Gentoo Archives: gentoo-commits

From: Lars Wendler <polynomial-c@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-fs/samba/
Date: Fri, 03 Dec 2021 15:39:24
Message-Id: 1638545946.96c00c4dd1a84dd1b7d4bb24b1c32da67d53d353.polynomial-c@gentoo
1 commit: 96c00c4dd1a84dd1b7d4bb24b1c32da67d53d353
2 Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
3 AuthorDate: Fri Dec 3 15:38:37 2021 +0000
4 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
5 CommitDate: Fri Dec 3 15:39:06 2021 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=96c00c4d
7
8 net-fs/samba: Security cleanup
9
10 Bug: https://bugs.gentoo.org/821688
11 Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
12
13 net-fs/samba/Manifest | 1 -
14 net-fs/samba/samba-4.14.9.ebuild | 339 ---------------------------------------
15 2 files changed, 340 deletions(-)
16
17 diff --git a/net-fs/samba/Manifest b/net-fs/samba/Manifest
18 index 0bd4d0b090de..fd3ea6e68854 100644
19 --- a/net-fs/samba/Manifest
20 +++ b/net-fs/samba/Manifest
21 @@ -1,3 +1,2 @@
22 DIST samba-4.14.10.tar.gz 19134066 BLAKE2B c6daebc7abbf2ed371ed694e4478d05875d55f7c5a9f83461932eebd7fe9089ff15e0530555d468e64f897d4cadab86e8c0acbfbd20938b3be842cb4324486e2 SHA512 0e1dd386d185cf77a2be4155646e98b3218316b5c290358684ec8eed747ffea67aa7db0937edc971fb791dc47f0f51306db33eb3b8cb65cca8787f18fd4b7f1c
23 -DIST samba-4.14.9.tar.gz 19063803 BLAKE2B 157665aba6d2449781ad3781deb2cdb3ae325879a796b8ba07a9d981ed93aaccd7f098841136a3be9d4e304ecba00b7ecb0c4a84cdfc6593172d4bc66cb38c69 SHA512 e7eb8b55656f51d94d99358dbe39869a74e34b2c69e14ac813c2387a4b2a10d8a5c22ad9b6a3a3ed4dcec4c13df810f577e22d7f1cc903176c0962e412496deb
24 DIST samba-4.15.2.tar.gz 19252338 BLAKE2B aded33cbefce69c9b20148de1be224514de5cc825404e8188fb0a96022d0fdc6595256f74a5e295fd2e1062e8520775b6c59c1d6a7bf80a52ed9fa9db412dcdd SHA512 6fdf9db0da90332afe527703066cca4ec5b0ec6bf6a5979443953f9fbc18b870a7e2445a41c9ae3d63f7738c9c0282e7ca82f6066aa68e151eec248615ea7b21
25
26 diff --git a/net-fs/samba/samba-4.14.9.ebuild b/net-fs/samba/samba-4.14.9.ebuild
27 deleted file mode 100644
28 index d94a70025926..000000000000
29 --- a/net-fs/samba/samba-4.14.9.ebuild
30 +++ /dev/null
31 @@ -1,339 +0,0 @@
32 -# Copyright 1999-2021 Gentoo Authors
33 -# Distributed under the terms of the GNU General Public License v2
34 -
35 -EAPI=7
36 -
37 -PYTHON_COMPAT=( python3_{8..9} )
38 -PYTHON_REQ_USE="threads(+),xml(+)"
39 -inherit python-single-r1 waf-utils multilib-minimal linux-info systemd pam tmpfiles
40 -
41 -DESCRIPTION="Samba Suite Version 4"
42 -HOMEPAGE="https://samba.org/"
43 -
44 -MY_PV="${PV/_rc/rc}"
45 -MY_P="${PN}-${MY_PV}"
46 -if [[ ${PV} = *_rc* ]]; then
47 - SRC_URI="mirror://samba/rc/${MY_P}.tar.gz"
48 -else
49 - SRC_URI="mirror://samba/stable/${MY_P}.tar.gz"
50 - KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ppc ppc64 ~riscv sparc x86"
51 -fi
52 -S="${WORKDIR}/${MY_P}"
53 -
54 -LICENSE="GPL-3"
55 -SLOT="0"
56 -IUSE="acl addc addns ads ceph client cluster cups debug dmapi fam glusterfs
57 -gpg iprint json ldap ntvfs pam profiling-data python quota +regedit selinux
58 -snapper spotlight syslog system-heimdal +system-mitkrb5 systemd test winbind
59 -zeroconf"
60 -
61 -REQUIRED_USE="${PYTHON_REQUIRED_USE}
62 - addc? ( python json winbind )
63 - addns? ( python )
64 - ads? ( acl ldap winbind )
65 - cluster? ( ads )
66 - gpg? ( addc )
67 - ntvfs? ( addc )
68 - spotlight? ( json )
69 - test? ( python )
70 - !ads? ( !addc )
