1 |
commit: 9955fcfd7c5d530007ad8b5c2cf0dcfe9e54b3f4 |
2 |
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Nov 30 20:18:04 2018 +0000 |
4 |
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Nov 30 20:18:04 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9955fcfd |
7 |
|
8 |
net-nds/openldap: Security cleanup |
9 |
|
10 |
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org> |
11 |
Package-Manager: Portage-2.3.51, Repoman-2.3.11 |
12 |
|
13 |
net-nds/openldap/Manifest | 1 - |
14 |
net-nds/openldap/openldap-2.4.44-r1.ebuild | 848 ----------------------------- |
15 |
net-nds/openldap/openldap-2.4.44.ebuild | 825 ---------------------------- |
16 |
3 files changed, 1674 deletions(-) |
17 |
|
18 |
diff --git a/net-nds/openldap/Manifest b/net-nds/openldap/Manifest |
19 |
index 158a00fe7a6..d0a81c6ed50 100644 |
20 |
--- a/net-nds/openldap/Manifest |
21 |
+++ b/net-nds/openldap/Manifest |
22 |
@@ -1,3 +1,2 @@ |
23 |
-DIST openldap-2.4.44.tgz 5658830 BLAKE2B 0d9101bbc159f78f23ffc5db78943dd602610650cda166a2920c4acba502c04d4a96968b9e7f146fe1dd87b677d5da6513500b57ec42b92f9991d577b3a4ed46 SHA512 132eb81798f59a364c9246d08697e1c7ebb6c2c3b983f786b14ec0233df09696cbad33a1f35f3076348b5efb77665a076ab854a24122c31e8b58310b7c7fd136 |
24 |
DIST openldap-2.4.45.tgz 5672845 BLAKE2B e1f97553482a2e8630b62bc0f439af2484f1a2349a1a077382a124354424fe510ab55f32c073565b142d0c9318870fe31a2652268ebabd97d3afd8c833bc7aab SHA512 1c9fc84efed8998f107ce6e1c6be3f5466388241afdca0cb3847720c9def0bc263a2dbc15bf0f9112d1b4c391fd01e8531a4fb08c5532c30fb86924c08daedab |
25 |
DIST rfc2307bis.schema-20140524 12262 BLAKE2B 98031f49e9bde1e4821e637af3382364d8344ed7017649686a088070d96a632dffa6c661552352656b1b159c0fd962965580069a64c7f3d5bb6a3ed75f60fd99 SHA512 83b89a1deeefc8566b97e7e865b9b6d04541099cbdf719e24538a7d27d61b6209e87ab9003a9f140bd9afd018ec569e71721e3a24090e1902c8b6659d2ba103e |
26 |
|
27 |
diff --git a/net-nds/openldap/openldap-2.4.44-r1.ebuild b/net-nds/openldap/openldap-2.4.44-r1.ebuild |
28 |
deleted file mode 100644 |
29 |
index 9a2496805c4..00000000000 |
30 |
--- a/net-nds/openldap/openldap-2.4.44-r1.ebuild |
31 |
+++ /dev/null |
32 |
@@ -1,848 +0,0 @@ |
33 |
-# Copyright 1999-2018 Gentoo Foundation |
34 |
-# Distributed under the terms of the GNU General Public License v2 |
35 |
- |
36 |
-EAPI="5" |
37 |
- |
38 |
-inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd |
39 |
- |
40 |
-BIS_PN=rfc2307bis.schema |
41 |
-BIS_PV=20140524 |
42 |
-BIS_P="${BIS_PN}-${BIS_PV}" |
43 |
- |
44 |
-DESCRIPTION="LDAP suite of application and development tools" |
45 |
-HOMEPAGE="http://www.OpenLDAP.org/" |
46 |
- |
47 |
-# mirrors are mostly not working, using canonical URI |
48 |
-SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz |
49 |
- mirror://gentoo/${BIS_P}" |
50 |
- |
51 |
-LICENSE="OPENLDAP GPL-2" |
52 |
-SLOT="0" |
53 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-solaris" |
54 |
- |
55 |
-IUSE_DAEMON="crypt samba slp tcpd experimental minimal" |
56 |
-IUSE_BACKEND="+berkdb" |
57 |
-IUSE_OVERLAY="overlays perl" |
58 |
-IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 libressl +syslog selinux static-libs" |
59 |
-IUSE_CONTRIB="smbkrb5passwd kerberos kinit pbkdf2" |
60 |
-IUSE_CONTRIB="${IUSE_CONTRIB} -cxx" |
61 |
-IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}" |
62 |
- |
63 |
-REQUIRED_USE="cxx? ( sasl ) |
64 |
- ?? ( gnutls libressl ) |
65 |
- pbkdf2? ( ssl )" |
66 |
- |
67 |
-# always list newer first |
68 |
-# Do not add any AGPL-3 BDB here! |
69 |
-# See bug 525110, comment 15. |
70 |
-# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build. |
71 |
-BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 5.1 4.8 4.7 4.6 4.5 4.4}" |
72 |
-BDB_PKGS='' |
73 |
-for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done |
74 |
- |
75 |
-# openssl is needed to generate lanman-passwords required by samba |
76 |
-CDEPEND=" |
77 |
- ssl? ( |
78 |
- !gnutls? ( |
79 |
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) |
80 |
- ) |
81 |
- gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}] |
82 |
- libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] ) |
83 |
- >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) ) |
84 |
- sasl? ( dev-libs/cyrus-sasl:= ) |
85 |
- !minimal? ( |
86 |
- sys-devel/libtool |
87 |
- sys-libs/e2fsprogs-libs |
88 |
- >=dev-db/lmdb-0.9.18:= |
89 |
- tcpd? ( sys-apps/tcp-wrappers ) |
90 |
- odbc? ( !iodbc? ( dev-db/unixODBC ) |
91 |
- iodbc? ( dev-db/libiodbc ) ) |
92 |
- slp? ( net-libs/openslp ) |
93 |
- perl? ( dev-lang/perl:=[-build(-)] ) |
94 |
- samba? ( |
95 |
- !libressl? ( dev-libs/openssl:0= ) |
96 |
- libressl? ( dev-libs/libressl ) |
97 |
- ) |
98 |
- berkdb? ( |
99 |
- <sys-libs/db-6.0:= |
100 |
- || ( ${BDB_PKGS} ) |
101 |
- ) |
102 |
- smbkrb5passwd? ( |
103 |
- !libressl? ( dev-libs/openssl:0= ) |
104 |
- libressl? ( dev-libs/libressl ) |
105 |
- kerberos? ( app-crypt/heimdal ) |
106 |
- ) |
107 |
- kerberos? ( |
108 |
- virtual/krb5 |
109 |
- kinit? ( !app-crypt/heimdal ) |
110 |
- ) |
111 |
- cxx? ( dev-libs/cyrus-sasl:= ) |
112 |
- )" |
113 |
-DEPEND="${CDEPEND} |
114 |
- sys-apps/groff" |
115 |
-RDEPEND="${CDEPEND} |
116 |
- selinux? ( sec-policy/selinux-ldap ) |
117 |
-" |
118 |
-# for tracking versions |
119 |
-OPENLDAP_VERSIONTAG=".version-tag" |
120 |
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data" |
121 |
- |
122 |
-MULTILIB_WRAPPED_HEADERS=( |
123 |
- # USE=cxx |
124 |
- /usr/include/LDAPAsynConnection.h |
125 |
- /usr/include/LDAPAttrType.h |
126 |
- /usr/include/LDAPAttribute.h |
127 |
- /usr/include/LDAPAttributeList.h |
128 |
- /usr/include/LDAPConnection.h |
129 |
- /usr/include/LDAPConstraints.h |
130 |
- /usr/include/LDAPControl.h |
131 |
- /usr/include/LDAPControlSet.h |
132 |
- /usr/include/LDAPEntry.h |
133 |
- /usr/include/LDAPEntryList.h |
134 |
- /usr/include/LDAPException.h |
135 |
- /usr/include/LDAPExtResult.h |
136 |
- /usr/include/LDAPMessage.h |
137 |
- /usr/include/LDAPMessageQueue.h |
138 |
- /usr/include/LDAPModList.h |
139 |
- /usr/include/LDAPModification.h |
140 |
- /usr/include/LDAPObjClass.h |
141 |
- /usr/include/LDAPRebind.h |
142 |
- /usr/include/LDAPRebindAuth.h |
143 |
- /usr/include/LDAPReferenceList.h |
144 |
- /usr/include/LDAPResult.h |
145 |
- /usr/include/LDAPSaslBindResult.h |
146 |
- /usr/include/LDAPSchema.h |
147 |
- /usr/include/LDAPSearchReference.h |
148 |
- /usr/include/LDAPSearchResult.h |
149 |
- /usr/include/LDAPSearchResults.h |
150 |
- /usr/include/LDAPUrl.h |
151 |
- /usr/include/LDAPUrlList.h |
152 |
- /usr/include/LdifReader.h |
153 |
- /usr/include/LdifWriter.h |
154 |
- /usr/include/SaslInteraction.h |
155 |
- /usr/include/SaslInteractionHandler.h |
156 |
- /usr/include/StringList.h |
157 |
- /usr/include/TlsOptions.h |
158 |
-) |
159 |
- |
160 |
-openldap_filecount() { |
161 |
- local dir="$1" |
162 |
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l |
163 |
-} |
164 |
- |
165 |
-openldap_find_versiontags() { |
166 |
- # scan for all datadirs |
167 |
- openldap_datadirs="" |
168 |
- if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then |
169 |
- openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)" |
170 |
- fi |
171 |
- openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}" |
172 |
- |
173 |
- einfo |
174 |
- einfo "Scanning datadir(s) from slapd.conf and" |
175 |
- einfo "the default installdir for Versiontags" |
176 |
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)" |
177 |
- einfo |
178 |
- |
179 |
- # scan datadirs if we have a version tag |
180 |
- openldap_found_tag=0 |
181 |
- have_files=0 |
182 |
- for each in ${openldap_datadirs}; do |
183 |
- CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"` |
184 |
- CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG} |
185 |
- if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then |
186 |
- einfo "- Checking ${each}..." |
187 |
- if [ -r ${CURRENT_TAG} ] ; then |
188 |
- # yey, we have one :) |
189 |
- einfo " Found Versiontag in ${each}" |
190 |
- source ${CURRENT_TAG} |
191 |
- if [ "${OLDPF}" == "" ] ; then |
192 |
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}" |
193 |
- eerror "Please delete it" |
194 |
- eerror |
195 |
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}" |
196 |
- fi |
197 |
- |
198 |
- OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}` |
199 |
- |
200 |
- [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1 |
201 |
- |
202 |
- # are we on the same branch? |
203 |
