1 |
robbat2 09/11/03 21:13:52 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: openldap-2.4.19.ebuild |
5 |
Log: |
6 |
Version bump per bug #290345 (CVE-2009-3767). Also fix: #286427 disable-syslog w/ USE=minimal. #280986 ldflags. |
7 |
(Portage version: 2.2_rc48/cvs/Linux x86_64) |
8 |
|
9 |
Revision Changes Path |
10 |
1.348 net-nds/openldap/ChangeLog |
11 |
|
12 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-nds/openldap/ChangeLog?rev=1.348&view=markup |
13 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-nds/openldap/ChangeLog?rev=1.348&content-type=text/plain |
14 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-nds/openldap/ChangeLog?r1=1.347&r2=1.348 |
15 |
|
16 |
Index: ChangeLog |
17 |
=================================================================== |
18 |
RCS file: /var/cvsroot/gentoo-x86/net-nds/openldap/ChangeLog,v |
19 |
retrieving revision 1.347 |
20 |
retrieving revision 1.348 |
21 |
diff -p -w -b -B -u -u -r1.347 -r1.348 |
22 |
--- ChangeLog 10 Aug 2009 10:32:18 -0000 1.347 |
23 |
+++ ChangeLog 3 Nov 2009 21:13:51 -0000 1.348 |
24 |
@@ -1,6 +1,13 @@ |
25 |
# ChangeLog for net-nds/openldap |
26 |
# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 |
27 |
-# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/ChangeLog,v 1.347 2009/08/10 10:32:18 ssuominen Exp $ |
28 |
+# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/ChangeLog,v 1.348 2009/11/03 21:13:51 robbat2 Exp $ |
29 |
+ |
30 |
+*openldap-2.4.19 (03 Nov 2009) |
31 |
+ |
32 |
+ 03 Nov 2009; Robin H. Johnson <robbat2@g.o> |
33 |
+ +openldap-2.4.19.ebuild, +files/openldap-2.4.19-contrib-smbk5pwd.patch: |
34 |
+ Version bump per bug #290345 (CVE-2009-3767). Also fix: #286427 |
35 |
+ disable-syslog w/ USE=minimal. #280986 ldflags. |
36 |
|
37 |
10 Aug 2009; Samuli Suominen <ssuominen@g.o> |
38 |
openldap-2.4.17-r1.ebuild, +files/openldap-2.4.17-gcc44.patch: |
39 |
|
40 |
|
41 |
|
42 |
1.1 net-nds/openldap/openldap-2.4.19.ebuild |
43 |
|
44 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-nds/openldap/openldap-2.4.19.ebuild?rev=1.1&view=markup |
45 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-nds/openldap/openldap-2.4.19.ebuild?rev=1.1&content-type=text/plain |
46 |
|
47 |
Index: openldap-2.4.19.ebuild |
48 |
=================================================================== |
49 |
# Copyright 1999-2009 Gentoo Foundation |
50 |
# Distributed under the terms of the GNU General Public License v2 |
51 |
# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/openldap-2.4.19.ebuild,v 1.1 2009/11/03 21:13:51 robbat2 Exp $ |
52 |
|
53 |
EAPI="2" |
54 |
inherit db-use eutils flag-o-matic multilib ssl-cert versionator toolchain-funcs |
55 |
|
56 |
DESCRIPTION="LDAP suite of application and development tools" |
57 |
HOMEPAGE="http://www.OpenLDAP.org/" |
58 |
SRC_URI="mirror://openldap/openldap-release/${P}.tgz" |
59 |
|
60 |
LICENSE="OPENLDAP" |
61 |
SLOT="0" |
62 |
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" |
63 |
|
64 |
IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal" |
65 |
IUSE_BACKEND="+berkdb" |
66 |
IUSE_OVERLAY="overlays perl" |
67 |
IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 syslog selinux" |
68 |
IUSE_CONTRIB="smbkrb5passwd kerberos" |
69 |
