1 |
robbat2 10/08/31 04:26:56 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: openldap-2.4.23.ebuild |
5 |
Log: |
6 |
Version bump for sec bug #323777. |
7 |
|
8 |
(Portage version: 2.2_rc71/cvs/Linux x86_64) |
9 |
|
10 |
Revision Changes Path |
11 |
1.371 net-nds/openldap/ChangeLog |
12 |
|
13 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-nds/openldap/ChangeLog?rev=1.371&view=markup |
14 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-nds/openldap/ChangeLog?rev=1.371&content-type=text/plain |
15 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-nds/openldap/ChangeLog?r1=1.370&r2=1.371 |
16 |
|
17 |
Index: ChangeLog |
18 |
=================================================================== |
19 |
RCS file: /var/cvsroot/gentoo-x86/net-nds/openldap/ChangeLog,v |
20 |
retrieving revision 1.370 |
21 |
retrieving revision 1.371 |
22 |
diff -p -w -b -B -u -u -r1.370 -r1.371 |
23 |
--- ChangeLog 11 Apr 2010 15:24:10 -0000 1.370 |
24 |
+++ ChangeLog 31 Aug 2010 04:26:56 -0000 1.371 |
25 |
@@ -1,6 +1,12 @@ |
26 |
# ChangeLog for net-nds/openldap |
27 |
# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 |
28 |
-# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/ChangeLog,v 1.370 2010/04/11 15:24:10 jokey Exp $ |
29 |
+# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/ChangeLog,v 1.371 2010/08/31 04:26:56 robbat2 Exp $ |
30 |
+ |
31 |
+*openldap-2.4.23 (30 Aug 2010) |
32 |
+ |
33 |
+ 30 Aug 2010; Robin H. Johnson <robbat2@g.o> |
34 |
+ +openldap-2.4.23.ebuild: |
35 |
+ Version bump for sec bug #323777. |
36 |
|
37 |
11 Apr 2010; Markus Ullmann <jokey@g.o> -openldap-2.3.41.ebuild, |
38 |
-openldap-2.3.41-r1.ebuild, -openldap-2.3.43.ebuild, |
39 |
|
40 |
|
41 |
|
42 |
1.1 net-nds/openldap/openldap-2.4.23.ebuild |
43 |
|
44 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-nds/openldap/openldap-2.4.23.ebuild?rev=1.1&view=markup |
45 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-nds/openldap/openldap-2.4.23.ebuild?rev=1.1&content-type=text/plain |
46 |
|
47 |
Index: openldap-2.4.23.ebuild |
48 |
=================================================================== |
49 |
# Copyright 1999-2010 Gentoo Foundation |
50 |
# Distributed under the terms of the GNU General Public License v2 |
51 |
# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/openldap-2.4.23.ebuild,v 1.1 2010/08/31 04:26:55 robbat2 Exp $ |
52 |
|
53 |
EAPI="2" |
54 |
inherit db-use eutils flag-o-matic multilib ssl-cert versionator toolchain-funcs |
55 |
|
56 |
DESCRIPTION="LDAP suite of application and development tools" |
57 |
HOMEPAGE="http://www.OpenLDAP.org/" |
58 |
SRC_URI="mirror://openldap/openldap-release/${P}.tgz" |
59 |
|
60 |
LICENSE="OPENLDAP" |
61 |
SLOT="0" |
62 |
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" |
63 |
|
64 |
IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal" |
65 |
IUSE_BACKEND="+berkdb" |
66 |
IUSE_OVERLAY="overlays perl" |
67 |
IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 syslog selinux" |
68 |
IUSE_CONTRIB="smbkrb5passwd kerberos" |
69 |
IUSE_CONTRIB="${IUSE_CONTRIB} -cxx" |
70 |
IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}" |
71 |
|
72 |
# openssl is needed to generate lanman-passwords required by samba |
73 |
RDEPEND="sys-libs/ncurses |
74 |
icu? ( dev-libs/icu ) |
75 |
tcpd? ( sys-apps/tcp-wrappers ) |
76 |
ssl? ( !gnutls? ( dev-libs/openssl ) |
77 |
gnutls? ( net-libs/gnutls ) ) |
78 |
sasl? ( dev-libs/cyrus-sasl ) |
79 |
!minimal? ( |
80 |
odbc? ( !iodbc? ( dev-db/unixODBC ) |
81 |
iodbc? ( dev-db/libiodbc ) ) |
82 |
slp? ( net-libs/openslp ) |
83 |
perl? ( dev-lang/perl[-build] ) |
