[PR PATCH] sssd: update to 2.8.2

[PR PATCH] sssd: update to 2.8.2

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 666 bytes --]

There is a new pull request by klarasm against master on the void-packages repository

https://github.com/klarasm/void-packages sssd-2.8
https://github.com/void-linux/void-packages/pull/42201

sssd: update to 2.8.2
Continues from #40846

#### Testing the changes
- I tested the changes in this PR: **YES**
- Also tested with #41948

#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures:
  - aarch64
  - armv7l
  - armv6l
  - i686

This package is not supported on musl.

A patch file from https://github.com/void-linux/void-packages/pull/42201.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-2.8-42201.patch --]
[-- Type: text/x-diff, Size: 13018 bytes --]

From e3d4111ed054f85333d5dc11a0f4e62785b28890 Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

* nscd does not seem to be used in hostmakedepends.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/patches/softhsm.patch         | 30 ++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch   | 21 +++++++++
 srcpkgs/sssd/template                      | 48 ++++++++++---------
 srcpkgs/sssd/update                        |  1 -
 7 files changed, 109 insertions(+), 104 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..fba10df64e5b 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,22 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
+# upstream explicitly hardcodes to use glibc:
+# https://github.com/SSSD/sssd/blob/2.8.2/src/util/nss_dl_load.c
+archs="~*-musl"
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ libnfsidmap-devel p11-kit-devel jansson-devel python3-devel libcurl-devel
+ libunistring-devel"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,29 +24,29 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+# * requires to manually 'make test_CA' (although it should be done by
+#   default?).
+make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
-fi
-
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
 
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: sssd: update to 2.8.2

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 275 bytes --]

New comment by klarasm on void-packages repository

https://github.com/void-linux/void-packages/pull/42201#issuecomment-1426232121

Comment:
I may look into adding a build option to the openssh package to enable integration with sudoers rules on ldap via this package later.

Re: [PR PATCH] [Updated] sssd: update to 2.8.2

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 671 bytes --]

There is an updated pull request by klarasm against master on the void-packages repository

https://github.com/klarasm/void-packages sssd-2.8
https://github.com/void-linux/void-packages/pull/42201

sssd: update to 2.8.2
Continues from #40846

#### Testing the changes
- I tested the changes in this PR: **YES**
- Also tested with #41948

#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures:
  - aarch64
  - armv7l
  - armv6l
  - i686

This package is not supported on musl.

A patch file from https://github.com/void-linux/void-packages/pull/42201.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-2.8-42201.patch --]
[-- Type: text/x-diff, Size: 13023 bytes --]

From 49b12e290b7b6025c87466f30d9c96f865d19283 Mon Sep 17 00:00:00 2001
From: Klara Modin <klarasmodin@gmail.com>
Date: Sat, 11 Feb 2023 11:43:22 +0100
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

* nscd does not seem to be used in hostmakedepends.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/patches/softhsm.patch         | 30 ++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch   | 21 +++++++++
 srcpkgs/sssd/template                      | 48 ++++++++++---------
 srcpkgs/sssd/update                        |  1 -
 7 files changed, 109 insertions(+), 104 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..fba10df64e5b 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,22 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
+# upstream explicitly hardcodes to use glibc:
+# https://github.com/SSSD/sssd/blob/2.8.2/src/util/nss_dl_load.c
+archs="~*-musl"
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ libnfsidmap-devel p11-kit-devel jansson-devel python3-devel libcurl-devel
+ libunistring-devel"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,29 +24,29 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+# * requires to manually 'make test_CA' (although it should be done by
+#   default?).
+make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
-fi
-
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
 
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: sssd: update to 2.8.2

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 220 bytes --]

New comment by klarasm on void-packages repository

https://github.com/void-linux/void-packages/pull/42201#issuecomment-1426695687

Comment:
The original author has requested that I reset the commit author, so I did so.

Re: [PR REVIEW] sssd: update to 2.8.2

[paper42]

[-- Attachment #1: Type: text/plain, Size: 194 bytes --]

New review comment by paper42 on void-packages repository

https://github.com/void-linux/void-packages/pull/42201#discussion_r1106340497

Comment:
```suggestion
	rm -r ${DESTDIR}/etc/rc.d
```

Re: [PR REVIEW] sssd: update to 2.8.2

[paper42]

[-- Attachment #1: Type: text/plain, Size: 247 bytes --]

New review comment by paper42 on void-packages repository

https://github.com/void-linux/void-packages/pull/42201#discussion_r1106341267

Comment:
I don't think it makes sense to have 2 patches that fix 2 tests when we disable all of them anyway.

Re: [PR PATCH] [Updated] sssd: update to 2.8.2

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 671 bytes --]

There is an updated pull request by klarasm against master on the void-packages repository

https://github.com/klarasm/void-packages sssd-2.8
https://github.com/void-linux/void-packages/pull/42201

sssd: update to 2.8.2
Continues from #40846

#### Testing the changes
- I tested the changes in this PR: **YES**
- Also tested with #41948

#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures:
  - aarch64
  - armv7l
  - armv6l
  - i686

This package is not supported on musl.

A patch file from https://github.com/void-linux/void-packages/pull/42201.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-2.8-42201.patch --]
[-- Type: text/x-diff, Size: 10413 bytes --]

From 91d709f6273b0fb688992990e3e0ed431ef5dc51 Mon Sep 17 00:00:00 2001
From: Klara Modin <klarasmodin@gmail.com>
Date: Sat, 11 Feb 2023 11:43:22 +0100
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

* nscd does not seem to be used in hostmakedepends.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* remove patches relating to tests as we disable them

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/template                      | 50 ++++++++++----------
 srcpkgs/sssd/update                        |  1 -
 5 files changed, 59 insertions(+), 105 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..ed1bfeea048e 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,22 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
+# upstream explicitly hardcodes to use glibc:
+# https://github.com/SSSD/sssd/blob/2.8.2/src/util/nss_dl_load.c
+archs="~*-musl"
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ libnfsidmap-devel p11-kit-devel jansson-devel python3-devel libcurl-devel
+ libunistring-devel"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,32 +24,32 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+# * requires to manually 'make test_CA' (although it should be done by
+#   default?).
+make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
-fi
-
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
 
 post_install() {
-	rm -rf ${DESTDIR}/etc/rc.d
+	rm -r ${DESTDIR}/etc/rc.d
 
 	vsv sssd
 }
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR REVIEW] sssd: update to 2.8.2

[klarasm]

[-- Attachment #1: Type: text/plain, Size: 287 bytes --]

New review comment by klarasm on void-packages repository

https://github.com/void-linux/void-packages/pull/42201#discussion_r1106505451

Comment:
I removed the patches. Tried to look more into the tests that were failing but besides a few of them I don't have any idea how to fix them.

Re: [PR PATCH] [Merged]: sssd: update to 2.8.2

[paper42]

[-- Attachment #1: Type: text/plain, Size: 514 bytes --]

There's a merged pull request on the void-packages repository

sssd: update to 2.8.2
https://github.com/void-linux/void-packages/pull/42201

Description:
Continues from #40846

#### Testing the changes
- I tested the changes in this PR: **YES**
- Also tested with #41948

#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures:
  - aarch64
  - armv7l
  - armv6l
  - i686

This package is not supported on musl.

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 13018 bytes --]

From 8fe793e2c5a7fb51442084a7bc96024b3c8866ff Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

* nscd does not seem to be used in hostmakedepends.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/patches/softhsm.patch         | 30 ++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch   | 21 +++++++++
 srcpkgs/sssd/template                      | 48 ++++++++++---------
 srcpkgs/sssd/update                        |  1 -
 7 files changed, 109 insertions(+), 104 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..fba10df64e5b 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,22 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
+# upstream explicitly hardcodes to use glibc:
+# https://github.com/SSSD/sssd/blob/2.8.2/src/util/nss_dl_load.c
+archs="~*-musl"
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ libnfsidmap-devel p11-kit-devel jansson-devel python3-devel libcurl-devel
+ libunistring-devel"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,29 +24,29 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+# * requires to manually 'make test_CA' (although it should be done by
+#   default?).
+make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
-fi
-
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
 
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 13018 bytes --]

From c099fd1b8a5f6383c6cea9d9a07a0c0a45a5c10c Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

* nscd does not seem to be used in hostmakedepends.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/patches/softhsm.patch         | 30 ++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch   | 21 +++++++++
 srcpkgs/sssd/template                      | 48 ++++++++++---------
 srcpkgs/sssd/update                        |  1 -
 7 files changed, 109 insertions(+), 104 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..7fc88020c707 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,22 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+# upstream explicitly hardcodes to use glibc:
+# https://github.com/SSSD/sssd/blob/2.8.2/src/util/nss_dl_load.c
+archs="~*-musl"
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ libnfsidmap-devel p11-kit-devel jansson-devel python3-devel libcurl-devel
+ libunistring-devel"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,29 +24,29 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+# * requires to manually 'make test_CA' (although it should be done by
+#   default?).
+make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
-fi
-
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
 
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 12881 bytes --]

From 980cb033a9cc24a0f6c4279ed9cb8b6310fb0a06 Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/patches/softhsm.patch         | 30 ++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch   | 21 +++++++++
 srcpkgs/sssd/template                      | 45 +++++++++---------
 srcpkgs/sssd/update                        |  1 -
 7 files changed, 108 insertions(+), 102 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..cfecb0b084a8 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,19 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ libnfsidmap-devel p11-kit-devel jansson-devel python3-devel libcurl-devel
+ libunistring-devel"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,30 +21,34 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+# * Requires to manually 'make test_CA' (although it should be done by
+#   default?).
+make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+
+if [ "$XBPS_TARGET_LIBC" != glibc ]; then
 	broken="nscd is glibc only"
 fi
 
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
-
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
 
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 12914 bytes --]

From cce12bd257183d228e091c4aeb3ce46311c6b00c Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/patches/softhsm.patch         | 30 ++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch   | 21 +++++++++
 srcpkgs/sssd/template                      | 46 +++++++++---------
 srcpkgs/sssd/update                        |  1 -
 7 files changed, 109 insertions(+), 102 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..929161759f16 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,19 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ libnfsidmap-devel p11-kit-devel jansson-devel python3-devel libcurl-devel
+ libunistring-devel"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,30 +21,35 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+# * Requires to manually 'make test_CA' (although it should be done by
+#   default?).
+make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+export CK_TIMEOUT_MULTIPLIER=10
+
+if [ "$XBPS_TARGET_LIBC" != glibc ]; then
 	broken="nscd is glibc only"
 fi
 
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
-
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
 
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 13157 bytes --]

From 4dcfca8ec4590ab056b19fe495f5715aa8f27385 Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/patches/softhsm.patch         | 30 ++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch   | 21 +++++++++
 srcpkgs/sssd/template                      | 52 ++++++++++++---------
 srcpkgs/sssd/update                        |  1 -
 7 files changed, 115 insertions(+), 102 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..22d4e771bb97 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,21 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+make_check_args="VERBOSE=yes"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
- ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ nss-devel ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel
+ glib-devel libnfsidmap-devel p11-kit-devel jansson-devel python3-devel
+ libcurl-devel libunistring-devel"
+checkdepends="bc openssh softhsm gnutls-tools"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,29 +23,38 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+# * Requires to manually make CA for tests, although it should be
+#   done by default.
+#make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+export CK_TIMEOUT_MULTIPLIER=10
+
+if [ "$XBPS_TARGET_LIBC" != glibc ]; then
 	broken="nscd is glibc only"
 fi
 