IUSE_CONTRIB="${IUSE_CONTRIB} cxx" |
70 |
IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}" |
71 |
|
72 |
# openssl is needed to generate lanman-passwords required by samba |
73 |
RDEPEND="sys-libs/ncurses |
74 |
icu? ( dev-libs/icu ) |
75 |
tcpd? ( sys-apps/tcp-wrappers ) |
76 |
ssl? ( !gnutls? ( dev-libs/openssl ) |
77 |
gnutls? ( net-libs/gnutls ) ) |
78 |
sasl? ( dev-libs/cyrus-sasl ) |
79 |
!minimal? ( |
80 |
odbc? ( !iodbc? ( dev-db/unixODBC ) |
81 |
iodbc? ( dev-db/libiodbc ) ) |
82 |
slp? ( net-libs/openslp ) |
83 |
perl? ( dev-lang/perl[-build] ) |
84 |
samba? ( dev-libs/openssl ) |
85 |
berkdb? ( sys-libs/db ) |
86 |
smbkrb5passwd? ( |
87 |
dev-libs/openssl |
88 |
app-crypt/heimdal ) |
89 |
kerberos? ( virtual/krb5 ) |
90 |
cxx? ( dev-libs/cyrus-sasl ) |
91 |
) |
92 |
selinux? ( sec-policy/selinux-openldap )" |
93 |
DEPEND="${RDEPEND}" |
94 |
|
95 |
# for tracking versions |
96 |
OPENLDAP_VERSIONTAG=".version-tag" |
97 |
OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data" |
98 |
|
99 |
openldap_find_versiontags() { |
100 |
# scan for all datadirs |
101 |
openldap_datadirs="" |
102 |
if [ -f "${ROOT}"/etc/openldap/slapd.conf ]; then |
103 |
openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${ROOT}/etc/openldap/slapd.conf)" |
104 |
fi |
105 |
openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}" |
106 |
|
107 |
einfo |
108 |
einfo "Scanning datadir(s) from slapd.conf and" |
109 |
einfo "the default installdir for Versiontags" |
110 |
einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)" |
111 |
einfo |
112 |
|
113 |
# scan datadirs if we have a version tag |
114 |
openldap_found_tag=0 |
115 |
for each in ${openldap_datadirs}; do |
116 |
CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"` |
117 |
CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG} |
118 |
if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then |
119 |
einfo "- Checking ${each}..." |
120 |
if [ -r ${CURRENT_TAG} ] ; then |
121 |
# yey, we have one :) |
122 |
einfo " Found Versiontag in ${each}" |
123 |
source ${CURRENT_TAG} |
124 |
if [ "${OLDPF}" == "" ] ; then |
125 |
eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}" |
126 |
eerror "Please delete it" |
127 |
eerror |
128 |
die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}" |
129 |
fi |
130 |
|
131 |
OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}` |
132 |
|
133 |
# are we on the same branch? |
134 |
if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then |
135 |
ewarn " Versiontag doesn't match current major release!" |
136 |
if [[ `ls -a ${CURRENT_TAGDIR} | wc -l` -gt 5 ]] ; then |
137 |
eerror " Versiontag says other major and you (probably) have datafiles!" |
138 |
echo |
139 |
openldap_upgrade_howto |
140 |
else |
141 |
einfo " No real problem, seems there's no database." |
142 |
fi |
143 |
else |
144 |
einfo " Versiontag is fine here :)" |
145 |
fi |
146 |
else |
147 |
einfo " Non-tagged dir ${each}" |
148 |
if [[ `ls -a ${each} | wc -l` > 5 ]] ; then |
149 |
einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files" |
150 |
echo |
151 |
|
152 |
eerror |
153 |
eerror "Your OpenLDAP Installation has a non tagged datadir that" |
154 |
eerror "possibly contains a database at ${CURRENT_TAGDIR}" |
