From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1758690-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 0316A158098
	for <garchives@archives.gentoo.org>; Fri, 13 Jun 2025 00:09:27 +0000 (UTC)
Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange x25519)
	(No client certificate requested)
	(Authenticated sender: relay-lists.gentoo.org@gentoo.org)
	by smtp.gentoo.org (Postfix) with ESMTPSA id DD1AF34248A
	for <garchives@archives.gentoo.org>; Fri, 13 Jun 2025 00:09:26 +0000 (UTC)
Received: from bobolink.gentoo.org (localhost [127.0.0.1])
	by bobolink.gentoo.org (Postfix) with ESMTP id DDDB51104DE;
	Fri, 13 Jun 2025 00:09:21 +0000 (UTC)
Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange x25519)
	(No client certificate requested)
	by bobolink.gentoo.org (Postfix) with ESMTPS id D4FC11104DE
	for <gentoo-commits@lists.gentoo.org>; Fri, 13 Jun 2025 00:09:21 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange x25519)
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 83FA934246C
	for <gentoo-commits@lists.gentoo.org>; Fri, 13 Jun 2025 00:09:21 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id C244782C
	for <gentoo-commits@lists.gentoo.org>; Fri, 13 Jun 2025 00:09:19 +0000 (UTC)
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" <sam@gentoo.org>
Message-ID: <1749773307.91a9ac14880dae5ecfb892e361f5f73d91af7eb1.sam@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-auth/sssd/
X-VCS-Repository: repo/gentoo
X-VCS-Files: sys-auth/sssd/Manifest sys-auth/sssd/sssd-2.11.0.ebuild
X-VCS-Directories: sys-auth/sssd/
X-VCS-Committer: sam
X-VCS-Committer-Name: Sam James
X-VCS-Revision: 91a9ac14880dae5ecfb892e361f5f73d91af7eb1
X-VCS-Branch: master
Date: Fri, 13 Jun 2025 00:09:19 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 41ce34b8-c62d-47d7-8553-c13cb1e1d488
X-Archives-Hash: 7ed20bdc110389db3cd84357179ea349

commit:     91a9ac14880dae5ecfb892e361f5f73d91af7eb1
Author:     Christopher Byrne <salah.coronya <AT> gmail <DOT> com>
AuthorDate: Sun Jun  8 01:54:05 2025 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Jun 13 00:08:27 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91a9ac14

sys-auth/sssd: add 2.11.0

Ukrainian translation not included because it fails to compile

Signed-off-by: Christopher Byrne <salah.coronya <AT> gmail.com>
Part-of: https://github.com/gentoo/gentoo/pull/42495
Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-auth/sssd/Manifest           |   1 +
 sys-auth/sssd/sssd-2.11.0.ebuild | 387 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 388 insertions(+)

diff --git a/sys-auth/sssd/Manifest b/sys-auth/sssd/Manifest
index 15a60893fc03..bb90e4ef664f 100644
--- a/sys-auth/sssd/Manifest
+++ b/sys-auth/sssd/Manifest
@@ -1,3 +1,4 @@
