[PR PATCH] sssd: update to 2.8.2

[PR PATCH] sssd: update to 2.8.2

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 666 bytes --]

There is a new pull request by klarasm against master on the void-packages repository

https://github.com/klarasm/void-packages sssd-2.8
https://github.com/void-linux/void-packages/pull/42201

sssd: update to 2.8.2
Continues from #40846

#### Testing the changes
- I tested the changes in this PR: **YES**
- Also tested with #41948

#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures:
  - aarch64
  - armv7l
  - armv6l
  - i686

This package is not supported on musl.

A patch file from https://github.com/void-linux/void-packages/pull/42201.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-2.8-42201.patch --]
[-- Type: text/x-diff, Size: 13018 bytes --]

From e3d4111ed054f85333d5dc11a0f4e62785b28890 Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

* nscd does not seem to be used in hostmakedepends.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/patches/softhsm.patch         | 30 ++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch   | 21 +++++++++
 srcpkgs/sssd/template                      | 48 ++++++++++---------
 srcpkgs/sssd/update                        |  1 -
 7 files changed, 109 insertions(+), 104 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..fba10df64e5b 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,22 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
+# upstream explicitly hardcodes to use glibc:
+# https://github.com/SSSD/sssd/blob/2.8.2/src/util/nss_dl_load.c
+archs="~*-musl"
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ libnfsidmap-devel p11-kit-devel jansson-devel python3-devel libcurl-devel
+ libunistring-devel"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,29 +24,29 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+# * requires to manually 'make test_CA' (although it should be done by
+#   default?).
+make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
-fi
-
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
 
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: sssd: update to 2.8.2

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 275 bytes --]

New comment by klarasm on void-packages repository

https://github.com/void-linux/void-packages/pull/42201#issuecomment-1426232121

Comment:
I may look into adding a build option to the openssh package to enable integration with sudoers rules on ldap via this package later.

Re: [PR PATCH] [Updated] sssd: update to 2.8.2

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 671 bytes --]

There is an updated pull request by klarasm against master on the void-packages repository

https://github.com/klarasm/void-packages sssd-2.8
https://github.com/void-linux/void-packages/pull/42201

sssd: update to 2.8.2
Continues from #40846

#### Testing the changes
- I tested the changes in this PR: **YES**
- Also tested with #41948

#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures:
  - aarch64
  - armv7l
  - armv6l
  - i686

This package is not supported on musl.

A patch file from https://github.com/void-linux/void-packages/pull/42201.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-2.8-42201.patch --]
[-- Type: text/x-diff, Size: 13023 bytes --]

From 49b12e290b7b6025c87466f30d9c96f865d19283 Mon Sep 17 00:00:00 2001
From: Klara Modin <klarasmodin@gmail.com>
Date: Sat, 11 Feb 2023 11:43:22 +0100
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

* nscd does not seem to be used in hostmakedepends.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/patches/softhsm.patch         | 30 ++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch   | 21 +++++++++
 srcpkgs/sssd/template                      | 48 ++++++++++---------
 srcpkgs/sssd/update                        |  1 -
 7 files changed, 109 insertions(+), 104 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..fba10df64e5b 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,22 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
+# upstream explicitly hardcodes to use glibc:
+# https://github.com/SSSD/sssd/blob/2.8.2/src/util/nss_dl_load.c
+archs="~*-musl"
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ libnfsidmap-devel p11-kit-devel jansson-devel python3-devel libcurl-devel
+ libunistring-devel"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,29 +24,29 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+# * requires to manually 'make test_CA' (although it should be done by
+#   default?).
+make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
-fi
-
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
 
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: sssd: update to 2.8.2

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 220 bytes --]

New comment by klarasm on void-packages repository

https://github.com/void-linux/void-packages/pull/42201#issuecomment-1426695687

Comment:
The original author has requested that I reset the commit author, so I did so.

