I think this is same issues we have with samba and sssd2.
In fact building tools with krb5 enabled per default should not be a good idea, because there is several way to acheive that and for some users they may not need this.
Maybe dns/bind-tools could have flavor support and then we can use already built bind-tools with krb5 ?

Update sudo.mk with suggested ideas of @mat and @0mp.
Checked with poudriere that the ideas make everything works (only on port touched by this reviews) uppon of sudo flavor used.

Even if autoconf can discovering this, it is far better to force the detection of sssd.conf than using symbolic links to fix some hardcoded defaults. Strangely no know users of sssd consumer reported this. Ok for me.

In D52160#1216682, @mat wrote:

There will never be a port that only needs sudo during its build when it's not needed during its runtime.

Update wording of CHANGES file.

The file sudo.mk has been remade.
Removed all PORTREVISION

• Added CHANGES informations
• Fix sudo.mk that was faulty
• Added sanity in sudo.mk

In D52160#1211528, @arrowd wrote:

Let me explain what's going on there.

Right now a bunch of ports has a hard runtime dependency on sudo in form of RUN_DEPENDS= sudo:security/sudo. But sudo actually has two flavors, so this change merely adds a new possible value for DEFAULT_VERSION and changes RUN_DEPENDS=sudo to USES=sudo to abstract from the actual selected version. This change does not make things any worse, it simply allows depending on sudo-sssd instead of sudo.

If others from samba team are ok, then this is ok for me.

Fixed RUN and BUILD_DEPENDS as pointed by 0mp

This port is consummer of pkgconfig
Backported detection fix with pkgconfig of picojson
Fixed the path of picojson.h in the header files
Make portlint and portclippy happy

In D50656#1186258, @diizzy wrote:

Ping and you probably also want to backport, https://github.com/Thalhammer/jwt-cpp/commit/cf0dab12633bb6c39ae7a7fe147b3d2fb7b3f047

Well I see no (bad) reasons to not accept that.

In D52160#1192409, @mandree wrote:

Please stop that. sudo may not even be my preferred tool to escalate privileges. I might prefer doas or su. Adding USES support for such a feature endorses it, and we'll see creeping changes to move the entire ports tree and user community towards SUDO.

Addedd suggestions from 0mp

Removed PORTREVISION as @kevans suggested.

Use PATCHES_SITES and PATCHFILES as suggested. Added some LOCALBASE for rsyslog.aug (like other patches).

rsyslog.aug has been cleaned (no more CRLF).

In D51104#1166467, @0mp wrote:

LGTM.

Also, you may consider something along those lines for the commit message:

net/samba420: Fix missing build dependency of bison

Bison is no longer an optional dependency in Samba 4.20,
so enable it by default. The bison dependency comes from
the Windows Search support implemented in Samba 4.20.

In D50656#1156650, @diizzy wrote:

Regarding picojson...
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287277

In D50656#1156650, @diizzy wrote:

Regarding picojson...
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287277

Hello
Great you are working on upstreaming your sssd patches :)

The change seems ok, I am surprised I didn't see any problems in my deployments or poudriere. Was a bug reported on Bugzilla for this ?

Added suggestions from @0mp

Removed uneeded comment.

In D50530#1153434, @0mp wrote:

Approved!

You will also need Approved by: maintainer timeout