From 91d709f6273b0fb688992990e3e0ed431ef5dc51 Mon Sep 17 00:00:00 2001 From: Klara Modin Date: Sat, 11 Feb 2023 11:43:22 +0100 Subject: [PATCH] sssd: update to 2.8.2. Dependencies: * libwbclient is deprecated and removed upstream. * libxslt-devel is not used for building; xsltproc from libxslt is used instead. * xmlcatmgr does not seem to be used as a host make dependency. * python3 is required for cross compiling bindings. * http-parser-devel (http_parser.h) does not seem to be mentioned anywhere in the source code. * nscd does not seem to be used in hostmakedepends. Patches: * libressl.patch is removed due to openssl replacing libressl. * remove patches relating to tests as we disable them Misc: * "--without-python2-bindings" can be safely omitted from configure_args. * oidc-child now requires libjose which is not present in the repository, hence it is disabled. --- srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++ srcpkgs/sssd/patches/fix_tests.patch | 54 ---------------------- srcpkgs/sssd/patches/libressl.patch | 26 ----------- srcpkgs/sssd/template | 50 ++++++++++---------- srcpkgs/sssd/update | 1 - 5 files changed, 59 insertions(+), 105 deletions(-) create mode 100644 srcpkgs/sssd/patches/configure_cross.patch delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch delete mode 100644 srcpkgs/sssd/patches/libressl.patch delete mode 100644 srcpkgs/sssd/update diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch new file mode 100644 index 000000000000..15874b31c5da --- /dev/null +++ b/srcpkgs/sssd/patches/configure_cross.patch @@ -0,0 +1,33 @@ +configure was supposed to execute compiled testing binaries. + +However, when it comes to cross compiling, the script chooses to exit +and interrupt the building. + +Skipping execution is preferred to quitting in this case. + +--- a/configure ++++ b/configure +@@ -20460,10 +20460,7 @@ + + if test "$cross_compiling" = yes + then : +- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +-as_fn_error $? "cannot run test program while cross compiling +-See \`config.log' for more details" "$LINENO" 5; } ++ : + else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ +@@ -22915,10 +22912,7 @@ + LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}" + if test "$cross_compiling" = yes + then : +- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +-as_fn_error $? "cannot run test program while cross compiling +-See \`config.log' for more details" "$LINENO" 5; } ++ : + else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch deleted file mode 100644 index c7de01493a8c..000000000000 --- a/srcpkgs/sssd/patches/fix_tests.patch +++ /dev/null @@ -1,54 +0,0 @@ -Fix tests by disabling failures related to softhsm, see - -https://github.com/SSSD/sssd/issues/5397 - ---- a/src/tests/cmocka/test_pam_srv.c -+++ b/src/tests/cmocka/test_pam_srv.c -@@ -41,6 +41,8 @@ - #include "tests/test_CA/SSSD_test_cert_x509_0002.h" - #include "tests/test_CA/SSSD_test_cert_x509_0005.h" - -+#define TEST_MODULE_NAME SOFTHSM2_PATH -+ - #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h" - #else - #define SSSD_TEST_CERT_0001 "" -@@ -48,6 +50,7 @@ - #define SSSD_TEST_CERT_0005 "" - - #define SSSD_TEST_ECC_CERT_0001 "" -+#define TEST_MODULE_NAME "" - #endif - - #define TESTS_PATH "tp_" BASE_FILE_STEM -@@ -62,7 +65,6 @@ - #define TEST_TOKEN_NAME "SSSD Test Token" - #define TEST_TOKEN2_NAME "SSSD Test Token Number 2" - #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17" --#define TEST_MODULE_NAME SOFTHSM2_PATH - #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD" - #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD" - #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD" - -The test_ncache_* functions require a working user directory, which is -generally unavailable in xbps-src builds. - ---- a/src/tests/cmocka/test_negcache.c -+++ b/src/tests/cmocka/test_negcache.c -@@ -1089,7 +1089,7 @@ - setup, teardown), - cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type, - setup, teardown), -- -+#if 0 - /* user */ - cmocka_unit_test_setup_teardown(test_ncache_nocache_user, - test_ncache_setup, -@@ -1142,6 +1142,7 @@ - cmocka_unit_test_setup_teardown(test_ncache_both_gid, - test_ncache_setup, - test_ncache_teardown), -+#endif - }; - - tests_set_cwd(); diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch deleted file mode 100644 index e9c8a4bf7b09..000000000000 --- a/srcpkgs/sssd/patches/libressl.