- if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then |
204 |
- ewarn " Versiontag doesn't match current major release!" |
205 |
- if [[ "${have_files}" == "1" ]] ; then |
206 |
- eerror " Versiontag says other major and you (probably) have datafiles!" |
207 |
- echo |
208 |
- openldap_upgrade_howto |
209 |
- else |
210 |
- einfo " No real problem, seems there's no database." |
211 |
- fi |
212 |
- else |
213 |
- einfo " Versiontag is fine here :)" |
214 |
- fi |
215 |
- else |
216 |
- einfo " Non-tagged dir ${each}" |
217 |
- [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1 |
218 |
- if [[ "${have_files}" == "1" ]] ; then |
219 |
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files" |
220 |
- echo |
221 |
- |
222 |
- eerror |
223 |
- eerror "Your OpenLDAP Installation has a non tagged datadir that" |
224 |
- eerror "possibly contains a database at ${CURRENT_TAGDIR}" |
225 |
- eerror |
226 |
- eerror "Please export data if any entered and empty or remove" |
227 |
- eerror "the directory, installation has been stopped so you" |
228 |
- eerror "can take required action" |
229 |
- eerror |
230 |
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild" |
231 |
- eerror |
232 |
- openldap_upgrade_howto |
233 |
- die "Please move the datadir ${CURRENT_TAGDIR} away" |
234 |
- fi |
235 |
- fi |
236 |
- einfo |
237 |
- fi |
238 |
- done |
239 |
- [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present" |
240 |
- |
241 |
- # Now we must check for the major version of sys-libs/db linked against. |
242 |
- SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd |
243 |
- if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then |
244 |
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \ |
245 |
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')" |
246 |
- if use berkdb; then |
247 |
- # find which one would be used |
248 |
- for bdb_slot in $BDB_SLOTS ; do |
249 |
- NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")" |
250 |
- [[ -n "$NEWVER" ]] && break |
251 |
- done |
252 |
- fi |
253 |
- local fail=0 |
254 |
- if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then |
255 |
- : |
256 |
- # Nothing wrong here. |
257 |
- elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then |
258 |
- eerror " Your existing version of OpenLDAP was not built against" |
259 |
- eerror " any version of sys-libs/db, but the new one will build" |
260 |
- eerror " against ${NEWVER} and your database may be inaccessible." |
261 |
- echo |
262 |
- fail=1 |
263 |
- elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then |
264 |
- eerror " Your existing version of OpenLDAP was built against" |
265 |
- eerror " sys-libs/db:${OLDVER}, but the new one will not be" |
266 |
- eerror " built against any version and your database may be" |
267 |
- eerror " inaccessible." |
268 |
- echo |
269 |
- fail=1 |
270 |
- elif [ "${OLDVER}" != "${NEWVER}" ]; then |
271 |
- eerror " Your existing version of OpenLDAP was built against" |
272 |
- eerror " sys-libs/db:${OLDVER}, but the new one will build against" |
273 |
- eerror " ${NEWVER} and your database would be inaccessible." |
274 |
- echo |
275 |
- fail=1 |
276 |
- fi |
277 |
- [ "${fail}" == "1" ] && openldap_upgrade_howto |
278 |
- fi |
279 |
- |
280 |
- echo |
281 |
- einfo |
282 |
- einfo "All datadirs are fine, proceeding with merge now..." |
283 |
- einfo |
284 |
-} |
285 |
- |
286 |
-openldap_upgrade_howto() { |
287 |
- eerror |
288 |
- eerror "A (possible old) installation of OpenLDAP was detected," |
289 |
- eerror "installation will not proceed for now." |
290 |
- eerror |
291 |
- eerror "As major version upgrades can corrupt your database," |
292 |
- eerror "you need to dump your database and re-create it afterwards." |
293 |
- eerror |
294 |
- eerror "Additionally, rebuilding against different major versions of the" |
295 |
- eerror "sys-libs/db libraries will cause your database to be inaccessible." |
296 |
- eerror "" |
297 |
- d="$(date -u +%s)" |
298 |
- l="/root/ldapdump.${d}" |
299 |
- i="${l}.raw" |
300 |
- eerror " 1. /etc/init.d/slapd stop" |
301 |
- eerror " 2. slapcat -l ${i}" |
302 |
- eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}" |
303 |
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/" |
304 |
- eerror " 5. emerge --update \=net-nds/${PF}" |
305 |
- eerror " 6. etc-update, and ensure that you apply the changes" |
306 |
- eerror " 7. slapadd -l ${l}" |
307 |
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*" |
308 |
- eerror " 9. /etc/init.d/slapd start" |
309 |
- eerror "10. check that your data is intact." |
310 |
- eerror "11. set up the new replication system." |
311 |
- eerror |
312 |
- if [ "${FORCE_UPGRADE}" != "1" ]; then |
313 |
- die "You need to upgrade your database first" |
314 |
- else |
315 |
- eerror "You have the magical FORCE_UPGRADE=1 in place." |
316 |
- eerror "Don't say you weren't warned about data loss." |
317 |
- fi |
318 |
-} |
319 |
- |
320 |
-pkg_setup() { |
321 |
- if ! use sasl && use cxx ; then |
322 |
- die "To build the ldapc++ library you must emerge openldap with sasl support" |
323 |
- fi |
324 |
- # Bug #322787 |
325 |
- if use minimal && ! has_version "net-nds/openldap" ; then |
326 |
- einfo "No datadir scan needed, openldap not installed" |
327 |
- elif use minimal && has_version 'net-nds/openldap[minimal]' ; then |
328 |
- einfo "Skipping scan for previous datadirs as requested by minimal useflag" |
329 |
- else |
330 |
- openldap_find_versiontags |
331 |
- fi |
332 |
- |
333 |
- # The user/group are only used for running daemons which are |
334 |
- # disabled in minimal builds, so elide the accounts too. |
335 |
- if ! use minimal ; then |
336 |
- enewgroup ldap 439 |
337 |
- enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap |
338 |
- fi |
339 |
-} |
340 |
- |
341 |
-src_prepare() { |
342 |
- # ensure correct SLAPI path by default |
343 |
- sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \ |
344 |
- "${S}"/include/ldap_defaults.h |
345 |
- |
346 |
- epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch |
347 |
- |
348 |
- epatch \ |
349 |
- "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \ |
350 |
- "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch |
351 |
- |
352 |
- # bug #116045 - still present in 2.4.28 |
353 |
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch |
354 |
- # bug #408077 - samba4 |
355 |
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch |
356 |
- |
357 |
- # bug #189817 |
358 |
- epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch |
359 |
- |
360 |
- # bug #233633 |
361 |
- epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch |
362 |
- |
363 |
- # bug #281495 |
364 |
- epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch |
365 |
- |
366 |
- # bug #294350 |
367 |
- epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch |
368 |
- |
369 |
- # unbreak /bin/sh -> dash |
370 |
- epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch |
371 |
- |
372 |
- # bug #420959 |
373 |
- epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch |
374 |
- |
375 |
- # unbundle lmdb |
376 |
- epatch "${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch |
377 |
- rm -rf "${S}"/libraries/liblmdb |
378 |
- |
379 |
- cd "${S}"/build || die |
380 |
- einfo "Making sure upstream build strip does not do stripping too early" |
381 |
- sed -i.orig \ |
382 |
- -e '/^STRIP/s,-s,,g' \ |
383 |
- top.mk || die "Failed to block stripping" |
384 |
- |
385 |
- # wrong assumption that /bin/sh is /bin/bash |
386 |
- sed -i \ |
387 |
- -e 's|/bin/sh|/bin/bash|g' \ |
388 |
- "${S}"/tests/scripts/* || die "sed failed" |
389 |
- |
390 |
- cd "${S}" || die |
391 |
- |
392 |
- AT_NOEAUTOMAKE=yes eautoreconf |
393 |
-} |
394 |
- |
395 |
-build_contrib_module() { |
396 |
- # <dir> <sources> <outputname> |
397 |
- cd "${S}/contrib/slapd-modules/$1" || die |
398 |
- einfo "Compiling contrib-module: $3" |
399 |
- # Make sure it's uppercase |
400 |
- local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')" |
401 |
- "${lt}" --mode=compile --tag=CC \ |
402 |
- "${CC}" \ |
403 |
- -D${define_name}=SLAPD_MOD_DYNAMIC \ |
404 |
- -I"${BUILD_DIR}"/include \ |
405 |
- -I../../../include -I../../../servers/slapd ${CFLAGS} \ |
406 |
- -o ${2%.c}.lo -c $2 || die "compiling $3 failed" |
407 |
- einfo "Linking contrib-module: $3" |
408 |
- "${lt}" --mode=link --tag=CC \ |
409 |
- "${CC}" -module \ |
410 |
- ${CFLAGS} \ |
411 |
- ${LDFLAGS} \ |
412 |
