diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/Manifest b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/Manifest index 7c9274a764..a467083b2b 100644 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/Manifest @@ -1 +1 @@ -DIST samba-4.8.6.tar.gz 17723841 BLAKE2B 38da52e14b4417f26462eef2226c4498e54d2c276b4056e8c6d6c66079f33bcda24c1eab30b29bc7413280ec89a74a55e043e8274ac50f9a25bae7563717ff34 SHA512 f6afab5ca466bd8653a56c205b71ce94ecf0ad0c6e4c9d64cbba7b1e56f1987bc2022e6b629d87eb6078e3f6ba53833c19cfb41e40b6d589e4317ea9d85de273 +DIST samba-4.11.13.tar.gz 18598813 BLAKE2B 5671498058e61c1afbdb0976b6931dc4e13087792612d4fdc3073e8e40a60be82f578836e3baa48f111a600da5c6e0e08aa7ba638fbc1285bbb57644ae7e8b1d SHA512 396ab636db6f9583b772935d58a3cf1860109bb9e1ef841a38c08d7be9f3839d6e198d5cdc80ef0803fcbfa6c06f1173585f3b582937e8834857fc47d90f7181 diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/4.4/samba4.confd b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/4.4/samba4.confd index 58b2c7827b..629a605021 100644 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/4.4/samba4.confd +++ b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/4.4/samba4.confd @@ -6,6 +6,8 @@ # accordingly. daemon_list="smbd nmbd" +piddir="/run/samba" + #---------------------------------------------------------------------------- # Daemons calls: _ #---------------------------------------------------------------------------- @@ -17,22 +19,27 @@ my_service_POST="" # Daemons calls: _ #---------------------------------------------------------------------------- smbd_start_options="-D" -smbd_start="start-stop-daemon --start --exec /usr/sbin/smbd -- ${smbd_start_options}" -smbd_stop="start-stop-daemon --stop --exec /usr/sbin/smbd" +smbd_command="/usr/sbin/smbd" +smbd_start="start-stop-daemon --start --exec ${smbd_command} -- ${smbd_start_options}" +smbd_stop="start-stop-daemon --stop --exec ${smbd_command}" smbd_reload="killall -HUP smbd" nmbd_start_options="-D" -nmbd_start="start-stop-daemon --start --exec /usr/sbin/nmbd -- ${nmbd_start_options}" -nmbd_stop="start-stop-daemon --stop --exec /usr/sbin/nmbd" +nmbd_command="/usr/sbin/nmbd" +nmbd_start="start-stop-daemon --start --exec ${nmbd_command} -- ${nmbd_start_options}" +nmbd_stop="start-stop-daemon --stop --exec ${nmbd_command}" nmbd_reload="killall -HUP nmbd" samba4_start_options="" -samba4_start="start-stop-daemon --start --exec /usr/sbin/samba -- ${samba4_start_options}" -samba4_stop="start-stop-daemon --stop --exec /usr/sbin/samba" +samba4_command="/usr/sbin/samba" +samba4_pidfile="${piddir}/samba.pid" +samba4_start="start-stop-daemon --start --exec ${samba4_command} --pidfile ${samba4_pidfile} -- ${samba4_start_options}" +samba4_stop="start-stop-daemon --stop --exec ${samba4_command} --pidfile ${samba4_pidfile}" samba4_reload="killall -HUP samba" winbind_start_options="" -winbind_start="start-stop-daemon --start --exec /usr/sbin/winbindd -- ${winbind_start_options}" -winbind_stop="start-stop-daemon --stop --exec /usr/sbin/winbindd" +winbind_command="/usr/sbin/winbindd" +winbind_start="start-stop-daemon --start --exec ${winbind_command} -- ${winbind_start_options}" +winbind_stop="start-stop-daemon --stop --exec ${winbind_command}" winbind_reload="killall -HUP winbindd" diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/4.4/samba4.initd-r1 b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/4.4/samba4.initd-r1 index 52a9b68bba..05bd1fcfd6 100644 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/4.4/samba4.initd-r1 +++ b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/4.4/samba4.initd-r1 @@ -1,9 +1,9 @@ #!/sbin/openrc-run -# Copyright 1999-2016 Gentoo Foundation +# Copyright 1999-2018 Gentoo Foundation # Distributed under the terms of the GNU General Public License, v2 or later extra_started_commands="reload" -piddir="/run/samba" +[ -z "${piddir}" ] && piddir="/run/samba" depend() { after slapd diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/4.4/system-auth-winbind.pam b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/4.4/system-auth-winbind.pam new file mode 100644 index 0000000000..8d6746b7ae --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/4.4/system-auth-winbind.pam @@ -0,0 +1,18 @@ +#%PAM-1.0 +# $Id$ + +auth required pam_env.so +auth sufficient pam_winbind.so +auth sufficient pam_unix.so likeauth nullok use_first_pass +auth required pam_deny.so + +account sufficient pam_winbind.so +account required pam_unix.so + +password required pam_cracklib.so retry=3 +password sufficient pam_unix.so nullok use_authtok md5 shadow +password required pam_deny.so + +session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 +session required pam_limits.so +session required pam_unix.so diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/nmbd.service b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/nmbd.service deleted file mode 100644 index 44b4ffba1f..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/nmbd.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Samba NetBIOS name server -After=network.target - -[Service] -Type=forking -PIDFile=/var/run/samba/nmbd.pid -ExecStart=/usr/sbin/nmbd -D -ExecReload=/bin/kill -HUP $MAINPID - -[Install] -WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.13-vfs_snapper_configure_option.patch b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.13-vfs_snapper_configure_option.patch new file mode 100644 index 0000000000..b472119956 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.13-vfs_snapper_configure_option.patch @@ -0,0 +1,56 @@ +From 7ae03a19b3ca895ba5f97a6bd4f9539d8daa6e0a Mon Sep 17 00:00:00 2001 +From: Matt Taylor +Date: Mon, 11 May 2020 15:26:41 -0400 +Subject: [PATCH] build: add configure option to control vfs_snapper build + +vfs_snapper is currently built if dbus development headers / libraries +are detected during configure. This commit adds new --disable-snapper +and --enable-snapper (default) configure parameters. When enabled, +configure will fail if the dbus development headers / libraries are +missing. + +Signed-off-by: Matt Taylor +Reviewed-by: David Disseldorp +Reviewed-by: Andrew Bartlett + +Autobuild-User(master): Andrew Bartlett +Autobuild-Date(master): Mon May 25 01:16:46 UTC 2020 on sn-devel-184 +--- + source3/wscript | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/source3/wscript b/source3/wscript +index 07991806c63..24ade3b0a2b 100644 +--- a/source3/wscript ++++ b/source3/wscript +@@ -74,6 +74,7 @@ def options(opt): + + opt.samba_add_onoff_option('glusterfs', with_name="enable", without_name="disable", default=True) + opt.samba_add_onoff_option('cephfs', with_name="enable", without_name="disable", default=True) ++ opt.samba_add_onoff_option('snapper', with_name="enable", without_name="disable", default=True) + + opt.add_option('--enable-vxfs', + help=("enable support for VxFS (default=no)"), +@@ -1752,11 +1753,16 @@ main() { + if Options.options.enable_vxfs: + conf.DEFINE('HAVE_VXFS', '1') + +- if conf.CHECK_CFG(package='dbus-1', args='--cflags --libs', ++ if Options.options.with_snapper: ++ if conf.CHECK_CFG(package='dbus-1', args='--cflags --libs', + msg='Checking for dbus', uselib_store="DBUS-1"): +- if (conf.CHECK_HEADERS('dbus/dbus.h', lib='dbus-1') ++ if (conf.CHECK_HEADERS('dbus/dbus.h', lib='dbus-1') + and conf.CHECK_LIB('dbus-1', shlib=True)): +- conf.DEFINE('HAVE_DBUS', '1') ++ conf.DEFINE('HAVE_DBUS', '1') ++ else: ++ conf.fatal("vfs_snapper is enabled but prerequisite DBUS libraries " ++ "or headers not found. Use --disable-snapper to disable " ++ "vfs_snapper support."); + + if conf.CHECK_CFG(package='liburing', args='--cflags --libs', + msg='Checking for liburing package', uselib_store="URING"): +-- +2.26.2 + diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.13-winexe_option.patch b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.13-winexe_option.patch new file mode 100644 index 0000000000..63f8a9ec41 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.13-winexe_option.patch @@ -0,0 +1,67 @@ +From 54c21a99e6ca54bdb963c70d322f6778b57a384f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?G=C3=BCnther=20Deschner?= +Date: Wed, 4 Mar 2020 18:51:01 +0100 +Subject: [PATCH] winexe: add configure option to control whether to build it + (default: auto) + +Guenther + +Signed-off-by: Guenther Deschner +Reviewed-by: Andreas Schneider + +Autobuild-User(master): Andreas Schneider +Autobuild-Date(master): Mon Mar 9 16:27:21 UTC 2020 on sn-devel-184 +--- + examples/winexe/wscript_build | 3 ++- + source3/wscript | 17 +++++++++++++++++ + 2 files changed, 19 insertions(+), 1 deletion(-) + +diff --git a/examples/winexe/wscript_build b/examples/winexe/wscript_build +index 43c09717e3d..559ed3fc706 100644 +--- a/examples/winexe/wscript_build ++++ b/examples/winexe/wscript_build +@@ -106,4 +106,5 @@ if winexesvc_binaries != '': + LOADPARM_CTX + libsmb + msrpc3 +- ''') ++ ''', ++ enabled=bld.env.build_winexe) +diff --git a/source3/wscript b/source3/wscript +index 85466b493fa..6d5bd22ca49 100644 +--- a/source3/wscript ++++ b/source3/wscript +@@ -63,6 +63,7 @@ def options(opt): + opt.samba_add_onoff_option('cluster-support', default=False) + + opt.samba_add_onoff_option('regedit', default=None) ++ opt.samba_add_onoff_option('winexe', default=None) + + opt.samba_add_onoff_option('fake-kaserver', + help=("Include AFS fake-kaserver support"), default=False) +@@ -1782,6 +1783,22 @@ main() { + if conf.CHECK_HEADERS('ftw.h') and conf.CHECK_FUNCS('nftw'): + conf.env.build_mvxattr = True + ++ conf.env.build_winexe = False ++ if not Options.options.with_winexe == False: ++ if conf.CONFIG_SET('HAVE_WINEXE_CC_WIN32') or conf.CONFIG_SET('HAVE_WINEXE_CC_WIN64'): ++ conf.env.build_winexe = True ++ ++ if conf.env.build_winexe: ++ Logs.info("building winexe") ++ else: ++ if Options.options.with_winexe == False: ++ Logs.info("not building winexe (--without-winexe)") ++ elif Options.options.with_winexe == True: ++ Logs.error("mingw not available, cannot build winexe") ++ conf.fatal("mingw not available, but --with-winexe was specified") ++ else: ++ Logs.info("mingw not available, not building winexe") ++ + conf.CHECK_FUNCS_IN('DES_pcbc_encrypt', 'crypto') + if Options.options.with_fake_kaserver == True: + conf.CHECK_HEADERS('afs/param.h afs/stds.h', together=True) +-- +2.26.2 + diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.5.1-compile_et_fix.patch b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.5.1-compile_et_fix.patch deleted file mode 100644 index 463512f9a9..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.5.1-compile_et_fix.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- samba-4.5.1/source4/heimdal_build/wscript_configure -+++ samba-4.5.1/source4/heimdal_build/wscript_configure -@@ -258,7 +258,11 @@ - - # With the proper checks in place we should be able to build against the system libtommath. - #if conf.CHECK_BUNDLED_SYSTEM('tommath', checkfunctions='mp_init', headers='tommath.h'): - # conf.define('USING_SYSTEM_TOMMATH', 1) - --check_system_heimdal_binary("compile_et") --check_system_heimdal_binary("asn1_compile") -+# comment out next line to stop Gentoo Samba build from using the compile_et in e2fsprogs-libs -+# to compile the error tables. This produces a compile error later on. -+#check_system_heimdal_binary("compile_et") -+# -+# As a precaution do the same for asn1_compile -+#check_system_heimdal_binary("asn1_compile") diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.9.2-timespec.patch b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.9.2-timespec.patch new file mode 100644 index 0000000000..c82f4af4e7 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.9.2-timespec.patch @@ -0,0 +1,21 @@ +From 11e8c14b78e2423041f3846882f74cd6490a3e44 Mon Sep 17 00:00:00 2001 +From: Joan Karadimov +Date: Thu, 18 Oct 2018 18:16:17 +0300 +Subject: [PATCH] Fix compatibility issues with the timespec struct + +--- + source3/include/libsmbclient.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/source3/include/libsmbclient.h b/source3/include/libsmbclient.h +index 5e4a1715402..6487ea7a8aa 100644 +--- a/source3/include/libsmbclient.h ++++ b/source3/include/libsmbclient.h +@@ -78,6 +78,7 @@ extern "C" { + #include + #include + #include ++#include + #include + + #define SMBC_BASE_FD 10000 /* smallest file descriptor returned */ diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-glibc-2.26-no_rpc.patch b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-glibc-2.26-no_rpc.patch deleted file mode 100644 index e66446845f..