71 - ?? ( system-heimdal system-mitkrb5 )
72 -"
73 -
74 -# the test suite is messed, it uses system-installed samba
75 -# bits instead of what was built, tests things disabled via use
76 -# flags, and generally just fails to work in a way ebuilds could
77 -# rely on in its current state
78 -RESTRICT="test"
79 -
80 -MULTILIB_WRAPPED_HEADERS=(
81 - /usr/include/samba-4.0/policy.h
82 - /usr/include/samba-4.0/dcerpc_server.h
83 - /usr/include/samba-4.0/ctdb.h
84 - /usr/include/samba-4.0/ctdb_client.h
85 - /usr/include/samba-4.0/ctdb_protocol.h
86 - /usr/include/samba-4.0/ctdb_private.h
87 - /usr/include/samba-4.0/ctdb_typesafe_cb.h
88 - /usr/include/samba-4.0/ctdb_version.h
89 -)
90 -
91 -COMMON_DEPEND="
92 - >=app-arch/libarchive-3.1.2[${MULTILIB_USEDEP}]
93 - dev-lang/perl:=
94 - dev-libs/icu:=[${MULTILIB_USEDEP}]
95 - dev-libs/libbsd[${MULTILIB_USEDEP}]
96 - dev-libs/libtasn1[${MULTILIB_USEDEP}]
97 - dev-libs/popt[${MULTILIB_USEDEP}]
98 - dev-perl/Parse-Yapp
99 - >=net-libs/gnutls-3.4.7[${MULTILIB_USEDEP}]
100 - net-libs/libnsl:=[${MULTILIB_USEDEP}]
101 - sys-libs/e2fsprogs-libs[${MULTILIB_USEDEP}]
102 - >=sys-libs/ldb-2.3.1[ldap(+)?,${MULTILIB_USEDEP}]
103 - <sys-libs/ldb-2.4.0[ldap(+)?,${MULTILIB_USEDEP}]
104 - sys-libs/libcap[${MULTILIB_USEDEP}]
105 - sys-libs/liburing:=[${MULTILIB_USEDEP}]
106 - sys-libs/ncurses:0=
107 - sys-libs/readline:0=
108 - >=sys-libs/talloc-2.3.2[${MULTILIB_USEDEP}]
109 - >=sys-libs/tdb-1.4.3[${MULTILIB_USEDEP}]
110 - >=sys-libs/tevent-0.10.2[${MULTILIB_USEDEP}]
111 - sys-libs/zlib[${MULTILIB_USEDEP}]
112 - virtual/libcrypt:=[${MULTILIB_USEDEP}]
113 - virtual/libiconv
114 - $(python_gen_cond_dep "
115 - addc? (
116 - dev-python/dnspython:=[\${PYTHON_USEDEP}]
117 - dev-python/markdown[\${PYTHON_USEDEP}]
118 - )
119 - addns? (
120 - dev-python/dnspython:=[\${PYTHON_USEDEP}]
121 - net-dns/bind-tools[gssapi]
122 - )
123 - ")
124 - !alpha? ( !sparc? ( sys-libs/libunwind:= ) )
125 - acl? ( virtual/acl )
126 - ceph? ( sys-cluster/ceph )
127 - cluster? ( net-libs/rpcsvc-proto )
128 - cups? ( net-print/cups )
129 - debug? ( dev-util/lttng-ust )
130 - dmapi? ( sys-apps/dmapi )
131 - fam? ( virtual/fam )
132 - gpg? ( app-crypt/gpgme )
133 - json? ( dev-libs/jansson:= )
134 - ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] )
135 - pam? ( sys-libs/pam )
136 - python? (
137 - sys-libs/ldb[python,${PYTHON_SINGLE_USEDEP}]
138 - sys-libs/talloc[python,${PYTHON_SINGLE_USEDEP}]
139 - sys-libs/tdb[python,${PYTHON_SINGLE_USEDEP}]
140 - sys-libs/tevent[python,${PYTHON_SINGLE_USEDEP}]
141 - )
142 - snapper? ( sys-apps/dbus )
143 - system-heimdal? ( >=app-crypt/heimdal-1.5[-ssl,${MULTILIB_USEDEP}] )
144 - system-mitkrb5? ( >=app-crypt/mit-krb5-1.15.1[${MULTILIB_USEDEP}] )
145 - systemd? ( sys-apps/systemd:0= )
146 - zeroconf? ( net-dns/avahi[dbus] )
147 -"
148 -DEPEND="${COMMON_DEPEND}
149 - >=dev-util/cmocka-1.1.3[${MULTILIB_USEDEP}]
150 - net-libs/libtirpc[${MULTILIB_USEDEP}]
151 - || (
152 - net-libs/rpcsvc-proto
153 - <sys-libs/glibc-2.26[rpc(+)]
154 - )
155 - spotlight? ( dev-libs/glib )
156 - test? (
157 - $(python_gen_cond_dep "dev-python/subunit[\${PYTHON_USEDEP},${MULTILIB_USEDEP}]" )
158 - !system-mitkrb5? (
159 - >=net-dns/resolv_wrapper-1.1.4
160 - >=net-libs/socket_wrapper-1.1.9
161 - >=sys-libs/nss_wrapper-1.1.3
162 - >=sys-libs/uid_wrapper-1.2.1
163 - )
164 - )"
165 -RDEPEND="${COMMON_DEPEND}
166 - client? ( net-fs/cifs-utils[ads?] )