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ |
413 |
- -o $3.la ${2%.c}.lo || die "linking $3 failed" |
414 |
-} |
415 |
- |
416 |
-src_configure() { |
417 |
- # Bug 408001 |
418 |
- use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync |
419 |
- |
420 |
- # connectionless ldap per bug #342439 |
421 |
- append-cppflags -DLDAP_CONNECTIONLESS |
422 |
- |
423 |
- multilib-minimal_src_configure |
424 |
-} |
425 |
- |
426 |
-multilib_src_configure() { |
427 |
- local myconf=() |
428 |
- |
429 |
- use debug && myconf+=( $(use_enable debug) ) |
430 |
- |
431 |
- # ICU exists only in the configure, nowhere in the codebase, bug #510858 |
432 |
- export ac_cv_header_unicode_utypes_h=no ol_cv_lib_icu=no |
433 |
- |
434 |
- if ! use minimal && multilib_is_native_abi; then |
435 |
- local CPPFLAGS=${CPPFLAGS} |
436 |
- |
437 |
- # re-enable serverside overlay chains per bug #296567 |
438 |
- # see ldap docs chaper 12.3.1 for details |
439 |
- myconf+=( --enable-ldap ) |
440 |
- |
441 |
- # backends |
442 |
- myconf+=( --enable-slapd ) |
443 |
- if use berkdb ; then |
444 |
- einfo "Using Berkeley DB for local backend" |
445 |
- myconf+=( --enable-bdb --enable-hdb ) |
446 |
- DBINCLUDE=$(db_includedir $BDB_SLOTS) |
447 |
- einfo "Using $DBINCLUDE for sys-libs/db version" |
448 |
- # We need to include the slotted db.h dir for FreeBSD |
449 |
- append-cppflags -I${DBINCLUDE} |
450 |
- else |
451 |
- myconf+=( --disable-bdb --disable-hdb ) |
452 |
- fi |
453 |
- for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do |
454 |
- myconf+=( --enable-${backend}=mod ) |
455 |
- done |
456 |
- |
457 |
- myconf+=( $(use_enable perl perl mod) ) |
458 |
- |
459 |
- myconf+=( $(use_enable odbc sql mod) ) |
460 |
- if use odbc ; then |
461 |
- local odbc_lib="unixodbc" |
462 |
- if use iodbc ; then |
463 |
- odbc_lib="iodbc" |
464 |
- append-cppflags -I"${EPREFIX}"/usr/include/iodbc |
465 |
- fi |
466 |
- myconf+=( --with-odbc=${odbc_lib} ) |
467 |
- fi |
468 |
- |
469 |
- # slapd options |
470 |
- myconf+=( |
471 |
- $(use_enable crypt) |
472 |
- $(use_enable slp) |
473 |
- $(use_enable samba lmpasswd) |
474 |
- $(use_enable syslog) |
475 |
- ) |
476 |
- if use experimental ; then |
477 |
- myconf+=( |
478 |
- --enable-dynacl |
479 |
- --enable-aci=mod |
480 |
- ) |
481 |
- fi |
482 |
- for option in aci cleartext modules rewrite rlookups slapi; do |
483 |
- myconf+=( --enable-${option} ) |
484 |
- done |
485 |
- |
486 |
- # slapd overlay options |
487 |
- # Compile-in the syncprov, the others as module |
488 |
- myconf+=( --enable-syncprov=yes ) |
489 |
- use overlays && myconf+=( --enable-overlays=mod ) |
490 |
- |
491 |
- else |
492 |
- myconf+=( |
493 |
- --disable-backends |
494 |
- --disable-slapd |
495 |
- --disable-bdb |
496 |
- --disable-hdb |
497 |
- --disable-mdb |
498 |
- --disable-overlays |
499 |
- --disable-syslog |
500 |
- ) |
501 |
- fi |
502 |
- |
503 |
- # basic functionality stuff |
504 |
- myconf+=( |
505 |
- $(use_enable ipv6) |
506 |
- $(multilib_native_use_with sasl cyrus-sasl) |
507 |
- $(multilib_native_use_enable sasl spasswd) |
508 |
- $(use_enable tcpd wrappers) |
509 |
- ) |
510 |
- |
511 |
- # Some cross-compiling tests don't pan out well. |
512 |
- tc-is-cross-compiler && myconf+=( |
513 |
- --with-yielding-select=yes |
514 |
- ) |
515 |
- |
516 |
- local ssl_lib="no" |
517 |
- if use ssl || ( ! use minimal && use samba ) ; then |
518 |
- ssl_lib="openssl" |
519 |
- use gnutls && ssl_lib="gnutls" |
520 |
- fi |
521 |
- |
522 |
- myconf+=( --with-tls=${ssl_lib} ) |
523 |
- |
524 |
- for basicflag in dynamic local proctitle shared; do |
525 |
- myconf+=( --enable-${basicflag} ) |
526 |
- done |
527 |
- |
528 |
- tc-export AR CC CXX |
529 |
- ECONF_SOURCE=${S} \ |
530 |
- STRIP=/bin/true \ |
531 |
- econf \ |
532 |
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \ |
533 |
- $(use_enable static-libs static) \ |
534 |
- "${myconf[@]}" |
535 |
- emake depend |
536 |
-} |
537 |
- |
538 |
-src_configure_cxx() { |
539 |
- # This needs the libraries built by the first build run. |
540 |
- # So we have to run it AFTER the main build, not just after the main |
541 |
- # configure. |
542 |
- local myconf_ldapcpp=( |
543 |
- --with-ldap-includes="${S}"/include |
544 |
- ) |
545 |
- |
546 |
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die |
547 |
- cd "${BUILD_DIR}/contrib/ldapc++" || die |
548 |
- |
549 |
- local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS} |
550 |
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \ |
551 |
- -L"${BUILD_DIR}"/libraries/libldap/.libs |
552 |
- append-cppflags -I"${BUILD_DIR}"/include |
553 |
- ECONF_SOURCE=${S}/contrib/ldapc++ \ |
554 |
- econf "${myconf_ldapcpp[@]}" \ |
555 |
- CC="${CC}" \ |
556 |
- CXX="${CXX}" |
557 |
-} |
558 |
- |
559 |
-multilib_src_compile() { |
560 |
- tc-export AR CC CXX |
561 |
- emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash |
562 |
- local lt="${BUILD_DIR}/libtool" |
563 |
- export echo="echo" |
564 |
- |
565 |
- if ! use minimal && multilib_is_native_abi ; then |
566 |
- if use cxx ; then |
567 |
- einfo "Building contrib library: ldapc++" |
568 |
- src_configure_cxx |
569 |
- cd "${BUILD_DIR}/contrib/ldapc++" || die |
570 |
- emake \ |
571 |
- CC="${CC}" CXX="${CXX}" |
572 |
- fi |
573 |
- |
574 |
- if use smbkrb5passwd ; then |
575 |
- einfo "Building contrib-module: smbk5pwd" |
576 |
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die |
577 |
- |
578 |
- MY_DEFS="-DDO_SHADOW" |
579 |
- if use samba ; then |
580 |
- MY_DEFS="${MY_DEFS} -DDO_SAMBA" |
581 |
- MY_KRB5_INC="" |
582 |
- fi |
583 |
- if use kerberos ; then |
584 |
- MY_DEFS="${MY_DEFS} -DDO_KRB5" |
585 |
- MY_KRB5_INC="$(krb5-config --cflags)" |
586 |
- fi |
587 |
- |
588 |
- emake \ |
589 |
- DEFS="${MY_DEFS}" \ |
590 |
- KRB5_INC="${MY_KRB5_INC}" \ |
591 |
- LDAP_BUILD="${BUILD_DIR}" \ |
592 |
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" |
593 |
- fi |
594 |
- |
595 |
- if use overlays ; then |
596 |
- einfo "Building contrib-module: samba4" |
597 |
- cd "${S}/contrib/slapd-modules/samba4" || die |
598 |
- |
599 |
- emake \ |
600 |
- LDAP_BUILD="${BUILD_DIR}" \ |
601 |
- CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap" |
602 |
- fi |
603 |
- |
604 |
- if use kerberos ; then |
605 |
- if use kinit ; then |
606 |
- build_contrib_module "kinit" "kinit.c" "kinit" |
607 |
- fi |
608 |
- cd "${S}/contrib/slapd-modules/passwd" || die |
609 |
- einfo "Compiling contrib-module: pw-kerberos" |
610 |
- "${lt}" --mode=compile --tag=CC \ |
611 |
- "${CC}" \ |
612 |
- -I"${BUILD_DIR}"/include \ |
613 |
- -I../../../include \ |
614 |
- ${CFLAGS} \ |
615 |
- $(krb5-config --cflags) \ |
616 |
- -DHAVE_KRB5 \ |
617 |
- -o kerberos.lo \ |
618 |
- -c kerberos.c || die "compiling pw-kerberos failed" |
619 |
- einfo "Linking contrib-module: pw-kerberos" |
620 |
- "${lt}" --mode=link --tag=CC \ |
621 |
- "${CC}" -module \ |
622 |
- ${CFLAGS} \ |
623 |
- ${LDFLAGS} \ |
624 |
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ |
625 |
- -o pw-kerberos.la \ |
626 |
- kerberos.lo || die "linking pw-kerberos failed" |
627 |
- fi |
628 |
- |
629 |
- if use pbkdf2; then |
630 |
- cd "${S}/contrib/slapd-modules/passwd/pbkdf2" || die |
631 |
- einfo "Compiling contrib-module: pw-pbkdf2" |
632 |
- "${lt}" --mode=compile --tag=CC \ |
633 |
- "${CC}" \ |
634 |
- -I"${BUILD_DIR}"/include \ |
635 |
- -I../../../../include \ |
636 |
- ${CFLAGS} \ |
637 |
- -o pbkdf2.lo \ |
638 |
- -c pw-pbkdf2.c || die "compiling pw-pbkdf2 failed" |
639 |
- einfo "Linking contrib-module: pw-pbkdf2" |
640 |
- "${lt}" --mode=link --tag=CC \ |
641 |
- "${CC}" -module \ |
642 |
- ${CFLAGS} \ |
643 |
- ${LDFLAGS} \ |
644 |
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ |
645 |
- -o pw-pbkdf2.la \ |
646 |
- pbkdf2.lo || die "linking pw-pbkdf2 failed" |
647 |
- fi |
648 |
- |
649 |
- # We could build pw-radius if GNURadius would install radlib.h |
650 |
- cd "${S}/contrib/slapd-modules/passwd" || die |
651 |
- einfo "Compiling contrib-module: pw-netscape" |
652 |
- "${lt}" --mode=compile --tag=CC \ |
653 |
- "${CC}" \ |
654 |
- -I"${BUILD_DIR}"/include \ |
655 |
- -I../../../include \ |
656 |
- ${CFLAGS} \ |
657 |
- -o netscape.lo \ |
658 |
- -c netscape.c || die "compiling pw-netscape failed" |
659 |
- einfo "Linking contrib-module: pw-netscape" |
660 |
- "${lt}" --mode=link --tag=CC \ |
661 |
- "${CC}" -module \ |
662 |
- ${CFLAGS} \ |
663 |
- ${LDFLAGS} \ |
664 |
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ |
665 |
- -o pw-netscape.la \ |
666 |
- netscape.lo || die "linking pw-netscape failed" |
667 |
- |
668 |
- #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only |
669 |
- #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos |
670 |
- build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay" |
671 |
- build_contrib_module "allop" "allop.c" "overlay-allop" |
672 |
- build_contrib_module "allowed" "allowed.c" "allowed" |
673 |
- build_contrib_module "autogroup" "autogroup.c" "autogroup" |
674 |
- build_contrib_module "cloak" "cloak.c" "cloak" |
675 |
- # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand |
676 |
- build_contrib_module "denyop" "denyop.c" "denyop-overlay" |
677 |
- build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin" |
678 |
- build_contrib_module "dupent" "dupent.c" "dupent" |
679 |
- build_contrib_module "lastbind" "lastbind.c" "lastbind" |
680 |
- # lastmod may not play well with other overlays |
681 |
- build_contrib_module "lastmod" "lastmod.c" "lastmod" |
682 |
- build_contrib_module "noopsrch" "noopsrch.c" "noopsrch" |
683 |
- build_contrib_module "nops" "nops.c" "nops-overlay" |
684 |
- #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER |
685 |
- build_contrib_module "trace" "trace.c" "trace" |
686 |
- # build slapi-plugins |
687 |
- cd "${S}/contrib/slapi-plugins/addrdnvalues" || die |
688 |
- einfo "Building contrib-module: addrdnvalues plugin" |
689 |
- "${CC}" -shared \ |
690 |
- -I"${BUILD_DIR}"/include \ |
691 |
- -I../../../include \ |
692 |
- ${CFLAGS} \ |
693 |
- -fPIC \ |
694 |
- ${LDFLAGS} \ |
695 |
- -o libaddrdnvalues-plugin.so \ |
696 |
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed" |
697 |
- |
698 |
- fi |
699 |
-} |
700 |
- |
701 |
-multilib_src_test() { |
702 |
- if multilib_is_native_abi; then |
703 |
- cd tests || die |
704 |
- emake tests || die "make tests failed" |
705 |
- fi |
706 |
-} |
707 |
- |
708 |
-multilib_src_install() { |
709 |
- local lt="${BUILD_DIR}/libtool" |
710 |
- emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install |
711 |
- |
712 |
- if ! use minimal && multilib_is_native_abi; then |
713 |
- # openldap modules go here |
714 |
- # TODO: write some code to populate slapd.conf with moduleload statements |
715 |
- keepdir /usr/$(get_libdir)/openldap/openldap/ |
716 |
- |
717 |
- # initial data storage dir |
718 |
- keepdir /var/lib/openldap-data |
719 |
- use prefix || fowners ldap:ldap /var/lib/openldap-data |
720 |
- fperms 0700 /var/lib/openldap-data |
721 |
- |
722 |
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" |
723 |
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" |
724 |
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" |
725 |
- |
726 |
- # use our config |
727 |
- rm "${ED}"etc/openldap/slapd.conf |
728 |
- insinto /etc/openldap |
729 |
- newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf |
730 |
- configfile="${ED}"etc/openldap/slapd.conf |
731 |
- |
732 |
- # populate with built backends |
733 |
- ebegin "populate config with built backends" |
734 |
- for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do |
735 |
- einfo "Adding $(basename ${x})" |
736 |
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" |
737 |
- done |
738 |
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}" |
739 |
- use prefix || fowners root:ldap /etc/openldap/slapd.conf |
740 |
- fperms 0640 /etc/openldap/slapd.conf |
741 |
- cp "${configfile}" "${configfile}".default |
742 |
- eend |
743 |
- |
744 |
- # install our own init scripts and systemd unit files |
745 |
- einfo "Install init scripts" |
746 |
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die |
747 |
- doinitd "${T}"/slapd |
748 |
- newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd |
749 |
- |
750 |
- einfo "Install systemd service" |
751 |
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd.service > "${T}"/slapd.service || die |
752 |
- systemd_dounit "${T}"/slapd.service |
753 |
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf |
754 |
- systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf |
755 |
- |
756 |
- # If built without SLP, we don't need to be before avahi |
757 |
- use slp \ |
758 |
- || sed -i \ |
759 |
- -e '/before/{s/avahi-daemon//g}' \ |
760 |
- "${ED}"etc/init.d/slapd |
761 |
- |
762 |
- if use cxx ; then |
763 |
- einfo "Install the ldapc++ library" |
764 |
- cd "${BUILD_DIR}/contrib/ldapc++" || die |
765 |
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install |
766 |
- cd "${S}"/contrib/ldapc++ || die |
767 |
- newdoc README ldapc++-README |
768 |
- fi |
769 |
- |
770 |
- if use smbkrb5passwd ; then |
771 |
- einfo "Install the smbk5pwd module" |
772 |
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die |
773 |
- emake DESTDIR="${D}" \ |
774 |
- LDAP_BUILD="${BUILD_DIR}" \ |
775 |
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install |
776 |
- newdoc README smbk5pwd-README |
777 |
- fi |
778 |
- |
779 |
- if use overlays ; then |
780 |
- einfo "Install the samba4 module" |
781 |
- cd "${S}/contrib/slapd-modules/samba4" || die |
782 |
- emake DESTDIR="${D}" \ |
783 |
- LDAP_BUILD="${BUILD_DIR}" \ |
784 |
- libexecdir="/usr/$(get_libdir)/openldap" install |
785 |
- newdoc README samba4-README |
786 |
- fi |
787 |
- |
788 |
- einfo "Installing contrib modules" |
789 |
- cd "${S}/contrib/slapd-modules" || die |
790 |
- for l in */*.la */*/*.la; do |
791 |
- [[ -e ${l} ]] || continue |
792 |
- "${lt}" --mode=install cp ${l} \ |
793 |
- "${ED}"usr/$(get_libdir)/openldap/openldap || \ |
794 |
- die "installing ${l} failed" |
795 |
- done |
796 |
- |
797 |
- dodoc "${FILESDIR}"/DB_CONFIG.fast.example |
798 |
- docinto contrib |
799 |
- doman */*.5 |
800 |
- #newdoc acl/README* |
801 |
- newdoc addpartial/README addpartial-README |
802 |
- newdoc allop/README allop-README |
803 |
- newdoc allowed/README allowed-README |
804 |
- newdoc autogroup/README autogroup-README |
805 |
- newdoc dsaschema/README dsaschema-README |
806 |
- newdoc passwd/README passwd-README |
807 |
- cd "${S}/contrib/slapi-plugins" || die |
808 |
- insinto /usr/$(get_libdir)/openldap/openldap |
809 |
- doins */*.so |
810 |
- docinto contrib |
811 |
- newdoc addrdnvalues/README addrdnvalues-README |
812 |
- |
813 |
- insinto /etc/openldap/schema |
814 |
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN} |
815 |
- |
816 |
- docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample* |
817 |
- docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample* |
818 |
- docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm |
819 |
- |
820 |
- dosbin "${S}"/contrib/slapd-tools/statslog |
821 |
- newdoc "${S}"/contrib/slapd-tools/README README.statslog |
822 |
- fi |
823 |
- |
824 |
- use static-libs || prune_libtool_files --all |
825 |
-} |
826 |
- |
827 |
-multilib_src_install_all() { |
828 |
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README |
829 |
- docinto rfc ; dodoc doc/rfc/*.txt |
830 |
-} |
831 |
- |
832 |
-pkg_preinst() { |
833 |
- # keep old libs if any |
834 |
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0) |
835 |
- # bug 440470, only display the getting started help there was no openldap before, |
836 |
- # or we are going to a non-minimal build |
837 |
- ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]' |
838 |
- OPENLDAP_PRINT_MESSAGES=$((! $?)) |
839 |
-} |
840 |
- |
841 |
-pkg_postinst() { |
842 |
- if ! use minimal ; then |
843 |
- # You cannot build SSL certificates during src_install that will make |
844 |
- # binary packages containing your SSL key, which is both a security risk |
845 |
- # and a misconfiguration if multiple machines use the same key and cert. |
846 |
- if use ssl; then |
847 |
- install_cert /etc/openldap/ssl/ldap |
848 |
- use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.* |
849 |
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" |
850 |
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" |
851 |
- ewarn "add 'TLS_REQCERT allow' if you want to use them." |
852 |
- fi |
853 |
- |
854 |
- if use prefix; then |
855 |
- # Warn about prefix issues with slapd |
856 |
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges" |
857 |
- eerror "to start up, and requires that certain files directories be owned by" |
858 |
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and" |
859 |
- eerror "directories, you will have to manually fix this yourself." |
860 |
- fi |
861 |
- |
862 |
- # These lines force the permissions of various content to be correct |