155 |
eerror |
156 |
eerror "Please export data if any entered and empty or remove" |
157 |
eerror "the directory, installation has been stopped so you" |
158 |
eerror "can take required action" |
159 |
eerror |
160 |
eerror "For a HOWTO on exporting the data, see instructions in the ebuild" |
161 |
eerror |
162 |
die "Please move the datadir ${CURRENT_TAGDIR} away" |
163 |
fi |
164 |
fi |
165 |
einfo |
166 |
fi |
167 |
done |
168 |
|
169 |
echo |
170 |
einfo |
171 |
einfo "All datadirs are fine, proceeding with merge now..." |
172 |
einfo |
173 |
} |
174 |
|
175 |
openldap_upgrade_howto() { |
176 |
eerror |
177 |
eerror "A (possible old) installation of OpenLDAP was detected," |
178 |
eerror "installation will not proceed for now." |
179 |
eerror |
180 |
eerror "As major version upgrades can corrupt your database," |
181 |
eerror "you need to dump your database and re-create it afterwards." |
182 |
eerror "" |
183 |
d="$(date -u +%s)" |
184 |
l="/root/ldapdump.${d}" |
185 |
i="${l}.raw" |
186 |
eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop" |
187 |
eerror " 2. slapcat -l ${i}" |
188 |
eerror " 3. egrep -v '^entryCSN:' <${i} >${l}" |
189 |
eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/" |
190 |
eerror " 5. emerge --update \=net-nds/${PF}" |
191 |
eerror " 6. etc-update, and ensure that you apply the changes" |
192 |
eerror " 7. slapadd -l ${l}" |
193 |
eerror " 8. chown ldap:ldap /var/lib/openldap-data/*" |
194 |
eerror " 9. /etc/init.d/slapd start" |
195 |
eerror "10. check that your data is intact." |
196 |
eerror "11. set up the new replication system." |
197 |
eerror |
198 |
if [ "${FORCE_UPGRADE}" != "1" ]; then |
199 |
die "You need to upgrade your database first" |
200 |
else |
201 |
eerror "You have the magical FORCE_UPGRADE=1 in place." |
202 |
eerror "Don't say you weren't warned about data loss." |
203 |
fi |
204 |
} |
205 |
|
206 |
pkg_setup() { |
207 |
if ! use sasl && use cxx ; then |
208 |
die "To build the ldapc++ library you must emerge openldap with sasl support" |
209 |
fi |
210 |
if use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then |
211 |
einfo |
212 |
einfo "Skipping scan for previous datadirs as requested by minimal useflag" |
213 |
einfo |
214 |
else |
215 |
openldap_find_versiontags |
216 |
fi |
217 |
|
218 |
enewgroup ldap 439 |
219 |
enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap |
220 |
} |
221 |
|
222 |
src_prepare() { |
223 |
# ensure correct SLAPI path by default |
224 |
sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "/var/run/openldap/slapd.sock",' \ |
225 |
"${S}"/include/ldap_defaults.h |
226 |
|
227 |
epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch |
228 |
|
229 |
epatch \ |
230 |
"${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \ |
231 |
"${FILESDIR}"/${PN}-2.4.15-ppolicy.patch |
232 |
|
233 |
# bug #116045 - still present in 2.4.19 |
234 |
epatch "${FILESDIR}"/${PN}-2.4.19-contrib-smbk5pwd.patch |
235 |
|
236 |
# bug #189817 |
237 |
epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch |
238 |
|
239 |
# bug #233633 |
240 |
epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch |
241 |
|
242 |
cd "${S}"/build |
243 |
einfo "Making sure upstream build strip does not do stripping too early" |
