[PATCH] gnu: sssd: Update to 2.7.0.

  • Done
  • quality assurance status badge
Details
2 participants
  • Ludovic Courtès
  • Timotej Lazar
Owner
unassigned
Submitted by
Timotej Lazar
Severity
normal
T
T
Timotej Lazar wrote on 23 May 2022 20:54
(address . guix-patches@gnu.org)(name . Timotej Lazar)(address . timotej.lazar@araneo.si)
20220523185417.23954-1-timotej.lazar@araneo.si
Add support for renewing AD membership with adcli. Wrap binaries with
LDB_MODULES_PATH. Fix the sss_analyze utility to run without systemd
libraries. Add native inputs to generate man pages and run additional tests
during build.

* gnu/packages/sssd.scm (sssd): Update to 2.7.0.
[patches]: Drop patches applied upstream. Add a patch for sss_analyze.
[inputs]: Add adcli, bash-minimal, jose, keyutils, libnl, pcre2, python.
Drop augeas, pcre.
[native-inputs]: Add cmocka, doxygen, gettext-minimal, libfaketime,
libtool, openssh, po4a, softhsm.
[arguments]: Rewrite in gexp style. Fix configure checks. Remove static
library from install. Wrap binaries to set correct paths.
* gnu/packages/patches/sssd-collision-with-external-nss-symbol.patch,
gnu/packages/patches/sssd-fix-samba-4.15.3.patch,
gnu/packages/patches/sssd-fix-samba.patch: Delete files.
* gnu/packages/patches/sssd-optional-systemd.patch: New file.
* gnu/local.mk (dist_patch_DATA): Update accordingly.
---
Hi,

this updates sssd to the latest version. I adapted the package to the
new style, added inputs for additional features and tests, and wrapped
the binaries with the required environment variables.

The package builds at least for x86-64, i686 and aarch64. I have been
using the updated package (actually the 2.6.0 version for the most part)
for several months to enable AD logins from multiple domains.

Upstream seems to maintain both the 2.x and 1.16.x series; if anyone
needs the older version, I can submit a revision to keep both packages.
Man pages are still not formatted correctly, which seems to be an issue
with docbook reported at https://issues.guix.gnu.org/52909.

Finally, I know that mixing updates with other changes is bad form, but
untangling them now would be less than trivial and more than likely to
introduce bugs in the intermediate commits. :)

Thanks!

gnu/local.mk | 4 +-
...d-collision-with-external-nss-symbol.patch | 71 ---
.../patches/sssd-fix-samba-4.15.3.patch | 523 ------------------
gnu/packages/patches/sssd-fix-samba.patch | 50 --
.../patches/sssd-optional-systemd.patch | 45 ++
.../patches/sssd-system-directories.patch | 44 +-
gnu/packages/sssd.scm | 207 ++++---
7 files changed, 204 insertions(+), 740 deletions(-)
delete mode 100644 gnu/packages/patches/sssd-collision-with-external-nss-symbol.patch
delete mode 100644 gnu/packages/patches/sssd-fix-samba-4.15.3.patch
delete mode 100644 gnu/packages/patches/sssd-fix-samba.patch
create mode 100644 gnu/packages/patches/sssd-optional-systemd.patch

