
+ #include <netdb.h>
+ 
++#if !defined(_PATH_HOSTS)
++#define _PATH_HOSTS     "/etc/hosts"
++#endif
++
+ #include "util/dlinklist.h"
+ #include "util/refcount.h"
+ #include "util/util.h"
+Index: sssd-2.5.1/src/sss_client/sss_cli.h
+===================================================================
+--- sssd-2.5.1.orig/src/sss_client/sss_cli.h
++++ sssd-2.5.1/src/sss_client/sss_cli.h
+@@ -44,6 +44,14 @@ typedef int errno_t;
+ #define EOK 0
+ #endif
+ 
++#ifndef NETDB_INTERNAL
++# define NETDB_INTERNAL (-1)
++#endif
++
++#ifndef NETDB_SUCCESS
++# define NETDB_SUCCESS (0)
++#endif
++
+ #define SSS_NSS_PROTOCOL_VERSION 1
+ #define SSS_PAM_PROTOCOL_VERSION 3
+ #define SSS_SUDO_PROTOCOL_VERSION 1
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/test_negcache_2.patch b/srcpkgs/sssd/patches/test_negcache_2.patch
new file mode 100644
index 000000000000..39e2024ab3fc
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache_2.patch
@@ -0,0 +1,27 @@
+--- a/src/tests/cmocka/test_negcache_2.c
++++ b/src/tests/cmocka/test_negcache_2.c
+@@ -103,14 +103,10 @@
+ static void find_local_users(struct ncache_test_ctx *test_ctx)
+ {
+     int i;
+-    FILE *passwd_file;
+     const struct passwd *pwd;
+ 
+-    passwd_file = fopen("/etc/passwd", "r");
+-    assert_non_null(passwd_file);
+-
+     for (i = 0; i < 2; /*no-op*/) {
+-        pwd = fgetpwent(passwd_file);
++        pwd = getpwent();
+         assert_non_null(pwd);
+         if (pwd->pw_uid == 0) {
+             /* skip root */
+@@ -122,7 +118,7 @@
+         ++i;
+     }
+ 
+-    fclose(passwd_file);
++    endpwent();
+ }
+ 
+ static void find_local_groups(struct ncache_test_ctx *test_ctx)
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..dc92d8a2a93f 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,20 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ nss-devel libnfsidmap-devel p11-kit-devel jansson-devel python3-devel
+ libcurl-devel libunistring-devel"
+checkdepends="bc openssh softhsm gnutls-tools"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,30 +22,76 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
+if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	makedepends+=" nss-devel"
 fi
 
+if [ "$XBPS_CHECK_PKGS" ]; then
+	hostmakedepends+=" automake"
+	makedepends+=" cmocka-devel check-devel"
+fi
+
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+
 do_check() {
 	export CK_TIMEOUT_MULTIPLIER=10
 	make check VERBOSE=yes
 	unset CK_TIMEOUT_MULTIPLIER
 }
 
+post_patch() {
+	if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	   cp "${FILESDIR}/nss.h" ${build_wrksrc}/src
+	fi
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# exclude tests depending on libnss*.so.* present with glibc only.
+		if [ "$XBPS_TARGET_LIBC" != "glibc" ]; then
+			for i in "nss-srv-tests" "test-negcache" "responder-get-domains-tests" \
+					"responder_cache_req-tests" "ssh-srv-tests" "test_kcm_queue"; do
+				vsed -i Makefile.am -e "/[    |	]${i}/d"
+			done
+		fi
+
+		# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+		# * test_inotify: [test_timeout] (0x0010): The test timed out!
+		# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+		# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+		# unexpectedly set to 22
+		# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+		for i in "test_sysdb_sudo" "test_inotify" "dlopen-tests" "strtonum-tests" \
+				"pam-srv-tests"; do
+			vsed -i Makefile.am -e "/[    |	]${i}/d"
+		done
+	fi
+}
+
+pre_configure() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		automake
+	fi
+}
+
+pre_build() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# build test CA separately for tests; for one reason or another it is
+		# not done by default, although it should be.
+		make test_CA
+	fi
+}
+
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
 
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 18725 bytes --]