244 |
sed -i.orig \ |
245 |
-e '/^STRIP/s,-s,,g' \ |
246 |
top.mk || die "Failed to block stripping" |
247 |
|
248 |
# wrong assumption that /bin/sh is /bin/bash |
249 |
sed -i \ |
250 |
-e 's|/bin/sh|/bin/bash|g' \ |
251 |
"${S}"/tests/scripts/* || die "sed failed" |
252 |
} |
253 |
|
254 |
build_contrib_module() { |
255 |
lt="${S}/libtool" |
256 |
# <dir> <sources> <outputname> |
257 |
cd "${S}/contrib/slapd-modules/$1" |
258 |
einfo "Compiling contrib-module: $3" |
259 |
"${lt}" --mode=compile --tag=CC \ |
260 |
"${CC}" \ |
261 |
-I../../../include -I../../../servers/slapd ${CFLAGS} \ |
262 |
-o ${2%.c}.lo -c $2 || die "compiling $3 failed" |
263 |
einfo "Linking contrib-module: $3" |
264 |
"${lt}" --mode=link --tag=CC \ |
265 |
"${CC}" -module \ |
266 |
${CFLAGS} \ |
267 |
${LDFLAGS} \ |
268 |
-rpath /usr/$(get_libdir)/openldap/openldap \ |
269 |
-o $3.la ${2%.c}.lo || die "linking $3 failed" |
270 |
} |
271 |
|
272 |
src_configure() { |
273 |
local myconf |
274 |
|
275 |
#Fix for glibc-2.8 and ucred. Bug 228457. |
276 |
append-flags -D_GNU_SOURCE |
277 |
|
278 |
use debug && myconf="${myconf} $(use_enable debug)" |
279 |
|
280 |
# ICU usage is not configurable |
281 |
export ac_cv_header_unicode_utypes_h="$(use icu && echo yes || echo no)" |
282 |
|
283 |
if ! use minimal ; then |
284 |
# backends |
285 |
myconf="${myconf} --enable-slapd" |
286 |
if use berkdb ; then |
287 |
einfo "Using Berkeley DB for local backend" |
288 |
myconf="${myconf} --enable-bdb --enable-hdb" |
289 |
# We need to include the slotted db.h dir for FreeBSD |
290 |
append-cppflags -I$(db_includedir) |
291 |
else |
292 |
ewarn |
293 |
ewarn "Note: if you disable berkdb, you can only use remote-backends!" |
294 |
ewarn |
295 |
ebeep 5 |
296 |
myconf="${myconf} --disable-bdb --disable-hdb" |
297 |
fi |
298 |
for backend in dnssrv ldap meta monitor null passwd relay shell sock; do |
299 |
myconf="${myconf} --enable-${backend}=mod" |
300 |
done |
301 |
|
302 |
myconf="${myconf} $(use_enable perl perl mod)" |
303 |
|
304 |
myconf="${myconf} $(use_enable odbc sql mod)" |
305 |
if use odbc ; then |
306 |
local odbc_lib="unixodbc" |
307 |
use iodbc && odbc_lib="iodbc" |
308 |
myconf="${myconf} --with-odbc=${odbc_lib}" |
309 |
fi |
310 |
|
311 |
# slapd options |
312 |
myconf="${myconf} $(use_enable crypt) $(use_enable slp)" |
313 |
myconf="${myconf} $(use_enable samba lmpasswd) $(use_enable syslog)" |
314 |
if use experimental ; then |
315 |
myconf="${myconf} --enable-dynacl" |
316 |
myconf="${myconf} --enable-aci=mod" |
317 |
fi |
318 |
for option in aci cleartext modules rewrite rlookups slapi; do |
319 |
myconf="${myconf} --enable-${option}" |
320 |
done |
321 |
|
322 |
# slapd overlay options |
323 |
# Compile-in the syncprov, the others as module |
324 |
myconf="${myconf} --enable-syncprov=yes" |
325 |
use overlays && myconf="${myconf} --enable-overlays=mod" |
326 |
|
327 |
else |
328 |
myconf="${myconf} --disable-slapd --disable-bdb --disable-hdb" |
329 |
myconf="${myconf} --disable-overlays --disable-syslog" |
330 |
fi |
331 |
|
332 |
# basic functionality stuff |
333 |
myconf="${myconf} $(use_enable ipv6)" |
334 |
myconf="${myconf} $(use_with sasl cyrus-sasl) $(use_enable sasl spasswd)" |
335 |