863 |
- use prefix || chown ldap:ldap "${EROOT}"var/run/openldap |
864 |
- chmod 0755 "${EROOT}"var/run/openldap |
865 |
- use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default} |
866 |
- chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default} |
867 |
- use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data |
868 |
- fi |
869 |
- |
870 |
- if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then |
871 |
- elog "Getting started using OpenLDAP? There is some documentation available:" |
872 |
- elog "Gentoo Guide to OpenLDAP Authentication" |
873 |
- elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)" |
874 |
- elog "---" |
875 |
- elog "An example file for tuning BDB backends with openldap is" |
876 |
- elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/" |
877 |
- fi |
878 |
- |
879 |
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0) |
880 |
-} |
881 |
|
882 |
diff --git a/net-nds/openldap/openldap-2.4.44.ebuild b/net-nds/openldap/openldap-2.4.44.ebuild |
883 |
deleted file mode 100644 |
884 |
index 6e0599b9c96..00000000000 |
885 |
--- a/net-nds/openldap/openldap-2.4.44.ebuild |
886 |
+++ /dev/null |
887 |
@@ -1,825 +0,0 @@ |
888 |
-# Copyright 1999-2018 Gentoo Foundation |
889 |
-# Distributed under the terms of the GNU General Public License v2 |
890 |
- |
891 |
-EAPI="5" |
892 |
- |
893 |
-inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd |
894 |
- |
895 |
-BIS_PN=rfc2307bis.schema |
896 |
-BIS_PV=20140524 |
897 |
-BIS_P="${BIS_PN}-${BIS_PV}" |
898 |
- |
899 |
-DESCRIPTION="LDAP suite of application and development tools" |
900 |
-HOMEPAGE="http://www.OpenLDAP.org/" |
901 |
- |
902 |
-# mirrors are mostly not working, using canonical URI |
903 |
-SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz |
904 |
- mirror://gentoo/${BIS_P}" |
905 |
- |
906 |
-LICENSE="OPENLDAP GPL-2" |
907 |
-SLOT="0" |
908 |
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~mips ppc ppc64 s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-solaris" |
909 |
- |
910 |
-IUSE_DAEMON="crypt samba slp tcpd experimental minimal" |
911 |
-IUSE_BACKEND="+berkdb" |
912 |
-IUSE_OVERLAY="overlays perl" |
913 |
-IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 libressl +syslog selinux static-libs" |
914 |
-IUSE_CONTRIB="smbkrb5passwd kerberos kinit" |
915 |
-IUSE_CONTRIB="${IUSE_CONTRIB} -cxx" |
916 |
-IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}" |
917 |
- |
918 |
-REQUIRED_USE="cxx? ( sasl ) |
919 |
- ?? ( gnutls libressl )" |
920 |
- |
921 |
-# always list newer first |
922 |
-# Do not add any AGPL-3 BDB here! |
923 |
-# See bug 525110, comment 15. |
924 |
-# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build. |
925 |
-BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 5.1 4.8 4.7 4.6 4.5 4.4}" |
926 |
-BDB_PKGS='' |
927 |
-for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done |
928 |
- |
929 |
-# openssl is needed to generate lanman-passwords required by samba |
930 |
-CDEPEND=" |
931 |
- ssl? ( |
932 |
- !gnutls? ( |
933 |
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) |
934 |
- ) |
935 |
- gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}] |
936 |
- libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] ) |
937 |
- >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) ) |
938 |
- sasl? ( dev-libs/cyrus-sasl:= ) |
939 |
- !minimal? ( |
940 |
- sys-devel/libtool |
941 |
- sys-libs/e2fsprogs-libs |
942 |
- >=dev-db/lmdb-0.9.18:= |
943 |
- tcpd? ( sys-apps/tcp-wrappers ) |
944 |
- odbc? ( !iodbc? ( dev-db/unixODBC ) |
945 |
- iodbc? ( dev-db/libiodbc ) ) |
946 |
- slp? ( net-libs/openslp ) |
947 |
- perl? ( dev-lang/perl:=[-build(-)] ) |
948 |
- samba? ( |
949 |
- !libressl? ( dev-libs/openssl:0= ) |
950 |
- libressl? ( dev-libs/libressl ) |
951 |
- ) |
952 |
- berkdb? ( |
953 |
- <sys-libs/db-6.0:= |
954 |
- || ( ${BDB_PKGS} ) |
955 |
- ) |
956 |
- smbkrb5passwd? ( |
957 |
- !libressl? ( dev-libs/openssl:0= ) |
958 |
- libressl? ( dev-libs/libressl ) |
959 |
- kerberos? ( app-crypt/heimdal ) |
960 |
- ) |
961 |
- kerberos? ( |
962 |
- virtual/krb5 |
963 |
- kinit? ( !app-crypt/heimdal ) |
964 |
- ) |
965 |
- cxx? ( dev-libs/cyrus-sasl:= ) |
966 |
- )" |
967 |
-DEPEND="${CDEPEND} |
968 |
- sys-apps/groff" |
969 |
-RDEPEND="${CDEPEND} |
970 |
- selinux? ( sec-policy/selinux-ldap ) |
971 |
-" |
972 |
-# for tracking versions |
973 |
-OPENLDAP_VERSIONTAG=".version-tag" |
974 |
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data" |
975 |
- |
976 |
-MULTILIB_WRAPPED_HEADERS=( |
977 |
- # USE=cxx |
978 |
- /usr/include/LDAPAsynConnection.h |
979 |
- /usr/include/LDAPAttrType.h |
980 |
- /usr/include/LDAPAttribute.h |
981 |
- /usr/include/LDAPAttributeList.h |
982 |
- /usr/include/LDAPConnection.h |
983 |
- /usr/include/LDAPConstraints.h |
984 |
- /usr/include/LDAPControl.h |
985 |
- /usr/include/LDAPControlSet.h |
986 |
- /usr/include/LDAPEntry.h |
987 |
- /usr/include/LDAPEntryList.h |
988 |
- /usr/include/LDAPException.h |
989 |
- /usr/include/LDAPExtResult.h |
990 |
- /usr/include/LDAPMessage.h |
991 |
- /usr/include/LDAPMessageQueue.h |
992 |
- /usr/include/LDAPModList.h |
993 |
- /usr/include/LDAPModification.h |
994 |
- /usr/include/LDAPObjClass.h |
995 |
- /usr/include/LDAPRebind.h |
996 |
- /usr/include/LDAPRebindAuth.h |
997 |
- /usr/include/LDAPReferenceList.h |
998 |
- /usr/include/LDAPResult.h |
999 |
- /usr/include/LDAPSaslBindResult.h |
1000 |
- /usr/include/LDAPSchema.h |
1001 |
- /usr/include/LDAPSearchReference.h |
1002 |
- /usr/include/LDAPSearchResult.h |
1003 |
- /usr/include/LDAPSearchResults.h |
1004 |
- /usr/include/LDAPUrl.h |
1005 |
- /usr/include/LDAPUrlList.h |
1006 |
- /usr/include/LdifReader.h |
1007 |
- /usr/include/LdifWriter.h |
1008 |
- /usr/include/SaslInteraction.h |
1009 |
- /usr/include/SaslInteractionHandler.h |
1010 |
- /usr/include/StringList.h |
1011 |
- /usr/include/TlsOptions.h |
1012 |
-) |
1013 |
- |
1014 |
-openldap_filecount() { |
1015 |
- local dir="$1" |
1016 |
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l |
1017 |
-} |
1018 |
- |
1019 |
-openldap_find_versiontags() { |
1020 |
- # scan for all datadirs |
1021 |
- openldap_datadirs="" |
1022 |
- if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then |
1023 |
- openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)" |
1024 |
- fi |
1025 |
- openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}" |
1026 |
- |
1027 |
- einfo |
1028 |
- einfo "Scanning datadir(s) from slapd.conf and" |
1029 |
- einfo "the default installdir for Versiontags" |
1030 |
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)" |
1031 |
- einfo |
1032 |
- |
1033 |
- # scan datadirs if we have a version tag |
1034 |
- openldap_found_tag=0 |
1035 |
- have_files=0 |
1036 |
- for each in ${openldap_datadirs}; do |
1037 |
- CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"` |
1038 |
- CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG} |
1039 |
- if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then |
1040 |
- einfo "- Checking ${each}..." |
1041 |
- if [ -r ${CURRENT_TAG} ] ; then |
1042 |
- # yey, we have one :) |
1043 |
- einfo " Found Versiontag in ${each}" |
1044 |
- source ${CURRENT_TAG} |
1045 |
- if [ "${OLDPF}" == "" ] ; then |
1046 |
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}" |
1047 |
- eerror "Please delete it" |
1048 |
- eerror |
1049 |
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}" |
1050 |
- fi |
1051 |
- |
1052 |
- OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}` |
1053 |
- |
1054 |
- [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1 |
1055 |
- |
1056 |
- # are we on the same branch? |
1057 |
- if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then |
1058 |
- ewarn " Versiontag doesn't match current major release!" |
1059 |
- if [[ "${have_files}" == "1" ]] ; then |
1060 |
- eerror " Versiontag says other major and you (probably) have datafiles!" |
1061 |
- echo |
1062 |
- openldap_upgrade_howto |
1063 |
- else |
1064 |
- einfo " No real problem, seems there's no database." |
1065 |
- fi |
1066 |
- else |
1067 |
- einfo " Versiontag is fine here :)" |
1068 |
- fi |
1069 |
- else |
1070 |
- einfo " Non-tagged dir ${each}" |
1071 |
- [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1 |
1072 |
- if [[ "${have_files}" == "1" ]] ; then |
1073 |
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files" |
1074 |
- echo |
1075 |
- |
1076 |
- eerror |
1077 |