From 4858041e4ebb6fb5f69aaef1df78fe963d2d1b8e Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can safely be omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/files/nss.h                    | 15 ++++
 srcpkgs/sssd/patches/configure_cross.patch  | 33 +++++++++
 srcpkgs/sssd/patches/fix_tests.patch        | 54 --------------
 srcpkgs/sssd/patches/libressl.patch         | 26 -------
 srcpkgs/sssd/patches/missing_includes.patch | 28 ++++++++
 srcpkgs/sssd/patches/path_hosts.patch       | 59 +++++++++++++++
 srcpkgs/sssd/patches/softhsm.patch          | 30 ++++++++
 srcpkgs/sssd/patches/test_negcache.patch    | 21 ++++++
 srcpkgs/sssd/patches/test_negcache_2.patch  | 27 +++++++
 srcpkgs/sssd/template                       | 79 ++++++++++++++++-----
 srcpkgs/sssd/update                         |  1 -
 11 files changed, 276 insertions(+), 97 deletions(-)
 create mode 100644 srcpkgs/sssd/files/nss.h
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/missing_includes.patch
 create mode 100644 srcpkgs/sssd/patches/path_hosts.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache_2.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/files/nss.h b/srcpkgs/sssd/files/nss.h
new file mode 100644
index 000000000000..e15ee3ee34e0
--- /dev/null
+++ b/srcpkgs/sssd/files/nss.h
@@ -0,0 +1,15 @@
+#ifndef NSS__H
+#define NSS__H
+
+#include <nss/nss.h>
+
+enum nss_status
+{
+    NSS_STATUS_TRYAGAIN = -2,
+    NSS_STATUS_UNAVAIL = -1,
+    NSS_STATUS_NOTFOUND = 0,
+    NSS_STATUS_SUCCESS = 1,
+    NSS_STATUS_RETURN = 2
+};
+
+#endif
diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/missing_includes.patch b/srcpkgs/sssd/patches/missing_includes.patch
new file mode 100644
index 000000000000..991b4bbbdc04
--- /dev/null
+++ b/srcpkgs/sssd/patches/missing_includes.patch
@@ -0,0 +1,28 @@
+Source:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/0002-src.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
+index af3563e65..2d98829ad 100644
+--- a/src/confdb/confdb.h
++++ b/src/confdb/confdb.h
+@@ -22,6 +22,7 @@
+ #ifndef _CONF_DB_H
+ #define _CONF_DB_H
+ 
++#include <sys/types.h>
+ #include <stdbool.h>
+ #include <talloc.h>
+ #include <tevent.h>
+diff --git a/src/util/util.h b/src/util/util.h
+index 6dfd2540c..e54ca5bd5 100644
+--- a/src/util/util.h
++++ b/src/util/util.h
+@@ -30,6 +30,7 @@
+ #include <time.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <sys/param.h>
+ #include <netinet/in.h>
+ 
+ #include <talloc.h>
diff --git a/srcpkgs/sssd/patches/path_hosts.patch b/srcpkgs/sssd/patches/path_hosts.patch
new file mode 100644
index 000000000000..e659b701acd4
--- /dev/null
+++ b/srcpkgs/sssd/patches/path_hosts.patch
@@ -0,0 +1,59 @@
+The following patch was appropriated from:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/musl_fixup.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+---
+
+fix musl build failures
+
+Missing _PATH_HOSTS and some NETDB defines when musl is enabled.
+
+These are work arounds for now while we figure out where the real fix should reside (musl, gcompact, sssd):
+
+./sssd-2.5.1/src/providers/fail_over.c:1199:19: error: '_PATH_HOSTS' undeclared (first use in this function)
+|  1199 |                   _PATH_HOSTS);
+|       |                   ^~~~~~~~~~~
+
+and 
+
+i./sssd-2.5.1/src/sss_client/nss_ipnetworks.c:415:21: error: 'NETDB_INTERNAL' undeclared (first use in this function)
+|   415 |         *h_errnop = NETDB_INTERNAL;
+
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: sssd-2.5.1/src/providers/fail_over.c
+===================================================================
+--- sssd-2.5.1.orig/src/providers/fail_over.c
++++ sssd-2.5.1/src/providers/fail_over.c
+@@ -31,6 +31,10 @@
+ #include <talloc.h>
+ #include <netdb.h>
+ 
++#if !defined(_PATH_HOSTS)
++#define _PATH_HOSTS     "/etc/hosts"
++#endif
++
+ #include "util/dlinklist.h"
+ #include "util/refcount.h"
+ #include "util/util.h"
+Index: sssd-2.5.1/src/sss_client/sss_cli.h
+===================================================================
+--- sssd-2.5.1.orig/src/sss_client/sss_cli.h
++++ sssd-2.5.1/src/sss_client/sss_cli.h
+@@ -44,6 +44,14 @@ typedef int errno_t;
+ #define EOK 0
+ #endif
+ 
++#ifndef NETDB_INTERNAL
++# define NETDB_INTERNAL (-1)
++#endif
++
++#ifndef NETDB_SUCCESS
++# define NETDB_SUCCESS (0)
++#endif
++
+ #define SSS_NSS_PROTOCOL_VERSION 1
+ #define SSS_PAM_PROTOCOL_VERSION 3
+ #define SSS_SUDO_PROTOCOL_VERSION 1
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/test_negcache_2.patch b/srcpkgs/sssd/patches/test_negcache_2.patch
new file mode 100644
index 000000000000..39e2024ab3fc
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache_2.patch
@@ -0,0 +1,27 @@
+--- a/src/tests/cmocka/test_negcache_2.c
++++ b/src/tests/cmocka/test_negcache_2.c
+@@ -103,14 +103,10 @@
+ static void find_local_users(struct ncache_test_ctx *test_ctx)
+ {
+     int i;
+-    FILE *passwd_file;
+     const struct passwd *pwd;
+ 
+-    passwd_file = fopen("/etc/passwd", "r");
+-    assert_non_null(passwd_file);
+-
+     for (i = 0; i < 2; /*no-op*/) {
+-        pwd = fgetpwent(passwd_file);
++        pwd = getpwent();
+         assert_non_null(pwd);
+         if (pwd->pw_uid == 0) {
+             /* skip root */
+@@ -122,7 +118,7 @@
+         ++i;
+     }
+ 
+-    fclose(passwd_file);
++    endpwent();
+ }
+ 
+ static void find_local_groups(struct ncache_test_ctx *test_ctx)
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..3872909b933d 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,20 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ nss-devel libnfsidmap-devel p11-kit-devel jansson-devel python3-devel
+ libcurl-devel libunistring-devel"
+checkdepends="bc openssh softhsm gnutls-tools"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,30 +22,77 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
+if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	makedepends+=" nss-devel nspr-devel"
+	CFLAGS="-I${XBPS_CROSS_BASE}/usr/include/nspr"
 fi
 