myconf="${myconf} $(use_enable tcpd wrappers)" |
336 |
|
337 |
local ssl_lib="no" |
338 |
if use ssl || ( use ! minimal && use samba ) ; then |
339 |
ssl_lib="openssl" |
340 |
use gnutls && ssl_lib="gnutls" |
341 |
fi |
342 |
|
343 |
myconf="${myconf} --with-tls=${ssl_lib}" |
344 |
|
345 |
for basicflag in dynamic local proctitle shared static; do |
346 |
myconf="${myconf} --enable-${basicflag}" |
347 |
done |
348 |
|
349 |
tc-export CC AR CXX |
350 |
STRIP=/bin/true \ |
351 |
econf \ |
352 |
--libexecdir=/usr/$(get_libdir)/openldap \ |
353 |
${myconf} |
354 |
|
355 |
if ! use minimal ; then |
356 |
if use cxx ; then |
357 |
local myconf_ldapcpp |
358 |
myconf_ldapcpp="${myconf_ldapcpp} --with-ldap-includes=../../include" |
359 |
cd "${S}/contrib/ldapc++" |
360 |
OLD_LDFLAGS="$LDFLAGS" |
361 |
OLD_CPPFLAGS="$CPPFLAGS" |
362 |
append-ldflags -L../../libraries/liblber/.libs -L../../libraries/libldap/.libs |
363 |
append-ldflags -L../../../libraries/liblber/.libs -L../../../libraries/libldap/.libs |
364 |
append-cppflags -I../../../include |
365 |
econf ${myconf_ldapcpp} \ |
366 |
CC="${CC}" \ |
367 |
CXX="${CXX}" \ |
368 |
|| die "econf ldapc++ failed" |
369 |
CPPFLAGS="$OLD_CPPFLAGS" |
370 |
fi |
371 |
fi |
372 |
} |
373 |
|
374 |
src_compile() { |
375 |
emake depend || die "emake depend failed" |
376 |
emake CC="${CC}" AR="${AR}" || die "emake failed" |
377 |
lt="${S}/libtool" |
378 |
export echo="echo" |
379 |
|
380 |
if ! use minimal ; then |
381 |
if use cxx ; then |
382 |
einfo "Building contrib library: ldapc++" |
383 |
cd "${S}/contrib/ldapc++" |
384 |
emake \ |
385 |
CC="${CC}" CXX="${CXX}" \ |
386 |
|| die "emake ldapc++ failed" |
387 |
fi |
388 |
|
389 |
if use smbkrb5passwd ; then |
390 |
einfo "Building contrib-module: smbk5pwd" |
391 |
cd "${S}/contrib/slapd-modules/smbk5pwd" |
392 |
|
393 |
emake \ |
394 |
DEFS="-DDO_SAMBA -DDO_KRB5" \ |
395 |
KRB5_INC="$(krb5-config --cflags)" \ |
396 |
CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap" \ |
397 |
|| die "emake smbk5pwd failed" |
398 |
fi |
399 |
|
400 |
if use kerberos ; then |
401 |
cd "${S}/contrib/slapd-modules/passwd" |
402 |
einfo "Compiling contrib-module: pw-kerberos" |
403 |
"${lt}" --mode=compile --tag=CC \ |
404 |
"${CC}" \ |
405 |
-I../../../include \ |
406 |
${CFLAGS} \ |
407 |
$(krb5-config --cflags) \ |
408 |
-DHAVE_KRB5 \ |
409 |
-o kerberos.lo \ |
410 |
-c kerberos.c || die "compiling pw-kerberos failed" |
411 |
einfo "Linking contrib-module: pw-kerberos" |
412 |
"${lt}" --mode=link --tag=CC \ |
413 |
"${CC}" -module \ |
414 |
${CFLAGS} \ |
415 |
${LDFLAGS} \ |
416 |
-rpath /usr/$(get_libdir)/openldap/openldap \ |
417 |
-o pw-kerberos.la \ |
418 |
kerberos.lo || die "linking pw-kerberos failed" |
419 |
fi |
420 |
# We could build pw-radius if GNURadius would install radlib.h |
421 |
cd "${S}/contrib/slapd-modules/passwd" |
422 |
einfo "Compiling contrib-module: pw-netscape" |
423 |
"${lt}" --mode=compile --tag=CC \ |
424 |
"${CC}" \ |
425 |
-I../../../include \ |
426 |
${CFLAGS} \ |
427 |
-o netscape.lo \ |
428 |
-c netscape.c || die "compiling pw-netscape failed" |
429 |
einfo "Linking contrib-module: pw-netscape" |
430 |
"${lt}" --mode=link --tag=CC \ |
431 |
"${CC}" -module \ |
432 |
${CFLAGS} \ |
433 |