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
+if [ "$XBPS_CHECK_PKGS" ]; then
+	makedepends+=" cmocka-devel check-devel"
+fi
 
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 13073 bytes --]

From f53d417372e5cc293db9bf838edf94d5af7aa171 Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/patches/softhsm.patch         | 30 ++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch   | 21 +++++++++
 srcpkgs/sssd/template                      | 48 ++++++++++---------
 srcpkgs/sssd/update                        |  1 -
 7 files changed, 111 insertions(+), 102 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..81fd458fc2df 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,21 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+make_check_args="VERBOSE=yes"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
- ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ nss-devel ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel
+ glib-devel libnfsidmap-devel p11-kit-devel jansson-devel python3-devel
+ libcurl-devel libunistring-devel"
+checkdepends="bc openssh softhsm gnutls-tools"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,29 +23,34 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+# * Requires to manually make CA for tests, although it should be
+#   done by default.
+#make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
+if [ "$XBPS_TARGET_LIBC" != glibc ]; then
 	broken="nscd is glibc only"
 fi
 
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+export CK_TIMEOUT_MULTIPLIER=10
 
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 12997 bytes --]

From 066bfdbde64ea790aad208c28b66a7410e82f3a1 Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/patches/softhsm.patch         | 30 ++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch   | 21 +++++++++
 srcpkgs/sssd/template                      | 46 ++++++++++--------
 srcpkgs/sssd/update                        |  1 -
 7 files changed, 110 insertions(+), 101 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..c2e94bdb5538 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,21 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+make_check_args="VERBOSE=yes"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ libnfsidmap-devel p11-kit-devel jansson-devel python3-devel libcurl-devel
+ libunistring-devel"
+checkdepends="bc openssh softhsm gnutls-tools"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,29 +23,34 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+# * Requires to manually build test CA for tests, although it should be
+#   done by default.
+#make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
+if [ "$XBPS_TARGET_LIBC" != glibc ]; then
 	broken="nscd is glibc only"
 fi
 
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+export CK_TIMEOUT_MULTIPLIER=10
 
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 12852 bytes --]

From 5c1d92bd26142c957105d52890041e9177dc17bb Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/patches/softhsm.patch         | 30 ++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch   | 21 +++++++++
 srcpkgs/sssd/template                      | 43 +++++++++--------
 srcpkgs/sssd/update                        |  1 -
 7 files changed, 107 insertions(+), 101 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..faceab02285c 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,20 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+make_check_args="VERBOSE=yes"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ libnfsidmap-devel p11-kit-devel jansson-devel python3-devel libcurl-devel
+ libunistring-devel"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,29 +22,32 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
+if [ "$XBPS_TARGET_LIBC" != glibc ]; then
 	broken="nscd is glibc only"
 fi
 
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+export CK_TIMEOUT_MULTIPLIER=10
 
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 13373 bytes --]

From 7462f33525a180cd0184d74848a8175fa21b8e85 Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can be safely omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/files/nss.h                   | 15 ++++++
 srcpkgs/sssd/patches/configure_cross.patch | 33 +++++++++++++
 srcpkgs/sssd/patches/fix_tests.patch       | 54 ----------------------
 srcpkgs/sssd/patches/libressl.patch        | 26 -----------
 srcpkgs/sssd/patches/softhsm.patch         | 30 ++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch   | 21 +++++++++
 srcpkgs/sssd/template                      | 43 +++++++++--------
 srcpkgs/sssd/update                        |  1 -
 8 files changed, 122 insertions(+), 101 deletions(-)
 create mode 100644 srcpkgs/sssd/files/nss.h
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/files/nss.h b/srcpkgs/sssd/files/nss.h
new file mode 100644
index 000000000000..e15ee3ee34e0
--- /dev/null
+++ b/srcpkgs/sssd/files/nss.h
@@ -0,0 +1,15 @@
+#ifndef NSS__H
+#define NSS__H
+
+#include <nss/nss.h>
+
+enum nss_status
+{
+    NSS_STATUS_TRYAGAIN = -2,
+    NSS_STATUS_UNAVAIL = -1,
+    NSS_STATUS_NOTFOUND = 0,
+    NSS_STATUS_SUCCESS = 1,
+    NSS_STATUS_RETURN = 2
+};
+
+#endif
diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..faceab02285c 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,20 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+make_check_args="VERBOSE=yes"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ libnfsidmap-devel p11-kit-devel jansson-devel python3-devel libcurl-devel
+ libunistring-devel"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,29 +22,32 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
+# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+# * test_inotify: [test_timeout] (0x0010): The test timed out!
+# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+#   unexpectedly set to 22
+# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+make_check=no
 
-if [ "$XBPS_LIBC" != glibc ]; then
+if [ "$XBPS_TARGET_LIBC" != glibc ]; then
 	broken="nscd is glibc only"
 fi
 
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
-}
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+export CK_TIMEOUT_MULTIPLIER=10
 
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 18742 bytes --]

From a547dfcf697db10000c0c9743960cfabb37043a5 Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can safely be omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/files/nss.h                    | 15 ++++
 srcpkgs/sssd/patches/configure_cross.patch  | 33 ++++++++
 srcpkgs/sssd/patches/fix_tests.patch        | 54 --------------
 srcpkgs/sssd/patches/libressl.patch         | 26 -------
 srcpkgs/sssd/patches/missing_includes.patch | 28 +++++++
 srcpkgs/sssd/patches/path_hosts.patch       | 59 +++++++++++++++
 srcpkgs/sssd/patches/softhsm.patch          | 30 ++++++++
 srcpkgs/sssd/patches/test_negcache.patch    | 21 ++++++
 srcpkgs/sssd/patches/test_negcache_2.patch  | 27 +++++++
 srcpkgs/sssd/template                       | 83 ++++++++++++++++-----
 srcpkgs/sssd/update                         |  1 -
 11 files changed, 276 insertions(+), 101 deletions(-)
 create mode 100644 srcpkgs/sssd/files/nss.h
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/missing_includes.patch
 create mode 100644 srcpkgs/sssd/patches/path_hosts.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache_2.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/files/nss.h b/srcpkgs/sssd/files/nss.h
new file mode 100644
index 000000000000..e15ee3ee34e0
--- /dev/null
+++ b/srcpkgs/sssd/files/nss.h
@@ -0,0 +1,15 @@
+#ifndef NSS__H
+#define NSS__H
+
+#include <nss/nss.h>
+
+enum nss_status
+{
+    NSS_STATUS_TRYAGAIN = -2,
+    NSS_STATUS_UNAVAIL = -1,
+    NSS_STATUS_NOTFOUND = 0,
+    NSS_STATUS_SUCCESS = 1,
+    NSS_STATUS_RETURN = 2
+};
+
+#endif
diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/missing_includes.patch b/srcpkgs/sssd/patches/missing_includes.patch
new file mode 100644
index 000000000000..991b4bbbdc04
--- /dev/null
+++ b/srcpkgs/sssd/patches/missing_includes.patch
@@ -0,0 +1,28 @@
+Source:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/0002-src.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
+index af3563e65..2d98829ad 100644
+--- a/src/confdb/confdb.h
++++ b/src/confdb/confdb.h
+@@ -22,6 +22,7 @@
+ #ifndef _CONF_DB_H
+ #define _CONF_DB_H
+ 
++#include <sys/types.h>
+ #include <stdbool.h>
+ #include <talloc.h>
+ #include <tevent.h>
+diff --git a/src/util/util.h b/src/util/util.h
+index 6dfd2540c..e54ca5bd5 100644
+--- a/src/util/util.h
++++ b/src/util/util.h
+@@ -30,6 +30,7 @@
+ #include <time.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <sys/param.h>
+ #include <netinet/in.h>
+ 
+ #include <talloc.h>
diff --git a/srcpkgs/sssd/patches/path_hosts.patch b/srcpkgs/sssd/patches/path_hosts.patch
new file mode 100644
index 000000000000..e659b701acd4
--- /dev/null
+++ b/srcpkgs/sssd/patches/path_hosts.patch
@@ -0,0 +1,59 @@
+The following patch was appropriated from:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/musl_fixup.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+---
+
+fix musl build failures
+
+Missing _PATH_HOSTS and some NETDB defines when musl is enabled.
+
+These are work arounds for now while we figure out where the real fix should reside (musl, gcompact, sssd):
+
+./sssd-2.5.1/src/providers/fail_over.c:1199:19: error: '_PATH_HOSTS' undeclared (first use in this function)
+|  1199 |                   _PATH_HOSTS);
+|       |                   ^~~~~~~~~~~
+
+and 
+
+i./sssd-2.5.1/src/sss_client/nss_ipnetworks.c:415:21: error: 'NETDB_INTERNAL' undeclared (first use in this function)
+|   415 |         *h_errnop = NETDB_INTERNAL;
+
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: sssd-2.5.1/src/providers/fail_over.c
+===================================================================
+--- sssd-2.5.1.orig/src/providers/fail_over.c
++++ sssd-2.5.1/src/providers/fail_over.c
+@@ -31,6 +31,10 @@
+ #include <talloc.h>
+ #include <netdb.h>
+ 
++#if !defined(_PATH_HOSTS)
++#define _PATH_HOSTS     "/etc/hosts"
++#endif
++
+ #include "util/dlinklist.h"
+ #include "util/refcount.h"
+ #include "util/util.h"
+Index: sssd-2.5.1/src/sss_client/sss_cli.h
+===================================================================
+--- sssd-2.5.1.orig/src/sss_client/sss_cli.h
++++ sssd-2.5.1/src/sss_client/sss_cli.h
+@@ -44,6 +44,14 @@ typedef int errno_t;
+ #define EOK 0
+ #endif
+ 
++#ifndef NETDB_INTERNAL
++# define NETDB_INTERNAL (-1)
++#endif
++
++#ifndef NETDB_SUCCESS
++# define NETDB_SUCCESS (0)
++#endif
++
+ #define SSS_NSS_PROTOCOL_VERSION 1
+ #define SSS_PAM_PROTOCOL_VERSION 3
+ #define SSS_SUDO_PROTOCOL_VERSION 1
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/test_negcache_2.patch b/srcpkgs/sssd/patches/test_negcache_2.patch
new file mode 100644
index 000000000000..39e2024ab3fc
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache_2.patch
@@ -0,0 +1,27 @@
+--- a/src/tests/cmocka/test_negcache_2.c
++++ b/src/tests/cmocka/test_negcache_2.c
+@@ -103,14 +103,10 @@
+ static void find_local_users(struct ncache_test_ctx *test_ctx)
+ {
+     int i;
+-    FILE *passwd_file;
+     const struct passwd *pwd;
+ 
+-    passwd_file = fopen("/etc/passwd", "r");
+-    assert_non_null(passwd_file);
+-
+     for (i = 0; i < 2; /*no-op*/) {
+-        pwd = fgetpwent(passwd_file);
++        pwd = getpwent();
+         assert_non_null(pwd);
+         if (pwd->pw_uid == 0) {
+             /* skip root */
+@@ -122,7 +118,7 @@
+         ++i;
+     }
+ 
+-    fclose(passwd_file);
++    endpwent();
+ }
+ 
+ static void find_local_groups(struct ncache_test_ctx *test_ctx)
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..d945c630388b 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,21 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+make_check_args="VERBOSE=yes"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ libnfsidmap-devel p11-kit-devel jansson-devel python3-devel libcurl-devel
+ libunistring-devel"
+checkdepends="bc openssh softhsm gnutls-tools"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,28 +23,70 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
+if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	makedepends+=" nss-devel nspr-devel"
+	CFLAGS="-I${XBPS_CROSS_BASE}/usr/include/nspr"
 fi
 