 DIST sssd-2.10.2.tar.gz 9200497 BLAKE2B 76b6e4ab26c326d1075ae2811445e7c4196450af4b9791e3854c087bb82f229cc48a39027248d694943ec6fb9270d915a00d55eec7cd76c38700d4d1f3775360 SHA512 14ad222802e5426b0959ee32602e04ce24b3eb8d3bdd5e188cf29e3c7d32e0631b41c386fdbd129acf281317538460015d35410a688ea48dd546f9ae28522eac
+DIST sssd-2.11.0.tar.gz 9253481 BLAKE2B 072afaf30b0912312c21293bf69416af6cb2fa2df99918791a727992b6b6a27bfb09e5f3583de346e993dc2625ccfc2cae6d5df457e6e1a5852f71dc7e70b7d8 SHA512 cf273853170ff8fa8767eb7f760ee205d7b0b9c725f81de51c44463b96b66b509c5e257a4e9c9a633bd7080fde42b11164579291664de4629654ffa9989352fb
 DIST sssd-2.9.6.tar.gz 9136447 BLAKE2B 9ba4faa66d56150de58e86588bd0dedb02ff2f155fa118a35cd981885fed6cab5fdf13373f575a41691c87b4d18c586cba717b399e3826675eee1b0f8da967b7 SHA512 d9a35fc12022f0a2aa73be373b396411fc69b2fe5489ab93d17813a4c75b3ec30e598d5748ab202f7588039b465e11d616ce546cd5fe5439fa8edd9ac8cda69a
 DIST sssd-2.9.7.tar.gz 9161891 BLAKE2B 1658f3a6447c58665fccf144292deda759a72e1dbe0913e49f510fa8342e0fa09569319a40293a63c360c17ede0e8051c93b81e488549ed8e3bbeff37ce86389 SHA512 ba2bcab28491971e420b8bb8769574e88af4059cad5cec5320668cabf31c11314fce6dcab45b097d7b0876dfebe1cad22a0104c0856c80cdc07c21b19a95a3f2

diff --git a/sys-auth/sssd/sssd-2.11.0.ebuild b/sys-auth/sssd/sssd-2.11.0.ebuild
new file mode 100644
index 000000000000..80f834b25890
--- /dev/null
+++ b/sys-auth/sssd/sssd-2.11.0.ebuild
@@ -0,0 +1,387 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Ukrainian translation causes compile fail failure, so skkip it for now
+#PLOCALES="ca de es fr ja ko pt_BR ru sv tr uk"
+PLOCALES="ca de es fr ja ko pt_BR ru sv tr"
+PLOCALES_BIN="${PLOCALES} bg cs eu fi hu id it ka nb nl pl pt tg zh_TW zh_CN"
+PLOCALE_BACKUP="sv"
+PYTHON_COMPAT=( python3_{10..13} )
+
+inherit autotools linux-info multilib-minimal optfeature plocale \
+	python-single-r1 pam systemd tmpfiles udev toolchain-funcs
+
+DESCRIPTION="System Security Services Daemon provides access to identity and authentication"
+HOMEPAGE="https://github.com/SSSD/sssd"
+if [[ ${PV} != 9999 ]]; then
+	SRC_URI="https://github.com/SSSD/sssd/releases/download/${PV}/${P}.tar.gz"
+else
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/SSSD/sssd.git"
+	EGIT_BRANCH="master"
+fi
+
+LICENSE="GPL-3"
+SLOT="0"
+IUSE="doc +netlink nfsv4 nls passkey python samba selinux systemd systemtap test"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+	>=app-crypt/mit-krb5-1.19.1[${MULTILIB_USEDEP}]
+	app-crypt/p11-kit
+	>=dev-libs/ding-libs-0.2
+	>=dev-libs/cyrus-sasl-2.1.25-r3[kerberos]
+	dev-libs/jansson:=
+	dev-libs/libpcre2:=
+	dev-libs/libunistring:=[${MULTILIB_USEDEP}]
+	>=dev-libs/popt-1.16
+	>=dev-libs/openssl-1.0.2:=
+	>=net-dns/bind-9.9[gssapi]
+	>=net-dns/c-ares-1.10.0-r1:=[${MULTILIB_USEDEP}]
+	>=net-nds/openldap-2.4.30:=[sasl,experimental]
+	net-fs/cifs-utils[acl]
+	>=sys-apps/dbus-1.6
+	>=sys-apps/keyutils-1.5:=
+	sys-libs/libcap
+	>=sys-libs/pam-0-r1[${MULTILIB_USEDEP}]
+	>=sys-libs/talloc-2.0.7
+	>=sys-libs/tdb-1.2.9
