1 |
commit: baa622bd7d8b41c200af2a24ab5cdc81191cc176 |
2 |
Author: David Seifert <soap <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Nov 7 20:23:54 2021 +0000 |
4 |
Commit: David Seifert <soap <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Nov 7 20:23:54 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=baa622bd |
7 |
|
8 |
sys-auth/sssd: add 2.6.0 |
9 |
|
10 |
Signed-off-by: David Seifert <soap <AT> gentoo.org> |
11 |
|
12 |
sys-auth/sssd/Manifest | 1 + |
13 |
sys-auth/sssd/sssd-2.6.0.ebuild | 289 ++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 290 insertions(+) |
15 |
|
16 |
diff --git a/sys-auth/sssd/Manifest b/sys-auth/sssd/Manifest |
17 |
index 5a4af14d089..82f54dde37e 100644 |
18 |
--- a/sys-auth/sssd/Manifest |
19 |
+++ b/sys-auth/sssd/Manifest |
20 |
@@ -1,3 +1,4 @@ |
21 |
DIST sssd-2.3.1.tar.gz 7186526 BLAKE2B 6d630fe75b9b426ef54adbe1704fde8e01fc34df7861028c07ce2985db8a151ce743d633061386fea6460fe8eabb89242b816d4bac87975bb9b7b2064ad1d547 SHA512 6aeb52d5222c5992d581296996749327bcaf276e4eb4413a6a32ea6529343432cfe413006aca4245c19b38b515be1c4c2ef88a157c617d889274179253355bc6 |
22 |
DIST sssd-2.5.2-CVE-2021-3621.patch.bz2 3155 BLAKE2B c50e331f0f1acbb9ef8e6d54a63219da44df5e565608c24635d85a110fcc024f7d5293c4412bca64831a9a3a14e2c1188be1a802c76575ad6d7a83243d3d89c2 SHA512 650af7c67b3a807935c0875ee877d366facdf818492fb4244757448ad351454a279968ea5414e6b3cd116e873abe4f1aef2ccdaf790a4df0cf7f2a0078a41860 |
23 |
DIST sssd-2.5.2.tar.gz 7579208 BLAKE2B ec5d9aeaf5b5e05b56c01f9137f6f24db05544dbd48458d742285b60e7beb6d48af865f3415e11ce89e187f4643bbecf15bbb321859ec80cfe458eb781cea6c9 SHA512 a9bac7b2cc23022dce3bcda314c9c26a0a0914c448f6d5a51c5ba18670f04c1fd1a94cb20173235b6285df1dcc9251cb6b3f3e71a220037b4eb66668e6f33c48 |
24 |
+DIST sssd-2.6.0.tar.gz 7440969 BLAKE2B 6b05fcea09ef10a5b2f373dc6a66032edc4c4f46f65f42fdc9ffb5b676025095e16de4a86b3088351c22746e062829d1d68fa7e960cccb7c5a77d960e6d38e2a SHA512 0b9e169424cbadfa6132a3e5e9789facf82f04cce94cb5344b8ff49370ae8817c2cb16cf21caddf6a7cd42e661d5ff5bf97843d79681683aacff0053ff93f64b |
25 |
|
26 |
diff --git a/sys-auth/sssd/sssd-2.6.0.ebuild b/sys-auth/sssd/sssd-2.6.0.ebuild |
27 |
new file mode 100644 |
28 |
index 00000000000..fb1dc80f4f5 |
29 |
--- /dev/null |
30 |
+++ b/sys-auth/sssd/sssd-2.6.0.ebuild |
31 |
@@ -0,0 +1,289 @@ |
32 |
+# Copyright 1999-2021 Gentoo Authors |
33 |
+# Distributed under the terms of the GNU General Public License v2 |
34 |
+ |
35 |
+EAPI=7 |
36 |
+ |
37 |
+PYTHON_COMPAT=( python3_{8..10} ) |
38 |
+ |
39 |
+inherit autotools linux-info multilib-minimal optfeature python-single-r1 pam systemd toolchain-funcs |
40 |
+ |
41 |
+DESCRIPTION="System Security Services Daemon provides access to identity and authentication" |
42 |
+HOMEPAGE="https://github.com/SSSD/sssd" |
43 |
+SRC_URI="https://github.com/SSSD/sssd/releases/download/${PV}/${P}.tar.gz" |
44 |
+ |
45 |
+LICENSE="GPL-3" |
46 |
+SLOT="0" |
47 |
+KEYWORDS="amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86" |
48 |
+IUSE="acl doc +locator +netlink nfsv4 nls +man pac python samba selinux sudo systemd systemtap test valgrind" |
