mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-10-03 19:42:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #676 from kinvolk/dongsu/samba-sssd

Browse Source 
net-fs,sys-auth: Update samba 4.11.13, sssd 2.3.1
This commit is contained in:
Dongsu Park 2020-11-13 15:10:23 +01:00 committed by GitHub
commit 0c75022065
30 changed files with 513 additions and 420 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sdk_container/src/third_party/coreos-overlay/net-fs/samba/Manifest vendored
View File

@ -1 +1 @@
DIST samba-4.8.6.tar.gz 17723841 BLAKE2B 38da52e14b4417f26462eef2226c4498e54d2c276b4056e8c6d6c66079f33bcda24c1eab30b29bc7413280ec89a74a55e043e8274ac50f9a25bae7563717ff34 SHA512 f6afab5ca466bd8653a56c205b71ce94ecf0ad0c6e4c9d64cbba7b1e56f1987bc2022e6b629d87eb6078e3f6ba53833c19cfb41e40b6d589e4317ea9d85de273
DIST samba-4.11.13.tar.gz 18598813 BLAKE2B 5671498058e61c1afbdb0976b6931dc4e13087792612d4fdc3073e8e40a60be82f578836e3baa48f111a600da5c6e0e08aa7ba638fbc1285bbb57644ae7e8b1d SHA512 396ab636db6f9583b772935d58a3cf1860109bb9e1ef841a38c08d7be9f3839d6e198d5cdc80ef0803fcbfa6c06f1173585f3b582937e8834857fc47d90f7181

23
sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/4.4/samba4.confd vendored
View File

@ -6,6 +6,8 @@
# accordingly.
daemon_list="smbd nmbd"
piddir="/run/samba"
#----------------------------------------------------------------------------
# Daemons calls: <daemon_name>_<command_option>
#----------------------------------------------------------------------------
@ -17,22 +19,27 @@ my_service_POST=""
# Daemons calls: <daemon_name>_<command_option>
#----------------------------------------------------------------------------
smbd_start_options="-D"
smbd_start="start-stop-daemon --start --exec /usr/sbin/smbd -- ${smbd_start_options}"
smbd_stop="start-stop-daemon --stop --exec /usr/sbin/smbd"
smbd_command="/usr/sbin/smbd"
smbd_start="start-stop-daemon --start --exec ${smbd_command} -- ${smbd_start_options}"
smbd_stop="start-stop-daemon --stop --exec ${smbd_command}"
smbd_reload="killall -HUP smbd"
nmbd_start_options="-D"
nmbd_start="start-stop-daemon --start --exec /usr/sbin/nmbd -- ${nmbd_start_options}"
nmbd_stop="start-stop-daemon --stop --exec /usr/sbin/nmbd"
nmbd_command="/usr/sbin/nmbd"
nmbd_start="start-stop-daemon --start --exec ${nmbd_command} -- ${nmbd_start_options}"
nmbd_stop="start-stop-daemon --stop --exec ${nmbd_command}"
nmbd_reload="killall -HUP nmbd"
samba4_start_options=""
samba4_start="start-stop-daemon --start --exec /usr/sbin/samba -- ${samba4_start_options}"
samba4_stop="start-stop-daemon --stop --exec /usr/sbin/samba"
samba4_command="/usr/sbin/samba"
samba4_pidfile="${piddir}/samba.pid"
samba4_start="start-stop-daemon --start --exec ${samba4_command} --pidfile ${samba4_pidfile} -- ${samba4_start_options}"
samba4_stop="start-stop-daemon --stop --exec ${samba4_command} --pidfile ${samba4_pidfile}"
samba4_reload="killall -HUP samba"
winbind_start_options=""
winbind_start="start-stop-daemon --start --exec /usr/sbin/winbindd -- ${winbind_start_options}"
winbind_stop="start-stop-daemon --stop --exec /usr/sbin/winbindd"
winbind_command="/usr/sbin/winbindd"
winbind_start="start-stop-daemon --start --exec ${winbind_command} -- ${winbind_start_options}"
winbind_stop="start-stop-daemon --stop --exec ${winbind_command}"
winbind_reload="killall -HUP winbindd"

4
sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/4.4/samba4.initd-r1 vendored
View File

@ -1,9 +1,9 @@
#!/sbin/openrc-run
# Copyright 1999-2016 Gentoo Foundation
# Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License, v2 or later
extra_started_commands="reload"
piddir="/run/samba"
[ -z "${piddir}" ] && piddir="/run/samba"
depend() {
after slapd

18
sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/4.4/system-auth-winbind.pam vendored Normal file
View File

