Example of minimal / container oriented SSSD build

[alexey-tikhonov]

This example can be used as inspiration for how to build a tailored SSSD package suitable for container use cases.

Patch containers friendly ./configure settings excludes features typically unused within a container, and patch build and package SSSD without any file capabilities removes all capabilities (for a price described here) to cater for a case of a restricted profile.

Note that a special build isn't always necessarily and depending on a specific case, stock package might be used as well.

[gemini-code-assist]

Code Review

This pull request provides an example of a minimal, container-oriented SSSD build. The changes are extensive and consistently applied across Makefile.am, configure.ac scripts, and the RPM spec file. Key changes include switching the logging backend to stderr, removing hardcoded file capabilities, and disabling integration with systemd, SELinux, netlink, and systemtap. These modifications are logical for creating a stripped-down SSSD build suitable for container environments, reducing the image size and runtime dependencies. The implementation appears correct and internally consistent.

[alexey-tikhonov]

An example of a Containerfile to build a container on top of this PR could be:

FROM quay.io/fedora/fedora-minimal:rawhide

RUN dnf5 --nodocs -y install --setopt=install_weak_deps=False 'dnf5-command(copr)' && \
    dnf5 -y copr enable packit/SSSD-sssd-8391 fedora-rawhide-x86_64 && \
    dnf5 --nodocs -y install --setopt=install_weak_deps=False sssd-ldap sssd-krb5 && \
    dnf5 -y copr remove packit/SSSD-sssd-8391 && \
    dnf5 -y remove dnf5-plugins && \
    dnf5 clean all

Note that if 'sssd-ipa' or 'sssd-ad' is being used on a minimal image without 'systemd', it's recommended to install 'systemd-standalone-tmpfiles' first otherwise Samba dependencies might pull in entire 'systemd'.