+	>=sys-libs/tevent-0.9.16
+	virtual/ldb:=
+	virtual/libintl
+	netlink? ( dev-libs/libnl:3 )
+	nfsv4? ( >=net-fs/nfs-utils-2.3.1-r2 )
+	nls? ( >=sys-devel/gettext-0.18 )
+	passkey? ( dev-libs/libfido2:= )
+	python? (
+		${PYTHON_DEPS}
+		systemd? (
+			$(python_gen_cond_dep '
+				dev-python/python-systemd[${PYTHON_USEDEP}]
+			')
+		)
+	)
+	samba? ( >=net-fs/samba-4.10.2[winbind] )
+	selinux? (
+		>=sys-libs/libselinux-2.1.9
+		>=sys-libs/libsemanage-2.1
+	)
+	systemd? (
+		sys-apps/systemd:=
+		sys-apps/util-linux
+	)
+	systemtap? ( dev-debug/systemtap )"
+RDEPEND="${DEPEND}
+	acct-user/sssd
+	acct-group/sssd
+	passkey? ( sys-apps/pcsc-lite[policykit] )
+	selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )"
+DEPEND+="
+	sys-apps/shadow"
+BDEPEND="
+	acct-user/sssd
+	acct-group/sssd
+	sys-libs/libcap
+	virtual/pkgconfig
+	${PYTHON_DEPS}
+	doc? ( app-text/doxygen )
+	nls? (	app-text/po4a
+		sys-devel/gettext )
+	test? (
+		dev-libs/check
+		dev-libs/softhsm:2
+		dev-util/cmocka
+		net-libs/gnutls[pkcs11,tools]
+		sys-libs/libfaketime
+		sys-libs/nss_wrapper
+		sys-libs/pam_wrapper
+		sys-libs/uid_wrapper
+	)
+	app-text/docbook-xml-dtd:4.4
+	>=dev-libs/libxslt-1.1.26
+"
+
+CONFIG_CHECK="~KEYS"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-2.8.2-krb5_pw_locked.patch"
+	"${FILESDIR}/${PN}-2.9.6-conditional-python-install.patch"
+	"${FILESDIR}/${PN}-2.10.0_beta2-fix-systemd-systemconfdir.patch"
+)
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/ipa_hbac.h
+	/usr/include/sss_idmap.h
+	/usr/include/sss_nss_idmap.h
+	# --with-ifp
+	/usr/include/sss_sifp.h
+	/usr/include/sss_sifp_dbus.h
+	# from 1.15.3
+	/usr/include/sss_certmap.h
+)
+
+sssd_migrate_files() {
+	if has_version "<=sys-auth/sssd-2.9.9999"
+	then
+		einfo "Checking if sssd is running"
+		if [ -f /run/sssd.pid ]
+		then
+			elog "Please stop sssd after installing before"
+			elog "performing the migration process"
+		fi
+		einfo "Checking if /var/lib/sss ownership"
+		if [ -d /var/lib/sss ] && [ $(stat -c "%U:%G" /var/lib/sss) != "sssd:sssd" ]
+		then
+			elog "After installing, please execute"
+			elog "chown -R sssd:sssd /var/lib/sss"
+		fi
+		einfo "Checking if /var/log/sssd ownership"
+		if [ -d /var/log/sssd ] && [ $(stat -c "%U:%G" /var/log/sssd) != "sssd:sssd" ]
+		then
+			elog "After installing, please execute"
+			elog "chown -R sssd:sssd /var/log/sssd"
+		fi
+		einfo "Checking if /etc/sssd ownership"
+		if ! use systemd && [ -d /etc/sssd ] && [ $(stat -c "%U:%G" /etc/sssd) != "root:sssd" ]
+		then
+			elog "After installing, please execute"
+			elog "chown -R root:sssd /etc/sssd"
+		fi
+	fi
+}
+
+pkg_setup() {
+	linux-info_pkg_setup
+	python-single-r1_pkg_setup
+
+	sssd_migrate_files
+}
+
+src_prepare() {
+	default
+
+	plocale_get_locales > src/man/po/LINGUAS || die
+
+	sed -i \
+		-e "/_langs]/ s/ .*//" \
+		src/man/po/po4a.cfg \
+		|| die