84 |
samba? ( dev-libs/openssl ) |
85 |
berkdb? ( sys-libs/db ) |
86 |
smbkrb5passwd? ( |
87 |
dev-libs/openssl |
88 |
app-crypt/heimdal ) |
89 |
kerberos? ( virtual/krb5 ) |
90 |
cxx? ( dev-libs/cyrus-sasl ) |
91 |
) |
92 |
selinux? ( sec-policy/selinux-openldap )" |
93 |
DEPEND="${RDEPEND}" |
94 |
|
95 |
# for tracking versions |
96 |
OPENLDAP_VERSIONTAG=".version-tag" |
97 |
OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data" |
98 |
|
99 |
openldap_filecount() { |
100 |
local dir="$1" |
101 |
find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG.example' | wc -l |
102 |
} |
103 |
|
104 |
openldap_find_versiontags() { |
105 |
# scan for all datadirs |
106 |
openldap_datadirs="" |
107 |
if [ -f "${ROOT}"/etc/openldap/slapd.conf ]; then |
108 |
openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${ROOT}/etc/openldap/slapd.conf)" |
109 |
fi |
110 |
openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}" |
111 |
|
112 |
einfo |
113 |
einfo "Scanning datadir(s) from slapd.conf and" |
114 |
einfo "the default installdir for Versiontags" |
115 |
einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)" |
116 |
einfo |
117 |
|
118 |
# scan datadirs if we have a version tag |
119 |
openldap_found_tag=0 |
120 |
have_files=0 |
121 |
for each in ${openldap_datadirs}; do |
122 |
CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"` |
123 |
CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG} |
124 |
if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then |
125 |
einfo "- Checking ${each}..." |
126 |
if [ -r ${CURRENT_TAG} ] ; then |
127 |
# yey, we have one :) |
128 |
einfo " Found Versiontag in ${each}" |
129 |
source ${CURRENT_TAG} |
130 |
if [ "${OLDPF}" == "" ] ; then |
131 |
eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}" |
132 |
eerror "Please delete it" |
133 |
eerror |
134 |
die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}" |
135 |
fi |
136 |
|
137 |
OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}` |
138 |
|
139 |
[ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1 |
140 |
|
141 |
# are we on the same branch? |
142 |
if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then |
143 |
ewarn " Versiontag doesn't match current major release!" |
144 |
if [[ "${have_files}" == "1" ]] ; then |
145 |
eerror " Versiontag says other major and you (probably) have datafiles!" |
146 |
echo |
147 |
openldap_upgrade_howto |
148 |
else |
149 |
einfo " No real problem, seems there's no database." |
150 |
fi |
151 |
else |
152 |
einfo " Versiontag is fine here :)" |
153 |
fi |
154 |
else |
155 |
einfo " Non-tagged dir ${each}" |
156 |
[ $(openldap_filecount ${each}) -gt 0 ] && have_files=1 |
157 |
if [[ "${have_files}" == "1" ]] ; then |
158 |
einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files" |
159 |
echo |
160 |
|
161 |
eerror |
162 |
eerror "Your OpenLDAP Installation has a non tagged datadir that" |
163 |
eerror "possibly contains a database at ${CURRENT_TAGDIR}" |
164 |
eerror |
165 |
eerror "Please export data if any entered and empty or remove" |
166 |
eerror "the directory, installation has been stopped so you" |
167 |
eerror "can take required action" |
168 |
eerror |
169 |
eerror "For a HOWTO on exporting the data, see instructions in the ebuild" |
170 |
eerror |
171 |
die "Please move the datadir ${CURRENT_TAGDIR} away" |
172 |
fi |
173 |
fi |
174 |
einfo |
175 |
fi |
176 |
done |
177 |
[ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present" |
178 |
|
179 |
# Now we must check for the major version of sys-libs/db linked against. |
180 |