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-glibc-2.26-no_rpc.patch +++ /dev/null @@ -1,14 +0,0 @@ -https://attachments.samba.org/attachment.cgi?id=13172 -https://bugs.gentoo.org/637320 - ---- a/lib/replace/wscript -+++ b/lib/replace/wscript -@@ -71,7 +71,7 @@ - conf.CHECK_HEADERS('sys/fileio.h sys/filesys.h sys/dustat.h sys/sysmacros.h') - conf.CHECK_HEADERS('xfs/libxfs.h netgroup.h') - -- conf.CHECK_CODE('', headers='rpc/rpc.h rpcsvc/yp_prot.h', define='HAVE_RPCSVC_YP_PROT_H') -+ conf.CHECK_CODE('ypstat s;', headers='rpc/rpc.h rpcsvc/yp_prot.h', define='HAVE_RPCSVC_YP_PROT_H') - - conf.CHECK_HEADERS('valgrind.h valgrind/valgrind.h valgrind/memcheck.h') - conf.CHECK_HEADERS('nss_common.h nsswitch.h ns_api.h') diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba.conf b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba.conf index e0a6f325cf..a7f4946fb0 100644 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba.conf +++ b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba.conf @@ -1,2 +1,3 @@ D /run/samba 0755 root root +D /run/ctdb 0755 root root D /run/lock/samba 0755 root root diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba.service b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba.service deleted file mode 100644 index 8214ff8631..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Samba AD server -After=network.target winbindd.service -Conflicts=nmbd.service smbd.service - -[Service] -ExecStart=/usr/sbin/samba --interactive - -[Install] -WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/smbd.service b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/smbd.service deleted file mode 100644 index 5c006a44ed..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/smbd.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Samba SMB/CIFS server -After=network.target nmbd.service winbindd.service - -[Service] -Type=forking -PIDFile=/var/run/samba/smbd.pid -ExecStart=/usr/sbin/smbd -D -ExecReload=/bin/kill -HUP $MAINPID - -[Install] -WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/smbd.socket b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/smbd.socket deleted file mode 100644 index 833bf43883..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/smbd.socket +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Samba SMB/CIFS server socket - -[Socket] -ListenStream=445 -Accept=yes - -[Install] -WantedBy=sockets.target diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/smbd_at.service b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/smbd_at.service deleted file mode 100644 index e1f71be3f7..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/smbd_at.service +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -Description=Samba SMB/CIFS server instance - -[Service] -ExecStart=/usr/sbin/smbd -F -ExecReload=/bin/kill -HUP $MAINPID -StandardInput=socket diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/winbindd.service b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/winbindd.service deleted file mode 100644 index 67a778fc76..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/winbindd.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Samba Winbind daemon -After=network.target nmbd.service - -[Service] -Type=forking -PIDFile=/var/run/samba/winbindd.pid -ExecStart=/usr/sbin/winbindd -D -ExecReload=/bin/kill -HUP $MAINPID - -[Install] -WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/metadata.xml b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/metadata.xml index 2a3bd677e0..d1bb8bfdd5 100644 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/metadata.xml @@ -12,14 +12,16 @@ Enable Active Directory Domain Controller support Enable AD DNS integration Enable Active Directory support - Enable asynchronous IO support Enable support for Ceph distributed filesystem via sys-cluster/ceph Enables the client part Enable support for clustering Enable support for DMAPI. This currently works only in combination with XFS. Use app-crypt/gpgme for AD DC + Enable json audit support through dev-libs/jansson Enabling iPrint technology by Novell + Enables support for collecting profiling data Enables support for user quotas + Enable vfs_snapper module (requires sys-apps/dbus) Use app-crypt/heimdal instead of bundled heimdal. Use app-crypt/mit-krb5 instead of diff --git a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/samba-4.8.6.ebuild b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/samba-4.11.13-r1.ebuild similarity index 53% rename from sdk_container/src/third_party/coreos-overlay/net-fs/samba/samba-4.8.6.ebuild rename to sdk_container/src/third_party/coreos-overlay/net-fs/samba/samba-4.11.13-r1.ebuild index 171a126f4d..616a3c56f8 100644 --- a/sdk_container/src/third_party/coreos-overlay/net-fs/samba/samba-4.8.6.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/net-fs/samba/samba-4.11.13-r1.ebuild @@ -1,11 +1,11 @@ -# Copyright 1999-2018 Gentoo Foundation +# Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=6 -PYTHON_COMPAT=( python2_7 ) -PYTHON_REQ_USE='threads(+),xml(+)' -inherit python-single-r1 waf-utils multilib-minimal linux-info systemd eutils +PYTHON_COMPAT=( python3_{6,7} ) +PYTHON_REQ_USE='threads(+),xml(+)' +inherit python-single-r1 waf-utils multilib-minimal linux-info systemd pam MY_PV="${PV/_rc/rc}" MY_P="${PN}-${MY_PV}" @@ -15,23 +15,18 @@ SRC_PATH="stable" SRC_URI="mirror://samba/${SRC_PATH}/${MY_P}.tar.gz" [[ ${PV} = *_rc* ]] || \ -KEYWORDS="alpha amd64 arm arm64 ~hppa ia64 ppc ppc64 sparc x86" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ppc ppc64 sparc x86" DESCRIPTION="Samba Suite Version 4" -HOMEPAGE="http://www.samba.org/" +HOMEPAGE="https://www.samba.org/" LICENSE="GPL-3" SLOT="0" -IUSE="acl addc addns ads client cluster cups dmapi fam gnutls gpg iprint ldap pam -quota selinux syslog system-heimdal +system-mitkrb5 systemd test winbind zeroconf" -IUSE+=" +minimal" # COREOS: Only install libraries, not executables. - -# the test suite is messed, it uses system-installed samba -# bits instead of what was built, tests things disabled via use -# flags, and generally just fails to work in a way ebuilds could -# rely on in its current state -RESTRICT="test" +IUSE="acl addc addns ads ceph client cluster cups debug dmapi fam gpg iprint +json ldap pam profiling-data python quota selinux snapper syslog +system-heimdal +system-mitkrb5 systemd test winbind zeroconf" +IUSE+=" +minimal" # Flatcar: Only install libraries, not executables. MULTILIB_WRAPPED_HEADERS=( /usr/include/samba-4.0/policy.h @@ -44,69 +39,93 @@ MULTILIB_WRAPPED_HEADERS=( /usr/include/samba-4.0/ctdb_version.h ) -# sys-apps/attr is an automagic dependency (see bug #489748) CDEPEND=" >=app-arch/libarchive-3.1.2[${MULTILIB_USEDEP}] - dev-libs/libaio[${MULTILIB_USEDEP}] dev-libs/libbsd[${MULTILIB_USEDEP}] - dev-libs/iniparser:0 + !minimal? ( dev-libs/libtasn1[${MULTILIB_USEDEP}] ) dev-libs/popt[${MULTILIB_USEDEP}] - sys-apps/attr[${MULTILIB_USEDEP}] + >=net-libs/gnutls-3.2.0[${MULTILIB_USEDEP}] + sys-libs/e2fsprogs-libs[${MULTILIB_USEDEP}] sys-libs/libcap - sys-libs/ncurses:0=[${MULTILIB_USEDEP}] + sys-libs/ncurses:0= sys-libs/readline:0= sys-libs/zlib[${MULTILIB_USEDEP}] virtual/libiconv - pam? ( virtual/pam ) + pam? ( sys-libs/pam ) acl? ( virtual/acl ) - addns? ( net-dns/bind-tools[gssapi] ) + addns? ( + net-dns/bind-tools[gssapi] + dev-python/dnspython + ) + ceph? ( sys-cluster/ceph ) cluster? ( net-libs/rpcsvc-proto !dev-db/ctdb ) cups? ( net-print/cups ) + debug? ( dev-util/lttng-ust ) dmapi? ( sys-apps/dmapi ) fam? ( virtual/fam ) - gnutls? ( - dev-libs/libgcrypt:0 - >=net-libs/gnutls-1.4.0 - ) gpg? ( app-crypt/gpgme ) + json? ( dev-libs/jansson ) ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) + snapper? ( sys-apps/dbus ) system-heimdal? ( >=app-crypt/heimdal-1.5[-ssl,${MULTILIB_USEDEP}] ) - system-mitkrb5? ( app-crypt/mit-krb5[${MULTILIB_USEDEP}] ) - systemd? ( sys-apps/systemd:0= )" + system-mitkrb5? ( >=app-crypt/mit-krb5-1.15.1[${MULTILIB_USEDEP}] ) + systemd? ( sys-apps/systemd:0= ) + zeroconf? ( net-dns/avahi[dbus] ) +" DEPEND="${CDEPEND} ${PYTHON_DEPS} app-text/docbook-xsl-stylesheets dev-lang/perl:= dev-libs/libxslt + >=dev-util/cmocka-1.1.1[${MULTILIB_USEDEP}] + net-libs/libtirpc[${MULTILIB_USEDEP}] virtual/pkgconfig + || ( + net-libs/rpcsvc-proto + =sys-libs/nss_wrapper-1.1.3 - >=net-dns/resolv_wrapper-1.1.4 - >=net-libs/socket_wrapper-1.1.7 - >=sys-libs/uid_wrapper-1.2.1 + !system-mitkrb5? ( + >=sys-libs/nss_wrapper-1.1.3 + >=net-dns/resolv_wrapper-1.1.4 + >=net-libs/socket_wrapper-1.1.9 + >=sys-libs/uid_wrapper-1.2.1 + ) )" RDEPEND="${CDEPEND} + python? ( ${PYTHON_DEPS} ) client? ( net-fs/cifs-utils[ads?] ) selinux? ( sec-policy/selinux-samba ) !dev-perl/Parse-Yapp " REQUIRED_USE=" - addc? ( gnutls !system-mitkrb5 ) - ads? ( acl gnutls ldap ) + addc? ( python json winbind ) + addns? ( python ) + ads? ( acl ldap winbind ) cluster? ( ads ) gpg? ( addc ) + test? ( python ) ?? ( system-heimdal system-mitkrb5 ) - ${PYTHON_REQUIRED_USE}" + ${PYTHON_REQUIRED_USE} +" + +# the test suite is messed, it uses system-installed samba +# bits instead of what was built, tests things disabled via use +# flags, and generally just fails to work in a way ebuilds could +# rely on in its current state +RESTRICT="test" S="${WORKDIR}/${MY_P}" PATCHES=( "${FILESDIR}/${PN}-4.4.0-pam.patch" - "${FILESDIR}/${PN}-4.5.1-compile_et_fix.patch" + "${FILESDIR}/${PN}-4.9.2-timespec.patch" + "${FILESDIR}/${PN}-4.13-winexe_option.patch" + "${FILESDIR}/${PN}-4.13-vfs_snapper_configure_option.patch" ) #CONFDIR="${FILESDIR}/$(get_version_component_range 1-2)" @@ -117,6 +136,9 @@ WAF_BINARY="${S}/buildtools/bin/waf" SHAREDMODS="" pkg_setup() { + # Package fails to build with distcc + export DISTCC_DISABLE=1 + python-single-r1_pkg_setup if use cluster ; then SHAREDMODS="idmap_rid,idmap_tdb2,idmap_ad" @@ -128,6 +150,14 @@ pkg_setup() { src_prepare() { default + # un-bundle dnspython + sed -i -e '/"dns.resolver":/d' "${S}"/third_party/wscript || die + + # unbundle iso8601 unless tests are enabled + if ! use test ; then + sed -i -e '/"iso8601":/d' "${S}"/third_party/wscript || die + fi + sed -e 's:::' \ -i source4/dsdb/samdb/ldb_modules/password_hash.c \ || die @@ -144,75 +174,56 @@ multilib_src_configure() { bundled_libs="heimbase,heimntlm,hdb,kdc,krb5,wind,gssapi,hcrypto,hx509,roken,asn1,com_err,NONE" fi - # COREOS: Don't depend on tons of new packages with broken cross-compilation support. + # Flatcar: Don't depend on tons of new packages with broken cross-compilation support. bundled_libs=ALL - local myconf=() - myconf=( + local myconf=( --enable-fhs --sysconfdir="${EPREFIX}/etc" --localstatedir="${EPREFIX}/var" --with-modulesdir="${EPREFIX}/usr/$(get_libdir)/samba" --with-piddir="${EPREFIX}/run/${PN}" - --without-lttng --bundled-libraries="${bundled_libs}" --builtin-libraries=NONE --disable-rpath --disable-rpath-install --nopyc --nopyo - --disable-cephfs - --disable-python # COREOS: Don't build libraries requiring Python. + --without-winexe + --disable-python # Flatcar: Don't build libraries requiring Python. + $(multilib_native_use_with acl acl-support) + $(multilib_native_usex addc '' '--without-ad-dc') + $(multilib_native_use_with addns dnsupdate) + $(multilib_native_use_with ads) + $(multilib_native_use_enable ceph cephfs) + $(multilib_native_use_with cluster cluster-support) + $(multilib_native_use_enable cups) + $(multilib_native_use_with dmapi) + $(multilib_native_use_with fam) + $(multilib_native_use_with gpg gpgme) + $(multilib_native_use_with json) + $(multilib_native_use_enable iprint) + $(multilib_native_use_with pam) + $(multilib_native_usex pam "--with-pammodulesdir=${EPREFIX}/$(get_libdir)/security" '') + $(multilib_native_use_with quota quotas) + $(multilib_native_use_enable snapper) + $(multilib_native_use_with syslog) + $(multilib_native_use_with systemd) + --systemd-install-services + --with-systemddir="$(systemd_get_systemunitdir)" + $(multilib_native_use_with winbind) + $(multilib_native_usex python '' '--disable-python') + $(multilib_native_use_enable zeroconf avahi) + $(multilib_native_usex test '--enable-selftest' '') + $(usex system-mitkrb5 "--with-system-mitkrb5 $(multilib_native_usex addc --with-experimental-mit-ad-dc '')" '') + $(use_with debug lttng) + $(use_with ldap) + $(use_with profiling-data) + # bug #683148 + --jobs 1 ) - if multilib_is_native_abi ; then - myconf+=( - $(use_with acl acl-support) - $(usex addc '' '--without-ad-dc') - $(use_with addns dnsupdate) - $(use_with ads) - $(use_with cluster cluster-support) - $(use_enable cups) - $(use_with dmapi) - $(use_with fam) - $(use_enable gnutls) - $(use_with gpg