+	enable_locale() {
+		local locale=${1}
+
+		sed -i \
+			-e "/_langs]/ s/$/ ${locale}/" \
+			src/man/po/po4a.cfg \
+			|| die
+	}
+
+	plocale_for_each_locale enable_locale
+
+	PLOCALES="${PLOCALES_BIN}"
+	plocale_get_locales > po/LINGUAS || die
+
+	sed -i \
+		-e 's:/var/run:/run:' \
+		src/examples/logrotate \
+		|| die
+
+	# disable flaky test, see https://github.com/SSSD/sssd/issues/5631
+	sed -i \
+		-e '/^\s*pam-srv-tests[ \\]*$/d' \
+		Makefile.am \
+		|| die
+
+	# requires valgrind headers installed, see
+	# https://github.com/SSSD/sssd/pull/7845
+	sed -i \
+		-e '/^\s*test_iobuf[ \\]*$/d' \
+		Makefile.am \
+		|| die
+
+	eautoreconf
+
+	multilib_copy_sources
+}
+
+src_configure() {
+	local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1 || die)
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	local myconf=()
+
+	myconf+=(
+		--libexecdir="${EPREFIX}"/usr/libexec
+		--localstatedir="${EPREFIX}"/var
+		--runstatedir="${EPREFIX}"/run
+		--sbindir="${EPREFIX}"/usr/sbin
+		--with-pid-path="${EPREFIX}"/run/sssd
+		--with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd
+		--enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir)
+		--with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb
+		--with-db-path="${EPREFIX}"/var/lib/sss/db
+		--with-gpo-cache-path="${EPREFIX}"/var/lib/sss/gpo_cache
+		--with-pubconf-path="${EPREFIX}"/var/lib/sss/pubconf
+		--with-pipe-path="${EPREFIX}"/var/lib/sss/pipes
+		--with-mcache-path="${EPREFIX}"/var/lib/sss/mc
+		--with-secrets-db-path="${EPREFIX}"/var/lib/sss/secrets
+		--with-log-path="${EPREFIX}"/var/log/sssd
+		--with-tmpfilesdir=/usr/lib/tmpfiles.d
+		--with-udevrulesdir="$(get_udevdir)/rules.d"
+		--with-kcm
+		--enable-kcm-renewal
+		--with-os=gentoo
+		--disable-rpath
+		--disable-static
+		# Valgrind is only used for tests
+		--disable-valgrind
+		$(use_with samba)
+		--with-smb-idmap-interface-version=6
+		--enable-cifs-idmap-plugin
+		$(multilib_native_use_with selinux)
+		--enable-krb5-locator-plugin
+		$(use_enable samba pac-responder)
+		$(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin)
+		$(use_enable nls)
+		$(multilib_native_use_with netlink libnl)
+		--with-manpages
+		--with-sudo
+		$(multilib_native_with autofs)
+		$(multilib_native_with ssh)
+		--without-oidc-child
+		$(multilib_native_with passkey)
+		--with-subid
+		$(use_enable systemtap)
+		--without-python2-bindings
+		$(multilib_native_use_with python python3-bindings)
+		# Annoyingly configure requires that you pick systemd XOR sysv
+		--with-initscript=$(usex systemd systemd sysv)
+		--with-sssd-user=sssd
+		KRB5_CONFIG="${ESYSROOT}"/usr/bin/krb5-config
+		CPPFLAGS="${CPPFLAGS} -I${ESYSROOT}/usr/include/samba-4.0"
+	)
+
+	use systemd && myconf+=(
+		--with-systemdunitdir=$(systemd_get_systemunitdir)
+	)
+
+	if ! multilib_is_native_abi; then
+		# work-around all the libraries that are used for CLI and server