+if [ "$XBPS_CHECK_PKGS" ]; then
+	hostmakedepends+=" automake"
+	makedepends+=" cmocka-devel check-devel"
+fi
+
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+
 do_check() {
 	export CK_TIMEOUT_MULTIPLIER=10
 	make check VERBOSE=yes
 	unset CK_TIMEOUT_MULTIPLIER
 }
 
+post_patch() {
+	if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	   cp "${FILESDIR}/nss.h" ${wrksrc}/src
+	fi
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# exclude tests depending on libnss*.so.* present with glibc only.
+		if [ "$XBPS_TARGET_LIBC" != "glibc" ]; then
+			for i in "nss-srv-tests" "test-negcache" "responder-get-domains-tests" \
+					"responder_cache_req-tests" "ssh-srv-tests" "test_kcm_queue"; do
+				vsed -i Makefile.am -e "/[    |	]${i}/d"
+			done
+		fi
+
+		# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+		# * test_inotify: [test_timeout] (0x0010): The test timed out!
+		# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+		# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+		# unexpectedly set to 22
+		# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+		for i in "test_sysdb_sudo" "test_inotify" "dlopen-tests" "strtonum-tests" \
+				"pam-srv-tests"; do
+			vsed -i Makefile.am -e "/[    |	]${i}/d"
+		done
+	fi
+}
+
+pre_configure() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		automake
+	fi
+}
+
+pre_build() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# build test CA separately for tests; for one reason or another it is
+		# not done by default, although it should be.
+		make test_CA
+	fi
+}
+
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
 
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 18742 bytes --]