gpgme) - $(use_enable iprint) - $(use_with ldap) - $(use_with pam) - $(usex pam "--with-pammodulesdir=${EPREFIX}/$(get_libdir)/security" '') - $(use_with quota quotas) - $(use_with syslog) - $(use_with systemd) - $(usex system-mitkrb5 '--with-system-mitkrb5' '') - $(use_with winbind) - $(usex test '--enable-selftest' '') - $(use_enable zeroconf avahi) - --with-shared-modules=${SHAREDMODS} - ) - else - myconf+=( - --without-acl-support - --without-ad-dc - --without-dnsupdate - --without-ads - --disable-avahi - --without-cluster-support - --disable-cups - --without-dmapi - --without-fam - --disable-gnutls - --without-gpgme - --disable-iprint - $(use_with ldap) - --without-pam - --without-quotas - --without-syslog - --without-systemd - $(usex system-mitkrb5 '--with-system-mitkrb5' '') - --without-winbind - --disable-python - ) - fi + + multilib_is_native_abi && myconf+=( --with-shared-modules=${SHAREDMODS} ) CPPFLAGS="-I${SYSROOT}${EPREFIX}/usr/include/et ${CPPFLAGS}" \ waf-utils_src_configure ${myconf[@]} @@ -226,9 +237,9 @@ multilib_src_install() { waf-utils_src_install # Make all .so files executable - find "${D}" -type f -name "*.so" -exec chmod +x {} + + find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die - if multilib_is_native_abi; then + if multilib_is_native_abi ; then # install ldap schema for server (bug #491002) if use ldap ; then insinto /etc/openldap/schema @@ -260,13 +271,26 @@ multilib_src_install() { if ! use minimal ; then systemd_dotmpfilesd "${FILESDIR}"/samba.conf fi - systemd_dounit "${FILESDIR}"/nmbd.service - systemd_dounit "${FILESDIR}"/smbd.{service,socket} - systemd_newunit "${FILESDIR}"/smbd_at.service 'smbd@.service' - systemd_dounit "${FILESDIR}"/winbindd.service - systemd_dounit "${FILESDIR}"/samba.service + use addc || rm "${D}/$(systemd_get_systemunitdir)/samba.service" || die + + # Preserve functionality for old gentoo-specific unit names + dosym nmb.service "$(systemd_get_systemunitdir)/nmbd.service" + dosym smb.service "$(systemd_get_systemunitdir)/smbd.service" + dosym winbind.service "$(systemd_get_systemunitdir)/winbindd.service" fi + if use pam && use winbind ; then + newpamd "${CONFDIR}/system-auth-winbind.pam" system-auth-winbind + # bugs #376853 and #590374 + insinto /etc/security + doins examples/pam_winbind/pam_winbind.conf + fi + + keepdir /var/cache/samba + keepdir /var/lib/ctdb + keepdir /var/lib/samba/{bind-dns,private} + keepdir /var/log/samba + rm -f "${ED%/}"/etc/samba/* rm -f "${ED%/}"/usr/lib*/samba/ldb/* if use minimal ; then @@ -281,6 +305,12 @@ multilib_src_install() { fi } +multilib_src_install_all() { + # Attempt to fix bug #673168 + find "${ED}" -type d -name "Yapp" -print0 \ + | xargs -0 --no-run-if-empty rm -r || die +} + multilib_src_test() { if multilib_is_native_abi ; then "${WAF_BINARY}" test || die "test failed" @@ -288,13 +318,12 @@ multilib_src_test() { } pkg_postinst() { - ewarn "Be aware the this release contains the best of all of Samba's" + ewarn "Be aware that this release contains the best of all of Samba's" ewarn "technology parts, both a file server (that you can reasonably expect" ewarn "to upgrade existing Samba 3.x releases to) and the AD domain" ewarn "controller work previously known as 'samba4'." elog "For further information and migration steps make sure to read " - elog "http://samba.org/samba/history/${P}.html " - elog "http://samba.org/samba/history/${PN}-4.5.0.html and" - elog "http://wiki.samba.org/index.php/Samba4/HOWTO " + elog "https://samba.org/samba/history/${P}.html " + elog "https://wiki.samba.org/index.php/Samba4/HOWTO " } diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords index b6060b1d83..3e8b46617b 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords @@ -66,8 +66,6 @@ =sys-fs/quota-4.04-r1 ~arm64 =sys-libs/binutils-libs-2.29.1-r1 ~arm64 =sys-libs/libcap-ng-0.7.8 ~arm64 -=sys-libs/tdb-1.3.8 ~arm64 -=sys-libs/tevent-0.9.28 ~arm64 =virtual/krb5-0-r1 ~arm64 =virtual/libudev-232 ~arm64 =virtual/libusb-1-r2 ~arm64 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords index 6d3923b1d2..33f05607b8 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords @@ -20,9 +20,6 @@ dev-python/boto # no version marked stable upstream dev-util/checkbashisms -# Older versions of sssd fail to build -=sys-auth/sssd-1.13.1 ~amd64 ~arm64 - # jq 1.5-r2 for heap overflow fix # https://bugs.gentoo.org/show_bug.cgi?id=580606 # jq 1.6-r3 for CVE-2015-8863 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.provided b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.provided index b537b2d65f..66239364b5 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.provided +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.provided @@ -1,2 +1,5 @@ # Skip MTA dependencies. virtual/mta-1 + +# pulled in by dev-libs/cyrus-sasl +net-mail/mailbase-1.1 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use index 78d62bcf5b..3decf29cb5 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use @@ -28,6 +28,10 @@ sys-apps/portage -python_targets_python3_6 # python3 only dev-util/gdbus-codegen python_single_target_python3_6 dev-util/glib-utils python_single_target_python3_6 +net-fs/samba python_single_target_python3_6 +sys-libs/talloc python_single_target_python3_6 +sys-libs/tdb python_single_target_python3_6 +sys-libs/tevent python_single_target_python3_6 sys-apps/gptfdisk -icu @@ -73,7 +77,7 @@ sys-libs/glibc nscd dev-libs/cyrus-sasl kerberos -berkdb -gdbm # don't build manpages for sssd -sys-auth/sssd -manpages -python samba kerberos gssapi ssh sudo +sys-auth/sssd -python samba kerberos gssapi ssh sudo # needed for realmd build sys-auth/polkit introspection diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/prod/package.mask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/prod/package.mask index b01f1b0e92..7f198c44e9 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/prod/package.mask +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/prod/package.mask @@ -7,9 +7,6 @@ dev-lang/perl dev-lang/python dev-lang/ruby -# Since all SSL/TLS implementations are bad we minimize the number we ship. -net-libs/gnutls - # We do not configure/install grub like other distros so shipping the user # space tools would have limited utility. sys-boot/grub diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/Manifest