SLAPD_PATH=${ROOT}/usr/$(get_libdir)/openldap/slapd |
181 |
if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then |
182 |
OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \ |
183 |
| awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')" |
184 |
NEWVER="$(use berkdb && db_findver sys-libs/db)" |
185 |
local fail=0 |
186 |
if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then |
187 |
: |
188 |
# Nothing wrong here. |
189 |
elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then |
190 |
eerror " Your existing version of OpenLDAP was not built against" |
191 |
eerror " any version of sys-libs/db, but the new one will build" |
192 |
eerror " against ${NEWVER} and your database may be inaccessible." |
193 |
echo |
194 |
fail=1 |
195 |
elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then |
196 |
eerror " Your existing version of OpenLDAP was built against" |
197 |
eerror " sys-libs/db:${OLDVER}, but the new one will not be" |
198 |
eerror " built against any version and your database may be" |
199 |
eerror " inaccessible." |
200 |
echo |
201 |
fail=1 |
202 |
elif [ "${OLDVER}" != "${NEWVER}" ]; then |
203 |
eerror " Your existing version of OpenLDAP was built against" |
204 |
eerror " sys-libs/db:${OLDVER}, but the new one will build against" |
205 |
eerror " ${NEWVER} and your database would be inaccessible." |
206 |
echo |
207 |
fail=1 |
208 |
fi |
209 |
[ "${fail}" == "1" ] && openldap_upgrade_howto |
210 |
fi |
211 |
|
212 |
echo |
213 |
einfo |
214 |
einfo "All datadirs are fine, proceeding with merge now..." |
215 |
einfo |
216 |
} |
217 |
|
218 |
openldap_upgrade_howto() { |
219 |
eerror |
220 |
eerror "A (possible old) installation of OpenLDAP was detected," |
221 |
eerror "installation will not proceed for now." |
222 |
eerror |
223 |
eerror "As major version upgrades can corrupt your database," |
224 |
eerror "you need to dump your database and re-create it afterwards." |
225 |
eerror |
226 |
eerror "Additionally, rebuilding against different major versions of the" |
227 |
eerror "sys-libs/db libraries will cause your database to be inaccessible." |
228 |
eerror "" |
229 |
d="$(date -u +%s)" |
230 |
l="/root/ldapdump.${d}" |
231 |
i="${l}.raw" |
232 |
eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop" |
233 |
eerror " 2. slapcat -l ${i}" |
234 |
eerror " 3. egrep -v '^entryCSN:' <${i} >${l}" |
235 |
eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/" |
236 |
eerror " 5. emerge --update \=net-nds/${PF}" |
237 |
eerror " 6. etc-update, and ensure that you apply the changes" |
238 |
eerror " 7. slapadd -l ${l}" |
239 |
eerror " 8. chown ldap:ldap /var/lib/openldap-data/*" |
240 |
eerror " 9. /etc/init.d/slapd start" |
241 |
eerror "10. check that your data is intact." |
242 |
eerror "11. set up the new replication system." |
243 |
eerror |
244 |
if [ "${FORCE_UPGRADE}" != "1" ]; then |
245 |
die "You need to upgrade your database first" |
246 |
else |
247 |
eerror "You have the magical FORCE_UPGRADE=1 in place." |
248 |
eerror "Don't say you weren't warned about data loss." |
249 |
fi |
250 |
} |
251 |
|
252 |
pkg_setup() { |
253 |
if ! use sasl && use cxx ; then |
254 |
die "To build the ldapc++ library you must emerge openldap with sasl support" |
255 |
fi |
256 |
if use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then |
257 |
einfo |
258 |
einfo "Skipping scan for previous datadirs as requested by minimal useflag" |
259 |
einfo |
260 |
else |
261 |
openldap_find_versiontags |
262 |
fi |
263 |
|
264 |
enewgroup ldap 439 |
265 |
enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap |
266 |
} |
267 |
|
268 |