Toggle diff (160 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 6274f43566..e458b3e922 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1610,8 +1610,6 @@ dist_patch_DATA = \
%D%/packages/patches/sdl-pango-sans-serif.patch \
%D%/packages/patches/smalltalk-multiplication-overflow.patch \
%D%/packages/patches/sqlite-hurd.patch \
- %D%/packages/patches/sssd-collision-with-external-nss-symbol.patch \
- %D%/packages/patches/sssd-fix-samba-4.15.3.patch \
%D%/packages/patches/strace-readlink-tests.patch \
%D%/packages/patches/sunxi-tools-remove-sys-io.patch \
%D%/packages/patches/p11-kit-hurd.patch \
@@ -1825,7 +1823,7 @@ dist_patch_DATA = \
%D%/packages/patches/snappy-add-inline-for-GCC.patch \
%D%/packages/patches/sphinxbase-fix-doxygen.patch \
%D%/packages/patches/spice-vdagent-glib-2.68.patch \
- %D%/packages/patches/sssd-fix-samba.patch \
+ %D%/packages/patches/sssd-optional-systemd.patch \
%D%/packages/patches/sssd-system-directories.patch \
%D%/packages/patches/steghide-fixes.patch \
%D%/packages/patches/suitesparse-mongoose-cmake.patch \
diff --git a/gnu/packages/patches/sssd-collision-with-external-nss-symbol.patch b/gnu/packages/patches/sssd-collision-with-external-nss-symbol.patch
deleted file mode 100644
index 9d59ae91be..0000000000
--- a/gnu/packages/patches/sssd-collision-with-external-nss-symbol.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From fe9eeb51be06059721e873f77092b1e9ba08e6c1 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
-Date: Thu, 27 Feb 2020 06:50:40 +0100
-Subject: [PATCH] nss: Collision with external nss symbol
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-One of our internal static function names started
-to collide with external nss symbol. Additional
-sss_ suffix was added to avoid the collision.
-
-This is needed to unblock Fedora Rawhide's
-SSSD build.
-
-Reviewed-by: Pavel B?ezina <pbrezina@redhat.com>
----
- src/responder/nss/nss_cmd.c | 18 ++++++++++--------
- 1 file changed, 10 insertions(+), 8 deletions(-)
-
-diff --git a/src/responder/nss/nss_cmd.c b/src/responder/nss/nss_cmd.c
-index 356aea1564..02706c4b94 100644
---- a/src/responder/nss/nss_cmd.c
-+++ b/src/responder/nss/nss_cmd.c
-@@ -731,11 +731,13 @@ static void nss_getent_done(struct tevent_req *subreq)
- talloc_free(cmd_ctx);
- }
-
--static void nss_setnetgrent_done(struct tevent_req *subreq);
-+static void sss_nss_setnetgrent_done(struct tevent_req *subreq);
-
--static errno_t nss_setnetgrent(struct cli_ctx *cli_ctx,
-- enum cache_req_type type,
-- nss_protocol_fill_packet_fn fill_fn)
-+/* This function's name started to collide with external nss symbol,
-+ * so it has additional sss_* prefix unlike other functions here. */
-+static errno_t sss_nss_setnetgrent(struct cli_ctx *cli_ctx,
-+ enum cache_req_type type,
-+ nss_protocol_fill_packet_fn fill_fn)
- {
- struct nss_ctx *nss_ctx;
- struct nss_state_ctx *state_ctx;
-@@ -777,7 +779,7 @@ static errno_t nss_setnetgrent(struct cli_ctx *cli_ctx,
- goto done;
- }
-
-- tevent_req_set_callback(subreq, nss_setnetgrent_done, cmd_ctx);
-+ tevent_req_set_callback(subreq, sss_nss_setnetgrent_done, cmd_ctx);
-
- ret = EOK;
-
-@@ -790,7 +792,7 @@ static errno_t nss_setnetgrent(struct cli_ctx *cli_ctx,
- return EOK;
- }
-
--static void nss_setnetgrent_done(struct tevent_req *subreq)
-+static void sss_nss_setnetgrent_done(struct tevent_req *subreq)
- {
- struct nss_cmd_ctx *cmd_ctx;
- errno_t ret;
-@@ -1040,8 +1042,8 @@ static errno_t nss_cmd_initgroups_ex(struct cli_ctx *cli_ctx)
-
- static errno_t nss_cmd_setnetgrent(struct cli_ctx *cli_ctx)
- {
-- return nss_setnetgrent(cli_ctx, CACHE_REQ_NETGROUP_BY_NAME,
-- nss_protocol_fill_setnetgrent);
-+ return sss_nss_setnetgrent(cli_ctx, CACHE_REQ_NETGROUP_BY_NAME,
-+ nss_protocol_fill_setnetgrent);
- }
-