@ -0,0 +1,18 @@
#%PAM-1.0
# $Id$
auth required pam_env.so
auth sufficient pam_winbind.so
auth sufficient pam_unix.so likeauth nullok use_first_pass
auth required pam_deny.so
account sufficient pam_winbind.so
account required pam_unix.so
password required pam_cracklib.so retry=3
password sufficient pam_unix.so nullok use_authtok md5 shadow
password required pam_deny.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required pam_limits.so
session required pam_unix.so

12
sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/nmbd.service vendored
View File

@ -1,12 +0,0 @@
[Unit]
Description=Samba NetBIOS name server
After=network.target
[Service]
Type=forking
PIDFile=/var/run/samba/nmbd.pid
ExecStart=/usr/sbin/nmbd -D
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target

56
sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.13-vfs_snapper_configure_option.patch vendored Normal file
View File

@ -0,0 +1,56 @@
From 7ae03a19b3ca895ba5f97a6bd4f9539d8daa6e0a Mon Sep 17 00:00:00 2001
From: Matt Taylor <liverbugg@rinux.org>
Date: Mon, 11 May 2020 15:26:41 -0400
Subject: [PATCH] build: add configure option to control vfs_snapper build
vfs_snapper is currently built if dbus development headers / libraries
are detected during configure. This commit adds new --disable-snapper
and --enable-snapper (default) configure parameters. When enabled,
configure will fail if the dbus development headers / libraries are
missing.
Signed-off-by: Matt Taylor <liverbugg@rinux.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon May 25 01:16:46 UTC 2020 on sn-devel-184
---
source3/wscript | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/source3/wscript b/source3/wscript
index 07991806c63..24ade3b0a2b 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -74,6 +74,7 @@ def options(opt):
opt.samba_add_onoff_option('glusterfs', with_name="enable", without_name="disable", default=True)
opt.samba_add_onoff_option('cephfs', with_name="enable", without_name="disable", default=True)
+ opt.samba_add_onoff_option('snapper', with_name="enable", without_name="disable", default=True)
opt.add_option('--enable-vxfs',
help=("enable support for VxFS (default=no)"),
@@ -1752,11 +1753,16 @@ main() {
if Options.options.enable_vxfs:
conf.DEFINE('HAVE_VXFS', '1')
- if conf.CHECK_CFG(package='dbus-1', args='--cflags --libs',
+ if Options.options.with_snapper:
+ if conf.CHECK_CFG(package='dbus-1', args='--cflags --libs',
msg='Checking for dbus', uselib_store="DBUS-1"):
- if (conf.CHECK_HEADERS('dbus/dbus.h', lib='dbus-1')
+ if (conf.CHECK_HEADERS('dbus/dbus.h', lib='dbus-1')
and conf.CHECK_LIB('dbus-1', shlib=True)):
- conf.DEFINE('HAVE_DBUS', '1')
+ conf.DEFINE('HAVE_DBUS', '1')
+ else:
+ conf.fatal("vfs_snapper is enabled but prerequisite DBUS libraries "
+ "or headers not found. Use --disable-snapper to disable "
+ "vfs_snapper support.");
if conf.CHECK_CFG(package='liburing', args='--cflags --libs',
msg='Checking for liburing package', uselib_store="URING"):
--
2.26.2

67
sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.13-winexe_option.patch vendored Normal file
View File

@ -0,0 +1,67 @@
From 54c21a99e6ca54bdb963c70d322f6778b57a384f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Wed, 4 Mar 2020 18:51:01 +0100
Subject: [PATCH] winexe: add configure option to control whether to build it
(default: auto)
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Mar 9 16:27:21 UTC 2020 on sn-devel-184
---
examples/winexe/wscript_build | 3 ++-
source3/wscript | 17 +++++++++++++++++
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/examples/winexe/wscript_build b/examples/winexe/wscript_build
index 43c09717e3d..559ed3fc706 100644
--- a/examples/winexe/wscript_build
+++ b/examples/winexe/wscript_build
@@ -106,4 +106,5 @@ if winexesvc_binaries != '':
LOADPARM_CTX
libsmb
msrpc3
- ''')
+ ''',
+ enabled=bld.env.build_winexe)
diff --git a/source3/wscript b/source3/wscript
index 85466b493fa..6d5bd22ca49 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -63,6 +63,7 @@ def options(opt):
opt.samba_add_onoff_option('cluster-support', default=False)
opt.samba_add_onoff_option('regedit', default=None)
+ opt.samba_add_onoff_option('winexe', default=None)
opt.samba_add_onoff_option('fake-kaserver',
help=("Include AFS fake-kaserver support"), default=False)
@@ -1782,6 +1783,22 @@ main() {
if conf.CHECK_HEADERS('ftw.h') and conf.CHECK_FUNCS('nftw'):
conf.env.build_mvxattr = True
+ conf.env.build_winexe = False
+ if not Options.options.with_winexe == False:
+ if conf.CONFIG_SET('HAVE_WINEXE_CC_WIN32') or conf.CONFIG_SET('HAVE_WINEXE_CC_WIN64'):
+ conf.env.build_winexe = True
+
+ if conf.env.build_winexe:
+ Logs.info("building winexe")
+ else:
+ if Options.options.with_winexe == False:
+ Logs.info("not building winexe (--without-winexe)")
+ elif Options.options.with_winexe == True:
+ Logs.error("mingw not available, cannot build winexe")
+ conf.fatal("mingw not available, but --with-winexe was specified")
+ else:
+ Logs.info("mingw not available, not building winexe")
+
conf.CHECK_FUNCS_IN('DES_pcbc_encrypt', 'crypto')
if Options.options.with_fake_kaserver == True:
conf.CHECK_HEADERS('afs/param.h afs/stds.h', together=True)
--
2.26.2