-do_check() {
-	export CK_TIMEOUT_MULTIPLIER=10
-	make check VERBOSE=yes
-	unset CK_TIMEOUT_MULTIPLIER
+if [ "$XBPS_CHECK_PKGS" ]; then
+	hostmakedepends+=" automake"
+	makedepends+=" cmocka-devel check-devel"
+fi
+
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+export CK_TIMEOUT_MULTIPLIER=10
+
+post_patch() {
+	if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	   cp "${FILESDIR}/nss.h" ${wrksrc}/src
+	fi
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# exclude tests depending on libnss*.so.* present with glibc only.
+		if [ "$XBPS_TARGET_LIBC" != "glibc" ]; then
+			for i in "nss-srv-tests" "test-negcache" "responder-get-domains-tests" \
+					"responder_cache_req-tests" "ssh-srv-tests" "test_kcm_queue"; do
+				vsed -i Makefile.am -e "/[    |	]${i}/d"
+			done
+		fi
+
+		# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+		# * test_inotify: [test_timeout] (0x0010): The test timed out!
+		# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+		# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+		# unexpectedly set to 22
+		# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+		for i in "test_sysdb_sudo" "test_inotify" "dlopen-tests" "strtonum-tests" \
+				"pam-srv-tests"; do
+			vsed -i Makefile.am -e "/[    |	]${i}/d"
+		done
+	fi
+}
+
+pre_configure() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		automake
+	fi
+}
+
+pre_build() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# build test CA separately for tests; for one reason or another it is
+		# not done by default, although it should be.
+		make test_CA
+	fi
 }
 
 post_install() {
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 18725 bytes --]

From 4858041e4ebb6fb5f69aaef1df78fe963d2d1b8e Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can safely be omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/files/nss.h                    | 15 ++++
 srcpkgs/sssd/patches/configure_cross.patch  | 33 +++++++++
 srcpkgs/sssd/patches/fix_tests.patch        | 54 --------------
 srcpkgs/sssd/patches/libressl.patch         | 26 -------
 srcpkgs/sssd/patches/missing_includes.patch | 28 ++++++++
 srcpkgs/sssd/patches/path_hosts.patch       | 59 +++++++++++++++
 srcpkgs/sssd/patches/softhsm.patch          | 30 ++++++++
 srcpkgs/sssd/patches/test_negcache.patch    | 21 ++++++
 srcpkgs/sssd/patches/test_negcache_2.patch  | 27 +++++++
 srcpkgs/sssd/template                       | 79 ++++++++++++++++-----
 srcpkgs/sssd/update                         |  1 -
 11 files changed, 276 insertions(+), 97 deletions(-)
 create mode 100644 srcpkgs/sssd/files/nss.h
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/missing_includes.patch
 create mode 100644 srcpkgs/sssd/patches/path_hosts.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache_2.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/files/nss.h b/srcpkgs/sssd/files/nss.h
new file mode 100644
index 000000000000..e15ee3ee34e0
--- /dev/null
+++ b/srcpkgs/sssd/files/nss.h
@@ -0,0 +1,15 @@
+#ifndef NSS__H
+#define NSS__H
+
+#include <nss/nss.h>
+
+enum nss_status
+{
+    NSS_STATUS_TRYAGAIN = -2,
+    NSS_STATUS_UNAVAIL = -1,
+    NSS_STATUS_NOTFOUND = 0,
+    NSS_STATUS_SUCCESS = 1,
+    NSS_STATUS_RETURN = 2
+};
+
+#endif
diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/missing_includes.patch b/srcpkgs/sssd/patches/missing_includes.patch
new file mode 100644
index 000000000000..991b4bbbdc04
--- /dev/null
+++ b/srcpkgs/sssd/patches/missing_includes.patch
@@ -0,0 +1,28 @@
+Source:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/0002-src.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
+index af3563e65..2d98829ad 100644
+--- a/src/confdb/confdb.h
++++ b/src/confdb/confdb.h
+@@ -22,6 +22,7 @@
+ #ifndef _CONF_DB_H
+ #define _CONF_DB_H
+ 
++#include <sys/types.h>
+ #include <stdbool.h>
+ #include <talloc.h>
+ #include <tevent.h>
+diff --git a/src/util/util.h b/src/util/util.h
+index 6dfd2540c..e54ca5bd5 100644
+--- a/src/util/util.h
++++ b/src/util/util.h
+@@ -30,6 +30,7 @@
+ #include <time.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <sys/param.h>
+ #include <netinet/in.h>
+ 
+ #include <talloc.h>
diff --git a/srcpkgs/sssd/patches/path_hosts.patch b/srcpkgs/sssd/patches/path_hosts.patch
new file mode 100644
index 000000000000..e659b701acd4
--- /dev/null
+++ b/srcpkgs/sssd/patches/path_hosts.patch
@@ -0,0 +1,59 @@
+The following patch was appropriated from:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/musl_fixup.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+---
+
+fix musl build failures
+
+Missing _PATH_HOSTS and some NETDB defines when musl is enabled.
+
+These are work arounds for now while we figure out where the real fix should reside (musl, gcompact, sssd):
+
+./sssd-2.5.1/src/providers/fail_over.c:1199:19: error: '_PATH_HOSTS' undeclared (first use in this function)
+|  1199 |                   _PATH_HOSTS);
+|       |                   ^~~~~~~~~~~
+
+and 
+
+i./sssd-2.5.1/src/sss_client/nss_ipnetworks.c:415:21: error: 'NETDB_INTERNAL' undeclared (first use in this function)
+|   415 |         *h_errnop = NETDB_INTERNAL;
+
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: sssd-2.5.1/src/providers/fail_over.c
+===================================================================
+--- sssd-2.5.1.orig/src/providers/fail_over.c
++++ sssd-2.5.1/src/providers/fail_over.c
+@@ -31,6 +31,10 @@
+ #include <talloc.h>
+ #include <netdb.h>
+ 
++#if !defined(_PATH_HOSTS)
++#define _PATH_HOSTS     "/etc/hosts"
++#endif
++
+ #include "util/dlinklist.h"
+ #include "util/refcount.h"
+ #include "util/util.h"
+Index: sssd-2.5.1/src/sss_client/sss_cli.h
+===================================================================
+--- sssd-2.5.1.orig/src/sss_client/sss_cli.h
++++ sssd-2.5.1/src/sss_client/sss_cli.h
+@@ -44,6 +44,14 @@ typedef int errno_t;
+ #define EOK 0
+ #endif
+ 
++#ifndef NETDB_INTERNAL
++# define NETDB_INTERNAL (-1)
++#endif
++
++#ifndef NETDB_SUCCESS
++# define NETDB_SUCCESS (0)
++#endif
++
+ #define SSS_NSS_PROTOCOL_VERSION 1
+ #define SSS_PAM_PROTOCOL_VERSION 3
+ #define SSS_SUDO_PROTOCOL_VERSION 1
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/test_negcache_2.patch b/srcpkgs/sssd/patches/test_negcache_2.patch
new file mode 100644
index 000000000000..39e2024ab3fc
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache_2.patch
@@ -0,0 +1,27 @@
+--- a/src/tests/cmocka/test_negcache_2.c
++++ b/src/tests/cmocka/test_negcache_2.c
+@@ -103,14 +103,10 @@
+ static void find_local_users(struct ncache_test_ctx *test_ctx)
+ {
+     int i;
+-    FILE *passwd_file;
+     const struct passwd *pwd;
+ 
+-    passwd_file = fopen("/etc/passwd", "r");
+-    assert_non_null(passwd_file);
+-
+     for (i = 0; i < 2; /*no-op*/) {
+-        pwd = fgetpwent(passwd_file);
++        pwd = getpwent();
+         assert_non_null(pwd);
+         if (pwd->pw_uid == 0) {
+             /* skip root */
+@@ -122,7 +118,7 @@
+         ++i;
+     }
+ 
+-    fclose(passwd_file);
++    endpwent();
+ }
+ 
+ static void find_local_groups(struct ncache_test_ctx *test_ctx)
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..3872909b933d 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,20 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ nss-devel libnfsidmap-devel p11-kit-devel jansson-devel python3-devel
+ libcurl-devel libunistring-devel"
+checkdepends="bc openssh softhsm gnutls-tools"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,30 +22,77 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
+if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	makedepends+=" nss-devel nspr-devel"
+	CFLAGS="-I${XBPS_CROSS_BASE}/usr/include/nspr"
 fi
 
+if [ "$XBPS_CHECK_PKGS" ]; then
+	hostmakedepends+=" automake"
+	makedepends+=" cmocka-devel check-devel"
+fi
+
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+
 do_check() {
 	export CK_TIMEOUT_MULTIPLIER=10
 	make check VERBOSE=yes
 	unset CK_TIMEOUT_MULTIPLIER
 }
 
+post_patch() {
+	if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	   cp "${FILESDIR}/nss.h" ${wrksrc}/src
+	fi
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# exclude tests depending on libnss*.so.* present with glibc only.
+		if [ "$XBPS_TARGET_LIBC" != "glibc" ]; then
+			for i in "nss-srv-tests" "test-negcache" "responder-get-domains-tests" \
+					"responder_cache_req-tests" "ssh-srv-tests" "test_kcm_queue"; do
+				vsed -i Makefile.am -e "/[    |	]${i}/d"
+			done
+		fi
+
+		# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+		# * test_inotify: [test_timeout] (0x0010): The test timed out!
+		# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+		# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+		# unexpectedly set to 22
+		# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+		for i in "test_sysdb_sudo" "test_inotify" "dlopen-tests" "strtonum-tests" \
+				"pam-srv-tests"; do
+			vsed -i Makefile.am -e "/[    |	]${i}/d"
+		done
+	fi
+}
+
+pre_configure() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		automake
+	fi
+}
+
+pre_build() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# build test CA separately for tests; for one reason or another it is
+		# not done by default, although it should be.
+		make test_CA
+	fi
+}
+
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
 
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 18672 bytes --]