167 - python? ( ${PYTHON_DEPS} )
168 - selinux? ( sec-policy/selinux-samba )
169 -"
170 -BDEPEND="${PYTHON_DEPS}
171 - app-text/docbook-xsl-stylesheets
172 - dev-libs/libxslt
173 - virtual/pkgconfig
174 -"
175 -
176 -PATCHES=(
177 - "${FILESDIR}/${PN}-4.4.0-pam.patch"
178 -)
179 -
180 -#CONFDIR="${FILESDIR}/$(get_version_component_range 1-2)"
181 -CONFDIR="${FILESDIR}/4.4"
182 -
183 -WAF_BINARY="${S}/buildtools/bin/waf"
184 -
185 -SHAREDMODS=""
186 -
187 -pkg_setup() {
188 - # Package fails to build with distcc
189 - export DISTCC_DISABLE=1
190 -
191 - python-single-r1_pkg_setup
192 -
193 - SHAREDMODS="$(usex snapper '' '!')vfs_snapper"
194 - if use cluster ; then
195 - SHAREDMODS+=",idmap_rid,idmap_tdb2,idmap_ad"
196 - elif use ads ; then
197 - SHAREDMODS+=",idmap_ad"
198 - fi
199 -}
200 -
201 -src_prepare() {
202 - default
203 -
204 - # un-bundle dnspython
205 - sed -i -e '/"dns.resolver":/d' "${S}"/third_party/wscript || die
206 -
207 - # unbundle iso8601 unless tests are enabled
208 - if ! use test ; then
209 - sed -i -e '/"iso8601":/d' "${S}"/third_party/wscript || die
210 - fi
211 -
212 - ## ugly hackaround for bug #592502
213 - #cp /usr/include/tevent_internal.h "${S}"/lib/tevent/ || die
214 -
215 - sed -e 's:<gpgme\.h>:<gpgme/gpgme.h>:' \
216 - -i source4/dsdb/samdb/ldb_modules/password_hash.c \
217 - || die
218 -
219 - # Friggin' WAF shit
220 - multilib_copy_sources
221 -}
222 -
223 -multilib_src_configure() {
224 - # when specifying libs for samba build you must append NONE to the end to
225 - # stop it automatically including things
226 - local bundled_libs="NONE"
227 - if ! use system-heimdal && ! use system-mitkrb5 ; then
228 - bundled_libs="heimbase,heimntlm,hdb,kdc,krb5,wind,gssapi,hcrypto,hx509,roken,asn1,com_err,NONE"
229 - fi
230 -
231 - local myconf=(
232 - --enable-fhs
233 - --sysconfdir="${EPREFIX}/etc"
234 - --localstatedir="${EPREFIX}/var"
235 - --with-modulesdir="${EPREFIX}/usr/$(get_libdir)/samba"
236 - --with-piddir="${EPREFIX}/run/${PN}"
237 - --bundled-libraries="${bundled_libs}"
238 - --builtin-libraries=NONE
239 - --disable-rpath
240 - --disable-rpath-install
241 - --nopyc
242 - --nopyo
243 - --without-winexe
244 - $(multilib_native_use_with acl acl-support)
245 - $(multilib_native_usex addc '' '--without-ad-dc')
246 - $(multilib_native_use_with addns dnsupdate)
247 - $(multilib_native_use_with ads)
248 - $(multilib_native_use_enable ceph cephfs)
249 - $(multilib_native_use_with cluster cluster-support)
250 - $(multilib_native_use_enable cups)
251 - $(multilib_native_use_with dmapi)
252 - $(multilib_native_use_with fam)
253 - $(multilib_native_use_enable glusterfs)
254 - $(multilib_native_use_with gpg gpgme)
255 - $(multilib_native_use_with json)
256 - $(multilib_native_use_enable iprint)
257 - $(multilib_native_use_with ntvfs ntvfs-fileserver)
258 - $(multilib_native_use_with pam)
259 - $(multilib_native_usex pam "--with-pammodulesdir=${EPREFIX}/$(get_libdir)/security" '')
260 - $(multilib_native_use_with quota quotas)
261 - $(multilib_native_use_with regedit)
262 - $(multilib_native_use_enable spotlight)
263 - $(multilib_native_use_with syslog)
264 - $(multilib_native_use_with systemd)
265 - --systemd-install-services
266 - --with-systemddir="$(systemd_get_systemunitdir)"
267 - $(multilib_native_use_with winbind)
268 - $(multilib_native_usex python '' '--disable-python')
269 - $(multilib_native_use_enable zeroconf avahi)
270 - $(multilib_native_usex test '--enable-selftest' '')