- static errno_t nss_cmd_getnetgrent(struct cli_ctx *cli_ctx)
diff --git a/gnu/packages/patches/sssd-fix-samba-4.15.3.patch b/gnu/packages/patches/sssd-fix-samba-4.15.3.patch
deleted file mode 100644
index 731daa0ed9..0000000000
--- a/gnu/packages/patches/sssd-fix-samba-4.15.3.patch
+++ /dev/null
@@ -1,523 +0,0 @@
-From 3ba88c317fd64b69b000adbdf881c88383f325d1 Mon Sep 17 00:00:00 2001
-From: Noel Power <noel.power@suse.com>
-Date: Tue, 24 Mar 2020 13:37:07 +0000
-Subject: [PATCH] Use ndr_pull_steal_switch_value for modern samba versions
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-commit bc56b10aea999284458dcc293b54cf65288e325d attempted to
-fix the build error resulting from removal of 'ndr_pull_get_switch'
-
-This change uses the new replacement method
-'ndr_pull_steal_switch_value' however depending on the samba version
-the ndr_pull_steal_switch_value abi is different.
-
-Note: ndr_pull_steal_switch_value is used since samba 4.10 for
- the affected methods
-
-Note: the following methods have been refreshed from samba-4.12 generated
- code;
-
- o ndr_pull_security_ace_object_type
- o ndr_pull_security_ace_object_inherited_type
- o ndr_pull_security_ace_object_ctr
-
-Signed-off-by: Noel Power <noel.power@suse.com>
-
-Reviewed-by: Pavel B?ezina <pbrezina@redhat.com>
-(cherry picked from commit 1fdd8fa2fded1985fbfc6aa67394eebcdbb6a2fc)
-
-Reviewed-by: Pavel B?ezina <pbrezina@redhat.com>
----
- src/external/samba.m4 | 9 ++++++-
- src/providers/ad/ad_gpo_ndr.c | 45 ++++++++++++++++++++---------------
- 2 files changed, 34 insertions(+), 20 deletions(-)
-
-diff --git a/src/external/samba.m4 b/src/external/samba.m4
-index 089f602a60..8e06174ead 100644
---- a/src/external/samba.m4
-+++ b/src/external/samba.m4
-@@ -132,8 +132,15 @@ int main(void)
- AC_DEFINE_UNQUOTED(SMB_IDMAP_DOMAIN_HAS_DOM_SID, 1,
- [Samba's struct idmap_domain has dom_sid member])
- AC_MSG_NOTICE([Samba's struct idmap_domain has dom_sid member])
-+ if test $samba_minor_version -ge 12 ; then
-+ AC_DEFINE_UNQUOTED(SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH, 1,
-+ [Samba's new push/pull switch functions])
-+ AC_MSG_NOTICE([Samba has support for new ndr_push_steal_switch_value and ndr_pull_steal_switch_value functions])
-+ else
-+ AC_MSG_NOTICE([Samba supports old ndr_pull_steal_switch_value and ndr_pull_steal_switch_value functions])
-+ fi
- else
- AC_MSG_NOTICE([Samba's struct idmap_domain does not have dom_sid member])
-+ AC_MSG_NOTICE([Samba supports old ndr_pull_steal_switch_value and ndr_pull_steal_switch_value functions])
- fi
--
- fi
-
- SAVE_CFLAGS=$CFLAGS
-diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c
-index 49c49d71b2..3d389e513d 100644
---- a/src/providers/ad/ad_gpo_ndr.c
-+++ b/src/providers/ad/ad_gpo_ndr.c
-@@ -105,9 +105,14 @@ ndr_pull_security_ace_object_type(struct ndr_pull *ndr,
- union security_ace_object_type *r)
- {
- uint32_t level;
-- level = ndr_token_peek(&ndr->switch_list, r);
- NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
- if (ndr_flags & NDR_SCALARS) {
-+ /* This token is not used again (except perhaps below in the NDR_BUFFERS case) */
-+#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
-+ NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
-+#else
-+ level = ndr_pull_steal_switch_value(ndr, r);
-+#endif
- NDR_CHECK(ndr_pull_union_align(ndr, 4));
- switch (level) {
- case SEC_ACE_OBJECT_TYPE_PRESENT: {
-@@ -117,14 +122,6 @@ ndr_pull_security_ace_object_type(struct ndr_pull *ndr,
- break; }
- }
- }
-- if (ndr_flags & NDR_BUFFERS) {
-- switch (level) {
-- case SEC_ACE_OBJECT_TYPE_PRESENT:
-- break;
-- default:
-- break;
-- }
-- }
- return NDR_ERR_SUCCESS;
- }
-
-@@ -135,9 +132,14 @@ ndr_pull_security_ace_object_inherited_type(struct ndr_pull *ndr,
- union security_ace_object_inherited_type *r)