From a547dfcf697db10000c0c9743960cfabb37043a5 Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can safely be omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/files/nss.h                    | 15 ++++
 srcpkgs/sssd/patches/configure_cross.patch  | 33 ++++++++
 srcpkgs/sssd/patches/fix_tests.patch        | 54 --------------
 srcpkgs/sssd/patches/libressl.patch         | 26 -------
 srcpkgs/sssd/patches/missing_includes.patch | 28 +++++++
 srcpkgs/sssd/patches/path_hosts.patch       | 59 +++++++++++++++
 srcpkgs/sssd/patches/softhsm.patch          | 30 ++++++++
 srcpkgs/sssd/patches/test_negcache.patch    | 21 ++++++
 srcpkgs/sssd/patches/test_negcache_2.patch  | 27 +++++++
 srcpkgs/sssd/template                       | 83 ++++++++++++++++-----
 srcpkgs/sssd/update                         |  1 -
 11 files changed, 276 insertions(+), 101 deletions(-)
 create mode 100644 srcpkgs/sssd/files/nss.h
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/missing_includes.patch
 create mode 100644 srcpkgs/sssd/patches/path_hosts.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache_2.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/files/nss.h b/srcpkgs/sssd/files/nss.h
new file mode 100644
index 000000000000..e15ee3ee34e0
--- /dev/null
+++ b/srcpkgs/sssd/files/nss.h
@@ -0,0 +1,15 @@
+#ifndef NSS__H
+#define NSS__H
+
+#include <nss/nss.h>
+
+enum nss_status
+{
+    NSS_STATUS_TRYAGAIN = -2,
+    NSS_STATUS_UNAVAIL = -1,
+    NSS_STATUS_NOTFOUND = 0,
+    NSS_STATUS_SUCCESS = 1,
+    NSS_STATUS_RETURN = 2
+};
+
+#endif
diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/missing_includes.patch b/srcpkgs/sssd/patches/missing_includes.patch
new file mode 100644
index 000000000000..991b4bbbdc04
--- /dev/null
+++ b/srcpkgs/sssd/patches/missing_includes.patch
@@ -0,0 +1,28 @@
+Source:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/0002-src.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
+index af3563e65..2d98829ad 100644
+--- a/src/confdb/confdb.h
++++ b/src/confdb/confdb.h
+@@ -22,6 +22,7 @@
+ #ifndef _CONF_DB_H
+ #define _CONF_DB_H
+ 
++#include <sys/types.h>
+ #include <stdbool.h>
+ #include <talloc.h>
+ #include <tevent.h>
+diff --git a/src/util/util.h b/src/util/util.h
+index 6dfd2540c..e54ca5bd5 100644
+--- a/src/util/util.h
++++ b/src/util/util.h
+@@ -30,6 +30,7 @@
+ #include <time.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <sys/param.h>
+ #include <netinet/in.h>
+ 
+ #include <talloc.h>
diff --git a/srcpkgs/sssd/patches/path_hosts.patch b/srcpkgs/sssd/patches/path_hosts.patch
new file mode 100644
index 000000000000..e659b701acd4
--- /dev/null
+++ b/srcpkgs/sssd/patches/path_hosts.patch
@@ -0,0 +1,59 @@
+The following patch was appropriated from:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/musl_fixup.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+---
+
+fix musl build failures
+
+Missing _PATH_HOSTS and some NETDB defines when musl is enabled.
+
+These are work arounds for now while we figure out where the real fix should reside (musl, gcompact, sssd):
+
+./sssd-2.5.1/src/providers/fail_over.c:1199:19: error: '_PATH_HOSTS' undeclared (first use in this function)
+|  1199 |                   _PATH_HOSTS);
+|       |                   ^~~~~~~~~~~
+
+and 
+
+i./sssd-2.5.1/src/sss_client/nss_ipnetworks.c:415:21: error: 'NETDB_INTERNAL' undeclared (first use in this function)
+|   415 |         *h_errnop = NETDB_INTERNAL;
+
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: sssd-2.5.1/src/providers/fail_over.c
+===================================================================
+--- sssd-2.5.1.orig/src/providers/fail_over.c
++++ sssd-2.5.1/src/providers/fail_over.c
+@@ -31,6 +31,10 @@
+ #include <talloc.h>
+ #include <netdb.h>
+ 
++#if !defined(_PATH_HOSTS)
++#define _PATH_HOSTS     "/etc/hosts"
++#endif
++
+ #include "util/dlinklist.h"
+ #include "util/refcount.h"
+ #include "util/util.h"
+Index: sssd-2.5.1/src/sss_client/sss_cli.h
+===================================================================
+--- sssd-2.5.1.orig/src/sss_client/sss_cli.h
++++ sssd-2.5.1/src/sss_client/sss_cli.h
+@@ -44,6 +44,14 @@ typedef int errno_t;
+ #define EOK 0
+ #endif
+ 
++#ifndef NETDB_INTERNAL
++# define NETDB_INTERNAL (-1)
++#endif
++
++#ifndef NETDB_SUCCESS
++# define NETDB_SUCCESS (0)
++#endif
++
+ #define SSS_NSS_PROTOCOL_VERSION 1
+ #define SSS_PAM_PROTOCOL_VERSION 3
+ #define SSS_SUDO_PROTOCOL_VERSION 1
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/test_negcache_2.patch b/srcpkgs/sssd/patches/test_negcache_2.patch
new file mode 100644
index 000000000000..39e2024ab3fc
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache_2.patch
@@ -0,0 +1,27 @@
+--- a/src/tests/cmocka/test_negcache_2.c
++++ b/src/tests/cmocka/test_negcache_2.c
+@@ -103,14 +103,10 @@
+ static void find_local_users(struct ncache_test_ctx *test_ctx)
+ {
+     int i;
+-    FILE *passwd_file;
+     const struct passwd *pwd;
+ 
+-    passwd_file = fopen("/etc/passwd", "r");
+-    assert_non_null(passwd_file);
+-
+     for (i = 0; i < 2; /*no-op*/) {
+-        pwd = fgetpwent(passwd_file);
++        pwd = getpwent();
+         assert_non_null(pwd);
+         if (pwd->pw_uid == 0) {
+             /* skip root */
+@@ -122,7 +118,7 @@
+         ++i;
+     }
+ 
+-    fclose(passwd_file);
++    endpwent();
+ }
+ 
+ static void find_local_groups(struct ncache_test_ctx *test_ctx)
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..d945c630388b 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,21 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+make_check_args="VERBOSE=yes"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ libnfsidmap-devel p11-kit-devel jansson-devel python3-devel libcurl-devel
+ libunistring-devel"
+checkdepends="bc openssh softhsm gnutls-tools"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,28 +23,70 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
+if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	makedepends+=" nss-devel nspr-devel"
+	CFLAGS="-I${XBPS_CROSS_BASE}/usr/include/nspr"
 fi
 