49 |
+REQUIRED_USE=" |
50 |
+ pac? ( samba ) |
51 |
+ python? ( ${PYTHON_REQUIRED_USE} ) |
52 |
+ test? ( sudo ) |
53 |
+ valgrind? ( test )" |
54 |
+RESTRICT="!test? ( test )" |
55 |
+ |
56 |
+DEPEND=" |
57 |
+ >=app-crypt/mit-krb5-1.19.1[${MULTILIB_USEDEP}] |
58 |
+ app-crypt/p11-kit |
59 |
+ >=dev-libs/ding-libs-0.2 |
60 |
+ >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] |
61 |
+ dev-libs/libpcre2:= |
62 |
+ >=dev-libs/popt-1.16 |
63 |
+ >=dev-libs/openssl-1.0.2:= |
64 |
+ dev-libs/libunistring:= |
65 |
+ >=net-dns/bind-tools-9.9[gssapi] |
66 |
+ >=net-dns/c-ares-1.7.4:= |
67 |
+ >=net-nds/openldap-2.4.30[sasl] |
68 |
+ >=sys-apps/dbus-1.6 |
69 |
+ >=sys-apps/keyutils-1.5:= |
70 |
+ >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] |
71 |
+ >=sys-libs/talloc-2.0.7 |
72 |
+ >=sys-libs/tdb-1.2.9 |
73 |
+ >=sys-libs/tevent-0.9.16 |
74 |
+ >=sys-libs/ldb-1.1.17-r1:= |
75 |
+ virtual/libintl |
76 |
+ acl? ( net-fs/cifs-utils[acl] ) |
77 |
+ locator? ( >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}] ) |
78 |
+ netlink? ( dev-libs/libnl:3 ) |
79 |
+ nfsv4? ( |
80 |
+ || ( |
81 |
+ >=net-fs/nfs-utils-2.3.1-r2 |
82 |
+ net-libs/libnfsidmap |
83 |
+ ) |
84 |
+ ) |
85 |
+ pac? ( net-fs/samba ) |
86 |
+ python? ( ${PYTHON_DEPS} ) |
87 |
+ samba? ( >=net-fs/samba-4.10.2[winbind] ) |
88 |
+ selinux? ( |
89 |
+ >=sys-libs/libselinux-2.1.9 |
90 |
+ >=sys-libs/libsemanage-2.1 |
91 |
+ ) |
92 |
+ systemd? ( |
93 |
+ sys-apps/systemd:= |
94 |
+ sys-apps/util-linux |
95 |
+ ) |
96 |
+ systemtap? ( dev-util/systemtap )" |
97 |
+RDEPEND="${DEPEND} |
98 |
+ >=sys-libs/glibc-2.17[nscd] |
99 |
+ selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )" |
100 |
+BDEPEND=" |
101 |
+ virtual/pkgconfig |
102 |
+ ${PYTHON_DEPS} |
103 |
+ doc? ( app-doc/doxygen ) |
104 |
+ nls? ( sys-devel/gettext ) |
105 |
+ test? ( |
106 |
+ dev-libs/check |
107 |
+ dev-libs/softhsm:2 |
108 |
+ dev-util/cmocka |
109 |
+ net-libs/gnutls[pkcs11,tools] |
110 |
+ sys-libs/libfaketime |
111 |
+ sys-libs/nss_wrapper |
112 |
+ sys-libs/pam_wrapper |
113 |
+ sys-libs/uid_wrapper |
114 |
+ valgrind? ( dev-util/valgrind ) |
115 |
+ ) |
116 |
+ man? ( |
117 |
+ app-text/docbook-xml-dtd:4.4 |
118 |
+ >=dev-libs/libxslt-1.1.26 |
119 |
+ nls? ( app-text/po4a ) |
120 |
+ )" |
121 |
+ |
122 |
+CONFIG_CHECK="~KEYS" |
123 |
+ |
124 |
+MULTILIB_WRAPPED_HEADERS=( |
125 |
+ /usr/include/ipa_hbac.h |
126 |
+ /usr/include/sss_idmap.h |
127 |
+ /usr/include/sss_nss_idmap.h |
128 |
+ # --with-ifp |
129 |
+ /usr/include/sss_sifp.h |
130 |
+ /usr/include/sss_sifp_dbus.h |
131 |
+ # from 1.15.3 |
132 |
+ /usr/include/sss_certmap.h |
133 |
+) |
134 |
+ |
135 |
+pkg_setup() { |
136 |
+ linux-info_pkg_setup |
137 |
+ python-single-r1_pkg_setup |
138 |
+} |
139 |
+ |
140 |
+src_prepare() { |
141 |
+ default |
142 |
+ |
143 |
+ sed -i \ |
144 |
+ -e 's:/var/run:/run:' \ |
145 |
+ src/examples/logrotate \ |
146 |
+ || die |
147 |
+ |
148 |
+ # disable flaky test, see https://github.com/SSSD/sssd/issues/5631 |