From e3f49b6461f30de5992c84e706d1df40a2bade37 Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can safely be omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/files/nss.h                    | 15 ++++
 srcpkgs/sssd/patches/configure_cross.patch  | 33 +++++++++
 srcpkgs/sssd/patches/fix_tests.patch        | 54 --------------
 srcpkgs/sssd/patches/libressl.patch         | 26 -------
 srcpkgs/sssd/patches/missing_includes.patch | 28 ++++++++
 srcpkgs/sssd/patches/path_hosts.patch       | 59 ++++++++++++++++
 srcpkgs/sssd/patches/softhsm.patch          | 30 ++++++++
 srcpkgs/sssd/patches/test_negcache.patch    | 21 ++++++
 srcpkgs/sssd/patches/test_negcache_2.patch  | 27 +++++++
 srcpkgs/sssd/template                       | 78 ++++++++++++++++-----
 srcpkgs/sssd/update                         |  1 -
 11 files changed, 275 insertions(+), 97 deletions(-)
 create mode 100644 srcpkgs/sssd/files/nss.h
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/missing_includes.patch
 create mode 100644 srcpkgs/sssd/patches/path_hosts.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache_2.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/files/nss.h b/srcpkgs/sssd/files/nss.h
new file mode 100644
index 000000000000..e15ee3ee34e0
--- /dev/null
+++ b/srcpkgs/sssd/files/nss.h
@@ -0,0 +1,15 @@
+#ifndef NSS__H
+#define NSS__H
+
+#include <nss/nss.h>
+
+enum nss_status
+{
+    NSS_STATUS_TRYAGAIN = -2,
+    NSS_STATUS_UNAVAIL = -1,
+    NSS_STATUS_NOTFOUND = 0,
+    NSS_STATUS_SUCCESS = 1,
+    NSS_STATUS_RETURN = 2
+};
+
+#endif
diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/missing_includes.patch b/srcpkgs/sssd/patches/missing_includes.patch
new file mode 100644
index 000000000000..991b4bbbdc04
--- /dev/null
+++ b/srcpkgs/sssd/patches/missing_includes.patch
@@ -0,0 +1,28 @@
+Source:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/0002-src.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
+index af3563e65..2d98829ad 100644
+--- a/src/confdb/confdb.h
++++ b/src/confdb/confdb.h
+@@ -22,6 +22,7 @@
+ #ifndef _CONF_DB_H
+ #define _CONF_DB_H
+ 
++#include <sys/types.h>
+ #include <stdbool.h>
+ #include <talloc.h>
+ #include <tevent.h>
+diff --git a/src/util/util.h b/src/util/util.h
+index 6dfd2540c..e54ca5bd5 100644
+--- a/src/util/util.h
++++ b/src/util/util.h
+@@ -30,6 +30,7 @@
+ #include <time.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <sys/param.h>
+ #include <netinet/in.h>
+ 
+ #include <talloc.h>
diff --git a/srcpkgs/sssd/patches/path_hosts.patch b/srcpkgs/sssd/patches/path_hosts.patch
new file mode 100644
index 000000000000..e659b701acd4
--- /dev/null
+++ b/srcpkgs/sssd/patches/path_hosts.patch
@@ -0,0 +1,59 @@
+The following patch was appropriated from:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/musl_fixup.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+---
+
+fix musl build failures
+
+Missing _PATH_HOSTS and some NETDB defines when musl is enabled.
+
+These are work arounds for now while we figure out where the real fix should reside (musl, gcompact, sssd):
+
+./sssd-2.5.1/src/providers/fail_over.c:1199:19: error: '_PATH_HOSTS' undeclared (first use in this function)
+|  1199 |                   _PATH_HOSTS);
+|       |                   ^~~~~~~~~~~
+
+and 
+
+i./sssd-2.5.1/src/sss_client/nss_ipnetworks.c:415:21: error: 'NETDB_INTERNAL' undeclared (first use in this function)
+|   415 |         *h_errnop = NETDB_INTERNAL;
+
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: sssd-2.5.1/src/providers/fail_over.c
+===================================================================
+--- sssd-2.5.1.orig/src/providers/fail_over.c
++++ sssd-2.5.1/src/providers/fail_over.c
+@@ -31,6 +31,10 @@
+ #include <talloc.h>
+ #include <netdb.h>
+ 
++#if !defined(_PATH_HOSTS)
++#define _PATH_HOSTS     "/etc/hosts"
++#endif
++
+ #include "util/dlinklist.h"
+ #include "util/refcount.h"
+ #include "util/util.h"
+Index: sssd-2.5.1/src/sss_client/sss_cli.h
+===================================================================
+--- sssd-2.5.1.orig/src/sss_client/sss_cli.h
++++ sssd-2.5.1/src/sss_client/sss_cli.h
+@@ -44,6 +44,14 @@ typedef int errno_t;
+ #define EOK 0
+ #endif
+ 
++#ifndef NETDB_INTERNAL
++# define NETDB_INTERNAL (-1)
++#endif
++
++#ifndef NETDB_SUCCESS
++# define NETDB_SUCCESS (0)
++#endif
++
+ #define SSS_NSS_PROTOCOL_VERSION 1
+ #define SSS_PAM_PROTOCOL_VERSION 3
+ #define SSS_SUDO_PROTOCOL_VERSION 1
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/test_negcache_2.patch b/srcpkgs/sssd/patches/test_negcache_2.patch
new file mode 100644
index 000000000000..39e2024ab3fc
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache_2.patch
@@ -0,0 +1,27 @@
+--- a/src/tests/cmocka/test_negcache_2.c
++++ b/src/tests/cmocka/test_negcache_2.c
+@@ -103,14 +103,10 @@
+ static void find_local_users(struct ncache_test_ctx *test_ctx)
+ {
+     int i;
+-    FILE *passwd_file;
+     const struct passwd *pwd;
+ 
+-    passwd_file = fopen("/etc/passwd", "r");
+-    assert_non_null(passwd_file);
+-
+     for (i = 0; i < 2; /*no-op*/) {
+-        pwd = fgetpwent(passwd_file);
++        pwd = getpwent();
+         assert_non_null(pwd);
+         if (pwd->pw_uid == 0) {
+             /* skip root */
+@@ -122,7 +118,7 @@
+         ++i;
+     }
+ 
+-    fclose(passwd_file);
++    endpwent();
+ }
+ 
+ static void find_local_groups(struct ncache_test_ctx *test_ctx)
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..dc92d8a2a93f 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,20 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ nss-devel libnfsidmap-devel p11-kit-devel jansson-devel python3-devel
+ libcurl-devel libunistring-devel"
+checkdepends="bc openssh softhsm gnutls-tools"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,30 +22,76 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
+if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	makedepends+=" nss-devel"
 fi
 
+if [ "$XBPS_CHECK_PKGS" ]; then
+	hostmakedepends+=" automake"
+	makedepends+=" cmocka-devel check-devel"
+fi
+
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+
 do_check() {
 	export CK_TIMEOUT_MULTIPLIER=10
 	make check VERBOSE=yes
 	unset CK_TIMEOUT_MULTIPLIER
 }
 
+post_patch() {
+	if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	   cp "${FILESDIR}/nss.h" ${build_wrksrc}/src
+	fi
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# exclude tests depending on libnss*.so.* present with glibc only.
+		if [ "$XBPS_TARGET_LIBC" != "glibc" ]; then
+			for i in "nss-srv-tests" "test-negcache" "responder-get-domains-tests" \
+					"responder_cache_req-tests" "ssh-srv-tests" "test_kcm_queue"; do
+				vsed -i Makefile.am -e "/[    |	]${i}/d"
+			done
+		fi
+
+		# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+		# * test_inotify: [test_timeout] (0x0010): The test timed out!
+		# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+		# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+		# unexpectedly set to 22
+		# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+		for i in "test_sysdb_sudo" "test_inotify" "dlopen-tests" "strtonum-tests" \
+				"pam-srv-tests"; do
+			vsed -i Makefile.am -e "/[    |	]${i}/d"
+		done
+	fi
+}
+
+pre_configure() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		automake
+	fi
+}
+
+pre_build() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# build test CA separately for tests; for one reason or another it is
+		# not done by default, although it should be.
+		make test_CA
+	fi
+}
+
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
 
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 18672 bytes --]

From 000978aec84f3320a851e89bfbede19d1767209d Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can safely be omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/files/nss.h                    | 15 ++++
 srcpkgs/sssd/patches/configure_cross.patch  | 33 +++++++++
 srcpkgs/sssd/patches/fix_tests.patch        | 54 --------------
 srcpkgs/sssd/patches/libressl.patch         | 26 -------
 srcpkgs/sssd/patches/missing_includes.patch | 28 ++++++++
 srcpkgs/sssd/patches/path_hosts.patch       | 59 ++++++++++++++++
 srcpkgs/sssd/patches/softhsm.patch          | 30 ++++++++
 srcpkgs/sssd/patches/test_negcache.patch    | 21 ++++++
 srcpkgs/sssd/patches/test_negcache_2.patch  | 27 +++++++
 srcpkgs/sssd/template                       | 78 ++++++++++++++++-----
 srcpkgs/sssd/update                         |  1 -
 11 files changed, 275 insertions(+), 97 deletions(-)
 create mode 100644 srcpkgs/sssd/files/nss.h
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/missing_includes.patch
 create mode 100644 srcpkgs/sssd/patches/path_hosts.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache_2.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/files/nss.h b/srcpkgs/sssd/files/nss.h
new file mode 100644
index 000000000000..e15ee3ee34e0
--- /dev/null
+++ b/srcpkgs/sssd/files/nss.h
@@ -0,0 +1,15 @@
+#ifndef NSS__H
+#define NSS__H
+
+#include <nss/nss.h>
+
+enum nss_status
+{
+    NSS_STATUS_TRYAGAIN = -2,
+    NSS_STATUS_UNAVAIL = -1,
+    NSS_STATUS_NOTFOUND = 0,
+    NSS_STATUS_SUCCESS = 1,
+    NSS_STATUS_RETURN = 2
+};
+
+#endif
diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/missing_includes.patch b/srcpkgs/sssd/patches/missing_includes.patch
new file mode 100644
index 000000000000..991b4bbbdc04
--- /dev/null
+++ b/srcpkgs/sssd/patches/missing_includes.patch
@@ -0,0 +1,28 @@
+Source:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/0002-src.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
+index af3563e65..2d98829ad 100644
+--- a/src/confdb/confdb.h
++++ b/src/confdb/confdb.h
+@@ -22,6 +22,7 @@
+ #ifndef _CONF_DB_H
+ #define _CONF_DB_H
+ 
++#include <sys/types.h>
+ #include <stdbool.h>
+ #include <talloc.h>
+ #include <tevent.h>
+diff --git a/src/util/util.h b/src/util/util.h
+index 6dfd2540c..e54ca5bd5 100644
+--- a/src/util/util.h
++++ b/src/util/util.h
+@@ -30,6 +30,7 @@
+ #include <time.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <sys/param.h>
+ #include <netinet/in.h>
+ 
+ #include <talloc.h>
diff --git a/srcpkgs/sssd/patches/path_hosts.patch b/srcpkgs/sssd/patches/path_hosts.patch
new file mode 100644
index 000000000000..e659b701acd4
--- /dev/null
+++ b/srcpkgs/sssd/patches/path_hosts.patch
@@ -0,0 +1,59 @@
+The following patch was appropriated from:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/musl_fixup.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+---
+
+fix musl build failures
+
+Missing _PATH_HOSTS and some NETDB defines when musl is enabled.
+
+These are work arounds for now while we figure out where the real fix should reside (musl, gcompact, sssd):
+
+./sssd-2.5.1/src/providers/fail_over.c:1199:19: error: '_PATH_HOSTS' undeclared (first use in this function)
+|  1199 |                   _PATH_HOSTS);
+|       |                   ^~~~~~~~~~~
+
+and 
+
+i./sssd-2.5.1/src/sss_client/nss_ipnetworks.c:415:21: error: 'NETDB_INTERNAL' undeclared (first use in this function)
+|   415 |         *h_errnop = NETDB_INTERNAL;
+
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: sssd-2.5.1/src/providers/fail_over.c
+===================================================================
+--- sssd-2.5.1.orig/src/providers/fail_over.c
++++ sssd-2.5.1/src/providers/fail_over.c
+@@ -31,6 +31,10 @@
+ #include <talloc.h>
+ #include <netdb.h>
+ 
++#if !defined(_PATH_HOSTS)
++#define _PATH_HOSTS     "/etc/hosts"
++#endif
++
+ #include "util/dlinklist.h"
+ #include "util/refcount.h"
+ #include "util/util.h"
+Index: sssd-2.5.1/src/sss_client/sss_cli.h
+===================================================================
+--- sssd-2.5.1.orig/src/sss_client/sss_cli.h
++++ sssd-2.5.1/src/sss_client/sss_cli.h
+@@ -44,6 +44,14 @@ typedef int errno_t;
+ #define EOK 0
+ #endif
+ 
++#ifndef NETDB_INTERNAL
++# define NETDB_INTERNAL (-1)
++#endif
++
++#ifndef NETDB_SUCCESS
++# define NETDB_SUCCESS (0)
++#endif
++
+ #define SSS_NSS_PROTOCOL_VERSION 1
+ #define SSS_PAM_PROTOCOL_VERSION 3
+ #define SSS_SUDO_PROTOCOL_VERSION 1
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/test_negcache_2.patch b/srcpkgs/sssd/patches/test_negcache_2.patch
new file mode 100644
index 000000000000..39e2024ab3fc
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache_2.patch
@@ -0,0 +1,27 @@
+--- a/src/tests/cmocka/test_negcache_2.c
++++ b/src/tests/cmocka/test_negcache_2.c
+@@ -103,14 +103,10 @@
+ static void find_local_users(struct ncache_test_ctx *test_ctx)
+ {
+     int i;
+-    FILE *passwd_file;
+     const struct passwd *pwd;
+ 
+-    passwd_file = fopen("/etc/passwd", "r");
+-    assert_non_null(passwd_file);
+-
+     for (i = 0; i < 2; /*no-op*/) {
+-        pwd = fgetpwent(passwd_file);
++        pwd = getpwent();
+         assert_non_null(pwd);
+         if (pwd->pw_uid == 0) {
+             /* skip root */
+@@ -122,7 +118,7 @@
+         ++i;
+     }
+ 
+-    fclose(passwd_file);
++    endpwent();
+ }
+ 
+ static void find_local_groups(struct ncache_test_ctx *test_ctx)
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..dc92d8a2a93f 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,20 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ nss-devel libnfsidmap-devel p11-kit-devel jansson-devel python3-devel
+ libcurl-devel libunistring-devel"
+checkdepends="bc openssh softhsm gnutls-tools"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,30 +22,76 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
+if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	makedepends+=" nss-devel"
 fi
 