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
+if [ "$XBPS_CHECK_PKGS" ]; then
+	hostmakedepends+=" automake"
+	makedepends+=" cmocka-devel check-devel"
+fi
+
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+export CK_TIMEOUT_MULTIPLIER=10
+
+post_patch() {
+	if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	   cp "${FILESDIR}/nss.h" ${wrksrc}/src
+	fi
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# exclude tests depending on libnss*.so.* present with glibc only.
+		if [ "$XBPS_TARGET_LIBC" != "glibc" ]; then
+			for i in "nss-srv-tests" "test-negcache" "responder-get-domains-tests" \
+					"responder_cache_req-tests" "ssh-srv-tests" "test_kcm_queue"; do
+				vsed -i Makefile.am -e "/[    |	]${i}/d"
+			done
+		fi
+
+		# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+		# * test_inotify: [test_timeout] (0x0010): The test timed out!
+		# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+		# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+		# unexpectedly set to 22
+		# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+		for i in "test_sysdb_sudo" "test_inotify" "dlopen-tests" "strtonum-tests" \
+				"pam-srv-tests"; do
+			vsed -i Makefile.am -e "/[    |	]${i}/d"
+		done
+	fi
+}
+
+pre_configure() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		automake
+	fi
+}
+
+pre_build() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# build test CA separately for tests; for one reason or another it is
+		# not done by default, although it should be.
+		make test_CA
+	fi
 }
 
 post_install() {
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 385 bytes --]

New comment by kruceter on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1416359179

Comment:
> it can't find NSS symbols

Not what I was expecting, though.

Replaced musl-nscd-devel with `nss-devel` and `nspr-devel` the way Alpine does.

@klarasm, if you have time to test this package once again - I would be grateful if you do.

Re: sssd: update to 2.8.2.

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 739 bytes --]

New comment by klarasm on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1416519702

Comment:
Unfortunately this fails in the same way. I also tried this on a machine without my openldap update on it with the same result.

Interestingly, if I try to run the provided service file from musl-nscd it also complains (after removing -F which is not recognized):
`nscd: libnss_files.so: Error loading shared library libnss_files.so: No such file or directory`

I can't actually find any package that provides libnss_files.so.2 (xbps-query -Ro /usr/lib/libnss_files.so.2 and variations don't return anything).

[sssd.log](https://github.com/void-linux/void-packages/files/10583401/sssd.log)

Re: sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 323 bytes --]

New comment by kruceter on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1416535256

Comment:
`libnss_files.so` comes from glibc, which is not supposed to be used on musl.

May I inquire what configuration are you using? It seems I will have to rely on bruteforce testing.

Re: sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 340 bytes --]

New comment by kruceter on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1416535256

Comment:
`libnss_files.so` comes from glibc which is not supposed to be used on musl or even mentioned.

May I inquire what configuration are you using? It seems I will have to rely on bruteforce testing.

Re: sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 352 bytes --]

New comment by kruceter on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1416535256

Comment:
`libnss_files.so` comes from glibc which is not supposed to be used on musl or even mentioned.

May I inquire what configuration are you using? Looks like I will have to rely on bruteforce testing after all.

Re: sssd: update to 2.8.2.

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 527 bytes --]

New comment by klarasm on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1416545398

Comment:
You should be able to reproduce with this configuration if you remove `ldap_sasl_mech = GSSAPI`.

Note that my kerberos/ldap servers do not have an IPv4 address, so it will probably not work if you don't have IPv6.

Aside from that, there's no secret or password in this configuration file.
[sssd.conf.txt](https://github.com/void-linux/void-packages/files/10584850/sssd.conf.txt)

Re: sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 861 bytes --]

New comment by kruceter on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1416555297

Comment:
Thank you for sharing. Reproduced it clearly:

```
(2023-02-04  3:08:57): [pam] [sss_load_nss_symbols] (0x0010): Unable to load libnss_files.so.2 module, error: Error loading shared library libnss_files.so.2: No such file or directory
```

It seems THEY hardcoded this library in https://github.com/SSSD/sssd/blob/master/src/util/nss_dl_load.c.

```
libpath = talloc_asprintf(NULL, "libnss_%s.so.2", libname);
```

Just double-checked and it seems Alpine's sssd does not link against `nss` at all.