index 8cb22a3997..ea7605714c 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/Manifest @@ -1 +1 @@ -DIST sssd-1.16.3.tar.gz 6217114 BLAKE2B eefaf8de466d0d76e9a4b60aefef6eb63c17a55b9a1f2e07e973a61d71cbe5432e92357656a1eb353d45bbc2fa92290cef45898d0b315d4a4c4074652ff25a23 SHA512 6165923f652f624bbe3ddc625ae682c4867eb7a20652d0cf74bbb8dda2307c917d3189ede26fd21a4fb5fd5926149271a65fa09f3affe928029ed99e6422b728 +DIST sssd-2.3.1.tar.gz 7186526 BLAKE2B 6d630fe75b9b426ef54adbe1704fde8e01fc34df7861028c07ce2985db8a151ce743d633061386fea6460fe8eabb89242b816d4bac87975bb9b7b2064ad1d547 SHA512 6aeb52d5222c5992d581296996749327bcaf276e4eb4413a6a32ea6529343432cfe413006aca4245c19b38b515be1c4c2ef88a157c617d889274179253355bc6 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-2.3.1-disable-nsupdate-realm.patch b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-2.3.1-disable-nsupdate-realm.patch new file mode 100644 index 0000000000..7d80dc8415 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-2.3.1-disable-nsupdate-realm.patch @@ -0,0 +1,10 @@ +--- a/src/external/nsupdate.m4 2020-11-05 16:27:14.661566136 +0100 ++++ b/src/external/nsupdate.m4 2020-11-05 16:27:30.060674381 +0100 +@@ -9,7 +9,6 @@ + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) +- AC_MSG_ERROR([nsupdate does not support 'realm']) + fi + + else diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-2.3.1-test_ca-Look-for-libsofthsm2.so-in-usr-libdir-sofths.patch b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-2.3.1-test_ca-Look-for-libsofthsm2.so-in-usr-libdir-sofths.patch new file mode 100644 index 0000000000..b84df9a91c --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-2.3.1-test_ca-Look-for-libsofthsm2.so-in-usr-libdir-sofths.patch @@ -0,0 +1,32 @@ +From fc79d035ccc4c1a5da26bbd780aeb7e0a0afebf5 Mon Sep 17 00:00:00 2001 +From: Matt Turner +Date: Fri, 14 Aug 2020 13:36:30 -0700 +Subject: [PATCH] test_ca: Look for libsofthsm2.so in /usr/${libdir}/softhsm + too + +Signed-off-by: Matt Turner +--- + src/external/test_ca.m4 | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/external/test_ca.m4 b/src/external/test_ca.m4 +index 4d45a5a16..d318789bc 100644 +--- a/src/external/test_ca.m4 ++++ b/src/external/test_ca.m4 +@@ -33,9 +33,10 @@ AC_DEFUN([AM_CHECK_TEST_CA], + AM_CONDITIONAL([BUILD_TEST_CA], [test -x "$OPENSSL" -a -x "$SSH_KEYGEN" -a -x "$CERTUTIL" -a -x "$PK12UTIL"]) + else + +- for p in /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so; do +- if test -f "${p}"; then +- SOFTHSM2_PATH="${p}" ++ for p in /usr/lib{64,}/{softhsm,pkcs11} /usr/lib/x86_64-linux-gnu/softhsm; do ++ f="${p}/libsofthsm2.so" ++ if test -f "${f}"; then ++ SOFTHSM2_PATH="${f}" + break; + fi + done +-- +2.26.2 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-curl-macros.patch b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-curl-macros.patch deleted file mode 100644 index 91e71e8378..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-curl-macros.patch +++ /dev/null @@ -1,34 +0,0 @@ -From d3cdf9cbfbace4874c6e5c96f1e5ef5b342c813e Mon Sep 17 00:00:00 2001 -From: Mikle Kolyada -Date: Sun, 16 Dec 2018 20:42:39 +0300 -Subject: [PATCH] tev_curl.c: remove case duplication - -CURLE_SSL_CACERT and CURLE_PEER_FAILED_VERIFICATION macros are provided -by net-misc/curl-7.62.0 and older ---- - tev_curl.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/tev_curl.c b/tev_curl.c -index 6a7a580..ce6fdba 100644 ---- a/src/util/tev_curl.c -+++ b/src/util/tev_curl.c -@@ -97,7 +97,6 @@ static errno_t curl_code2errno(CURLcode crv) - return ETIMEDOUT; - case CURLE_SSL_ISSUER_ERROR: - case CURLE_SSL_CACERT_BADFILE: -- case CURLE_SSL_CACERT: - case CURLE_SSL_CERTPROBLEM: - return ERR_INVALID_CERT; - -@@ -110,8 +109,6 @@ static errno_t curl_code2errno(CURLcode crv) - case CURLE_SSL_ENGINE_NOTFOUND: - case CURLE_SSL_CONNECT_ERROR: - return ERR_SSL_FAILURE; -- case CURLE_PEER_FAILED_VERIFICATION: -- return ERR_UNABLE_TO_VERIFY_PEER; - case CURLE_COULDNT_RESOLVE_HOST: - return ERR_UNABLE_TO_RESOLVE_HOST; - default: --- -2.19.2 \ No newline at end of file diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch deleted file mode 100644 index 87db45fd24..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 28792523a01a7d21bcc8931794164f253e691a68 Mon Sep 17 00:00:00 2001 -From: Tomas Halman -Date: Mon, 3 Dec 2018 14:11:31 +0100 -Subject: [PATCH] nss: sssd returns '/' for emtpy home directories - -For empty home directory in passwd file sssd returns "/". Sssd -should respect system behaviour and return the same as nsswitch -"files" module - return empty string. - -Resolves: -https://pagure.io/SSSD/sssd/issue/3901 - -Reviewed-by: Simo Sorce -Reviewed-by: Jakub Hrozek -(cherry picked from commit 90f32399b4100ce39cf665649fde82d215e5eb49) ---- - src/confdb/confdb.c | 9 +++++++++ - src/man/include/ad_modified_defaults.xml | 19 +++++++++++++++++++ - src/responder/nss/nss_protocol_pwent.c | 2 +- - src/tests/intg/test_files_provider.py | 2 +- - 4 files changed, 30 insertions(+), 2 deletions(-) - -diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c -index a3eb9c66d9..17bb4f8274 100644 ---- a/src/confdb/confdb.c -+++ b/src/confdb/confdb.c -@@ -1301,6 +1301,15 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, - ret = ENOMEM; - goto done; - } -+ } else { -+ if (strcasecmp(domain->provider, "ad") == 0) { -+ /* ad provider default */ -+ domain->fallback_homedir = talloc_strdup(domain, "/home/%d/%u"); -+ if (!domain->fallback_homedir) { -+ ret = ENOMEM; -+ goto done; -+ } -+ } - } - - tmp = ldb_msg_find_attr_as_string(res->msgs[0], -diff --git a/src/man/include/ad_modified_defaults.xml b/src/man/include/ad_modified_defaults.xml -index 818a2bf787..425b7e8ee0 100644 ---- a/src/man/include/ad_modified_defaults.xml -+++ b/src/man/include/ad_modified_defaults.xml -@@ -76,4 +76,23 @@ - - - -+ -+ NSS configuration -+ -+ -+ -+ fallback_homedir = /home/%d/%u -+ -+ -+ The AD provider automatically sets -+ "fallback_homedir = /home/%d/%u" to provide personal -+ home directories for users without the homeDirectory -+ attribute. If your AD Domain is properly -+ populated with Posix attributes, and you want to avoid -+ this fallback behavior, you can explicitly -+ set "fallback_homedir = %o". -+ -+ -+ -+ - -diff --git a/src/responder/nss/nss_protocol_pwent.c