+if [ "$XBPS_CHECK_PKGS" ]; then
+	hostmakedepends+=" automake"
+	makedepends+=" cmocka-devel check-devel"
+fi
+
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+
 do_check() {
 	export CK_TIMEOUT_MULTIPLIER=10
 	make check VERBOSE=yes
 	unset CK_TIMEOUT_MULTIPLIER
 }
 
+post_patch() {
+	if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	   cp "${FILESDIR}/nss.h" ${build_wrksrc}/src
+	fi
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# exclude tests depending on libnss*.so.* present with glibc only.
+		if [ "$XBPS_TARGET_LIBC" != "glibc" ]; then
+			for i in "nss-srv-tests" "test-negcache" "responder-get-domains-tests" \
+					"responder_cache_req-tests" "ssh-srv-tests" "test_kcm_queue"; do
+				vsed -i Makefile.am -e "/[    |	]${i}/d"
+			done
+		fi
+
+		# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+		# * test_inotify: [test_timeout] (0x0010): The test timed out!
+		# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+		# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+		# unexpectedly set to 22
+		# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+		for i in "test_sysdb_sudo" "test_inotify" "dlopen-tests" "strtonum-tests" \
+				"pam-srv-tests"; do
+			vsed -i Makefile.am -e "/[    |	]${i}/d"
+		done
+	fi
+}
+
+pre_configure() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		automake
+	fi
+}
+
+pre_build() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# build test CA separately for tests; for one reason or another it is
+		# not done by default, although it should be.
+		make test_CA
+	fi
+}
+
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
 
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 18152 bytes --]

From be58a415edf249207ef72c9ceacb19b1c7768754 Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
  used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
  anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
  test_negcache.patch

Misc:

* "--without-python2-bindings" can safely be omitted from
  configure_args.

* oidc-child now requires libjose which is not present in the
  repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch  | 33 +++++++++
 srcpkgs/sssd/patches/fix_tests.patch        | 54 --------------
 srcpkgs/sssd/patches/libressl.patch         | 26 -------
 srcpkgs/sssd/patches/missing_includes.patch | 28 ++++++++
 srcpkgs/sssd/patches/path_hosts.patch       | 59 ++++++++++++++++
 srcpkgs/sssd/patches/softhsm.patch          | 30 ++++++++
 srcpkgs/sssd/patches/test_negcache.patch    | 21 ++++++
 srcpkgs/sssd/patches/test_negcache_2.patch  | 27 +++++++
 srcpkgs/sssd/template                       | 78 ++++++++++++++++-----
 srcpkgs/sssd/update                         |  1 -
 10 files changed, 260 insertions(+), 97 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/missing_includes.patch
 create mode 100644 srcpkgs/sssd/patches/path_hosts.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache_2.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/missing_includes.patch b/srcpkgs/sssd/patches/missing_includes.patch
new file mode 100644
index 000000000000..991b4bbbdc04
--- /dev/null
+++ b/srcpkgs/sssd/patches/missing_includes.patch
@@ -0,0 +1,28 @@
+Source:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/0002-src.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
+index af3563e65..2d98829ad 100644
+--- a/src/confdb/confdb.h
++++ b/src/confdb/confdb.h
+@@ -22,6 +22,7 @@
+ #ifndef _CONF_DB_H
+ #define _CONF_DB_H
+ 
++#include <sys/types.h>
+ #include <stdbool.h>
+ #include <talloc.h>
+ #include <tevent.h>
+diff --git a/src/util/util.h b/src/util/util.h
+index 6dfd2540c..e54ca5bd5 100644
+--- a/src/util/util.h
++++ b/src/util/util.h
+@@ -30,6 +30,7 @@
+ #include <time.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <sys/param.h>
+ #include <netinet/in.h>
+ 
+ #include <talloc.h>
diff --git a/srcpkgs/sssd/patches/path_hosts.patch b/srcpkgs/sssd/patches/path_hosts.patch
new file mode 100644
index 000000000000..e659b701acd4
--- /dev/null
+++ b/srcpkgs/sssd/patches/path_hosts.patch
@@ -0,0 +1,59 @@
+The following patch was appropriated from:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/musl_fixup.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+---
+
+fix musl build failures
+
+Missing _PATH_HOSTS and some NETDB defines when musl is enabled.
+
+These are work arounds for now while we figure out where the real fix should reside (musl, gcompact, sssd):
+
+./sssd-2.5.1/src/providers/fail_over.c:1199:19: error: '_PATH_HOSTS' undeclared (first use in this function)
+|  1199 |                   _PATH_HOSTS);
+|       |                   ^~~~~~~~~~~
+
+and 
+
+i./sssd-2.5.1/src/sss_client/nss_ipnetworks.c:415:21: error: 'NETDB_INTERNAL' undeclared (first use in this function)
+|   415 |         *h_errnop = NETDB_INTERNAL;
+
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: sssd-2.5.1/src/providers/fail_over.c
+===================================================================
+--- sssd-2.5.1.orig/src/providers/fail_over.c
++++ sssd-2.5.1/src/providers/fail_over.c
+@@ -31,6 +31,10 @@
+ #include <talloc.h>
+ #include <netdb.h>
+ 
++#if !defined(_PATH_HOSTS)
++#define _PATH_HOSTS     "/etc/hosts"
++#endif
++
+ #include "util/dlinklist.h"
+ #include "util/refcount.h"
+ #include "util/util.h"
+Index: sssd-2.5.1/src/sss_client/sss_cli.h
+===================================================================
+--- sssd-2.5.1.orig/src/sss_client/sss_cli.h
++++ sssd-2.5.1/src/sss_client/sss_cli.h
+@@ -44,6 +44,14 @@ typedef int errno_t;
+ #define EOK 0
+ #endif
+ 
++#ifndef NETDB_INTERNAL
++# define NETDB_INTERNAL (-1)
++#endif
++
++#ifndef NETDB_SUCCESS
++# define NETDB_SUCCESS (0)
++#endif
++
+ #define SSS_NSS_PROTOCOL_VERSION 1
+ #define SSS_PAM_PROTOCOL_VERSION 3
+ #define SSS_SUDO_PROTOCOL_VERSION 1
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/test_negcache_2.patch b/srcpkgs/sssd/patches/test_negcache_2.patch
new file mode 100644
index 000000000000..39e2024ab3fc
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache_2.patch
@@ -0,0 +1,27 @@
+--- a/src/tests/cmocka/test_negcache_2.c
++++ b/src/tests/cmocka/test_negcache_2.c
+@@ -103,14 +103,10 @@
+ static void find_local_users(struct ncache_test_ctx *test_ctx)
+ {
+     int i;
+-    FILE *passwd_file;
+     const struct passwd *pwd;
+ 
+-    passwd_file = fopen("/etc/passwd", "r");
+-    assert_non_null(passwd_file);
+-
+     for (i = 0; i < 2; /*no-op*/) {
+-        pwd = fgetpwent(passwd_file);
++        pwd = getpwent();
+         assert_non_null(pwd);
+         if (pwd->pw_uid == 0) {
+             /* skip root */
+@@ -122,7 +118,7 @@
+         ++i;
+     }
+ 
+-    fclose(passwd_file);
++    endpwent();
+ }
+ 
+ static void find_local_groups(struct ncache_test_ctx *test_ctx)
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..dc92d8a2a93f 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,20 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ nss-devel libnfsidmap-devel p11-kit-devel jansson-devel python3-devel
+ libcurl-devel libunistring-devel"
+checkdepends="bc openssh softhsm gnutls-tools"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,30 +22,76 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
+if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	makedepends+=" nss-devel"
 fi
 
+if [ "$XBPS_CHECK_PKGS" ]; then
+	hostmakedepends+=" automake"
+	makedepends+=" cmocka-devel check-devel"
+fi
+
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+
 do_check() {
 	export CK_TIMEOUT_MULTIPLIER=10
 	make check VERBOSE=yes
 	unset CK_TIMEOUT_MULTIPLIER
 }
 
+post_patch() {
+	if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	   cp "${FILESDIR}/nss.h" ${build_wrksrc}/src
+	fi
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# exclude tests depending on libnss*.so.* present with glibc only.
+		if [ "$XBPS_TARGET_LIBC" != "glibc" ]; then
+			for i in "nss-srv-tests" "test-negcache" "responder-get-domains-tests" \
+					"responder_cache_req-tests" "ssh-srv-tests" "test_kcm_queue"; do
+				vsed -i Makefile.am -e "/[    |	]${i}/d"
+			done
+		fi
+
+		# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+		# * test_inotify: [test_timeout] (0x0010): The test timed out!
+		# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+		# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+		# unexpectedly set to 22
+		# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+		for i in "test_sysdb_sudo" "test_inotify" "dlopen-tests" "strtonum-tests" \
+				"pam-srv-tests"; do
+			vsed -i Makefile.am -e "/[    |	]${i}/d"
+		done
+	fi
+}
+
+pre_configure() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		automake
+	fi
+}
+
+pre_build() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# build test CA separately for tests; for one reason or another it is
+		# not done by default, although it should be.
+		make test_CA
+	fi
+}
+
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
 
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help with proper testing is appreciated.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least executes).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 18054 bytes --]

From 0cf4bab85af163e30f668356c964e3ffe02cdc94 Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Fri, 3 Feb 2023 19:34:36 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
test_negcache.patch

Misc:

* "--without-python2-bindings" can safely be omitted from
configure_args.