149 |
+ sed -i \ |
150 |
+ -e '/^\s*pam-srv-tests[ \\]*$/d' \ |
151 |
+ Makefile.am \ |
152 |
+ || die |
153 |
+ |
154 |
+ eautoreconf |
155 |
+ |
156 |
+ multilib_copy_sources |
157 |
+} |
158 |
+ |
159 |
+src_configure() { |
160 |
+ local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1 || die) |
161 |
+ |
162 |
+ multilib-minimal_src_configure |
163 |
+} |
164 |
+ |
165 |
+multilib_src_configure() { |
166 |
+ local myconf=() |
167 |
+ |
168 |
+ myconf+=( |
169 |
+ --localstatedir="${EPREFIX}"/var |
170 |
+ --runstatedir="${EPREFIX}"/run |
171 |
+ --with-pid-path="${EPREFIX}"/run |
172 |
+ --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd |
173 |
+ --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir) |
174 |
+ --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb |
175 |
+ --with-db-path="${EPREFIX}"/var/lib/sss/db |
176 |
+ --with-gpo-cache-path="${EPREFIX}"/var/lib/sss/gpo_cache |
177 |
+ --with-pubconf-path="${EPREFIX}"/var/lib/sss/pubconf |
178 |
+ --with-pipe-path="${EPREFIX}"/var/lib/sss/pipes |
179 |
+ --with-mcache-path="${EPREFIX}"/var/lib/sss/mc |
180 |
+ --with-secrets-db-path="${EPREFIX}"/var/lib/sss/secrets |
181 |
+ --with-log-path="${EPREFIX}"/var/log/sssd |
182 |
+ --with-os=gentoo |
183 |
+ --disable-rpath |
184 |
+ --disable-static |
185 |
+ --sbindir="${EPREFIX}"/usr/sbin |
186 |
+ $(multilib_native_use_with systemd kcm) |
187 |
+ $(use_with samba) |
188 |
+ --with-smb-idmap-interface-version=6 |
189 |
+ $(multilib_native_use_enable acl cifs-idmap-plugin) |
190 |
+ $(multilib_native_use_with selinux) |
191 |
+ $(multilib_native_use_with selinux semanage) |
192 |
+ $(use_enable locator krb5-locator-plugin) |
193 |
+ $(use_enable pac pac-responder) |
194 |
+ $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin) |
195 |
+ $(use_enable nls) |
196 |
+ $(multilib_native_use_with netlink libnl) |
197 |
+ $(multilib_native_use_with man manpages) |
198 |
+ $(multilib_native_use_with sudo) |
199 |
+ $(multilib_native_with autofs) |
200 |
+ $(multilib_native_with ssh) |
201 |
+ $(use_enable systemtap) |
202 |
+ $(use_enable valgrind) |
203 |
+ --without-python2-bindings |
204 |
+ $(multilib_native_use_with python python3-bindings) |
205 |
+ # Annoyingly configure requires that you pick systemd XOR sysv |
206 |
+ --with-initscript=$(usex systemd systemd sysv) |
207 |
+ ) |
208 |
+ |
209 |
+ use systemd && myconf+=( |
210 |
+ --with-systemdunitdir=$(systemd_get_systemunitdir) |
211 |
+ ) |
212 |
+ |
213 |
+ if ! multilib_is_native_abi; then |
214 |
+ # work-around all the libraries that are used for CLI and server |
215 |
+ myconf+=( |
216 |
+ {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' ' |
217 |
+ # ldb headers are fine since native needs it |
218 |
+ # ldb lib fails... but it does not seem to bother |
219 |
+ {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1,1_3}}_{CFLAGS,LIBS}=' ' |
220 |
+ {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO,P11_KIT}_{CFLAGS,LIBS}=' ' |
221 |
+ {NDR_NBT,SMBCLIENT,NDR_KRB5PAC}_{CFLAGS,LIBS}=' ' |
222 |
+ |
223 |