From what I see in the provided configuration, nss is the vital module.

Yes, something else may work on musl, but upstream clearly hardcodes to use glibc and may possibly create more problems in future.

Re: sssd: update to 2.8.2.

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 233 bytes --]

New comment by klarasm on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1416558555

Comment:
Yeah. I still think it's worthwhile to update this, though, as it will benefit glibc users.

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 13373 bytes --]

From 7462f33525a180cd0184d74848a8175fa21b8e85 Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/files/nss.h                   | 15 ++++++
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/patches/softhsm.patch         | 30 ++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch   | 21 +++++++++
 srcpkgs/sssd/template                      | 43 +++++++++--------
 srcpkgs/sssd/update                        |  1 -
 8 files changed, 122 insertions(+), 101 deletions(-)
 create mode 100644 srcpkgs/sssd/files/nss.h
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/files/nss.h b/srcpkgs/sssd/files/nss.h
new file mode 100644
index 000000000000..e15ee3ee34e0
--- /dev/null
+++ b/srcpkgs/sssd/files/nss.h
@@ -0,0 +1,15 @@
+#ifndef NSS__H
+#define NSS__H
+
+#include <nss/nss.h>
+
+enum nss_status
+{
+    NSS_STATUS_TRYAGAIN = -2,
+    NSS_STATUS_UNAVAIL = -1,
+    NSS_STATUS_NOTFOUND = 0,
+    NSS_STATUS_SUCCESS = 1,
+    NSS_STATUS_RETURN = 2
+};
+
+#endif
diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..faceab02285c 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,20 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+make_check_args="VERBOSE=yes"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ libnfsidmap-devel p11-kit-devel jansson-devel python3-devel libcurl-devel
+ libunistring-devel"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,29 +22,32 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
+if [ "$XBPS_TARGET_LIBC" != glibc ]; then
 	broken="nscd is glibc only"
 fi
 
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+export CK_TIMEOUT_MULTIPLIER=10
 
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 12852 bytes --]

From 5c1d92bd26142c957105d52890041e9177dc17bb Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/patches/softhsm.patch         | 30 ++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch   | 21 +++++++++
 srcpkgs/sssd/template                      | 43 +++++++++--------
 srcpkgs/sssd/update                        |  1 -
 7 files changed, 107 insertions(+), 101 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..faceab02285c 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,20 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+make_check_args="VERBOSE=yes"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ libnfsidmap-devel p11-kit-devel jansson-devel python3-devel libcurl-devel
+ libunistring-devel"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,29 +22,32 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
+if [ "$XBPS_TARGET_LIBC" != glibc ]; then
 	broken="nscd is glibc only"
 fi
 
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+export CK_TIMEOUT_MULTIPLIER=10
 
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 12997 bytes --]

From 066bfdbde64ea790aad208c28b66a7410e82f3a1 Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/patches/softhsm.patch         | 30 ++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch   | 21 +++++++++
 srcpkgs/sssd/template                      | 46 ++++++++++--------
 srcpkgs/sssd/update                        |  1 -
 7 files changed, 110 insertions(+), 101 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..c2e94bdb5538 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,21 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+make_check_args="VERBOSE=yes"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ libnfsidmap-devel p11-kit-devel jansson-devel python3-devel libcurl-devel
+ libunistring-devel"
+checkdepends="bc openssh softhsm gnutls-tools"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,29 +23,34 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+# * Requires to manually build test CA for tests, although it should be
+#   done by default.
+#make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
+if [ "$XBPS_TARGET_LIBC" != glibc ]; then
 	broken="nscd is glibc only"
 fi
 
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+export CK_TIMEOUT_MULTIPLIER=10
 
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 13073 bytes --]

From f53d417372e5cc293db9bf838edf94d5af7aa171 Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/patches/softhsm.patch         | 30 ++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch   | 21 +++++++++
 srcpkgs/sssd/template                      | 48 ++++++++++---------
 srcpkgs/sssd/update                        |  1 -
 7 files changed, 111 insertions(+), 102 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..81fd458fc2df 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,21 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+make_check_args="VERBOSE=yes"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
- ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ nss-devel ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel
+ glib-devel libnfsidmap-devel p11-kit-devel jansson-devel python3-devel
+ libcurl-devel libunistring-devel"
+checkdepends="bc openssh softhsm gnutls-tools"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,29 +23,34 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+# * Requires to manually make CA for tests, although it should be
+#   done by default.
+#make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
+if [ "$XBPS_TARGET_LIBC" != glibc ]; then
 	broken="nscd is glibc only"
 fi
 
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+export CK_TIMEOUT_MULTIPLIER=10
 
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 13157 bytes --]