* oidc-child now requires libjose which is not present in the
repository, hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch  | 33 +++++++++
 srcpkgs/sssd/patches/fix_tests.patch        | 54 ---------------
 srcpkgs/sssd/patches/libressl.patch         | 26 -------
 srcpkgs/sssd/patches/missing_includes.patch | 28 ++++++++
 srcpkgs/sssd/patches/path_hosts.patch       | 59 ++++++++++++++++
 srcpkgs/sssd/patches/softhsm.patch          | 30 +++++++++
 srcpkgs/sssd/patches/test_negcache.patch    | 21 ++++++
 srcpkgs/sssd/patches/test_negcache_2.patch  | 27 ++++++++
 srcpkgs/sssd/template                       | 75 ++++++++++++++++-----
 srcpkgs/sssd/update                         |  1 -
 10 files changed, 257 insertions(+), 97 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/missing_includes.patch
 create mode 100644 srcpkgs/sssd/patches/path_hosts.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache_2.patch
 delete mode 100644 srcpkgs/sssd/update

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/missing_includes.patch b/srcpkgs/sssd/patches/missing_includes.patch
new file mode 100644
index 000000000000..991b4bbbdc04
--- /dev/null
+++ b/srcpkgs/sssd/patches/missing_includes.patch
@@ -0,0 +1,28 @@
+Source:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/0002-src.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
+index af3563e65..2d98829ad 100644
+--- a/src/confdb/confdb.h
++++ b/src/confdb/confdb.h
+@@ -22,6 +22,7 @@
+ #ifndef _CONF_DB_H
+ #define _CONF_DB_H
+ 
++#include <sys/types.h>
+ #include <stdbool.h>
+ #include <talloc.h>
+ #include <tevent.h>
+diff --git a/src/util/util.h b/src/util/util.h
+index 6dfd2540c..e54ca5bd5 100644
+--- a/src/util/util.h
++++ b/src/util/util.h
+@@ -30,6 +30,7 @@
+ #include <time.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <sys/param.h>
+ #include <netinet/in.h>
+ 
+ #include <talloc.h>
diff --git a/srcpkgs/sssd/patches/path_hosts.patch b/srcpkgs/sssd/patches/path_hosts.patch
new file mode 100644
index 000000000000..e659b701acd4
--- /dev/null
+++ b/srcpkgs/sssd/patches/path_hosts.patch
@@ -0,0 +1,59 @@
+The following patch was appropriated from:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/musl_fixup.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+---
+
+fix musl build failures
+
+Missing _PATH_HOSTS and some NETDB defines when musl is enabled.
+
+These are work arounds for now while we figure out where the real fix should reside (musl, gcompact, sssd):
+
+./sssd-2.5.1/src/providers/fail_over.c:1199:19: error: '_PATH_HOSTS' undeclared (first use in this function)
+|  1199 |                   _PATH_HOSTS);
+|       |                   ^~~~~~~~~~~
+
+and 
+
+i./sssd-2.5.1/src/sss_client/nss_ipnetworks.c:415:21: error: 'NETDB_INTERNAL' undeclared (first use in this function)
+|   415 |         *h_errnop = NETDB_INTERNAL;
+
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: sssd-2.5.1/src/providers/fail_over.c
+===================================================================
+--- sssd-2.5.1.orig/src/providers/fail_over.c
++++ sssd-2.5.1/src/providers/fail_over.c
+@@ -31,6 +31,10 @@
+ #include <talloc.h>
+ #include <netdb.h>
+ 
++#if !defined(_PATH_HOSTS)
++#define _PATH_HOSTS     "/etc/hosts"
++#endif
++
+ #include "util/dlinklist.h"
+ #include "util/refcount.h"
+ #include "util/util.h"
+Index: sssd-2.5.1/src/sss_client/sss_cli.h
+===================================================================
+--- sssd-2.5.1.orig/src/sss_client/sss_cli.h
++++ sssd-2.5.1/src/sss_client/sss_cli.h
+@@ -44,6 +44,14 @@ typedef int errno_t;
+ #define EOK 0
+ #endif
+ 
++#ifndef NETDB_INTERNAL
++# define NETDB_INTERNAL (-1)
++#endif
++
++#ifndef NETDB_SUCCESS
++# define NETDB_SUCCESS (0)
++#endif
++
+ #define SSS_NSS_PROTOCOL_VERSION 1
+ #define SSS_PAM_PROTOCOL_VERSION 3
+ #define SSS_SUDO_PROTOCOL_VERSION 1
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/test_negcache_2.patch b/srcpkgs/sssd/patches/test_negcache_2.patch
new file mode 100644
index 000000000000..39e2024ab3fc
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache_2.patch
@@ -0,0 +1,27 @@
+--- a/src/tests/cmocka/test_negcache_2.c
++++ b/src/tests/cmocka/test_negcache_2.c
+@@ -103,14 +103,10 @@
+ static void find_local_users(struct ncache_test_ctx *test_ctx)
+ {
+     int i;
+-    FILE *passwd_file;
+     const struct passwd *pwd;
+ 
+-    passwd_file = fopen("/etc/passwd", "r");
+-    assert_non_null(passwd_file);
+-
+     for (i = 0; i < 2; /*no-op*/) {
+-        pwd = fgetpwent(passwd_file);
++        pwd = getpwent();
+         assert_non_null(pwd);
+         if (pwd->pw_uid == 0) {
+             /* skip root */
+@@ -122,7 +118,7 @@
+         ++i;
+     }
+ 
+-    fclose(passwd_file);
++    endpwent();
+ }
+ 
+ static void find_local_groups(struct ncache_test_ctx *test_ctx)
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..8da6f94518eb 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,20 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ nss-devel libnfsidmap-devel p11-kit-devel jansson-devel python3-devel
+ libcurl-devel libunistring-devel"
+checkdepends="bc openssh softhsm gnutls-tools"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,30 +22,73 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
+if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	makedepends+=" musl-nscd-devel"
 fi
 
+if [ "$XBPS_CHECK_PKGS" ]; then
+	hostmakedepends+=" automake"
+	makedepends+=" cmocka-devel check-devel"
+fi
+
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+
 do_check() {
 	export CK_TIMEOUT_MULTIPLIER=10
 	make check VERBOSE=yes
 	unset CK_TIMEOUT_MULTIPLIER
 }
 
+post_patch() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# exclude tests depending on libnss*.so.* present with glibc only.
+		if [ "$XBPS_TARGET_LIBC" != "glibc" ]; then
+			for i in "nss-srv-tests" "test-negcache" "responder-get-domains-tests" \
+					"responder_cache_req-tests" "ssh-srv-tests" "test_kcm_queue"; do
+				vsed -i Makefile.am -e "/[    |	]${i}/d"
+			done
+		fi
+
+		# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+		# * test_inotify: [test_timeout] (0x0010): The test timed out!
+		# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+		# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+		# unexpectedly set to 22
+		# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+		for i in "test_sysdb_sudo" "test_inotify" "dlopen-tests" "strtonum-tests" \
+				"pam-srv-tests"; do
+			vsed -i Makefile.am -e "/[    |	]${i}/d"
+		done
+	fi
+}
+
+pre_configure() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		automake
+	fi
+}
+
+pre_build() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# build test CA separately for tests; for one reason or another it is
+		# not done by default, although it should be.
+		make test_CA
+	fi
+}
+
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
 
diff --git a/srcpkgs/sssd/update b/srcpkgs/sssd/update
deleted file mode 100644
index ca35d5fb7662..000000000000
--- a/srcpkgs/sssd/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern="${pkgname}-\K[0-9_.]+(?=tar.gz)"

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 703 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help is appreciated.

Related to #39083.

#### Testing the changes
- I tested the changes in this PR: **briefly** (the daemon at least runs).

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 17752 bytes --]

From 9fd94ab78baecedda0a303f5a627341496f3373a Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Tue, 29 Nov 2022 19:28:31 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
test_negcache.patch

Misc:

* "--without-python2-bindings" can safely be omitted from
configure_args.

* oidc-child now requires libjose which is not present in the
repository; hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch  | 33 +++++++++
 srcpkgs/sssd/patches/fix_tests.patch        | 54 ---------------
 srcpkgs/sssd/patches/libressl.patch         | 26 -------
 srcpkgs/sssd/patches/missing_includes.patch | 28 ++++++++
 srcpkgs/sssd/patches/path_hosts.patch       | 59 ++++++++++++++++
 srcpkgs/sssd/patches/softhsm.patch          | 30 +++++++++
 srcpkgs/sssd/patches/test_negcache.patch    | 21 ++++++
 srcpkgs/sssd/patches/test_negcache_2.patch  | 27 ++++++++
 srcpkgs/sssd/template                       | 75 ++++++++++++++++-----
 9 files changed, 257 insertions(+), 96 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/missing_includes.patch
 create mode 100644 srcpkgs/sssd/patches/path_hosts.patch
 create mode 100644 srcpkgs/sssd/patches/softhsm.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache_2.patch