- eerror "Your OpenLDAP Installation has a non tagged datadir that" |
1078 |
- eerror "possibly contains a database at ${CURRENT_TAGDIR}" |
1079 |
- eerror |
1080 |
- eerror "Please export data if any entered and empty or remove" |
1081 |
- eerror "the directory, installation has been stopped so you" |
1082 |
- eerror "can take required action" |
1083 |
- eerror |
1084 |
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild" |
1085 |
- eerror |
1086 |
- openldap_upgrade_howto |
1087 |
- die "Please move the datadir ${CURRENT_TAGDIR} away" |
1088 |
- fi |
1089 |
- fi |
1090 |
- einfo |
1091 |
- fi |
1092 |
- done |
1093 |
- [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present" |
1094 |
- |
1095 |
- # Now we must check for the major version of sys-libs/db linked against. |
1096 |
- SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd |
1097 |
- if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then |
1098 |
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \ |
1099 |
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')" |
1100 |
- if use berkdb; then |
1101 |
- # find which one would be used |
1102 |
- for bdb_slot in $BDB_SLOTS ; do |
1103 |
- NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")" |
1104 |
- [[ -n "$NEWVER" ]] && break |
1105 |
- done |
1106 |
- fi |
1107 |
- local fail=0 |
1108 |
- if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then |
1109 |
- : |
1110 |
- # Nothing wrong here. |
1111 |
- elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then |
1112 |
- eerror " Your existing version of OpenLDAP was not built against" |
1113 |
- eerror " any version of sys-libs/db, but the new one will build" |
1114 |
- eerror " against ${NEWVER} and your database may be inaccessible." |
1115 |
- echo |
1116 |
- fail=1 |
1117 |
- elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then |
1118 |
- eerror " Your existing version of OpenLDAP was built against" |
1119 |
- eerror " sys-libs/db:${OLDVER}, but the new one will not be" |
1120 |
- eerror " built against any version and your database may be" |
1121 |
- eerror " inaccessible." |
1122 |
- echo |
1123 |
- fail=1 |
1124 |
- elif [ "${OLDVER}" != "${NEWVER}" ]; then |
1125 |
- eerror " Your existing version of OpenLDAP was built against" |
1126 |
- eerror " sys-libs/db:${OLDVER}, but the new one will build against" |
1127 |
- eerror " ${NEWVER} and your database would be inaccessible." |
1128 |
- echo |
1129 |
- fail=1 |
1130 |
- fi |
1131 |
- [ "${fail}" == "1" ] && openldap_upgrade_howto |
1132 |
- fi |
1133 |
- |
1134 |
- echo |
1135 |
- einfo |
1136 |
- einfo "All datadirs are fine, proceeding with merge now..." |
1137 |
- einfo |
1138 |
-} |
1139 |
- |
1140 |
-openldap_upgrade_howto() { |
1141 |
- eerror |
1142 |
- eerror "A (possible old) installation of OpenLDAP was detected," |
1143 |
- eerror "installation will not proceed for now." |
1144 |
- eerror |
1145 |
- eerror "As major version upgrades can corrupt your database," |
1146 |
- eerror "you need to dump your database and re-create it afterwards." |
1147 |
- eerror |
1148 |
- eerror "Additionally, rebuilding against different major versions of the" |
1149 |
- eerror "sys-libs/db libraries will cause your database to be inaccessible." |
1150 |
- eerror "" |
1151 |
- d="$(date -u +%s)" |
1152 |
- l="/root/ldapdump.${d}" |
1153 |
- i="${l}.raw" |
1154 |
- eerror " 1. /etc/init.d/slapd stop" |
1155 |
- eerror " 2. slapcat -l ${i}" |
1156 |
- eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}" |
1157 |
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/" |
1158 |
- eerror " 5. emerge --update \=net-nds/${PF}" |
1159 |
- eerror " 6. etc-update, and ensure that you apply the changes" |
1160 |
- eerror " 7. slapadd -l ${l}" |
1161 |
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*" |
1162 |
- eerror " 9. /etc/init.d/slapd start" |
1163 |
- eerror "10. check that your data is intact." |
1164 |
- eerror "11. set up the new replication system." |
1165 |
- eerror |
1166 |
- if [ "${FORCE_UPGRADE}" != "1" ]; then |
1167 |
- die "You need to upgrade your database first" |
1168 |
- else |
1169 |
- eerror "You have the magical FORCE_UPGRADE=1 in place." |
1170 |
- eerror "Don't say you weren't warned about data loss." |
1171 |
- fi |
1172 |
-} |
1173 |
- |
1174 |
-pkg_setup() { |
1175 |
- if ! use sasl && use cxx ; then |
1176 |
- die "To build the ldapc++ library you must emerge openldap with sasl support" |
1177 |
- fi |
1178 |
- # Bug #322787 |
1179 |
- if use minimal && ! has_version "net-nds/openldap" ; then |
1180 |
- einfo "No datadir scan needed, openldap not installed" |
1181 |
- elif use minimal && has_version 'net-nds/openldap[minimal]' ; then |
1182 |
- einfo "Skipping scan for previous datadirs as requested by minimal useflag" |
1183 |
- else |
1184 |
- openldap_find_versiontags |
1185 |
- fi |
1186 |
- |
1187 |
- # The user/group are only used for running daemons which are |
1188 |
- # disabled in minimal builds, so elide the accounts too. |
1189 |
- if ! use minimal ; then |
1190 |
- enewgroup ldap 439 |
1191 |
- enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap |
1192 |
- fi |
1193 |
-} |
1194 |
- |
1195 |
-src_prepare() { |
1196 |
- # ensure correct SLAPI path by default |
1197 |
- sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \ |
1198 |
- "${S}"/include/ldap_defaults.h |
1199 |
- |
1200 |
- epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch |
1201 |
- |
1202 |
- epatch \ |
1203 |
- "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \ |
1204 |
- "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch |
1205 |
- |
1206 |
- # bug #116045 - still present in 2.4.28 |
1207 |
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch |
1208 |
- # bug #408077 - samba4 |
1209 |
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch |
1210 |
- |
1211 |
- # bug #189817 |
1212 |
- epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch |
1213 |
- |
1214 |
- # bug #233633 |
1215 |
- epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch |
1216 |
- |
1217 |
- # bug #281495 |
1218 |
- epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch |
1219 |
- |
1220 |
- # bug #294350 |
1221 |
- epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch |
1222 |
- |
1223 |
- # unbreak /bin/sh -> dash |
1224 |
- epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch |
1225 |
- |
1226 |
- # bug #420959 |
1227 |
- epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch |
1228 |
- |
1229 |
- # unbundle lmdb |
1230 |
- epatch "${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch |
1231 |
- rm -rf "${S}"/libraries/liblmdb |
1232 |
- |
1233 |
- cd "${S}"/build || die |
1234 |
- einfo "Making sure upstream build strip does not do stripping too early" |
1235 |
- sed -i.orig \ |
1236 |
- -e '/^STRIP/s,-s,,g' \ |
1237 |
- top.mk || die "Failed to block stripping" |
1238 |
- |
1239 |
- # wrong assumption that /bin/sh is /bin/bash |
1240 |
- sed -i \ |
1241 |
- -e 's|/bin/sh|/bin/bash|g' \ |
1242 |
- "${S}"/tests/scripts/* || die "sed failed" |
1243 |
- |
1244 |
- cd "${S}" || die |
1245 |
- |
1246 |
- AT_NOEAUTOMAKE=yes eautoreconf |
1247 |
-} |
1248 |
- |
1249 |
-build_contrib_module() { |
1250 |
- # <dir> <sources> <outputname> |
1251 |
- cd "${S}/contrib/slapd-modules/$1" || die |
1252 |
- einfo "Compiling contrib-module: $3" |
1253 |
- # Make sure it's uppercase |
1254 |
- local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')" |
1255 |
- "${lt}" --mode=compile --tag=CC \ |
1256 |
- "${CC}" \ |
1257 |
- -D${define_name}=SLAPD_MOD_DYNAMIC \ |
1258 |
- -I"${BUILD_DIR}"/include \ |
1259 |
- -I../../../include -I../../../servers/slapd ${CFLAGS} \ |
1260 |
- -o ${2%.c}.lo -c $2 || die "compiling $3 failed" |
1261 |
- einfo "Linking contrib-module: $3" |
1262 |
- "${lt}" --mode=link --tag=CC \ |
1263 |
- "${CC}" -module \ |
1264 |
- ${CFLAGS} \ |
1265 |
- ${LDFLAGS} \ |
1266 |
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ |
1267 |
- -o $3.la ${2%.c}.lo || die "linking $3 failed" |
1268 |
-} |
1269 |
- |
1270 |
-src_configure() { |
1271 |
- # Bug 408001 |
1272 |
- use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync |
1273 |
- |
1274 |
- # connectionless ldap per bug #342439 |
1275 |
- append-cppflags -DLDAP_CONNECTIONLESS |
1276 |
- |
1277 |
- multilib-minimal_src_configure |
1278 |
-} |
1279 |
- |
1280 |
-multilib_src_configure() { |
1281 |
- local myconf=() |
1282 |
- |
1283 |
- use debug && myconf+=( $(use_enable debug) ) |
1284 |
- |
1285 |