+		myconf+=(
+			{POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' '
+			# ldb headers are fine since native needs it
+			# ldb lib fails... but it does not seem to bother
+			{DHASH,UNISTRING,INI_CONFIG_V{0,1,1_1,1_3}}_{CFLAGS,LIBS}=' '
+			{PCRE,CARES,SYSTEMD_LOGIN,SASL,DBUS,CRYPTO,P11_KIT}_{CFLAGS,LIBS}=' '
+			{NDR_NBT,SAMBA_UTIL,SMBCLIENT,NDR_KRB5PAC,JANSSON}_{CFLAGS,LIBS}=' '
+
+			# use native include path for dbus (needed for build)
+			DBUS_CFLAGS="${native_dbus_cflags}"
+
+			# non-pkgconfig checks
+			ac_cv_lib_ldap_ldap_search=yes
+			--without-kcm
+			--without-manpages
+		)
+	fi
+
+	econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+	if multilib_is_native_abi; then
+		default
+		use doc && emake docs
+	else
+		emake libnss_sss.la pam_sss.la pam_sss_gss.la
+		emake sssd_krb5_locator_plugin.la
+		use samba && emake sssd_pac_plugin.la
+	fi
+}
+
+multilib_src_test() {
+	if multilib_is_native_abi; then
+		local -x CK_TIMEOUT_MULTIPLIER=10
+		emake check VERBOSE=yes
+	fi
+}
+
+multilib_src_install() {
+	if multilib_is_native_abi; then
+		emake -j1 DESTDIR="${D}" install
+		if use python; then
+			python_fix_shebang "${ED}"
+			python_optimize
+		fi
+	else
+		# easier than playing with automake...
+		dopammod .libs/pam_sss.so
+		dopammod .libs/pam_sss_gss.so
+
+		into /
+		dolib.so .libs/libnss_sss.so*
+
+		exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5
+		doexe .libs/sssd_krb5_locator_plugin.so
+
+		if use samba; then
+			exeinto /usr/$(get_libdir)/krb5/plugins/authdata
+			doexe .libs/sssd_pac_plugin.so
+		fi
+	fi
+}
+
+multilib_src_install_all() {
+	einstalldocs
+
+	insinto /etc/sssd
+	insopts -m600
+	doins src/examples/sssd-example.conf
+
+	insinto /etc/logrotate.d
+	insopts -m644
+	newins src/examples/logrotate sssd
+
+	newconfd "${FILESDIR}"/sssd.conf sssd
+
+	keepdir /var/lib/sss/db
+	keepdir /var/lib/sss/deskprofile
+	keepdir /var/lib/sss/gpo_cache
+	keepdir /var/lib/sss/keytabs
+	keepdir /var/lib/sss/mc
+	keepdir /var/lib/sss/pipes/private
+	keepdir /var/lib/sss/pubconf/krb5.include.d
+	keepdir /var/lib/sss/secrets
+	keepdir /var/log/sssd
+	keepdir /etc/sssd/conf.d
+	keepdir /etc/sssd/pki
+
+	# strip empty dirs
+	if ! use doc; then
+		rm -r "${ED}"/usr/share/doc/"${PF}"/doc || die
+		rm -r "${ED}"/usr/share/doc/"${PF}"/{hbac,idmap,nss_idmap}_doc || die
+	fi
+
+	rm -r "${ED}"/run || die
+	find "${ED}" -type f -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+	tmpfiles_process sssd-tmpfiles.conf
+	echo
+	elog "You must set up sssd.conf (default installed into /etc/sssd)"
+	elog "and (optionally) configuration in /etc/pam.d in order to use SSSD"
+	elog "features."
+	echo
+	optfeature "Kerberos keytab renew (see krb5_renew_interval)" app-crypt/adcli
+
+	if ! use python; then
+		echo
+		ewarn "sssctl analyze will not work because the python USE flag is disabled."
+	fi
+}