sssd: update to 2.8.2.

[ghost]

I do not use this package, therefore any help with proper testing is appreciated.

Testing the changes

• I tested the changes in this PR: briefly (the daemon at least executes).

Local build testing

- I built this PR locally for my native architecture, x86_64-musl

• I built this PR locally for these architectures (if supported. mark crossbuilds):
  • x86_64-glibc

[klarasm]

Currently building for testing. Will report back.

[klarasm]

sssd.log

Tried this with #41948.
sssd complains that it can't find NSS symbols, more specifically libnss_files.so.2. musl-nscd does not seem to contain that.

[ghost]

it can't find NSS symbols

Not what I was expecting, though.

Replaced musl-nscd-devel with nss-devel and nspr-devel the way Alpine does.

@klarasm, if you have time to test this package once again - I would be grateful if you do.

[klarasm]

Unfortunately this fails in the same way. I also tried this on a machine without my openldap update on it with the same result.

Interestingly, if I try to run the provided service file from musl-nscd it also complains (after removing -F which is not recognized):
nscd: libnss_files.so: Error loading shared library libnss_files.so: No such file or directory

I can't actually find any package that provides libnss_files.so.2 (xbps-query -Ro /usr/lib/libnss_files.so.2 and variations don't return anything).

sssd.log

[ghost]

libnss_files.so comes from glibc which is not supposed to be used on musl or even mentioned.

May I inquire what configuration are you using? Looks like I will have to rely on bruteforce testing after all.

[klarasm]

You should be able to reproduce with this configuration if you remove ldap_sasl_mech = GSSAPI.

Note that my kerberos/ldap servers do not have an IPv4 address, so it will probably not work if you don't have IPv6.

Aside from that, there's no secret or password in this configuration file.
sssd.conf.txt

[ghost]

Thank you for sharing. Reproduced it clearly:

(2023-02-04  3:08:57): [pam] [sss_load_nss_symbols] (0x0010): Unable to load libnss_files.so.2 module, error: Error loading shared library libnss_files.so.2: No such file or directory

It seems THEY hardcoded this library in https://github.com/SSSD/sssd/blob/master/src/util/nss_dl_load.c.

libpath = talloc_asprintf(NULL, "libnss_%s.so.2", libname);

Just double-checked and it seems Alpine's sssd does not link against nss at all.

From what I see in the provided configuration, nss is the vital module.

Yes, something else may work on musl, but upstream clearly hardcodes to use glibc and may possibly create more problems in future.

[klarasm]

Yeah. I still think it's worthwhile to update this, though, as it will benefit glibc users.

[ghost]

Very well. Left it restricted to glibc only and disabled tests, too. Should be enough for now.

[klarasm]

I built and tested this on glibc and it works fine (nss and pam). The sudo integration does not work, but that's probably due to the sudo package not having it enabled.

[klarasm]

@kruceter did you close this intentionally?

[paper42]

@klarasm I won't go into details, but the author was banned, if you would like to continue working on this, would you mind opening a new PR?

[klarasm]

I created a new PR, #42201