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/missing_includes.patch b/srcpkgs/sssd/patches/missing_includes.patch
new file mode 100644
index 000000000000..991b4bbbdc04
--- /dev/null
+++ b/srcpkgs/sssd/patches/missing_includes.patch
@@ -0,0 +1,28 @@
+Source:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/0002-src.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
+index af3563e65..2d98829ad 100644
+--- a/src/confdb/confdb.h
++++ b/src/confdb/confdb.h
+@@ -22,6 +22,7 @@
+ #ifndef _CONF_DB_H
+ #define _CONF_DB_H
+ 
++#include <sys/types.h>
+ #include <stdbool.h>
+ #include <talloc.h>
+ #include <tevent.h>
+diff --git a/src/util/util.h b/src/util/util.h
+index 6dfd2540c..e54ca5bd5 100644
+--- a/src/util/util.h
++++ b/src/util/util.h
+@@ -30,6 +30,7 @@
+ #include <time.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <sys/param.h>
+ #include <netinet/in.h>
+ 
+ #include <talloc.h>
diff --git a/srcpkgs/sssd/patches/path_hosts.patch b/srcpkgs/sssd/patches/path_hosts.patch
new file mode 100644
index 000000000000..e659b701acd4
--- /dev/null
+++ b/srcpkgs/sssd/patches/path_hosts.patch
@@ -0,0 +1,59 @@
+The following patch was appropriated from:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/musl_fixup.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+---
+
+fix musl build failures
+
+Missing _PATH_HOSTS and some NETDB defines when musl is enabled.
+
+These are work arounds for now while we figure out where the real fix should reside (musl, gcompact, sssd):
+
+./sssd-2.5.1/src/providers/fail_over.c:1199:19: error: '_PATH_HOSTS' undeclared (first use in this function)
+|  1199 |                   _PATH_HOSTS);
+|       |                   ^~~~~~~~~~~
+
+and 
+
+i./sssd-2.5.1/src/sss_client/nss_ipnetworks.c:415:21: error: 'NETDB_INTERNAL' undeclared (first use in this function)
+|   415 |         *h_errnop = NETDB_INTERNAL;
+
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: sssd-2.5.1/src/providers/fail_over.c
+===================================================================
+--- sssd-2.5.1.orig/src/providers/fail_over.c
++++ sssd-2.5.1/src/providers/fail_over.c
+@@ -31,6 +31,10 @@
+ #include <talloc.h>
+ #include <netdb.h>
+ 
++#if !defined(_PATH_HOSTS)
++#define _PATH_HOSTS     "/etc/hosts"
++#endif
++
+ #include "util/dlinklist.h"
+ #include "util/refcount.h"
+ #include "util/util.h"
+Index: sssd-2.5.1/src/sss_client/sss_cli.h
+===================================================================
+--- sssd-2.5.1.orig/src/sss_client/sss_cli.h
++++ sssd-2.5.1/src/sss_client/sss_cli.h
+@@ -44,6 +44,14 @@ typedef int errno_t;
+ #define EOK 0
+ #endif
+ 
++#ifndef NETDB_INTERNAL
++# define NETDB_INTERNAL (-1)
++#endif
++
++#ifndef NETDB_SUCCESS
++# define NETDB_SUCCESS (0)
++#endif
++
+ #define SSS_NSS_PROTOCOL_VERSION 1
+ #define SSS_PAM_PROTOCOL_VERSION 3
+ #define SSS_SUDO_PROTOCOL_VERSION 1
diff --git a/srcpkgs/sssd/patches/softhsm.patch b/srcpkgs/sssd/patches/softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/test_negcache_2.patch b/srcpkgs/sssd/patches/test_negcache_2.patch
new file mode 100644
index 000000000000..39e2024ab3fc
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache_2.patch
@@ -0,0 +1,27 @@
+--- a/src/tests/cmocka/test_negcache_2.c
++++ b/src/tests/cmocka/test_negcache_2.c
+@@ -103,14 +103,10 @@
+ static void find_local_users(struct ncache_test_ctx *test_ctx)
+ {
+     int i;
+-    FILE *passwd_file;
+     const struct passwd *pwd;
+ 
+-    passwd_file = fopen("/etc/passwd", "r");
+-    assert_non_null(passwd_file);
+-
+     for (i = 0; i < 2; /*no-op*/) {
+-        pwd = fgetpwent(passwd_file);
++        pwd = getpwent();
+         assert_non_null(pwd);
+         if (pwd->pw_uid == 0) {
+             /* skip root */
+@@ -122,7 +118,7 @@
+         ++i;
+     }
+ 
+-    fclose(passwd_file);
++    endpwent();
+ }
+ 
+ static void find_local_groups(struct ncache_test_ctx *test_ctx)
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..8da6f94518eb 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,20 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ nss-devel libnfsidmap-devel p11-kit-devel jansson-devel python3-devel
+ libcurl-devel libunistring-devel"
+checkdepends="bc openssh softhsm gnutls-tools"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,30 +22,73 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
+if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	makedepends+=" musl-nscd-devel"
 fi
 
+if [ "$XBPS_CHECK_PKGS" ]; then
+	hostmakedepends+=" automake"
+	makedepends+=" cmocka-devel check-devel"
+fi
+
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+
 do_check() {
 	export CK_TIMEOUT_MULTIPLIER=10
 	make check VERBOSE=yes
 	unset CK_TIMEOUT_MULTIPLIER
 }
 
+post_patch() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# exclude tests depending on libnss*.so.* present with glibc only.
+		if [ "$XBPS_TARGET_LIBC" != "glibc" ]; then
+			for i in "nss-srv-tests" "test-negcache" "responder-get-domains-tests" \
+					"responder_cache_req-tests" "ssh-srv-tests" "test_kcm_queue"; do
+				vsed -i Makefile.am -e "/[    |	]${i}/d"
+			done
+		fi
+
+		# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+		# * test_inotify: [test_timeout] (0x0010): The test timed out!
+		# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+		# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+		# unexpectedly set to 22
+		# * pam-srv-tests: https://github.com/SSSD/sssd/issues/5631
+		for i in "test_sysdb_sudo" "test_inotify" "dlopen-tests" "strtonum-tests" \
+				"pam-srv-tests"; do
+			vsed -i Makefile.am -e "/[    |	]${i}/d"
+		done
+	fi
+}
+
+pre_configure() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		automake
+	fi
+}
+
+pre_build() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# build test CA separately for tests; for one reason or another it is
+		# not done by default, although it should be.
+		make test_CA
+	fi
+}
+
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d
 

Re: [PR PATCH] [Updated] sssd: update to 2.8.2.

[kruceter]

[-- Attachment #1: Type: text/plain, Size: 670 bytes --]

There is an updated pull request by kruceter against master on the void-packages repository

https://github.com/kruceter/void-packages sssd
https://github.com/void-linux/void-packages/pull/40846

sssd: update to 2.8.2.
I do not use this package, therefore any help is appreciated.

Related to #39083.

#### Testing the changes
- I tested the changes in this PR: **NO**

#### Local build testing
- I built this PR locally for my native architecture, x86_64-musl
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - armv6l-musl (cross)

A patch file from https://github.com/void-linux/void-packages/pull/40846.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sssd-40846.patch --]
[-- Type: text/x-diff, Size: 17711 bytes --]

From a220b9c74019e06e07d7af63821cdc2c8ce566f4 Mon Sep 17 00:00:00 2001
From: Krul Ceter <kruceter@proton.me>
Date: Tue, 29 Nov 2022 19:28:31 +0300
Subject: [PATCH] sssd: update to 2.8.2.

Dependencies:

* libwbclient is deprecated and removed upstream.

* libxslt-devel is not used for building; xsltproc from libxslt is
used instead.

* xmlcatmgr does not seem to be used as a host make dependency.

* python3 is required for cross compiling bindings.

* http-parser-devel (http_parser.h) does not seem to be mentioned
anywhere in the source code.

Patches:

* libressl.patch is removed due to openssl replacing libressl.

* fix_tests.patch is divided into test_softhsm.patch and
test_negcache.patch

Misc:

* "--without-python2-bindings" can safely be omitted from
configure_args.

* oidc-child now requires libjose which is not present in the
repository; hence it is disabled.
---
 srcpkgs/sssd/patches/configure_cross.patch  | 33 +++++++++
 srcpkgs/sssd/patches/fix_tests.patch        | 54 ---------------
 srcpkgs/sssd/patches/libressl.patch         | 26 --------
 srcpkgs/sssd/patches/missing_includes.patch | 28 ++++++++
 srcpkgs/sssd/patches/path_hosts.patch       | 59 ++++++++++++++++
 srcpkgs/sssd/patches/test_negcache.patch    | 21 ++++++
 srcpkgs/sssd/patches/test_negcache_2.patch  | 27 ++++++++
 srcpkgs/sssd/patches/test_softhsm.patch     | 30 +++++++++
 srcpkgs/sssd/template                       | 74 ++++++++++++++++-----
 9 files changed, 256 insertions(+), 96 deletions(-)
 create mode 100644 srcpkgs/sssd/patches/configure_cross.patch
 delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch
 delete mode 100644 srcpkgs/sssd/patches/libressl.patch
 create mode 100644 srcpkgs/sssd/patches/missing_includes.patch
 create mode 100644 srcpkgs/sssd/patches/path_hosts.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache.patch
 create mode 100644 srcpkgs/sssd/patches/test_negcache_2.patch
 create mode 100644 srcpkgs/sssd/patches/test_softhsm.patch