- # ICU exists only in the configure, nowhere in the codebase, bug #510858 |
1286 |
- export ac_cv_header_unicode_utypes_h=no ol_cv_lib_icu=no |
1287 |
- |
1288 |
- if ! use minimal && multilib_is_native_abi; then |
1289 |
- local CPPFLAGS=${CPPFLAGS} |
1290 |
- |
1291 |
- # re-enable serverside overlay chains per bug #296567 |
1292 |
- # see ldap docs chaper 12.3.1 for details |
1293 |
- myconf+=( --enable-ldap ) |
1294 |
- |
1295 |
- # backends |
1296 |
- myconf+=( --enable-slapd ) |
1297 |
- if use berkdb ; then |
1298 |
- einfo "Using Berkeley DB for local backend" |
1299 |
- myconf+=( --enable-bdb --enable-hdb ) |
1300 |
- DBINCLUDE=$(db_includedir $BDB_SLOTS) |
1301 |
- einfo "Using $DBINCLUDE for sys-libs/db version" |
1302 |
- # We need to include the slotted db.h dir for FreeBSD |
1303 |
- append-cppflags -I${DBINCLUDE} |
1304 |
- else |
1305 |
- myconf+=( --disable-bdb --disable-hdb ) |
1306 |
- fi |
1307 |
- for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do |
1308 |
- myconf+=( --enable-${backend}=mod ) |
1309 |
- done |
1310 |
- |
1311 |
- myconf+=( $(use_enable perl perl mod) ) |
1312 |
- |
1313 |
- myconf+=( $(use_enable odbc sql mod) ) |
1314 |
- if use odbc ; then |
1315 |
- local odbc_lib="unixodbc" |
1316 |
- if use iodbc ; then |
1317 |
- odbc_lib="iodbc" |
1318 |
- append-cppflags -I"${EPREFIX}"/usr/include/iodbc |
1319 |
- fi |
1320 |
- myconf+=( --with-odbc=${odbc_lib} ) |
1321 |
- fi |
1322 |
- |
1323 |
- # slapd options |
1324 |
- myconf+=( |
1325 |
- $(use_enable crypt) |
1326 |
- $(use_enable slp) |
1327 |
- $(use_enable samba lmpasswd) |
1328 |
- $(use_enable syslog) |
1329 |
- ) |
1330 |
- if use experimental ; then |
1331 |
- myconf+=( |
1332 |
- --enable-dynacl |
1333 |
- --enable-aci=mod |
1334 |
- ) |
1335 |
- fi |
1336 |
- for option in aci cleartext modules rewrite rlookups slapi; do |
1337 |
- myconf+=( --enable-${option} ) |
1338 |
- done |
1339 |
- |
1340 |
- # slapd overlay options |
1341 |
- # Compile-in the syncprov, the others as module |
1342 |
- myconf+=( --enable-syncprov=yes ) |
1343 |
- use overlays && myconf+=( --enable-overlays=mod ) |
1344 |
- |
1345 |
- else |
1346 |
- myconf+=( |
1347 |
- --disable-backends |
1348 |
- --disable-slapd |
1349 |
- --disable-bdb |
1350 |
- --disable-hdb |
1351 |
- --disable-mdb |
1352 |
- --disable-overlays |
1353 |
- --disable-syslog |
1354 |
- ) |
1355 |
- fi |
1356 |
- |
1357 |
- # basic functionality stuff |
1358 |
- myconf+=( |
1359 |
- $(use_enable ipv6) |
1360 |
- $(multilib_native_use_with sasl cyrus-sasl) |
1361 |
- $(multilib_native_use_enable sasl spasswd) |
1362 |
- $(use_enable tcpd wrappers) |
1363 |
- ) |
1364 |
- |
1365 |
- # Some cross-compiling tests don't pan out well. |
1366 |
- tc-is-cross-compiler && myconf+=( |
1367 |
- --with-yielding-select=yes |
1368 |
- ) |
1369 |
- |
1370 |
- local ssl_lib="no" |
1371 |
- if use ssl || ( ! use minimal && use samba ) ; then |
1372 |
- ssl_lib="openssl" |
1373 |
- use gnutls && ssl_lib="gnutls" |
1374 |
- fi |
1375 |
- |
1376 |
- myconf+=( --with-tls=${ssl_lib} ) |
1377 |
- |
1378 |
- for basicflag in dynamic local proctitle shared; do |
1379 |
- myconf+=( --enable-${basicflag} ) |
1380 |
- done |
1381 |
- |
1382 |
- tc-export AR CC CXX |
1383 |
- ECONF_SOURCE=${S} \ |
1384 |
- STRIP=/bin/true \ |
1385 |
- econf \ |
1386 |
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \ |
1387 |
- $(use_enable static-libs static) \ |
1388 |
- "${myconf[@]}" |
1389 |
- emake depend |
1390 |
-} |
1391 |
- |
1392 |
-src_configure_cxx() { |
1393 |
- # This needs the libraries built by the first build run. |
1394 |
- # So we have to run it AFTER the main build, not just after the main |
1395 |
- # configure. |
1396 |
- local myconf_ldapcpp=( |
1397 |
- --with-ldap-includes="${S}"/include |
1398 |
- ) |
1399 |
- |
1400 |
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die |
1401 |
- cd "${BUILD_DIR}/contrib/ldapc++" || die |
1402 |
- |
1403 |
- local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS} |
1404 |
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \ |
1405 |
- -L"${BUILD_DIR}"/libraries/libldap/.libs |
1406 |
- append-cppflags -I"${BUILD_DIR}"/include |
1407 |
- ECONF_SOURCE=${S}/contrib/ldapc++ \ |
1408 |
- econf "${myconf_ldapcpp[@]}" \ |
1409 |
- CC="${CC}" \ |
1410 |
- CXX="${CXX}" |
1411 |
-} |
1412 |
- |
1413 |
-multilib_src_compile() { |
1414 |
- tc-export AR CC CXX |
1415 |
- emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash |
1416 |
- local lt="${BUILD_DIR}/libtool" |
1417 |
- export echo="echo" |
1418 |
- |
1419 |
- if ! use minimal && multilib_is_native_abi ; then |
1420 |
- if use cxx ; then |
1421 |
- einfo "Building contrib library: ldapc++" |
1422 |
- src_configure_cxx |
1423 |
- cd "${BUILD_DIR}/contrib/ldapc++" || die |
1424 |
- emake \ |
1425 |
- CC="${CC}" CXX="${CXX}" |
1426 |
- fi |
1427 |
- |
1428 |
- if use smbkrb5passwd ; then |
1429 |
- einfo "Building contrib-module: smbk5pwd" |
1430 |
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die |
1431 |
- |
1432 |
- MY_DEFS="-DDO_SHADOW" |
1433 |
- if use samba ; then |
1434 |
- MY_DEFS="${MY_DEFS} -DDO_SAMBA" |
1435 |
- MY_KRB5_INC="" |
1436 |
- fi |
1437 |
- if use kerberos ; then |
1438 |
- MY_DEFS="${MY_DEFS} -DDO_KRB5" |
1439 |
- MY_KRB5_INC="$(krb5-config --cflags)" |
1440 |
- fi |
1441 |
- |
1442 |
- emake \ |
1443 |
- DEFS="${MY_DEFS}" \ |
1444 |
- KRB5_INC="${MY_KRB5_INC}" \ |
1445 |
- LDAP_BUILD="${BUILD_DIR}" \ |
1446 |
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" |
1447 |
- fi |
1448 |
- |
1449 |
- if use overlays ; then |
1450 |
- einfo "Building contrib-module: samba4" |
1451 |
- cd "${S}/contrib/slapd-modules/samba4" || die |
1452 |
- |
1453 |
- emake \ |
1454 |
- LDAP_BUILD="${BUILD_DIR}" \ |
1455 |
- CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap" |
1456 |
- fi |
1457 |
- |
1458 |
- if use kerberos ; then |
1459 |
- if use kinit ; then |
1460 |
- build_contrib_module "kinit" "kinit.c" "kinit" |
1461 |
- fi |
1462 |
- cd "${S}/contrib/slapd-modules/passwd" || die |
1463 |
- einfo "Compiling contrib-module: pw-kerberos" |
1464 |
- "${lt}" --mode=compile --tag=CC \ |
1465 |
- "${CC}" \ |
1466 |
- -I"${BUILD_DIR}"/include \ |
1467 |
- -I../../../include \ |
1468 |
- ${CFLAGS} \ |
1469 |
- $(krb5-config --cflags) \ |
1470 |
- -DHAVE_KRB5 \ |
1471 |
- -o kerberos.lo \ |
1472 |
- -c kerberos.c || die "compiling pw-kerberos failed" |
1473 |
- einfo "Linking contrib-module: pw-kerberos" |
1474 |
- "${lt}" --mode=link --tag=CC \ |
1475 |
- "${CC}" -module \ |
1476 |
- ${CFLAGS} \ |
1477 |
- ${LDFLAGS} \ |
1478 |
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ |
1479 |
- -o pw-kerberos.la \ |
1480 |
- kerberos.lo || die "linking pw-kerberos failed" |
1481 |
- fi |
1482 |
- # We could build pw-radius if GNURadius would install radlib.h |
1483 |
- cd "${S}/contrib/slapd-modules/passwd" || die |
1484 |
- einfo "Compiling contrib-module: pw-netscape" |
1485 |
- "${lt}" --mode=compile --tag=CC \ |
1486 |
- "${CC}" \ |
1487 |
- -I"${BUILD_DIR}"/include \ |
1488 |
- -I../../../include \ |
1489 |
- ${CFLAGS} \ |
1490 |
- -o netscape.lo \ |
1491 |
- -c netscape.c || die "compiling pw-netscape failed" |
1492 |
- einfo "Linking contrib-module: pw-netscape" |
1493 |
- "${lt}" --mode=link --tag=CC \ |
1494 |
- "${CC}" -module \ |
1495 |
- ${CFLAGS} \ |
1496 |
- ${LDFLAGS} \ |
1497 |
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ |
1498 |
- -o pw-netscape.la \ |
1499 |
- netscape.lo || die "linking pw-netscape failed" |
1500 |
- |
1501 |
- #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only |
1502 |
- #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos |
1503 |
- build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay" |
1504 |
- build_contrib_module "allop" "allop.c" "overlay-allop" |
1505 |
- build_contrib_module "allowed" "allowed.c" "allowed" |
1506 |
- build_contrib_module "autogroup" "autogroup.c" "autogroup" |
1507 |
- build_contrib_module "cloak" "cloak.c" "cloak" |
1508 |
- # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand |
1509 |
- build_contrib_module "denyop" "denyop.c" "denyop-overlay" |
1510 |
- build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin" |
1511 |
- build_contrib_module "dupent" "dupent.c" "dupent" |
1512 |
- build_contrib_module "lastbind" "lastbind.c" "lastbind" |
1513 |
- # lastmod may not play well with other overlays |
1514 |
- build_contrib_module "lastmod" "lastmod.c" "lastmod" |
1515 |
- build_contrib_module "noopsrch" "noopsrch.c" "noopsrch" |