src_prepare() { |
269 |
# ensure correct SLAPI path by default |
270 |
sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "/var/run/openldap/slapd.sock",' \ |
271 |
"${S}"/include/ldap_defaults.h |
272 |
|
273 |
epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch |
274 |
|
275 |
epatch \ |
276 |
"${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \ |
277 |
"${FILESDIR}"/${PN}-2.4.15-ppolicy.patch |
278 |
|
279 |
# bug #116045 - still present in 2.4.19 |
280 |
epatch "${FILESDIR}"/${PN}-2.4.19-contrib-smbk5pwd.patch |
281 |
|
282 |
# bug #189817 |
283 |
epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch |
284 |
|
285 |
# bug #233633 |
286 |
epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch |
287 |
|
288 |
cd "${S}"/build |
289 |
einfo "Making sure upstream build strip does not do stripping too early" |
290 |
sed -i.orig \ |
291 |
-e '/^STRIP/s,-s,,g' \ |
292 |
top.mk || die "Failed to block stripping" |
293 |
|
294 |
# wrong assumption that /bin/sh is /bin/bash |
295 |
sed -i \ |
296 |
-e 's|/bin/sh|/bin/bash|g' \ |
297 |
"${S}"/tests/scripts/* || die "sed failed" |
298 |
} |
299 |
|
300 |
build_contrib_module() { |
301 |
lt="${S}/libtool" |
302 |
# <dir> <sources> <outputname> |
303 |
cd "${S}/contrib/slapd-modules/$1" |
304 |
einfo "Compiling contrib-module: $3" |
305 |
# Make sure it's uppercase |
306 |
local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')" |
307 |
"${lt}" --mode=compile --tag=CC \ |
308 |
"${CC}" \ |
309 |
-D${define_name}=SLAPD_MOD_DYNAMIC \ |
310 |
-I../../../include -I../../../servers/slapd ${CFLAGS} \ |
311 |
-o ${2%.c}.lo -c $2 || die "compiling $3 failed" |
312 |
einfo "Linking contrib-module: $3" |
313 |
"${lt}" --mode=link --tag=CC \ |
314 |
"${CC}" -module \ |
315 |
${CFLAGS} \ |
316 |
${LDFLAGS} \ |
317 |
-rpath /usr/$(get_libdir)/openldap/openldap \ |
318 |
-o $3.la ${2%.c}.lo || die "linking $3 failed" |
319 |
} |
320 |
|
321 |
src_configure() { |
322 |
local myconf |
323 |
|
324 |
#Fix for glibc-2.8 and ucred. Bug 228457. |
325 |
append-flags -D_GNU_SOURCE |
326 |
|
327 |
use debug && myconf="${myconf} $(use_enable debug)" |
328 |
|
329 |
# ICU usage is not configurable |
330 |
export ac_cv_header_unicode_utypes_h="$(use icu && echo yes || echo no)" |
331 |
|
332 |
if ! use minimal ; then |
333 |
# re-enable serverside overlay chains per bug #296567 |
334 |
# see ldap docs chaper 12.3.1 for details |
335 |
myconf="${myconf} --enable-ldap" |
336 |
|
337 |
# backends |
338 |
myconf="${myconf} --enable-slapd" |
339 |
if use berkdb ; then |
340 |
einfo "Using Berkeley DB for local backend" |
341 |
myconf="${myconf} --enable-bdb --enable-hdb" |
342 |
# We need to include the slotted db.h dir for FreeBSD |
343 |
append-cppflags -I$(db_includedir) |
344 |
else |
345 |
ewarn |
346 |
ewarn "Note: if you disable berkdb, you can only use remote-backends!" |
347 |
ewarn |
348 |
ebeep 5 |
349 |
myconf="${myconf} --disable-bdb --disable-hdb" |
350 |
fi |
351 |
for backend in dnssrv ldap meta monitor null passwd relay shell sock; do |
352 |
myconf="${myconf} --enable-${backend}=mod" |
353 |
done |
354 |
|
355 |
myconf="${myconf} $(use_enable perl perl mod)" |
356 |
|
357 |
myconf="${myconf} $(use_enable odbc sql mod)" |
358 |
if use odbc ; then |
359 |
local odbc_lib="unixodbc" |
360 |
if use iodbc ; then |
361 |
odbc_lib="iodbc" |
362 |
append-cppflags -I/usr/include/iodbc |
363 |
fi |
364 |
myconf="${myconf} --with-odbc=${odbc_lib}" |
365 |
fi |
366 |
|
367 |
# slapd options |
368 |
myconf="${myconf} $(use_enable crypt) $(use_enable slp)" |
369 |
myconf="${myconf} $(use_enable samba lmpasswd) $(use_enable syslog)" |