diff --git a/srcpkgs/sssd/patches/configure_cross.patch b/srcpkgs/sssd/patches/configure_cross.patch
new file mode 100644
index 000000000000..15874b31c5da
--- /dev/null
+++ b/srcpkgs/sssd/patches/configure_cross.patch
@@ -0,0 +1,33 @@
+configure was supposed to execute compiled testing binaries.
+
+However, when it comes to cross compiling, the script chooses to exit
+and interrupt the building.
+
+Skipping execution is preferred to quitting in this case.
+
+--- a/configure
++++ b/configure
+@@ -20460,10 +20460,7 @@
+ 
+ if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+@@ -22915,10 +22912,7 @@
+         LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}"
+         if test "$cross_compiling" = yes
+ then :
+-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
+-See \`config.log' for more details" "$LINENO" 5; }
++  :
+ else $as_nop
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch
deleted file mode 100644
index c7de01493a8c..000000000000
--- a/srcpkgs/sssd/patches/fix_tests.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fix tests by disabling failures related to softhsm, see
-
-https://github.com/SSSD/sssd/issues/5397
-
---- a/src/tests/cmocka/test_pam_srv.c
-+++ b/src/tests/cmocka/test_pam_srv.c
-@@ -41,6 +41,8 @@
- #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
- #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
- 
-+#define TEST_MODULE_NAME SOFTHSM2_PATH
-+
- #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h"
- #else
- #define SSSD_TEST_CERT_0001 ""
-@@ -48,6 +50,7 @@
- #define SSSD_TEST_CERT_0005 ""
- 
- #define SSSD_TEST_ECC_CERT_0001 ""
-+#define TEST_MODULE_NAME ""
- #endif
- 
- #define TESTS_PATH "tp_" BASE_FILE_STEM
-@@ -62,7 +65,6 @@
- #define TEST_TOKEN_NAME "SSSD Test Token"
- #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
- #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
--#define TEST_MODULE_NAME SOFTHSM2_PATH
- #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
- #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
- #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
-
-The test_ncache_* functions require a working user directory, which is
-generally unavailable in xbps-src builds.
-
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -1089,7 +1089,7 @@
-                                         setup, teardown),
-         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
-                                         setup, teardown),
--
-+#if 0
-         /* user */
-         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
-                                         test_ncache_setup,
-@@ -1142,6 +1142,7 @@
-         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
-                                         test_ncache_setup,
-                                         test_ncache_teardown),
-+#endif
-     };
- 
-     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch
deleted file mode 100644
index e9c8a4bf7b09..000000000000
--- a/srcpkgs/sssd/patches/libressl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c
---- a/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:47.663132167 +0200
-+++ b/src/p11_child/p11_child_openssl.c	2020-09-06 16:39:51.887060887 +0200
-@@ -33,0 +34 @@
-+#include <limits.h>
-diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c
---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:47.705131458 +0200
-+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c	2020-09-06 16:39:51.870061174 +0200
-@@ -19,0 +20 @@
-+#include <limits.h>
---- a/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-+++ b/src/lib/certmap/sss_cert_content_crypto.c	2020-10-12 12:16:19.000000000 +0200
-@@ -771,8 +771,13 @@
-         ret = EIO;
-         goto done;
-     }
-+#ifdef LIBRESSL_VERSION_NUMBER
-+    if (cert->ex_flags & EXFLAG_KUSAGE) {
-+        cont->key_usage = cert->ex_kusage;
-+#else
-     if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) {
-         cont->key_usage = X509_get_key_usage(cert);
-+#endif
-     } else {
-         /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I
-          * section 13.3.2 "Certificate match" "keyUsage matches if all of the
diff --git a/srcpkgs/sssd/patches/missing_includes.patch b/srcpkgs/sssd/patches/missing_includes.patch
new file mode 100644
index 000000000000..991b4bbbdc04
--- /dev/null
+++ b/srcpkgs/sssd/patches/missing_includes.patch
@@ -0,0 +1,28 @@
+Source:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/0002-src.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
+index af3563e65..2d98829ad 100644
+--- a/src/confdb/confdb.h
++++ b/src/confdb/confdb.h
+@@ -22,6 +22,7 @@
+ #ifndef _CONF_DB_H
+ #define _CONF_DB_H
+ 
++#include <sys/types.h>
+ #include <stdbool.h>
+ #include <talloc.h>
+ #include <tevent.h>
+diff --git a/src/util/util.h b/src/util/util.h
+index 6dfd2540c..e54ca5bd5 100644
+--- a/src/util/util.h
++++ b/src/util/util.h
+@@ -30,6 +30,7 @@
+ #include <time.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <sys/param.h>
+ #include <netinet/in.h>
+ 
+ #include <talloc.h>
diff --git a/srcpkgs/sssd/patches/path_hosts.patch b/srcpkgs/sssd/patches/path_hosts.patch
new file mode 100644
index 000000000000..e659b701acd4
--- /dev/null
+++ b/srcpkgs/sssd/patches/path_hosts.patch
@@ -0,0 +1,59 @@
+The following patch was appropriated from:
+
+https://git.alpinelinux.org/aports/commit/testing/sssd/musl_fixup.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4
+
+---
+
+fix musl build failures
+
+Missing _PATH_HOSTS and some NETDB defines when musl is enabled.
+
+These are work arounds for now while we figure out where the real fix should reside (musl, gcompact, sssd):
+
+./sssd-2.5.1/src/providers/fail_over.c:1199:19: error: '_PATH_HOSTS' undeclared (first use in this function)
+|  1199 |                   _PATH_HOSTS);
+|       |                   ^~~~~~~~~~~
+
+and 
+
+i./sssd-2.5.1/src/sss_client/nss_ipnetworks.c:415:21: error: 'NETDB_INTERNAL' undeclared (first use in this function)
+|   415 |         *h_errnop = NETDB_INTERNAL;
+
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: sssd-2.5.1/src/providers/fail_over.c
+===================================================================
+--- sssd-2.5.1.orig/src/providers/fail_over.c
++++ sssd-2.5.1/src/providers/fail_over.c
+@@ -31,6 +31,10 @@
+ #include <talloc.h>
+ #include <netdb.h>
+ 
++#if !defined(_PATH_HOSTS)
++#define _PATH_HOSTS     "/etc/hosts"
++#endif
++
+ #include "util/dlinklist.h"
+ #include "util/refcount.h"
+ #include "util/util.h"
+Index: sssd-2.5.1/src/sss_client/sss_cli.h
+===================================================================
+--- sssd-2.5.1.orig/src/sss_client/sss_cli.h
++++ sssd-2.5.1/src/sss_client/sss_cli.h
+@@ -44,6 +44,14 @@ typedef int errno_t;
+ #define EOK 0
+ #endif
+ 
++#ifndef NETDB_INTERNAL
++# define NETDB_INTERNAL (-1)
++#endif
++
++#ifndef NETDB_SUCCESS
++# define NETDB_SUCCESS (0)
++#endif
++
+ #define SSS_NSS_PROTOCOL_VERSION 1
+ #define SSS_PAM_PROTOCOL_VERSION 3
+ #define SSS_SUDO_PROTOCOL_VERSION 1
diff --git a/srcpkgs/sssd/patches/test_negcache.patch b/srcpkgs/sssd/patches/test_negcache.patch
new file mode 100644
index 000000000000..c04ba79b1b00
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache.patch
@@ -0,0 +1,21 @@
+The test_ncache_* functions require a working user directory, which is
+generally unavailable in xbps-src builds.
+
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -1371,6 +1371,7 @@
+         cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type,
+                                         setup, teardown),
+ 
++#if 0
+         /* user */
+         cmocka_unit_test_setup_teardown(test_ncache_nocache_user,
+                                         test_ncache_setup,
+@@ -1423,6 +1424,7 @@
+         cmocka_unit_test_setup_teardown(test_ncache_both_gid,
+                                         test_ncache_setup,
+                                         test_ncache_teardown),
++#endif
+     };
+ 
+     tests_set_cwd();
diff --git a/srcpkgs/sssd/patches/test_negcache_2.patch b/srcpkgs/sssd/patches/test_negcache_2.patch
new file mode 100644
index 000000000000..39e2024ab3fc
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_negcache_2.patch
@@ -0,0 +1,27 @@
+--- a/src/tests/cmocka/test_negcache_2.c
++++ b/src/tests/cmocka/test_negcache_2.c
+@@ -103,14 +103,10 @@
+ static void find_local_users(struct ncache_test_ctx *test_ctx)
+ {
+     int i;
+-    FILE *passwd_file;
+     const struct passwd *pwd;
+ 
+-    passwd_file = fopen("/etc/passwd", "r");
+-    assert_non_null(passwd_file);
+-
+     for (i = 0; i < 2; /*no-op*/) {
+-        pwd = fgetpwent(passwd_file);
++        pwd = getpwent();
+         assert_non_null(pwd);
+         if (pwd->pw_uid == 0) {
+             /* skip root */
+@@ -122,7 +118,7 @@
+         ++i;
+     }
+ 
+-    fclose(passwd_file);
++    endpwent();
+ }
+ 
+ static void find_local_groups(struct ncache_test_ctx *test_ctx)
diff --git a/srcpkgs/sssd/patches/test_softhsm.patch b/srcpkgs/sssd/patches/test_softhsm.patch
new file mode 100644
index 000000000000..97fa2a610d8b
--- /dev/null
+++ b/srcpkgs/sssd/patches/test_softhsm.patch
@@ -0,0 +1,30 @@
+Fix tests by disabling failures related to softhsm, see
+
+https://github.com/SSSD/sssd/issues/5397
+
+--- a/src/tests/cmocka/test_pam_srv.c
++++ b/src/tests/cmocka/test_pam_srv.c
+@@ -37,6 +37,7 @@
+ #include "util/crypto/sss_crypto.h"
+ 
+ #ifdef HAVE_TEST_CA
++#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+ #include "tests/test_CA/SSSD_test_cert_x509_0005.h"
+@@ -52,6 +53,7 @@
+ #define SSSD_TEST_CERT_0007 ""
+ #define SSSD_TEST_INTERMEDIATE_CA_CERT_0001 ""
+ #define SSSD_TEST_ECC_CERT_0001 ""
++#define TEST_MODULE_NAME ""
+ #endif
+ 
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+@@ -71,7 +73,6 @@
+ #define TEST_TOKEN2_NAME "SSSD Test Token Number 2"
+ #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+ #define TEST_LABEL "SSSD test cert 0001"
+-#define TEST_MODULE_NAME SOFTHSM2_PATH
+ #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+ #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
+ #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD"
diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template
index 3bfeb32ef10d..25ad893ded2e 100644
--- a/srcpkgs/sssd/template
+++ b/srcpkgs/sssd/template
@@ -1,20 +1,20 @@
 # Template file for 'sssd'
 pkgname=sssd
-version=2.4.0
-revision=5
+version=2.8.2
+revision=1
 build_style=gnu-configure
 # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1;
 # until this is fixed upstream, manually define am_cv_python_version to circumvent
-configure_args="--without-selinux --without-semanage --without-libwbclient
+configure_args="--without-selinux --without-semanage --without-oidc-child
  --disable-cifs-idmap-plugin --without-samba --with-os=fedora
  --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run
- --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings
- am_cv_python_version=${py3_ver}"
-hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl"
+ --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}"
+hostmakedepends="libxslt pkg-config bind docbook-xsl python3"
 makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel
  ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel
- libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel
- jansson-devel python3-devel libcurl-devel cmocka-devel check-devel"
+ nss-devel libnfsidmap-devel p11-kit-devel jansson-devel python3-devel
+ libcurl-devel libunistring-devel"
+checkdepends="bc openssh softhsm gnutls-tools"
 make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/secrets 0700 root root
  /var/lib/sss/pubconf/krb5.include.d 0700 root root
@@ -22,30 +22,72 @@ make_dirs="/var/lib/sss/db 0700 root root
  /var/lib/sss/mc 0700 root root
  /var/lib/sss/keytabs 0700 root root
  /var/lib/sss/gpo_cache 0700 root root
- /var/lib/sss/db 0700 root root
- /etc/sssd/ 0700 root root
- /var/sssd/conf.d 0700 root root"
+ /var/lib/sss/deskprofile 0700 root root
+ /etc/sssd/pki 0700 root root
+ /etc/sssd/conf.d 0700 root root"
 short_desc="System Security Services Daemon"
 maintainer="Yuusha Spacewolf <xyuusha@paranoici.org>"
 license="GPL-3.0-or-later"
 homepage="https://sssd.io"
-distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz"
-checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
+distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz"
+checksum=ae16447d06bb725bfa9ccb47a9287135015f789ba7414f50cebcb62d52402fef
 python_version=3
-nocross="configure attempts to run compiled output"
 # These modules in /usr/lib/sssd are required by sssd-python3
 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so"
 
-if [ "$XBPS_LIBC" != glibc ]; then
-	broken="nscd is glibc only"
+if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
+	makedepends+=" musl-nscd-devel"
 fi
 
+if [ "$XBPS_CHECK_PKGS" ]; then
+	hostmakedepends+=" automake"
+	makedepends+=" cmocka-devel check-devel"
+fi
+
+export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
+
 do_check() {
 	export CK_TIMEOUT_MULTIPLIER=10
 	make check VERBOSE=yes
 	unset CK_TIMEOUT_MULTIPLIER
 }
 
+post_patch() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# exclude tests depending on libnss*.so.* present with glibc only.
+		if [ "$XBPS_TARGET_LIBC" != "glibc" ]; then
+			for i in "nss-srv-tests" "test-negcache" "responder-get-domains-tests" \
+					"responder_cache_req-tests" "pam-srv-tests" "ssh-srv-tests" \
+					"test_kcm_queue"; do
+				vsed -i Makefile.am -e "/[    |	]${i}/d"
+			done
+		fi
+
+		# * test_sysdb_sudo: Could not run test: 0 != 0x1 (test_sudo_convert_time);
+		# * test_inotify: [test_timeout] (0x0010): The test timed out!
+		# * dlopen-tests: Error opening sss.so: [...] conf_get_str: symbol not found
+		# * strtonum-tests: Tests:test_strtoint32_alphaonly_base_10:0: errno
+		# unexpectedly set to 22
+		for i in "test_sysdb_sudo" "test_inotify" "dlopen-tests" "strtonum-tests"; do
+			vsed -i Makefile.am -e "/[    |	]${i}/d"
+		done
+	fi
+}
+
+pre_configure() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		automake
+	fi
+}
+
+pre_build() {
+	if [ "$XBPS_CHECK_PKGS" ]; then
+		# build test CA separately for tests; for one reason or another it is
+		# not done by default, although it should be.
+		make test_CA
+	fi
+}
+
 post_install() {
 	rm -rf ${DESTDIR}/etc/rc.d