- {
- uint32_t level;
-- level = ndr_token_peek(&ndr->switch_list, r);
- NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
- if (ndr_flags & NDR_SCALARS) {
-+ /* This token is not used again (except perhaps below in the NDR_BUFFERS case) */
-+#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
-+ NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
-+#else
-+ level = ndr_pull_steal_switch_value(ndr, r);
-+#endif
- NDR_CHECK(ndr_pull_union_align(ndr, 4));
- switch (level) {
- case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT: {
-@@ -149,14 +151,6 @@ ndr_pull_security_ace_object_inherited_type(struct ndr_pull *ndr,
- break; }
- }
- }
-- if (ndr_flags & NDR_BUFFERS) {
-- switch (level) {
-- case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT:
-- break;
-- default:
-- break;
-- }
-- }
- return NDR_ERR_SUCCESS;
- }
-
-@@ -198,9 +192,14 @@ ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr,
- union security_ace_object_ctr *r)
- {
- uint32_t level;
-- level = ndr_token_peek(&ndr->switch_list, r);
- NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
- if (ndr_flags & NDR_SCALARS) {
-+ /* This token is not used again (except perhaps below in the NDR_BUFFERS case) */
-+#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
-+ NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
-+#else
-+ level = ndr_pull_steal_switch_value(ndr, r);
-+#endif
- NDR_CHECK(ndr_pull_union_align(ndr, 4));
- switch (level) {
- case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: {
-@@ -224,6 +223,14 @@ ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr,
- }
- }
- if (ndr_flags & NDR_BUFFERS) {
-+ if (!(ndr_flags & NDR_SCALARS)) {
-+ /* We didn't get it above, and the token is not needed after this. */
-+#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
-+ NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
-+#else
-+ level = ndr_pull_steal_switch_value(ndr, r);
-+#endif
-+ }
- switch (level) {
- case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
- NDR_CHECK(ndr_pull_security_ace_object
-From 5285a1896ee19bb8f1ff752380547bc6d7a43334 Mon Sep 17 00:00:00 2001
-From: Noel Power <noel.power@suse.com>
-Date: Tue, 24 Mar 2020 18:14:34 +0000
-Subject: [PATCH] ad_gpo_ndr.c: refresh ndr_ methods from samba-4.12
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: Noel Power <noel.power@suse.com>
-
-Reviewed-by: Pavel B?ezina <pbrezina@redhat.com>
-(cherry picked from commit c031adde4f532f39845a0efd78693600f1f8b2f4)
-
-Reviewed-by: Pavel B?ezina <pbrezina@redhat.com>
----
- src/providers/ad/ad_gpo_ndr.c | 201 ++++++++++++++++++----------------
- 1 file changed, 106 insertions(+), 95 deletions(-)
-
-diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c
-index 3d389e513d..a64b1a0f84 100644
---- a/src/providers/ad/ad_gpo_ndr.c
-+++ b/src/providers/ad/ad_gpo_ndr.c
-@@ -177,8 +177,16 @@ ndr_pull_security_ace_object(struct ndr_pull *ndr,
- NDR_CHECK(ndr_pull_trailer_align(ndr, 4));
- }
- if (ndr_flags & NDR_BUFFERS) {
-+ NDR_CHECK(ndr_pull_set_switch_value
-+ (ndr,
-+ &r->type,
-+ r->flags & SEC_ACE_OBJECT_TYPE_PRESENT));
- NDR_CHECK(ndr_pull_security_ace_object_type
- (ndr, NDR_BUFFERS, &r->type));
-+ NDR_CHECK(ndr_pull_set_switch_value
-+ (ndr,
-+ &r->inherited_type,
-+ r->flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT));
- NDR_CHECK(ndr_pull_security_ace_object_inherited_type
- (ndr, NDR_BUFFERS, &r->inherited_type));
- }
-@@ -342,7 +350,7 @@ ndr_pull_security_acl(struct ndr_pull *ndr,
- (ndr, NDR_SCALARS, &r->revision));
- NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size));
- NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_aces));
-- if (r->num_aces > 1000) {
-+ if (r->num_aces > 2000) {
- return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