Re: [PR REVIEW] sssd: update to 2.8.2

[paper42]

[-- Attachment #1: Type: text/plain, Size: 194 bytes --]

New review comment by paper42 on void-packages repository

https://github.com/void-linux/void-packages/pull/42201#discussion_r1106340497

Comment:
```suggestion
	rm -r ${DESTDIR}/etc/rc.d
```

Re: [PR REVIEW] sssd: update to 2.8.2

[paper42]

[-- Attachment #1: Type: text/plain, Size: 247 bytes --]

New review comment by paper42 on void-packages repository

https://github.com/void-linux/void-packages/pull/42201#discussion_r1106341267

Comment:
I don't think it makes sense to have 2 patches that fix 2 tests when we disable all of them anyway.

Re: [PR PATCH] [Updated] sssd: update to 2.8.2

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 671 bytes --]

There is an updated pull request by klarasm against master on the void-packages repository

https://github.com/klarasm/void-packages sssd-2.8
https://github.com/void-linux/void-packages/pull/42201

sssd: update to 2.8.2
Continues from #40846

#### Testing the changes
- I tested the changes in this PR: **YES**
- Also tested with #41948

#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures:
  - aarch64
  - armv7l
  - armv6l
  - i686

This package is not supported on musl.

A patch file from https://github.com/void-linux/void-packages/pull/42201.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-2.8-42201.patch --]
[-- Type: text/x-diff, Size: 10413 bytes --]

From 91d709f6273b0fb688992990e3e0ed431ef5dc51 Mon Sep 17 00:00:00 2001
From: Klara Modin <klarasmodin@gmail.com>
Date: Sat, 11 Feb 2023 11:43:22 +0100
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

* nscd does not seem to be used in hostmakedepends.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* remove patches relating to tests as we disable them

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/template                      | 50 ++++++++++----------
 srcpkgs/sssd/update                        |  1 -
 5 files changed, 59 insertions(+), 105 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..ed1bfeea048e 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,22 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
+# upstream explicitly hardcodes to use glibc:
+# https://github.com/SSSD/sssd/blob/2.8.2/src/util/nss_dl_load.c
+archs="~*-musl"
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ libnfsidmap-devel p11-kit-devel jansson-devel python3-devel libcurl-devel
+ libunistring-devel"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,32 +24,32 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+# * requires to manually 'make test_CA' (although it should be done by
+#   default?).
+make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
-fi
-
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
 
 post_install() {
-	rm -rf ${DESTDIR}/etc/rc.d
+	rm -r ${DESTDIR}/etc/rc.d
 
 	vsv sssd
 }
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR REVIEW] sssd: update to 2.8.2

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 287 bytes --]

New review comment by klarasm on void-packages repository

https://github.com/void-linux/void-packages/pull/42201#discussion_r1106505451

Comment:
I removed the patches. Tried to look more into the tests that were failing but besides a few of them I don't have any idea how to fix them.

Re: [PR PATCH] [Merged]: sssd: update to 2.8.2

[paper42]

[-- Attachment #1: Type: text/plain, Size: 514 bytes --]

There's a merged pull request on the void-packages repository

sssd: update to 2.8.2
https://github.com/void-linux/void-packages/pull/42201

Description:
Continues from #40846

#### Testing the changes
- I tested the changes in this PR: **YES**
- Also tested with #41948

#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures:
  - aarch64
  - armv7l
  - armv6l
  - i686

This package is not supported on musl.

Re: sssd: update to 2.8.2.

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 168 bytes --]

New comment by klarasm on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1426230458

Comment:
I created a new PR, #42201

Re: sssd: update to 2.8.2.

[paper42]

[-- Attachment #1: Type: text/plain, Size: 282 bytes --]

New comment by paper42 on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1424655237

Comment:
@klarasm I won't go into details, but the author was banned, if you would like to continue working on this, would you mind opening a new PR?

Re: sssd: update to 2.8.2.

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 185 bytes --]

New comment by klarasm on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1424056064

Comment:
@kruceter did you close this intentionally?

Re: sssd: update to 2.8.2.

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 310 bytes --]

New comment by klarasm on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1419447177

Comment:
I built and tested this on glibc and it works fine (nss and pam). The sudo integration does not work, but that's probably due to the sudo package not having it enabled.