${LDFLAGS} \ |
434 |
-rpath /usr/$(get_libdir)/openldap/openldap \ |
435 |
-o pw-netscape.la \ |
436 |
netscape.lo || die "linking pw-netscape failed" |
437 |
|
438 |
build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay" |
439 |
build_contrib_module "allop" "allop.c" "overlay-allop" |
440 |
build_contrib_module "allowed" "allowed.c" "allowed" |
441 |
build_contrib_module "autogroup" "autogroup.c" "autogroup" |
442 |
build_contrib_module "denyop" "denyop.c" "denyop-overlay" |
443 |
build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin" |
444 |
# lastmod may not play well with other overlays |
445 |
build_contrib_module "lastmod" "lastmod.c" "lastmod" |
446 |
build_contrib_module "nops" "nops.c" "nops-overlay" |
447 |
build_contrib_module "trace" "trace.c" "trace" |
448 |
# build slapi-plugins |
449 |
cd "${S}/contrib/slapi-plugins/addrdnvalues" |
450 |
einfo "Building contrib-module: addrdnvalues plugin" |
451 |
"${CC}" -shared \ |
452 |
-I../../../include \ |
453 |
${CFLAGS} \ |
454 |
-fPIC \ |
455 |
${LDFLAGS} \ |
456 |
-o libaddrdnvalues-plugin.so \ |
457 |
addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed" |
458 |
|
459 |
fi |
460 |
} |
461 |
|
462 |
src_test() { |
463 |
cd tests ; make tests || die "make tests failed" |
464 |
} |
465 |
|
466 |
src_install() { |
467 |
lt="${S}/libtool" |
468 |
emake DESTDIR="${D}" install || die "make install failed" |
469 |
|
470 |
dodoc ANNOUNCEMENT CHANGES COPYRIGHT README "${FILESDIR}"/DB_CONFIG.fast.example |
471 |
docinto rfc ; dodoc doc/rfc/*.txt |
472 |
|
473 |
# openldap modules go here |
474 |
# TODO: write some code to populate slapd.conf with moduleload statements |
475 |
keepdir /usr/$(get_libdir)/openldap/openldap/ |
476 |
|
477 |
# initial data storage dir |
478 |
keepdir /var/lib/openldap-data |
479 |
fowners ldap:ldap /var/lib/openldap-data |
480 |
fperms 0700 /var/lib/openldap-data |
481 |
|
482 |
echo "OLDPF='${PF}'" > "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" |
483 |
echo "# do NOT delete this. it is used" >> "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" |
484 |
echo "# to track versions for upgrading." >> "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" |
485 |
|
486 |
# change slapd.pid location in configuration file |
487 |
keepdir /var/run/openldap |
488 |
fowners ldap:ldap /var/run/openldap |
489 |
fperms 0755 /var/run/openldap |
490 |
|
491 |
if ! use minimal; then |
492 |
# use our config |
493 |
rm "${D}"etc/openldap/slapd.conf |
494 |
insinto /etc/openldap |
495 |
newins "${FILESDIR}"/${PN}-2.3.34-slapd-conf slapd.conf |
496 |
configfile="${D}"etc/openldap/slapd.conf |
497 |
|
498 |
# populate with built backends |
499 |
ebegin "populate config with built backends" |
500 |
for x in "${D}"usr/$(get_libdir)/openldap/openldap/back_*.so; do |
501 |
elog "Adding $(basename ${x})" |
502 |
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" |
503 |
done |
504 |
sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}" |
505 |
fowners root:ldap /etc/openldap/slapd.conf |
506 |
fperms 0640 /etc/openldap/slapd.conf |
507 |
cp "${configfile}" "${configfile}".default |
508 |
eend |
509 |
|
510 |
# install our own init scripts |
511 |
newinitd "${FILESDIR}"/slapd-initd slapd |