- }
- size_aces_0 = r->num_aces;
-@@ -408,107 +416,110 @@ ad_gpo_ndr_pull_security_descriptor(struct ndr_pull *ndr,
- TALLOC_CTX *_mem_save_sacl_0;
- uint32_t _ptr_dacl;
- TALLOC_CTX *_mem_save_dacl_0;
-- uint32_t _flags_save_STRUCT = ndr->flags;
-- uint32_t _relative_save_offset;
--
-- ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN);
-- NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
-- if (ndr_flags & NDR_SCALARS) {
-- NDR_CHECK(ndr_pull_align(ndr, 5));
-- NDR_CHECK(ndr_pull_security_descriptor_revision(ndr,
-+ {
-+ uint32_t _flags_save_STRUCT = ndr->flags;
-+ ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN);
-+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
-+ if (ndr_flags & NDR_SCALARS) {
-+ NDR_CHECK(ndr_pull_align(ndr, 5));
-+ NDR_CHECK(ndr_pull_security_descriptor_revision(ndr,
-+ NDR_SCALARS,
-+ &r->revision));
-+ NDR_CHECK(ndr_pull_security_descriptor_type(ndr,
- NDR_SCALARS,
-- &r->revision));
-- NDR_CHECK(ndr_pull_security_descriptor_type(ndr,
-- NDR_SCALARS,
-- &r->type));
-- NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_owner_sid));
-- if (_ptr_owner_sid) {
-- NDR_PULL_ALLOC(ndr, r->owner_sid);
-- NDR_CHECK(ndr_pull_relative_ptr1(ndr,
-- r->owner_sid,
-- _ptr_owner_sid));
-- } else {
-- r->owner_sid = NULL;
-- }
-- NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_sid));
-- if (_ptr_group_sid) {
-- NDR_PULL_ALLOC(ndr, r->group_sid);
-- NDR_CHECK(ndr_pull_relative_ptr1(ndr,
-- r->group_sid,
-- _ptr_group_sid));
-- } else {
-- r->group_sid = NULL;
-- }
-- NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sacl));
-- if (_ptr_sacl) {
-- NDR_PULL_ALLOC(ndr, r->sacl);
-- NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->sacl, _ptr_sacl));
-- } else {
-- r->sacl = NULL;
-- }
-- NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dacl));
-- if (_ptr_dacl) {
-- NDR_PULL_ALLOC(ndr, r->dacl);
-- NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->dacl, _ptr_dacl));
-- } else {
-- r->dacl = NULL;
-- }
-- NDR_CHECK(ndr_pull_trailer_align(ndr, 5));
-- }
-- if (ndr_flags & NDR_BUFFERS) {
-- if (r->owner_sid) {
-- _relative_save_offset = ndr->offset;
-- NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->owner_sid));
-- _mem_save_owner_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
-- NDR_PULL_SET_MEM_CTX(ndr, r->owner_sid, 0);
-- NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->owner_sid));
-- NDR_PULL_SET_MEM_CTX(ndr, _mem_save_owner_sid_0, 0);
-- if (ndr->offset > ndr->relative_highest_offset) {
-- ndr->relative_highest_offset = ndr->offset;
-+ &r->type));
-+ NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_owner_sid));
-+ if (_ptr_owner_sid) {
-+ NDR_PULL_ALLOC(ndr, r->owner_sid);
-+ NDR_CHECK(ndr_pull_relative_ptr1(ndr,
-+ r->owner_sid,
-+ _ptr_owner_sid));
-+ } else {
-+ r->owner_sid = NULL;
- }
-- ndr->offset = _relative_save_offset;
-- }
-- if (r->group_sid) {
-- _relative_save_offset = ndr->offset;
-- NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->group_sid));
-- _mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
-- NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0);
-- NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid));
-- NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0);
-- if (ndr->offset > ndr->relative_highest_offset) {
-- ndr->relative_highest_offset = ndr->offset;
-+ NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_sid));
-+ if (_ptr_group_sid) {
-+ NDR_PULL_ALLOC(ndr, r->group_sid);
-+ NDR_CHECK(ndr_pull_relative_ptr1(ndr,
-+ r->group_sid,
-+
This message was truncated. Download the full message here.
L
L
Ludovic Courtès wrote on 24 May 2022 15:35
(name . Timotej Lazar)(address . timotej.lazar@araneo.si)(address . 55598-done@debbugs.gnu.org)
87pmk3kq8h.fsf@gnu.org
Hi,