271 - $(usex system-mitkrb5 "--with-system-mitkrb5 $(multilib_native_usex addc --with-experimental-mit-ad-dc '')" '')
272 - $(use_with debug lttng)
273 - $(use_with ldap)
274 - $(use_with profiling-data)
275 - # bug #683148
276 - --jobs 1
277 - )
278 -
279 - if multilib_is_native_abi ; then
280 - myconf+=( --with-shared-modules=${SHAREDMODS} )
281 - else
282 - myconf+=( --with-shared-modules=DEFAULT,!vfs_snapper )
283 - fi
284 -
285 - CPPFLAGS="-I${SYSROOT}${EPREFIX}/usr/include/et ${CPPFLAGS}" \
286 - waf-utils_src_configure ${myconf[@]}
287 -}
288 -
289 -multilib_src_compile() {
290 - waf-utils_src_compile
291 -}
292 -
293 -multilib_src_install() {
294 - waf-utils_src_install
295 -
296 - # Make all .so files executable
297 - find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die
298 -
299 - if multilib_is_native_abi ; then
300 - # install ldap schema for server (bug #491002)
301 - if use ldap ; then
302 - insinto /etc/openldap/schema
303 - doins examples/LDAP/samba.schema
304 - fi
305 -
306 - # create symlink for cups (bug #552310)
307 - if use cups ; then
308 - dosym ../../../bin/smbspool /usr/libexec/cups/backend/smb
309 - fi
310 -
311 - # install example config file
312 - insinto /etc/samba
313 - doins examples/smb.conf.default
314 -
315 - # Fix paths in example file (#603964)
316 - sed \
317 - -e '/log file =/s@/usr/local/samba/var/@/var/log/samba/@' \
318 - -e '/include =/s@/usr/local/samba/lib/@/etc/samba/@' \
319 - -e '/path =/s@/usr/local/samba/lib/@/var/lib/samba/@' \
320 - -e '/path =/s@/usr/local/samba/@/var/lib/samba/@' \
321 - -e '/path =/s@/usr/spool/samba@/var/spool/samba@' \
322 - -i "${ED}"/etc/samba/smb.conf.default || die
323 -
324 - # Install init script and conf.d file
325 - newinitd "${CONFDIR}/samba4.initd-r1" samba
326 - newconfd "${CONFDIR}/samba4.confd" samba
327 -
328 - dotmpfiles "${FILESDIR}"/samba.conf
329 - use addc || rm "${D}/$(systemd_get_systemunitdir)/samba.service" || die
330 -
331 - # Preserve functionality for old gentoo-specific unit names
332 - dosym nmb.service "$(systemd_get_systemunitdir)/nmbd.service"
333 - dosym smb.service "$(systemd_get_systemunitdir)/smbd.service"
334 - dosym winbind.service "$(systemd_get_systemunitdir)/winbindd.service"
335 - fi
336 -
337 - if use pam && use winbind ; then
338 - newpamd "${CONFDIR}/system-auth-winbind.pam" system-auth-winbind
339 - # bugs #376853 and #590374
340 - insinto /etc/security
341 - doins examples/pam_winbind/pam_winbind.conf
342 - fi
343 -
344 - keepdir /var/cache/samba
345 - keepdir /var/lib/ctdb
346 - keepdir /var/lib/samba/{bind-dns,private}
347 - keepdir /var/lock/samba
348 - keepdir /var/log/samba
349 -}
350 -
351 -multilib_src_test() {
352 - if multilib_is_native_abi ; then
353 - "${WAF_BINARY}" test || die "test failed"
354 - fi
355 -}
356 -
357 -pkg_postinst() {
358 - tmpfiles_process samba.conf
359 -
360 - if [[ -z ${REPLACING_VERSIONS} ]] ; then
361 - elog "Be aware that this release contains the best of all of Samba's"
362 - elog "technology parts, both a file server (that you can reasonably expect"
363 - elog "to upgrade existing Samba 3.x releases to) and the AD domain"
364 - elog "controller work previously known as 'samba4'."
365 - elog
366 - fi
367 - elog "For further information and migration steps make sure to read "
368 - elog "https://samba.org/samba/history/${P}.html "
369 - elog "https://wiki.samba.org/index.php/Samba4/HOWTO "
370 -}