512 |
newconfd "${FILESDIR}"/slapd-confd slapd |
513 |
if [ $(get_libdir) != lib ]; then |
514 |
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i "${D}"etc/init.d/slapd |
515 |
fi |
516 |
|
517 |
if use cxx ; then |
518 |
einfo "Install the ldapc++ library" |
519 |
cd "${S}/contrib/ldapc++" |
520 |
emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install ldapc++ failed" |
521 |
newdoc README ldapc++-README |
522 |
fi |
523 |
|
524 |
if use smbkrb5passwd ; then |
525 |
einfo "Install the smbk5pwd module" |
526 |
cd "${S}/contrib/slapd-modules/smbk5pwd" |
527 |
emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install smbk5pwd failed" |
528 |
newdoc README smbk5pwd-README |
529 |
fi |
530 |
|
531 |
einfo "Installing contrib modules" |
532 |
cd "${S}/contrib/slapd-modules" |
533 |
for l in */*.la; do |
534 |
"${lt}" --mode=install cp ${l} \ |
535 |
"${D}"usr/$(get_libdir)/openldap/openldap || \ |
536 |
die "installing ${l} failed" |
537 |
done |
538 |
docinto contrib |
539 |
newdoc addpartial/README addpartial-README |
540 |
newdoc allop/README allop-README |
541 |
doman allop/slapo-allop.5 |
542 |
newdoc autogroup/README autogroup-README |
543 |
newdoc denyop/denyop.c denyop-denyop.c |
544 |
newdoc dsaschema/README dsaschema-README |
545 |
doman lastmod/slapo-lastmod.5 |
546 |
doman nops/slapo-nops.5 |
547 |
newdoc passwd/README passwd-README |
548 |
cd "${S}/contrib/slapi-plugins" |
549 |
insinto /usr/$(get_libdir)/openldap/openldap |
550 |
doins */*.so |
551 |
docinto contrib |
552 |
newdoc addrdnvalues/README addrdnvalues-README |
553 |
fi |
554 |
} |
555 |
|
556 |
pkg_preinst() { |
557 |
# keep old libs if any |
558 |
preserve_old_lib usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3.so.0 |
559 |
} |
560 |
|
561 |
pkg_postinst() { |
562 |
if ! use minimal ; then |
563 |
# You cannot build SSL certificates during src_install that will make |
564 |
# binary packages containing your SSL key, which is both a security risk |
565 |
# and a misconfiguration if multiple machines use the same key and cert. |
566 |
if use ssl; then |
567 |
install_cert /etc/openldap/ssl/ldap |
568 |
chown ldap:ldap "${ROOT}"etc/openldap/ssl/ldap.* |
569 |
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" |
570 |
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" |
571 |
ewarn "add 'TLS_REQCERT never' if you want to use them." |
572 |
fi |
573 |
|
574 |
# These lines force the permissions of various content to be correct |
575 |
chown ldap:ldap "${ROOT}"var/run/openldap |
576 |
chmod 0755 "${ROOT}"var/run/openldap |
577 |
chown root:ldap "${ROOT}"etc/openldap/slapd.conf{,.default} |
578 |
chmod 0640 "${ROOT}"etc/openldap/slapd.conf{,.default} |
579 |
chown ldap:ldap "${ROOT}"var/lib/openldap-{data,ldbm} |
580 |
fi |
581 |
|
582 |
elog "Getting started using OpenLDAP? There is some documentation available:" |
583 |
elog "Gentoo Guide to OpenLDAP Authentication" |
584 |
elog "(http://www.gentoo.org/doc/en/ldap-howto.xml)" |
585 |
elog "---" |
586 |
elog "An example file for tuning BDB backends with openldap is" |
587 |
elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/" |
588 |
|
589 |
preserve_old_lib_notify usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3.so.0 |
590 |
} |