From c5004b7ffdea16a957fa1046444522e5889f3d20 Mon Sep 17 00:00:00 2001 From: Krul Ceter Date: Tue, 29 Nov 2022 19:28:31 +0300 Subject: [PATCH] sssd: update to 2.8.1. Dependencies: * libwbclient is deprecated and removed upstream. * oidc-child now requires libjose which is not present in the repository; hence it is disabled. * libxslt-devel is not used for building; xsltproc from libxslt is used instead. * xmlcatmgr does not seem to be used as a host make dependency. * python3 is required for cross compiling bindings. * http-parser-devel (http_parser.h) does not seem to be mentioned anywhere in the source code. Patches: * fix_test.patch is removed since I am not able to test it out. * libressl.patch is removed due to openssl replacing libressl. "--without-python2-bindings" can safely be omitted from configure_args. --- srcpkgs/sssd/patches/configure-cross.patch | 33 ++++++++++++ srcpkgs/sssd/patches/fix_tests.patch | 54 -------------------- srcpkgs/sssd/patches/libressl.patch | 26 ---------- srcpkgs/sssd/patches/path_hosts.patch | 59 ++++++++++++++++++++++ srcpkgs/sssd/patches/src.patch | 28 ++++++++++ srcpkgs/sssd/template | 29 ++++++----- 6 files changed, 137 insertions(+), 92 deletions(-) create mode 100644 srcpkgs/sssd/patches/configure-cross.patch delete mode 100644 srcpkgs/sssd/patches/fix_tests.patch delete mode 100644 srcpkgs/sssd/patches/libressl.patch create mode 100644 srcpkgs/sssd/patches/path_hosts.patch create mode 100644 srcpkgs/sssd/patches/src.patch diff --git a/srcpkgs/sssd/patches/configure-cross.patch b/srcpkgs/sssd/patches/configure-cross.patch new file mode 100644 index 000000000000..163ad47b4e31 --- /dev/null +++ b/srcpkgs/sssd/patches/configure-cross.patch @@ -0,0 +1,33 @@ +configure was supposed to execute compiled testing binaries. + +However, when it comes to cross compiling, the script chooses to exit +and interrupt the building. + +In this case it is preferred to skip execution instead of quitting. + +--- a/configure ++++ b/configure +@@ -20460,10 +20460,7 @@ + + if test "$cross_compiling" = yes + then : +- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +-as_fn_error $? "cannot run test program while cross compiling +-See \`config.log' for more details" "$LINENO" 5; } ++ : + else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ +@@ -22915,10 +22912,7 @@ + LIBS="$LIBS -L${sambalibdir} -lidmap-samba4 -Wl,-rpath ${sambalibdir}" + if test "$cross_compiling" = yes + then : +- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +-as_fn_error $? "cannot run test program while cross compiling +-See \`config.log' for more details" "$LINENO" 5; } ++ : + else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ diff --git a/srcpkgs/sssd/patches/fix_tests.patch b/srcpkgs/sssd/patches/fix_tests.patch deleted file mode 100644 index c7de01493a8c..000000000000 --- a/srcpkgs/sssd/patches/fix_tests.patch +++ /dev/null @@ -1,54 +0,0 @@ -Fix tests by disabling failures related to softhsm, see - -https://github.com/SSSD/sssd/issues/5397 - ---- a/src/tests/cmocka/test_pam_srv.c -+++ b/src/tests/cmocka/test_pam_srv.c -@@ -41,6 +41,8 @@ - #include "tests/test_CA/SSSD_test_cert_x509_0002.h" - #include "tests/test_CA/SSSD_test_cert_x509_0005.h" - -+#define TEST_MODULE_NAME SOFTHSM2_PATH -+ - #include "tests/test_ECC_CA/SSSD_test_ECC_cert_x509_0001.h" - #else - #define SSSD_TEST_CERT_0001 "" -@@ -48,6 +50,7 @@ - #define SSSD_TEST_CERT_0005 "" - - #define SSSD_TEST_ECC_CERT_0001 "" -+#define TEST_MODULE_NAME "" - #endif - - #define TESTS_PATH "tp_" BASE_FILE_STEM -@@ -62,7 +65,6 @@ - #define TEST_TOKEN_NAME "SSSD Test Token" - #define TEST_TOKEN2_NAME "SSSD Test Token Number 2" - #define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17" --#define TEST_MODULE_NAME SOFTHSM2_PATH - #define TEST_PROMPT "SSSD test cert 