From 4dcfca8ec4590ab056b19fe495f5715aa8f27385 Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/patches/softhsm.patch         | 30 ++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch   | 21 +++++++++
 srcpkgs/sssd/template                      | 52 ++++++++++++---------
 srcpkgs/sssd/update                        |  1 -
 7 files changed, 115 insertions(+), 102 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..22d4e771bb97 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,21 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+make_check_args="VERBOSE=yes"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
- ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ nss-devel ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel
+ glib-devel libnfsidmap-devel p11-kit-devel jansson-devel python3-devel
+ libcurl-devel libunistring-devel"
+checkdepends="bc openssh softhsm gnutls-tools"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,29 +23,38 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+# * Requires to manually make CA for tests, although it should be
+#   done by default.
+#make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+export CK_TIMEOUT_MULTIPLIER=10
+
+if [ "$XBPS_TARGET_LIBC" != glibc ]; then
 	broken="nscd is glibc only"
 fi
 
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
+if [ "$XBPS_CHECK_PKGS" ]; then
+	makedepends+=" cmocka-devel check-devel"
+fi
 
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 12914 bytes --]

From cce12bd257183d228e091c4aeb3ce46311c6b00c Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/patches/softhsm.patch         | 30 ++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch   | 21 +++++++++
 srcpkgs/sssd/template                      | 46 +++++++++---------
 srcpkgs/sssd/update                        |  1 -
 7 files changed, 109 insertions(+), 102 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..929161759f16 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,19 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ libnfsidmap-devel p11-kit-devel jansson-devel python3-devel libcurl-devel
+ libunistring-devel"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,30 +21,35 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+# * Requires to manually 'make test_CA' (although it should be done by
+#   default?).
+make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+export CK_TIMEOUT_MULTIPLIER=10
+
+if [ "$XBPS_TARGET_LIBC" != glibc ]; then
 	broken="nscd is glibc only"
 fi
 
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
-
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
 
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 236 bytes --]

New comment by kruceter on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1416595915

Comment:
Very well. Left it restricted to glibc only and disabled tests too. Should be enough for now.

Re: sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 237 bytes --]

New comment by kruceter on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1416595915

Comment:
Very well. Left it restricted to glibc only and disabled tests, too. Should be enough for now.

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 12881 bytes --]

From 980cb033a9cc24a0f6c4279ed9cb8b6310fb0a06 Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/patches/softhsm.patch         | 30 ++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch   | 21 +++++++++
 srcpkgs/sssd/template                      | 45 +++++++++---------
 srcpkgs/sssd/update                        |  1 -
 7 files changed, 108 insertions(+), 102 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..cfecb0b084a8 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,19 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ libnfsidmap-devel p11-kit-devel jansson-devel python3-devel libcurl-devel
+ libunistring-devel"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,30 +21,34 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+# * Requires to manually 'make test_CA' (although it should be done by
+#   default?).
+make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+
+if [ "$XBPS_TARGET_LIBC" != glibc ]; then
 	broken="nscd is glibc only"
 fi
 
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
-
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
 
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 13018 bytes --]

From c099fd1b8a5f6383c6cea9d9a07a0c0a45a5c10c Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

* nscd does not seem to be used in hostmakedepends.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/patches/softhsm.patch         | 30 ++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch   | 21 +++++++++
 srcpkgs/sssd/template                      | 48 ++++++++++---------
 srcpkgs/sssd/update                        |  1 -
 7 files changed, 109 insertions(+), 104 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..7fc88020c707 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,22 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+# upstream explicitly hardcodes to use glibc:
+# https://github.com/SSSD/sssd/blob/2.8.2/src/util/nss_dl_load.c
+archs="~*-musl"
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ libnfsidmap-devel p11-kit-devel jansson-devel python3-devel libcurl-devel
+ libunistring-devel"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,29 +24,29 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+# * requires to manually 'make test_CA' (although it should be done by
+#   default?).
+make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
-fi
-
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
 
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 13018 bytes --]

From 8fe793e2c5a7fb51442084a7bc96024b3c8866ff Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

* nscd does not seem to be used in hostmakedepends.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/patches/softhsm.patch         | 30 ++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch   | 21 +++++++++
 srcpkgs/sssd/template                      | 48 ++++++++++---------
 srcpkgs/sssd/update                        |  1 -
 7 files changed, 109 insertions(+), 104 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..fba10df64e5b 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,22 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
+# upstream explicitly hardcodes to use glibc:
+# https://github.com/SSSD/sssd/blob/2.8.2/src/util/nss_dl_load.c
+archs="~*-musl"
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ libnfsidmap-devel p11-kit-devel jansson-devel python3-devel libcurl-devel
+ libunistring-devel"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,29 +24,29 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+# * requires to manually 'make test_CA' (although it should be done by
+#   default?).
+make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
-fi
-
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
 
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: sssd: update to 2.8.2.

