[autobackport: sssd-2-9] Use macro rather than shell expansion for string processing in spec file

[sssd-bot]

This is an automatic backport of PR#8511 Use macro rather than shell expansion for string processing in spec file to branch sssd-2-9, created by @nforro.

Caution

@nforro The patches did not apply cleanly. It is necessary to resolve conflicts before merging this pull request. Commits that introduced conflict are marked with CONFLICT!.

You can push changes to this pull request

git remote add sssd-bot git@github.com:sssd-bot/sssd.git
git fetch sssd-bot refs/heads/SSSD-sssd-backport-pr8511-to-sssd-2-9
git checkout SSSD-sssd-backport-pr8511-to-sssd-2-9
git push sssd-bot SSSD-sssd-backport-pr8511-to-sssd-2-9 --force

---

Original commits
f9697d4 - Use macro rather than shell expansion for string processing in spec file
caa0ec2 - Add a default for %samba_package_version

Backported commits

• 29098c2 - CONFLICT! Use macro rather than shell expansion for string processing in spec file
• f21cec3 - Add a default for %samba_package_version

Conflicting Files Information (check for deleted and re-added files)

• CONFLICT! Use macro rather than shell expansion for string processing in spec file

On branch SSSD-sssd-backport-pr8511-to-sssd-2-9
You are currently cherry-picking commit f9697d4ff.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   contrib/sssd.spec.in

no changes added to commit (use "git add" and/or "git commit -a")

---

Original Pull Request Body

We've hardened security in Packit Service and shell expansions in spec files are now rejected as they can be used to execute arbitrary code. There is no need to use shell expansion for string processing, there is an existing macro for this very purpose.

[gemini-code-assist]

Code Review

This pull request contains an unresolved merge conflict in contrib/sssd.spec.in. The conflict markers have been committed directly into the file, which makes it invalid and will break the build. This is a critical issue that must be resolved before merging.

[alexey-tikhonov]

I would suggest to squash 8e67d7e and ebfa0f1

[ikerexxe]

LGTM

[alexey-tikhonov]

Looks good, thanks.

Would it make things easier to add 'backport-to-sssd-2-9-4' label here and to close #8522?

[alexey-tikhonov]

It also needs to be moved out of Draft.

[sssd-bot]

The pull request was accepted by @alexey-tikhonov with the following PR CI status:

---

🟢 CodeQL (success)
🟢 rpm-build:centos-stream-9-x86_64:upstream (success)
🟢 Build / make-distcheck (success)
🟢 ci / prepare (success)
🟡 ci / system (centos-9) (in_progress)
🟢 Static code analysis / codeql (success)
🟢 Static code analysis / pre-commit (success)
🟢 Static code analysis / python-system-tests (success)

---

There are unsuccessful or unfinished checks. Make sure that the failures are not related to this pull request before merging.