370 |
if use experimental ; then |
371 |
myconf="${myconf} --enable-dynacl" |
372 |
myconf="${myconf} --enable-aci=mod" |
373 |
fi |
374 |
for option in aci cleartext modules rewrite rlookups slapi; do |
375 |
myconf="${myconf} --enable-${option}" |
376 |
done |
377 |
|
378 |
# slapd overlay options |
379 |
# Compile-in the syncprov, the others as module |
380 |
myconf="${myconf} --enable-syncprov=yes" |
381 |
use overlays && myconf="${myconf} --enable-overlays=mod" |
382 |
|
383 |
else |
384 |
myconf="${myconf} --disable-slapd --disable-bdb --disable-hdb" |
385 |
myconf="${myconf} --disable-overlays --disable-syslog" |
386 |
fi |
387 |
|
388 |
# basic functionality stuff |
389 |
myconf="${myconf} $(use_enable ipv6)" |
390 |
myconf="${myconf} $(use_with sasl cyrus-sasl) $(use_enable sasl spasswd)" |
391 |
myconf="${myconf} $(use_enable tcpd wrappers)" |
392 |
|
393 |
local ssl_lib="no" |
394 |
if use ssl || ( use ! minimal && use samba ) ; then |
395 |
ssl_lib="openssl" |
396 |
use gnutls && ssl_lib="gnutls" |
397 |
fi |
398 |
|
399 |
myconf="${myconf} --with-tls=${ssl_lib}" |
400 |
|
401 |
for basicflag in dynamic local proctitle shared static; do |
402 |
myconf="${myconf} --enable-${basicflag}" |
403 |
done |
404 |
|
405 |
tc-export CC AR CXX |
406 |
STRIP=/bin/true \ |
407 |
econf \ |
408 |
--libexecdir=/usr/$(get_libdir)/openldap \ |
409 |
${myconf} || die "econf failed" |
410 |
} |
411 |
|
412 |
src_configure_cxx() { |
413 |
# This needs the libraries built by the first build run. |
414 |
# So we have to run it AFTER the main build, not just after the main |
415 |
# configure. |
416 |
if ! use minimal ; then |
417 |
if use cxx ; then |
418 |
local myconf_ldapcpp |
419 |
myconf_ldapcpp="${myconf_ldapcpp} --with-ldap-includes=../../include" |
420 |
cd "${S}/contrib/ldapc++" |
421 |
OLD_LDFLAGS="$LDFLAGS" |
422 |
OLD_CPPFLAGS="$CPPFLAGS" |
423 |
append-ldflags -L../../libraries/liblber/.libs -L../../libraries/libldap/.libs |
424 |
append-ldflags -L../../../libraries/liblber/.libs -L../../../libraries/libldap/.libs |
425 |
append-cppflags -I../../../include |
426 |
econf ${myconf_ldapcpp} \ |
427 |
CC="${CC}" \ |
428 |
CXX="${CXX}" \ |
429 |
|| die "econf ldapc++ failed" |
430 |
CPPFLAGS="$OLD_CPPFLAGS" |
431 |
LDFLAGS="${OLD_LDFLAGS}" |
432 |
fi |
433 |
fi |
434 |
} |
435 |
|
436 |
src_compile() { |
437 |
emake depend || die "emake depend failed" |
438 |
emake CC="${CC}" AR="${AR}" || die "emake failed" |
439 |
lt="${S}/libtool" |
440 |
export echo="echo" |
441 |
|
442 |
if ! use minimal ; then |
443 |
if use cxx ; then |
444 |
einfo "Building contrib library: ldapc++" |
445 |
src_configure_cxx |
446 |
cd "${S}/contrib/ldapc++" |
447 |
emake \ |
448 |
CC="${CC}" CXX="${CXX}" \ |
449 |
|| die "emake ldapc++ failed" |
450 |
fi |
451 |
|
452 |
if use smbkrb5passwd ; then |
453 |
einfo "Building contrib-module: smbk5pwd" |
454 |
cd "${S}/contrib/slapd-modules/smbk5pwd" |
455 |
|
456 |
emake \ |
457 |
DEFS="-DDO_SAMBA -DDO_KRB5" \ |
458 |
KRB5_INC="$(krb5-config --cflags)" \ |
459 |
CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap" \ |
460 |
|| die "emake smbk5pwd failed" |
461 |
fi |
462 |
|
463 |
if use kerberos ; then |
464 |
cd "${S}/contrib/slapd-modules/passwd" |
465 |
einfo "Compiling contrib-module: pw-kerberos" |
466 |
"${lt}" --mode=compile --tag=CC \ |
467 |
"${CC}" \ |
468 |
-I../../../include \ |
469 |
${CFLAGS} \ |
470 |
$(krb5-config --cflags) \ |
471 |
-DHAVE_KRB5 \ |
472 |
-o kerberos.lo \ |
473 |
-c kerberos.c || die "compiling pw-kerberos failed" |
474 |
einfo "Linking contrib-module: pw-kerberos" |
475 |