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 310 bytes --]

New comment by klarasm on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1419447177

Comment:
I built and tested this on glibc and it works fine (nss and pam). The sudo integration does not work, but that's probably due to the sudo package not having it enabled.

Re: [PR PATCH] [Closed]: sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 547 bytes --]

There's a closed pull request on the void-packages repository

sssd: update to 2.8.2.
https://github.com/void-linux/void-packages/pull/40846

Description:
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
~~- I built this PR locally for my native architecture, x86_64-musl~~
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - x86_64-glibc

Re: sssd: update to 2.8.2.

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 185 bytes --]

New comment by klarasm on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1424056064

Comment:
@kruceter did you close this intentionally?

Re: sssd: update to 2.8.2.

[paper42]

[-- Attachment #1: Type: text/plain, Size: 282 bytes --]

New comment by paper42 on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1424655237

Comment:
@klarasm I won't go into details, but the author was banned, if you would like to continue working on this, would you mind opening a new PR?

Re: sssd: update to 2.8.2.

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 168 bytes --]

New comment by klarasm on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1426230458

Comment:
I created a new PR, #42201

Re: [PR PATCH] [Updated] sssd: update to 2.8.2

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 671 bytes --]

There is an updated pull request by klarasm against master on the void-packages repository

https://github.com/klarasm/void-packages sssd-2.8
https://github.com/void-linux/void-packages/pull/42201

sssd: update to 2.8.2
Continues from #40846

#### Testing the changes
- I tested the changes in this PR: **YES**
- Also tested with #41948

#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures:
  - aarch64
  - armv7l
  - armv6l
  - i686

This package is not supported on musl.

A patch file from https://github.com/void-linux/void-packages/pull/42201.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-2.8-42201.patch --]
[-- Type: text/x-diff, Size: 10413 bytes --]

From 91d709f6273b0fb688992990e3e0ed431ef5dc51 Mon Sep 17 00:00:00 2001
From: Klara Modin <klarasmodin@gmail.com>
Date: Sat, 11 Feb 2023 11:43:22 +0100
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

* nscd does not seem to be used in hostmakedepends.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* remove patches relating to tests as we disable them

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/template                      | 50 ++++++++++----------
 srcpkgs/sssd/update                        |  1 -
 5 files changed, 59 insertions(+), 105 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..ed1bfeea048e 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,22 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
+# upstream explicitly hardcodes to use glibc:
+# https://github.com/SSSD/sssd/blob/2.8.2/src/util/nss_dl_load.c
+archs="~*-musl"
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ libnfsidmap-devel p11-kit-devel jansson-devel python3-devel libcurl-devel
+ libunistring-devel"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,32 +24,32 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+# * requires to manually 'make test_CA' (although it should be done by
+#   default?).
+make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
-fi
-
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
 
 post_install() {
-	rm -rf ${DESTDIR}/etc/rc.d
+	rm -r ${DESTDIR}/etc/rc.d
 
 	vsv sssd
 }
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 671 bytes --]

There is an updated pull request by klarasm against master on the void-packages repository

https://github.com/klarasm/void-packages sssd-2.8
https://github.com/void-linux/void-packages/pull/42201

sssd: update to 2.8.2
Continues from #40846

#### Testing the changes
- I tested the changes in this PR: **YES**
- Also tested with #41948

#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures:
  - aarch64
  - armv7l
  - armv6l
  - i686

This package is not supported on musl.

A patch file from https://github.com/void-linux/void-packages/pull/42201.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-2.8-42201.patch --]
[-- Type: text/x-diff, Size: 13023 bytes --]

From 49b12e290b7b6025c87466f30d9c96f865d19283 Mon Sep 17 00:00:00 2001
From: Klara Modin <klarasmodin@gmail.com>
Date: Sat, 11 Feb 2023 11:43:22 +0100
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

* nscd does not seem to be used in hostmakedepends.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/patches/softhsm.patch         | 30 ++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch   | 21 +++++++++
 srcpkgs/sssd/template                      | 48 ++++++++++---------
 srcpkgs/sssd/update                        |  1 -
 7 files changed, 109 insertions(+), 104 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..fba10df64e5b 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,22 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
+# upstream explicitly hardcodes to use glibc:
+# https://github.com/SSSD/sssd/blob/2.8.2/src/util/nss_dl_load.c
+archs="~*-musl"
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ libnfsidmap-devel p11-kit-devel jansson-devel python3-devel libcurl-devel
+ libunistring-devel"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,29 +24,29 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+# * requires to manually 'make test_CA' (although it should be done by
+#   default?).
+make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
-fi
-
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
 
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"