b/src/responder/nss/nss_protocol_pwent.c -index af9e74fc86..86fa4ec465 100644 ---- a/src/responder/nss/nss_protocol_pwent.c -+++ b/src/responder/nss/nss_protocol_pwent.c -@@ -118,7 +118,7 @@ nss_get_homedir(TALLOC_CTX *mem_ctx, - - homedir = nss_get_homedir_override(mem_ctx, msg, nss_ctx, domain, &hd_ctx); - if (homedir == NULL) { -- return "/"; -+ return ""; - } - - return homedir; -diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py -index ead1cc4c34..4761f1bd15 100644 ---- a/src/tests/intg/test_files_provider.py -+++ b/src/tests/intg/test_files_provider.py -@@ -678,7 +678,7 @@ def test_user_no_dir(setup_pw_with_canary, files_domain_only): - Test that resolving a user without a homedir defined works and returns - a fallback value - """ -- check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', '/')) -+ check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', '')) - - - def test_user_no_gecos(setup_pw_with_canary, files_domain_only): diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/metadata.xml b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/metadata.xml index 5b5f4a6f7a..5b808c16ef 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/metadata.xml @@ -1,21 +1,29 @@ + + base-system@gentoo.org + Gentoo Base System + alexxy@gentoo.org Alexey Shvetsov Build and use the cifsidmap plugin + Build helper to let net-fs/autofs use sssd provided information Install sssd's Kerberos plugin + Build man pages with dev-libs/libxslt + Build man pages with dev-libs/libxslt Add support for netlink protocol via dev-libs/libnl Add support for the nfsv4 idmapd plugin provided by net-libs/libnfsidmap - Build man pages with dev-libs/libxslt - Build helper to let net-fs/autofs use sssd provided information + Add Privileged Attribute Certificate Support for Kerberos Build helper to let net-misc/openssh use sssd provided information Build helper to let app-admin/sudo use sssd provided information + Depend on dev-util/valgrind for test suite - cpe:/a:fedorahosted:sssd + cpe:/a:fedoraproject:sssd + SSSD/sssd diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-1.16.3-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-2.3.1-r2.ebuild similarity index 54% rename from sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-1.16.3-r3.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-2.3.1-r2.ebuild index 089931addb..00c8fa484c 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-1.16.3-r3.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-2.3.1-r2.ebuild @@ -8,67 +8,95 @@ EAPI=7 -inherit autotools flag-o-matic linux-info multilib-minimal pam systemd toolchain-funcs +PYTHON_COMPAT=( python3_7 ) + +inherit autotools flag-o-matic linux-info multilib-minimal python-single-r1 pam systemd toolchain-funcs DESCRIPTION="System Security Services Daemon provides access to identity and authentication" -HOMEPAGE="https://pagure.io/SSSD/sssd" -SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz" +HOMEPAGE="https://github.com/SSSD/sssd" +SRC_URI="https://github.com/SSSD/sssd/releases/download/${PN}-${PV//./_}/${P}.tar.gz" # Flatcar: stabilize arm64 KEYWORDS="amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc x86" LICENSE="GPL-3" SLOT="0" -IUSE="acl autofs +locator +netlink nfsv4 nls +manpages samba selinux sudo ssh test" +IUSE="acl doc +locator +netlink nfsv4 nls +man pac python samba selinux sudo systemd test valgrind" RESTRICT="!test? ( test )" -# Flatcar: don't force gssapi for >=net-dns/bind-tools-9.9 -COMMON_DEP=" - >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] - >=dev-libs/popt-1.16 - dev-libs/glib:2 +REQUIRED_USE="pac? ( samba ) + python? ( ${PYTHON_REQUIRED_USE} )" + +# Flatcar: do not force gssapi for >=net-dns/bind-tools-9.9 +# do not force winbind for net-fs/samba +DEPEND=" + >=app-crypt/mit-krb5-1.10.3 + app-crypt/p11-kit >=dev-libs/ding-libs-0.2 + dev-libs/glib:2 + >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] + >=dev-libs/libpcre-8.30:= + >=dev-libs/popt-1.16 + >=dev-libs/openssl-1.0.2:0= + >=net-dns/bind-tools-9.9 + >=net-dns/c-ares-1.7.4 + >=net-nds/openldap-2.4.30[sasl] + >=sys-apps/dbus-1.6 + >=sys-apps/keyutils-1.5:= + >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] >=sys-libs/talloc-2.0.7 >=sys-libs/tdb-1.2.9 >=sys-libs/tevent-0.9.16 >=sys-libs/ldb-1.1.17-r1:= - >=net-nds/openldap-2.4.30[sasl] - net-libs/http-parser - >=dev-libs/libpcre-8.30 - >=app-crypt/mit-krb5-1.10.3 - dev-libs/jansson - net-misc/curl + virtual/libintl locator? ( >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}] >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}] ) - >=sys-apps/keyutils-1.5:= - >=net-dns/c-ares-1.7.4 - >=dev-libs/nss-3.12.9 + acl? ( net-fs/cifs-utils[acl] ) + netlink? ( dev-libs/libnl:3 ) + nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) ) + nls? ( >=sys-devel/gettext-0.18 ) + pac? ( + app-crypt/mit-krb5[${MULTILIB_USEDEP}] + net-fs/samba + ) + python? ( ${PYTHON_DEPS} ) + samba? ( >=net-fs/samba-4.10.2 ) selinux? ( >=sys-libs/libselinux-2.1.9 >=sys-libs/libsemanage-2.1 ) - >=net-dns/bind-tools-9.9 - >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] - >=sys-apps/dbus-1.6 - acl? ( net-fs/cifs-utils[acl] ) - nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) ) - nls? ( >=sys-devel/gettext-0.18 ) - virtual/libintl - netlink? ( dev-libs/libnl:3 ) - samba? ( >=net-fs/samba-4.5 ) + systemd? ( + dev-libs/jansson:0= + net-libs/http-parser:0= + net-misc/curl:0= + ) " -RDEPEND="${COMMON_DEP} +RDEPEND="${DEPEND} >=sys-libs/glibc-2.17[nscd] selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 ) " -DEPEND="${COMMON_DEP} - test? ( dev-libs/check ) - manpages? ( - >=dev-libs/libxslt-1.1.26 +# Flatcar: require only autoconf:2.69 +BDEPEND=" + sys-devel/autoconf:2.69 + doc? ( app-doc/doxygen ) + test? ( + dev-libs/check + dev-libs/softhsm:2 + dev-util/cmocka + net-libs/gnutls[pkcs11,tools] + sys-libs/libfaketime + sys-libs/nss_wrapper + sys-libs/pam_wrapper + sys-libs/uid_wrapper + valgrind? ( dev-util/valgrind ) + ) + man? ( app-text/docbook-xml-dtd:4.4 - )" + >=dev-libs/libxslt-1.1.26 + nls? ( app-text/po4a ) + )" CONFIG_CHECK="~KEYS" @@ -76,7 +104,6 @@ MULTILIB_WRAPPED_HEADERS=( /usr/include/ipa_hbac.h /usr/include/sss_idmap.h /usr/include/sss_nss_idmap.h - /usr/include/wbclient_sssd.h # --with-ifp /usr/include/sss_sifp.h /usr/include/sss_sifp_dbus.h @@ -84,20 +111,25 @@ MULTILIB_WRAPPED_HEADERS=( /usr/include/sss_certmap.h ) +PATCHES=( + "${FILESDIR}"/${P}-test_ca-Look-for-libsofthsm2.so-in-usr-libdir-sofths.patch + "${FILESDIR}"/${P}-disable-nsupdate-realm.patch +) + pkg_setup() { linux-info_pkg_setup } src_prepare() { - sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \ - "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in" - - eapply "${FILESDIR}"/${PN}-curl-macros.patch - eapply "${FILESDIR}"/${PN}-fix-CVE-2019-3811.patch + sed -i 's:/var/run:/run:' \ + "${S}"/src/examples/logrotate || die default eautoreconf multilib_copy_sources + if use python && multilib_is_native_abi; then + python_setup + fi } src_configure() { @@ -107,19 +139,23 @@ src_configure() { } multilib_src_configure() { - # Flatcar: delete, use systemd and not sysv - - #Work around linker dependency problem. - append-ldflags "-Wl,--allow-shlib-undefined" + local myconf=() myconf+=( --localstatedir="${EPREFIX}"/var - --enable-nsslibdir="${EPREFIX}"/$(get_libdir) + --with-pid-path="${EPREFIX}"/run --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir) --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb + --with-db-path="${EPREFIX}"/var/lib/sss/db + --with-gpo-cache-path="${EPREFIX}"/var/lib/sss/gpo_cache + --with-pubconf-path="${EPREFIX}"/var/lib/sss/pubconf + --with-pipe-path="${EPREFIX}"/var/lib/sss/pipes + --with-mcache-path="${EPREFIX}"/var/lib/sss/mc + --with-secrets-db-path="${EPREFIX}"/var/lib/sss/secrets + --with-log-path="${EPREFIX}"/var/log/sssd --with-os=gentoo - --with-nscd + --with-nscd="${EPREFIX}"/usr/sbin/nscd --with-unicode-lib="glib2" --disable-rpath # Flatcar: make nss lookups succeed when not running @@ -129,36 +165,48 @@ multilib_src_configure() { $(use_with samba smb-idmap-interface-version=6) # --sbindir=/usr/sbin - --without-kcm - $(use_with samba libwbclient) - --with-secrets - $(multilib_native_use_with samba) + --with-crypto="libcrypto" + --enable-local-provider + $(multilib_native_use_with systemd kcm) + $(multilib_native_use_with systemd secrets) + $(use_with samba) + --with-smb-idmap-interface-version=6 $(multilib_native_use_enable acl cifs-idmap-plugin) $(multilib_native_use_with selinux) $(multilib_native_use_with selinux semanage) $(use_enable locator krb5-locator-plugin) + $(use_enable pac pac-responder) $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin) - $(use_enable nls ) + $(use_enable nls) $(multilib_native_use_with netlink libnl) - $(multilib_native_use_with manpages) + $(multilib_native_use_with man manpages) $(multilib_native_use_with sudo) - $(multilib_native_use_with autofs) - $(multilib_native_use_with ssh) - --with-crypto="nss" - --with-initscript="sysv" + $(multilib_native_with autofs) + $(multilib_native_with ssh) + $(use_enable valgrind) --without-python2-bindings - --without-python3-bindings - # Flatcar: delete, fix krb5-config detection + $(multilib_native_use_with python python3-bindings) ) + # Annoyingly configure requires that you pick systemd XOR sysv + if use systemd; then + myconf+=( + --with-initscript="systemd" + --with-systemdunitdir=$(systemd_get_systemunitdir) + ) + else + myconf+=(--with-initscript="sysv") + fi + if ! multilib_is_native_abi; then # work-around all the libraries that are used for CLI and server myconf+=( {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' ' # ldb headers are fine since native needs it # ldb lib fails... but it does not seem to bother - {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1}}_{CFLAGS,LIBS}=' ' - {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO}_{CFLAGS,LIBS}=' ' + {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1,1_3}}_{CFLAGS,LIBS}=' ' + {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO,P11_KIT}_{CFLAGS,LIBS}=' ' + {NDR_NBT,SMBCLIENT,NDR_KRB5PAC}_{CFLAGS,LIBS}=' ' # use native include path for dbus (needed for build) DBUS_CFLAGS="${native_dbus_cflags}" @@ -166,13 +214,7 @@ multilib_src_configure() { # non-pkgconfig checks ac_cv_lib_ldap_ldap_search=yes --without-secrets - --without-libwbclient --without-kcm - --with-crypto="" - ) - - use locator || myconf+=( - KRB5_CONFIG=/bin/true ) fi @@ -181,17 +223,29 @@ multilib_src_configure() { multilib_src_compile() { if multilib_is_native_abi; then - default + # Flatcar: add runstatedir to make commands to avoid configure error + default runstatedir="${EPREFIX}"/run + use doc && emake docs + if use man || use nls; then + emake update-po + fi else emake libnss_sss.la pam_sss.la use locator && emake sssd_krb5_locator_plugin.la + use pac && emake sssd_pac_plugin.la fi } multilib_src_install() { if multilib_is_native_abi; then - # Flatcar: add sysconfdir - emake -j1 DESTDIR="${D}" sysconfdir="/usr/share" "${_at_args[@]}" install + # Flatcar: add runstatedir, sysconfdir + emake -j1 DESTDIR="${D}" runstatedir="${EPREFIX}"/run \ + sysconfdir="/usr/share" "${_at_args[@]}" install + if use python; then + python_optimize + python_fix_shebang "${ED}" + fi + else # easier than playing with automake... dopammod .libs/pam_sss.so @@ -203,6 +257,11 @@ multilib_src_install() { exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 doexe .libs/sssd_krb5_locator_plugin.so fi + + if use pac; then + exeinto /usr/$(get_libdir)/krb5/plugins/authdata + doexe .libs/sssd_pac_plugin.so + fi fi } @@ -216,18 +275,24 @@ multilib_src_install_all() { # Flatcar: delete, remove /var files taken care of by tmpfiles - systemd_dounit "${FILESDIR}/${PN}.service" # Flatcar: add tmpfile directive and remove /etc/rc.d systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/sssd.conf" rm -rf "${D}/etc/rc.d" + # strip empty dirs + if ! use doc ; then + rm -r "${ED}"/usr/share/doc/"${PF}"/doc || die + rm -r "${ED}"/usr/share/doc/"${PF}"/{hbac,idmap,nss_idmap,sss_simpleifp}_doc || die + fi + + rm -r "${ED}"/run || die } multilib_src_test() { - default + multilib_is_native_abi && emake check } pkg_postinst() { elog "You must set up sssd.conf (default installed into /etc/sssd)" elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" - elog "features. Please see howto in https://docs.pagure.org/SSSD.sssd/design_pages/index.html#implemented-in-1-16-x" + elog "features. Please see howto in https://sssd.io/docs/design_pages/smartcard_authentication_require.html" }