0001\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD" - #define TEST2_PROMPT "SSSD test cert 0002\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD" - #define TEST5_PROMPT "SSSD test cert 0005\nCN=SSSD test cert 0005,OU=SSSD test,O=SSSD" - -The test_ncache_* functions require a working user directory, which is -generally unavailable in xbps-src builds. - ---- a/src/tests/cmocka/test_negcache.c -+++ b/src/tests/cmocka/test_negcache.c -@@ -1089,7 +1089,7 @@ - setup, teardown), - cmocka_unit_test_setup_teardown(test_sss_ncache_domain_locate_type, - setup, teardown), -- -+#if 0 - /* user */ - cmocka_unit_test_setup_teardown(test_ncache_nocache_user, - test_ncache_setup, -@@ -1142,6 +1142,7 @@ - cmocka_unit_test_setup_teardown(test_ncache_both_gid, - test_ncache_setup, - test_ncache_teardown), -+#endif - }; - - tests_set_cwd(); diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch deleted file mode 100644 index e9c8a4bf7b09..000000000000 --- a/srcpkgs/sssd/patches/libressl.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c ---- a/src/p11_child/p11_child_openssl.c 2020-09-06 16:39:47.663132167 +0200 -+++ b/src/p11_child/p11_child_openssl.c 2020-09-06 16:39:51.887060887 +0200 -@@ -33,0 +34 @@ -+#include -diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/crypto_hmac_sha1.c ---- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c 2020-09-06 16:39:47.705131458 +0200 -+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c 2020-09-06 16:39:51.870061174 +0200 -@@ -19,0 +20 @@ -+#include ---- a/src/lib/certmap/sss_cert_content_crypto.c 2020-10-12 12:16:19.000000000 +0200 -+++ b/src/lib/certmap/sss_cert_content_crypto.c 2020-10-12 12:16:19.000000000 +0200 -@@ -771,8 +771,13 @@ - ret = EIO; - goto done; - } -+#ifdef LIBRESSL_VERSION_NUMBER -+ if (cert->ex_flags & EXFLAG_KUSAGE) { -+ cont->key_usage = cert->ex_kusage; -+#else - if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) { - cont->key_usage = X509_get_key_usage(cert); -+#endif - } else { - /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I - * section 13.3.2 "Certificate match" "keyUsage matches if all of the diff --git a/srcpkgs/sssd/patches/path_hosts.patch b/srcpkgs/sssd/patches/path_hosts.patch new file mode 100644 index 000000000000..e659b701acd4 --- /dev/null +++ b/srcpkgs/sssd/patches/path_hosts.patch @@ -0,0 +1,59 @@ +The following patch was appropriated from: + +https://git.alpinelinux.org/aports/commit/testing/sssd/musl_fixup.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4 + +--- + +fix musl build failures + +Missing _PATH_HOSTS and some NETDB defines when musl is enabled. + +These are work arounds for now while we figure out where the real fix should reside (musl, gcompact, sssd): + +./sssd-2.5.1/src/providers/fail_over.c:1199:19: error: '_PATH_HOSTS' undeclared (first use in this function) +| 1199 | _PATH_HOSTS); +| | ^~~~~~~~~~~ + +and + +i./sssd-2.5.1/src/sss_client/nss_ipnetworks.c:415:21: error: 'NETDB_INTERNAL' undeclared (first use in this function) +| 415 | *h_errnop = NETDB_INTERNAL; + + +Upstream-Status: Pending +Signed-off-by: Armin Kuster + +Index: sssd-2.5.1/src/providers/fail_over.c +=================================================================== +--- sssd-2.5.1.orig/src/providers/fail_over.c ++++ sssd-2.5.1/src/providers/fail_over.c +@@ -31,6 +31,10 @@ + #include + #include + ++#if !defined(_PATH_HOSTS) ++#define _PATH_HOSTS "/etc/hosts" ++#endif ++ + #include "util/dlinklist.h" + #include "util/refcount.h" + #include "util/util.h" +Index: sssd-2.5.1/src/sss_client/sss_cli.h +=================================================================== +--- sssd-2.5.1.orig/src/sss_client/sss_cli.h ++++ sssd-2.5.1/src/sss_client/sss_cli.h +@@ -44,6 +44,14 @@ typedef int errno_t; + #define EOK 0 + #endif + ++#ifndef NETDB_INTERNAL ++# define NETDB_INTERNAL (-1) ++#endif ++ ++#ifndef NETDB_SUCCESS ++# define NETDB_SUCCESS (0) ++#endif ++ + #define SSS_NSS_PROTOCOL_VERSION 1 + #define SSS_PAM_PROTOCOL_VERSION 3 + #define SSS_SUDO_PROTOCOL_VERSION 1 diff --git a/srcpkgs/sssd/patches/src.patch b/srcpkgs/sssd/patches/src.patch new file mode 100644 index 000000000000..991b4bbbdc04 --- /dev/null +++ b/srcpkgs/sssd/patches/src.patch @@ -0,0 +1,28 @@ +Source: + +https://git.alpinelinux.org/aports/commit/testing/sssd/0002-src.patch?id=2c136de2ac7a89dda4030ad67e1be281759018d4 + +diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h +index af3563e65..2d98829ad 100644 +--- a/src/confdb/confdb.h ++++ b/src/confdb/confdb.h +@@ -22,6 +22,7 @@ + #ifndef _CONF_DB_H + #define _CONF_DB_H + ++#include + #include + #include + #include +diff --git a/src/util/util.h b/src/util/util.h +index 6dfd2540c..e54ca5bd5 100644 +--- a/src/util/util.h ++++ b/src/util/util.h +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include + #include + + #include diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template index d57d4f47c84e..c56aabc3d534 100644 --- a/srcpkgs/sssd/template +++ b/srcpkgs/sssd/template @@ -1,20 +1,19 @@ # Template file for 'sssd' pkgname=sssd -version=2.4.0 -revision=5 +version=2.8.1 +revision=1 build_style=gnu-configure # configure checks sys.version[:3] for Python versioning, so 3.10 becomes 3.1; # until this is fixed upstream, manually define am_cv_python_version to circumvent -configure_args="--without-selinux --without-semanage --without-libwbclient +configure_args="--without-selinux --without-semanage --without-oidc-child --disable-cifs-idmap-plugin --without-samba --with-os=fedora --with-test-dir=/dev/shm --with-python3-bindings --with-pid-path=/run - --with-sudo-lib-path=/usr/lib/sssd --without-python2-bindings - am_cv_python_version=${py3_ver}" -hostmakedepends="pkg-config nscd bind xmlcatmgr docbook-xsl" + --with-sudo-lib-path=/usr/lib/sssd am_cv_python_version=${py3_ver}" +hostmakedepends="libxslt pkg-config bind docbook-xsl python3" makedepends="pam-devel popt-devel talloc-devel tdb-devel tevent-devel ldb-devel ding-libs-devel libldap-devel mit-krb5-devel c-ares-devel glib-devel - libxslt-devel nss-devel libnfsidmap-devel http-parser-devel p11-kit-devel - jansson-devel python3-devel libcurl-devel cmocka-devel check-devel" + nss-devel libnfsidmap-devel p11-kit-devel jansson-devel python3-devel + libcurl-devel cmocka-devel check-devel libunistring-devel" make_dirs="/var/lib/sss/db 0700 root root /var/lib/sss/secrets 0700 root root /var/lib/sss/pubconf/krb5.include.d 0700 root root @@ -22,19 +21,25 @@ make_dirs="/var/lib/sss/db 0700 root root /var/lib/sss/mc 0700 root root /var/lib/sss/keytabs 0700 root root /var/lib/sss/gpo_cache 0700 root root - /var/lib/sss/db 0700 root root /etc/sssd/ 0700 root root /var/sssd/conf.d 0700 root root" short_desc="System Security Services Daemon" maintainer="Yuusha Spacewolf " license="GPL-3.0-or-later" homepage="https://sssd.io" -distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz" -checksum=13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd +distfiles="https://github.com/SSSD/sssd/releases/download/${version}/${pkgname}-${version}.tar.gz" +checksum=1a7835563436c8cb14c0af848750557fbba1326dd9369b53d96be484600f3188 python_version=3 -nocross="configure attempts to run compiled output" # These modules in /usr/lib/sssd are required by sssd-python3 shlib_provides="libsss_util.so libsss_crypt.so libsss_debug.so" +# src/tests/cmocka/test_negcache_2.c:113:15: error: implicit declaration of function 'fgetpwent' +make_check="no" + +if [ "$XBPS_TARGET_LIBC" = "musl" ]; then + makedepends+=" musl-nscd-devel" +fi + +export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config" do_check() { export CK_TIMEOUT_MULTIPLIER=10