1516 |
- build_contrib_module "nops" "nops.c" "nops-overlay" |
1517 |
- #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER |
1518 |
- build_contrib_module "trace" "trace.c" "trace" |
1519 |
- # build slapi-plugins |
1520 |
- cd "${S}/contrib/slapi-plugins/addrdnvalues" || die |
1521 |
- einfo "Building contrib-module: addrdnvalues plugin" |
1522 |
- "${CC}" -shared \ |
1523 |
- -I"${BUILD_DIR}"/include \ |
1524 |
- -I../../../include \ |
1525 |
- ${CFLAGS} \ |
1526 |
- -fPIC \ |
1527 |
- ${LDFLAGS} \ |
1528 |
- -o libaddrdnvalues-plugin.so \ |
1529 |
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed" |
1530 |
- |
1531 |
- fi |
1532 |
-} |
1533 |
- |
1534 |
-multilib_src_test() { |
1535 |
- if multilib_is_native_abi; then |
1536 |
- cd tests || die |
1537 |
- emake tests || die "make tests failed" |
1538 |
- fi |
1539 |
-} |
1540 |
- |
1541 |
-multilib_src_install() { |
1542 |
- local lt="${BUILD_DIR}/libtool" |
1543 |
- emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install |
1544 |
- |
1545 |
- if ! use minimal && multilib_is_native_abi; then |
1546 |
- # openldap modules go here |
1547 |
- # TODO: write some code to populate slapd.conf with moduleload statements |
1548 |
- keepdir /usr/$(get_libdir)/openldap/openldap/ |
1549 |
- |
1550 |
- # initial data storage dir |
1551 |
- keepdir /var/lib/openldap-data |
1552 |
- use prefix || fowners ldap:ldap /var/lib/openldap-data |
1553 |
- fperms 0700 /var/lib/openldap-data |
1554 |
- |
1555 |
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" |
1556 |
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" |
1557 |
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" |
1558 |
- |
1559 |
- # use our config |
1560 |
- rm "${ED}"etc/openldap/slapd.conf |
1561 |
- insinto /etc/openldap |
1562 |
- newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf |
1563 |
- configfile="${ED}"etc/openldap/slapd.conf |
1564 |
- |
1565 |
- # populate with built backends |
1566 |
- ebegin "populate config with built backends" |
1567 |
- for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do |
1568 |
- einfo "Adding $(basename ${x})" |
1569 |
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" |
1570 |
- done |
1571 |
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}" |
1572 |
- use prefix || fowners root:ldap /etc/openldap/slapd.conf |
1573 |
- fperms 0640 /etc/openldap/slapd.conf |
1574 |
- cp "${configfile}" "${configfile}".default |
1575 |
- eend |
1576 |
- |
1577 |
- # install our own init scripts and systemd unit files |
1578 |
- einfo "Install init scripts" |
1579 |
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die |
1580 |
- doinitd "${T}"/slapd |
1581 |
- newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd |
1582 |
- |
1583 |
- einfo "Install systemd service" |
1584 |
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd.service > "${T}"/slapd.service || die |
1585 |
- systemd_dounit "${T}"/slapd.service |
1586 |
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf |
1587 |
- systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf |
1588 |
- |
1589 |
- # If built without SLP, we don't need to be before avahi |
1590 |
- use slp \ |
1591 |
- || sed -i \ |
1592 |
- -e '/before/{s/avahi-daemon//g}' \ |
1593 |
- "${ED}"etc/init.d/slapd |
1594 |
- |
1595 |
- if use cxx ; then |
1596 |
- einfo "Install the ldapc++ library" |
1597 |
- cd "${BUILD_DIR}/contrib/ldapc++" || die |
1598 |
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install |
1599 |
- cd "${S}"/contrib/ldapc++ || die |
1600 |
- newdoc README ldapc++-README |
1601 |
- fi |
1602 |
- |
1603 |
- if use smbkrb5passwd ; then |
1604 |
- einfo "Install the smbk5pwd module" |
1605 |
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die |
1606 |
- emake DESTDIR="${D}" \ |
1607 |
- LDAP_BUILD="${BUILD_DIR}" \ |
1608 |
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install |
1609 |
- newdoc README smbk5pwd-README |
1610 |
- fi |
1611 |
- |
1612 |
- if use overlays ; then |
1613 |
- einfo "Install the samba4 module" |
1614 |
- cd "${S}/contrib/slapd-modules/samba4" || die |
1615 |
- emake DESTDIR="${D}" \ |
1616 |
- LDAP_BUILD="${BUILD_DIR}" \ |
1617 |
- libexecdir="/usr/$(get_libdir)/openldap" install |
1618 |
- newdoc README samba4-README |
1619 |
- fi |
1620 |
- |
1621 |
- einfo "Installing contrib modules" |
1622 |
- cd "${S}/contrib/slapd-modules" || die |
1623 |
- for l in */*.la; do |
1624 |
- "${lt}" --mode=install cp ${l} \ |
1625 |
- "${ED}"usr/$(get_libdir)/openldap/openldap || \ |
1626 |
- die "installing ${l} failed" |
1627 |
- done |
1628 |
- |
1629 |
- dodoc "${FILESDIR}"/DB_CONFIG.fast.example |
1630 |
- docinto contrib |
1631 |
- doman */*.5 |
1632 |
- #newdoc acl/README* |
1633 |
- newdoc addpartial/README addpartial-README |
1634 |
- newdoc allop/README allop-README |
1635 |
- newdoc allowed/README allowed-README |
1636 |
- newdoc autogroup/README autogroup-README |
1637 |
- newdoc dsaschema/README dsaschema-README |
1638 |
- newdoc passwd/README passwd-README |
1639 |
- cd "${S}/contrib/slapi-plugins" || die |
1640 |
- insinto /usr/$(get_libdir)/openldap/openldap |
1641 |
- doins */*.so |
1642 |
- docinto contrib |
1643 |
- newdoc addrdnvalues/README addrdnvalues-README |
1644 |
- |
1645 |
- insinto /etc/openldap/schema |
1646 |
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN} |
1647 |
- |
1648 |
- docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample* |
1649 |
- docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample* |
1650 |
- docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm |
1651 |
- |
1652 |
- dosbin "${S}"/contrib/slapd-tools/statslog |
1653 |
- newdoc "${S}"/contrib/slapd-tools/README README.statslog |
1654 |
- fi |
1655 |
- |
1656 |
- use static-libs || prune_libtool_files --all |
1657 |
-} |
1658 |
- |
1659 |
-multilib_src_install_all() { |
1660 |
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README |
1661 |
- docinto rfc ; dodoc doc/rfc/*.txt |
1662 |
-} |
1663 |
- |
1664 |
-pkg_preinst() { |
1665 |
- # keep old libs if any |
1666 |
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0) |
1667 |
- # bug 440470, only display the getting started help there was no openldap before, |
1668 |
- # or we are going to a non-minimal build |
1669 |
- ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]' |
1670 |
- OPENLDAP_PRINT_MESSAGES=$((! $?)) |
1671 |
-} |
1672 |
- |
1673 |
-pkg_postinst() { |
1674 |
- if ! use minimal ; then |
1675 |
- # You cannot build SSL certificates during src_install that will make |
1676 |
- # binary packages containing your SSL key, which is both a security risk |
1677 |
- # and a misconfiguration if multiple machines use the same key and cert. |
1678 |
- if use ssl; then |
1679 |
- install_cert /etc/openldap/ssl/ldap |
1680 |
- use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.* |
1681 |
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" |
1682 |
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" |
1683 |
- ewarn "add 'TLS_REQCERT allow' if you want to use them." |
1684 |
- fi |
1685 |
- |
1686 |
- if use prefix; then |
1687 |
- # Warn about prefix issues with slapd |
1688 |
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges" |
1689 |
- eerror "to start up, and requires that certain files directories be owned by" |
1690 |
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and" |
1691 |
- eerror "directories, you will have to manually fix this yourself." |
1692 |
- fi |
1693 |
- |
1694 |
- # These lines force the permissions of various content to be correct |
1695 |
- use prefix || chown ldap:ldap "${EROOT}"var/run/openldap |
1696 |
- chmod 0755 "${EROOT}"var/run/openldap |
1697 |
- use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default} |
1698 |
- chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default} |
1699 |
- use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data |
1700 |
- fi |
1701 |
- |
1702 |
- if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then |
1703 |
- elog "Getting started using OpenLDAP? There is some documentation available:" |
1704 |
- elog "Gentoo Guide to OpenLDAP Authentication" |
1705 |
- elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)" |
1706 |
- elog "---" |
1707 |
- elog "An example file for tuning BDB backends with openldap is" |
1708 |
- elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/" |
1709 |
- fi |
1710 |
- |
1711 |
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0) |
1712 |
-} |