+ # use native include path for dbus (needed for build) |
224 |
+ DBUS_CFLAGS="${native_dbus_cflags}" |
225 |
+ |
226 |
+ # non-pkgconfig checks |
227 |
+ ac_cv_lib_ldap_ldap_search=yes |
228 |
+ --without-kcm |
229 |
+ ) |
230 |
+ fi |
231 |
+ |
232 |
+ econf "${myconf[@]}" |
233 |
+} |
234 |
+ |
235 |
+multilib_src_compile() { |
236 |
+ if multilib_is_native_abi; then |
237 |
+ default |
238 |
+ use doc && emake docs |
239 |
+ if use man || use nls; then |
240 |
+ emake update-po |
241 |
+ fi |
242 |
+ else |
243 |
+ emake libnss_sss.la pam_sss.la |
244 |
+ use locator && emake sssd_krb5_locator_plugin.la |
245 |
+ use pac && emake sssd_pac_plugin.la |
246 |
+ fi |
247 |
+} |
248 |
+ |
249 |
+multilib_src_test() { |
250 |
+ if multilib_is_native_abi; then |
251 |
+ local -x CK_TIMEOUT_MULTIPLIER=10 |
252 |
+ emake check VERBOSE=yes |
253 |
+ fi |
254 |
+} |
255 |
+ |
256 |
+multilib_src_install() { |
257 |
+ if multilib_is_native_abi; then |
258 |
+ emake -j1 DESTDIR="${D}" install |
259 |
+ if use python; then |
260 |
+ python_fix_shebang "${ED}" |
261 |
+ python_optimize |
262 |
+ fi |
263 |
+ else |
264 |
+ # easier than playing with automake... |
265 |
+ dopammod .libs/pam_sss.so |
266 |
+ |
267 |
+ into / |
268 |
+ dolib.so .libs/libnss_sss.so* |
269 |
+ |
270 |
+ if use locator; then |
271 |
+ exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 |
272 |
+ doexe .libs/sssd_krb5_locator_plugin.so |
273 |
+ fi |
274 |
+ |
275 |
+ if use pac; then |
276 |
+ exeinto /usr/$(get_libdir)/krb5/plugins/authdata |
277 |
+ doexe .libs/sssd_pac_plugin.so |
278 |
+ fi |
279 |
+ fi |
280 |
+} |
281 |
+ |
282 |
+multilib_src_install_all() { |
283 |
+ einstalldocs |
284 |
+ |
285 |
+ insinto /etc/sssd |
286 |
+ insopts -m600 |
287 |
+ doins src/examples/sssd-example.conf |
288 |
+ |
289 |
+ insinto /etc/logrotate.d |
290 |
+ insopts -m644 |
291 |
+ newins src/examples/logrotate sssd |
292 |
+ |
293 |
+ newconfd "${FILESDIR}"/sssd.conf sssd |
294 |
+ |
295 |
+ keepdir /var/lib/sss/db |
296 |
+ keepdir /var/lib/sss/deskprofile |
297 |
+ keepdir /var/lib/sss/gpo_cache |
298 |
+ keepdir /var/lib/sss/keytabs |
299 |
+ keepdir /var/lib/sss/mc |
300 |
+ keepdir /var/lib/sss/pipes/private |
301 |
+ keepdir /var/lib/sss/pubconf/krb5.include.d |
302 |
+ keepdir /var/lib/sss/secrets |
303 |
+ keepdir /var/log/sssd |
304 |
+ |
305 |
+ # strip empty dirs |
306 |
+ if ! use doc; then |
307 |
+ rm -r "${ED}"/usr/share/doc/"${PF}"/doc || die |
308 |
+ rm -r "${ED}"/usr/share/doc/"${PF}"/{hbac,idmap,nss_idmap,sss_simpleifp}_doc || die |
309 |
+ fi |
310 |
+ |
311 |
+ rm -r "${ED}"/run || die |
312 |
+ find "${ED}" -type f -name '*.la' -delete || die |
313 |
+} |
314 |
+ |
315 |
+pkg_postinst() { |
316 |
+ elog "You must set up sssd.conf (default installed into /etc/sssd)" |
317 |
+ elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" |
318 |
+ elog "features. Please see howto in https://sssd.io/docs/design_pages/smartcard_authentication_require.html" |
319 |
+ optfeature "Kerberos keytab renew (see krb5_renew_interval)" app-crypt/adcli |
320 |
+} |