"${lt}" --mode=link --tag=CC \ |
476 |
"${CC}" -module \ |
477 |
${CFLAGS} \ |
478 |
${LDFLAGS} \ |
479 |
-rpath /usr/$(get_libdir)/openldap/openldap \ |
480 |
-o pw-kerberos.la \ |
481 |
kerberos.lo || die "linking pw-kerberos failed" |
482 |
fi |
483 |
# We could build pw-radius if GNURadius would install radlib.h |
484 |
cd "${S}/contrib/slapd-modules/passwd" |
485 |
einfo "Compiling contrib-module: pw-netscape" |
486 |
"${lt}" --mode=compile --tag=CC \ |
487 |
"${CC}" \ |
488 |
-I../../../include \ |
489 |
${CFLAGS} \ |
490 |
-o netscape.lo \ |
491 |
-c netscape.c || die "compiling pw-netscape failed" |
492 |
einfo "Linking contrib-module: pw-netscape" |
493 |
"${lt}" --mode=link --tag=CC \ |
494 |
"${CC}" -module \ |
495 |
${CFLAGS} \ |
496 |
${LDFLAGS} \ |
497 |
-rpath /usr/$(get_libdir)/openldap/openldap \ |
498 |
-o pw-netscape.la \ |
499 |
netscape.lo || die "linking pw-netscape failed" |
500 |
|
501 |
build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay" |
502 |
build_contrib_module "allop" "allop.c" "overlay-allop" |
503 |
build_contrib_module "allowed" "allowed.c" "allowed" |
504 |
build_contrib_module "autogroup" "autogroup.c" "autogroup" |
505 |
build_contrib_module "denyop" "denyop.c" "denyop-overlay" |
506 |
build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin" |
507 |
# lastmod may not play well with other overlays |
508 |
build_contrib_module "lastmod" "lastmod.c" "lastmod" |
509 |
build_contrib_module "nops" "nops.c" "nops-overlay" |
510 |
build_contrib_module "trace" "trace.c" "trace" |
511 |
# build slapi-plugins |
512 |
cd "${S}/contrib/slapi-plugins/addrdnvalues" |
513 |
einfo "Building contrib-module: addrdnvalues plugin" |
514 |
"${CC}" -shared \ |
515 |
-I../../../include \ |
516 |
${CFLAGS} \ |
517 |
-fPIC \ |
518 |
${LDFLAGS} \ |
519 |
-o libaddrdnvalues-plugin.so \ |
520 |
addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed" |
521 |
|
522 |
fi |
523 |
} |
524 |
|
525 |
src_test() { |
526 |
cd tests ; make tests || die "make tests failed" |
527 |
} |
528 |
|
529 |
src_install() { |
530 |
lt="${S}/libtool" |
531 |
emake DESTDIR="${D}" install || die "make install failed" |
532 |
|
533 |
dodoc ANNOUNCEMENT CHANGES COPYRIGHT README "${FILESDIR}"/DB_CONFIG.fast.example |
534 |
docinto rfc ; dodoc doc/rfc/*.txt |
535 |
|
536 |
# openldap modules go here |
537 |
# TODO: write some code to populate slapd.conf with moduleload statements |
538 |
keepdir /usr/$(get_libdir)/openldap/openldap/ |
539 |
|
540 |
# initial data storage dir |
541 |
keepdir /var/lib/openldap-data |
542 |
fowners ldap:ldap /var/lib/openldap-data |
543 |
fperms 0700 /var/lib/openldap-data |
544 |
|
545 |
echo "OLDPF='${PF}'" > "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" |
546 |
echo "# do NOT delete this. it is used" >> "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" |
547 |
echo "# to track versions for upgrading." >> "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" |
548 |
|
549 |
# change slapd.pid location in configuration file |
550 |
keepdir /var/run/openldap |
551 |
fowners ldap:ldap /var/run/openldap |
552 |
fperms 0755 /var/run/openldap |
553 |
|
554 |
if ! use minimal; then |
555 |
# use our config |
556 |
rm "${D}"etc/openldap/slapd.conf |
557 |
insinto /etc/openldap |
558 |
newins "${FILESDIR}"/${PN}-2.3.34-slapd-conf slapd.conf |
559 |
configfile="${D}"etc/openldap/slapd.conf |
560 |
|
561 |
# populate with built backends |
562 |
ebegin "populate config with built backends" |
563 |
for x in "${D}"usr/$(get_libdir)/openldap/openldap/back_*.so; do |
564 |
elog "Adding $(basename ${x})" |
565 |