Re: sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 237 bytes --]

New comment by kruceter on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1416595915

Comment:
Very well. Left it restricted to glibc only and disabled tests, too. Should be enough for now.

Re: sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 236 bytes --]

New comment by kruceter on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1416595915

Comment:
Very well. Left it restricted to glibc only and disabled tests too. Should be enough for now.

Re: sssd: update to 2.8.2.

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 233 bytes --]

New comment by klarasm on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1416558555

Comment:
Yeah. I still think it's worthwhile to update this, though, as it will benefit glibc users.

Re: sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 861 bytes --]

New comment by kruceter on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1416555297

Comment:
Thank you for sharing. Reproduced it clearly:

```
(2023-02-04  3:08:57): [pam] [sss_load_nss_symbols] (0x0010): Unable to load libnss_files.so.2 module, error: Error loading shared library libnss_files.so.2: No such file or directory
```

It seems THEY hardcoded this library in https://github.com/SSSD/sssd/blob/master/src/util/nss_dl_load.c.

```
libpath = talloc_asprintf(NULL, "libnss_%s.so.2", libname);
```

Just double-checked and it seems Alpine's sssd does not link against `nss` at all.

From what I see in the provided configuration, nss is the vital module.

Yes, something else may work on musl, but upstream clearly hardcodes to use glibc and may possibly create more problems in future.

Re: sssd: update to 2.8.2.

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 527 bytes --]

New comment by klarasm on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1416545398

Comment:
You should be able to reproduce with this configuration if you remove `ldap_sasl_mech = GSSAPI`.

Note that my kerberos/ldap servers do not have an IPv4 address, so it will probably not work if you don't have IPv6.

Aside from that, there's no secret or password in this configuration file.
[sssd.conf.txt](https://github.com/void-linux/void-packages/files/10584850/sssd.conf.txt)

Re: sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 352 bytes --]

New comment by kruceter on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1416535256

Comment:
`libnss_files.so` comes from glibc which is not supposed to be used on musl or even mentioned.

May I inquire what configuration are you using? Looks like I will have to rely on bruteforce testing after all.

Re: sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 340 bytes --]

New comment by kruceter on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1416535256

Comment:
`libnss_files.so` comes from glibc which is not supposed to be used on musl or even mentioned.

May I inquire what configuration are you using? It seems I will have to rely on bruteforce testing.

Re: sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 323 bytes --]

New comment by kruceter on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1416535256

Comment:
`libnss_files.so` comes from glibc, which is not supposed to be used on musl.

May I inquire what configuration are you using? It seems I will have to rely on bruteforce testing.

Re: sssd: update to 2.8.2.

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 739 bytes --]

New comment by klarasm on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1416519702

Comment:
Unfortunately this fails in the same way. I also tried this on a machine without my openldap update on it with the same result.

Interestingly, if I try to run the provided service file from musl-nscd it also complains (after removing -F which is not recognized):
`nscd: libnss_files.so: Error loading shared library libnss_files.so: No such file or directory`

I can't actually find any package that provides libnss_files.so.2 (xbps-query -Ro /usr/lib/libnss_files.so.2 and variations don't return anything).

[sssd.log](https://github.com/void-linux/void-packages/files/10583401/sssd.log)

Re: sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 385 bytes --]

New comment by kruceter on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1416359179

Comment:
> it can't find NSS symbols

Not what I was expecting, though.

Replaced musl-nscd-devel with `nss-devel` and `nspr-devel` the way Alpine does.

@klarasm, if you have time to test this package once again - I would be grateful if you do.

Re: sssd: update to 2.8.2.

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 374 bytes --]

New comment by klarasm on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1416144183

Comment:
[sssd.log](https://github.com/void-linux/void-packages/files/10580992/sssd.log)

Tried this with #41948.
sssd complains that it can't find NSS symbols, more specifically libnss_files.so.2. musl-nscd does not seem to contain that.

Re: sssd: update to 2.8.2.

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 191 bytes --]

New comment by klarasm on void-packages repository

https://github.com/void-linux/void-packages/pull/40846#issuecomment-1416121436

Comment:
Currently building for testing. Will report back.