Timotej Lazar <timotej.lazar@araneo.si> skribis:

Toggle quote (19 lines)
> Add support for renewing AD membership with adcli. Wrap binaries with
> LDB_MODULES_PATH. Fix the sss_analyze utility to run without systemd
> libraries. Add native inputs to generate man pages and run additional tests
> during build.
>
> * gnu/packages/sssd.scm (sssd): Update to 2.7.0.
> [patches]: Drop patches applied upstream. Add a patch for sss_analyze.
> [inputs]: Add adcli, bash-minimal, jose, keyutils, libnl, pcre2, python.
> Drop augeas, pcre.
> [native-inputs]: Add cmocka, doxygen, gettext-minimal, libfaketime,
> libtool, openssh, po4a, softhsm.
> [arguments]: Rewrite in gexp style. Fix configure checks. Remove static
> library from install. Wrap binaries to set correct paths.
> * gnu/packages/patches/sssd-collision-with-external-nss-symbol.patch,
> gnu/packages/patches/sssd-fix-samba-4.15.3.patch,
> gnu/packages/patches/sssd-fix-samba.patch: Delete files.
> * gnu/packages/patches/sssd-optional-systemd.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Update accordingly.

Applied!

Toggle quote (17 lines)
> this updates sssd to the latest version. I adapted the package to the
> new style, added inputs for additional features and tests, and wrapped
> the binaries with the required environment variables.
>
> The package builds at least for x86-64, i686 and aarch64. I have been
> using the updated package (actually the 2.6.0 version for the most part)
> for several months to enable AD logins from multiple domains.
>
> Upstream seems to maintain both the 2.x and 1.16.x series; if anyone
> needs the older version, I can submit a revision to keep both packages.
> Man pages are still not formatted correctly, which seems to be an issue
> with docbook reported at https://issues.guix.gnu.org/52909.
>
> Finally, I know that mixing updates with other changes is bad form, but
> untangling them now would be less than trivial and more than likely to
> introduce bugs in the intermediate commits. :)

This all sounds reasonable to me.

Thanks for updating it!

Ludo’.
Closed
?