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" |
566 |
done |
567 |
sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}" |
568 |
fowners root:ldap /etc/openldap/slapd.conf |
569 |
fperms 0640 /etc/openldap/slapd.conf |
570 |
cp "${configfile}" "${configfile}".default |
571 |
eend |
572 |
|
573 |
# install our own init scripts |
574 |
newinitd "${FILESDIR}"/slapd-initd2 slapd |
575 |
newconfd "${FILESDIR}"/slapd-confd slapd |
576 |
if [ $(get_libdir) != lib ]; then |
577 |
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i "${D}"etc/init.d/slapd |
578 |
fi |
579 |
|
580 |
if use cxx ; then |
581 |
einfo "Install the ldapc++ library" |
582 |
cd "${S}/contrib/ldapc++" |
583 |
emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install ldapc++ failed" |
584 |
newdoc README ldapc++-README |
585 |
fi |
586 |
|
587 |
if use smbkrb5passwd ; then |
588 |
einfo "Install the smbk5pwd module" |
589 |
cd "${S}/contrib/slapd-modules/smbk5pwd" |
590 |
emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install smbk5pwd failed" |
591 |
newdoc README smbk5pwd-README |
592 |
fi |
593 |
|
594 |
einfo "Installing contrib modules" |
595 |
cd "${S}/contrib/slapd-modules" |
596 |
for l in */*.la; do |
597 |
"${lt}" --mode=install cp ${l} \ |
598 |
"${D}"usr/$(get_libdir)/openldap/openldap || \ |
599 |
die "installing ${l} failed" |
600 |
done |
601 |
docinto contrib |
602 |
newdoc addpartial/README addpartial-README |
603 |
newdoc allop/README allop-README |
604 |
doman allop/slapo-allop.5 |
605 |
newdoc autogroup/README autogroup-README |
606 |
newdoc denyop/denyop.c denyop-denyop.c |
607 |
newdoc dsaschema/README dsaschema-README |
608 |
doman lastmod/slapo-lastmod.5 |
609 |
doman nops/slapo-nops.5 |
610 |
newdoc passwd/README passwd-README |
611 |
cd "${S}/contrib/slapi-plugins" |
612 |
insinto /usr/$(get_libdir)/openldap/openldap |
613 |
doins */*.so |
614 |
docinto contrib |
615 |
newdoc addrdnvalues/README addrdnvalues-README |
616 |
fi |
617 |
} |
618 |
|
619 |
pkg_preinst() { |
620 |
# keep old libs if any |
621 |
preserve_old_lib usr/$(get_libdir)/{libldap,libldap_r,liblber}-2.3.so.0 |
622 |
} |
623 |
|
624 |
pkg_postinst() { |
625 |
if ! use minimal ; then |
626 |
# You cannot build SSL certificates during src_install that will make |
627 |
# binary packages containing your SSL key, which is both a security risk |
628 |
# and a misconfiguration if multiple machines use the same key and cert. |
629 |
if use ssl; then |
630 |
install_cert /etc/openldap/ssl/ldap |
631 |
chown ldap:ldap "${ROOT}"etc/openldap/ssl/ldap.* |
632 |
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" |
633 |
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" |
634 |
ewarn "add 'TLS_REQCERT never' if you want to use them." |
635 |
fi |
636 |
|
637 |
# These lines force the permissions of various content to be correct |
638 |
chown ldap:ldap "${ROOT}"var/run/openldap |
639 |
chmod 0755 "${ROOT}"var/run/openldap |
640 |
chown root:ldap "${ROOT}"etc/openldap/slapd.conf{,.default} |
641 |
chmod 0640 "${ROOT}"etc/openldap/slapd.conf{,.default} |
642 |
chown ldap:ldap "${ROOT}"var/lib/openldap-{data,ldbm} |
643 |
fi |
644 |
|
645 |
elog "Getting started using OpenLDAP? There is some documentation available:" |
646 |
elog "Gentoo Guide to OpenLDAP Authentication" |
647 |
elog "(http://www.gentoo.org/doc/en/ldap-howto.xml)" |
648 |
elog "---" |
649 |
elog "An example file for tuning BDB backends with openldap is" |
650 |
elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/" |
651 |
|
652 |
preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3.so.0 |
653 |
} |