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c ---- a/src/p11_child/p11_child_openssl.c 2020-09-06 16:39:47.663132167 +0200 -+++ b/src/p11_child/p11_child_openssl.c 2020-09-06 16:39:51.887060887 +0200 -@@ -33,0 +34 @@ -+#include -diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c ---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c 2020-09-06 16:39:47.705131458 +0200 -+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c 2020-09-06 16:39:51.870061174 +0200 -@@ -19,0 +20 @@ -+#include ---- a/src/lib/certmap/sss_cert_content_crypto.c 2020-10-12 12:16:19.000000000 +0200 -+++ b/src/lib/certmap/sss_cert_content_crypto.c 2020-10-12 12:16:19.000000000 +0200 -@@ -771,8 +771,13 @@ - ret = EIO; - goto done; - } -+#ifdef LIBRESSL_VERSION_NUMBER -+ if (cert->ex_flags & EXFLAG_KUSAGE) { -+ cont->key_usage = cert->ex_kusage; -+#else - if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) { - cont->key_usage = X509_get_key_usage(cert); -+#endif - } else { - /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I - * section 13.3.2 "Certificate match" "keyUsage matches if all of the diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template index 3bfeb32ef10d..ed1bfeea048e 100644 --- a/srcpkgs/sssd/template +++ b/srcpkgs/sssd/template @@ -1,20 +1,22 @@ # Template file for 'sssd' pkgname=sssd -version=2.4.0 -revision=5 +version=2.8.2 +revision=1 +# upstream explicitly hardcodes to use glibc: +# https://github.com/SSSD/sssd/blob/2.8.2/src/util/nss_dl_load.c +archs="~*-musl" build_style=gnu-configure # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1; # until this is fixed upstream, manually define am_cv_python_version to circumvent -configure_args="--without-selinux --without-semanage --without-libwbclient +configure_args="--without-selinux --without-semanage --without-oidc-child --disable-cifs-idmap-plugin --without-samba --with-os=fedora --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run - --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings - am_cv_python_version=${py3_ver}" -hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl" + --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}" +hostmakedepends="libxslt pkg-config bind docbook-xsl python3" makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel - libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel - jansson-devel python3-devel libcurl-devel cmocka-devel check-devel" + libnfsidmap-devel p11-kit-devel jansson-devel python3-devel libcurl-devel + libunistring-devel" make_dirs="/var/lib/sss/db 0700 root root /var/lib/sss/secrets 0700 root root /var/lib/sss/pubconf/krb5.include.d 0700 root root @@ -22,32 +24,32 @@ make_dirs="/var/lib/sss/db 0700 root root /var/lib/sss/mc 0700 root root /var/lib/sss/keytabs 0700 root root /var/lib/sss/gpo_cache 0700 root root - /var/lib/sss/db 0700 root root - /etc/sssd/ 0700 root root - /var/sssd/conf.d 0700 root root" + /var/lib/sss/deskprofile 0700 root root + /etc/sssd/pki 0700 root root + /etc/sssd/conf.d 0700 root root" short_desc="System Security Services Daemon" maintainer="Yuusha Spacewolf " license="GPL-3.0-or-later" homepage="https://sssd.io" -distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz" -checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd +distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz" +checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef python_version=3 -nocross="configure attempts to run compiled output" # These modules in /usr/lib/sssd are required by sssd-python3 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so" +# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time); +# * test_inotify: [test_timeout] (0x0010): The test timed out! +# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found +# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno +# unexpectedly set to 22 +# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631 +# * requires to manually 'make test_CA' (although it should be done by +# default?). +make_check=no -if [ "$XBPS_LIBC" != glibc ]; then - broken="nscd is glibc only" -fi - -do_check() { - export CK_TIMEOUT_MULTIPLIER=10 - make check VERBOSE=yes - unset CK_TIMEOUT_MULTIPLIER -} +export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config" post_install() { - rm -rf ${DESTDIR}/etc/rc.d + rm -r ${DESTDIR}/etc/rc.d vsv sssd } diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update deleted file mode 100644 index ca35d5fb7662..000000000000 --- a/srcpkgs/sssd/update +++ /dev/null @@ -1 +0,0 @@ -pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"