16
sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.5.1-compile_et_fix.patch vendored
View File

@ -1,16 +0,0 @@
--- samba-4.5.1/source4/heimdal_build/wscript_configure
+++ samba-4.5.1/source4/heimdal_build/wscript_configure
@@ -258,7 +258,11 @@
# With the proper checks in place we should be able to build against the system libtommath.
#if conf.CHECK_BUNDLED_SYSTEM('tommath', checkfunctions='mp_init', headers='tommath.h'):
# conf.define('USING_SYSTEM_TOMMATH', 1)
-check_system_heimdal_binary("compile_et")
-check_system_heimdal_binary("asn1_compile")
+# comment out next line to stop Gentoo Samba build from using the compile_et in e2fsprogs-libs
+# to compile the error tables. This produces a compile error later on.
+#check_system_heimdal_binary("compile_et")
+#
+# As a precaution do the same for asn1_compile
+#check_system_heimdal_binary("asn1_compile")

21
sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-4.9.2-timespec.patch vendored Normal file
View File

@ -0,0 +1,21 @@
From 11e8c14b78e2423041f3846882f74cd6490a3e44 Mon Sep 17 00:00:00 2001
From: Joan Karadimov <joan@profuzdigital.com>
Date: Thu, 18 Oct 2018 18:16:17 +0300
Subject: [PATCH] Fix compatibility issues with the timespec struct
---
source3/include/libsmbclient.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/source3/include/libsmbclient.h b/source3/include/libsmbclient.h
index 5e4a1715402..6487ea7a8aa 100644
--- a/source3/include/libsmbclient.h
+++ b/source3/include/libsmbclient.h
@@ -78,6 +78,7 @@ extern "C" {
#include <sys/statvfs.h>
#include <stdint.h>
#include <fcntl.h>
+#include <time.h>
#include <utime.h>
#define SMBC_BASE_FD 10000 /* smallest file descriptor returned */

14
sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba-glibc-2.26-no_rpc.patch vendored
View File

@ -1,14 +0,0 @@
https://attachments.samba.org/attachment.cgi?id=13172
https://bugs.gentoo.org/637320
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -71,7 +71,7 @@
conf.CHECK_HEADERS('sys/fileio.h sys/filesys.h sys/dustat.h sys/sysmacros.h')
conf.CHECK_HEADERS('xfs/libxfs.h netgroup.h')
- conf.CHECK_CODE('', headers='rpc/rpc.h rpcsvc/yp_prot.h', define='HAVE_RPCSVC_YP_PROT_H')
+ conf.CHECK_CODE('ypstat s;', headers='rpc/rpc.h rpcsvc/yp_prot.h', define='HAVE_RPCSVC_YP_PROT_H')
conf.CHECK_HEADERS('valgrind.h valgrind/valgrind.h valgrind/memcheck.h')
conf.CHECK_HEADERS('nss_common.h nsswitch.h ns_api.h')

1
sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba.conf vendored
View File

@ -1,2 +1,3 @@
D /run/samba 0755 root root
D /run/ctdb 0755 root root
D /run/lock/samba 0755 root root

10
sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/samba.service vendored
View File

@ -1,10 +0,0 @@
[Unit]
Description=Samba AD server
After=network.target winbindd.service
Conflicts=nmbd.service smbd.service
[Service]
ExecStart=/usr/sbin/samba --interactive
[Install]
WantedBy=multi-user.target

12
sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/smbd.service vendored
View File

@ -1,12 +0,0 @@
[Unit]
Description=Samba SMB/CIFS server
After=network.target nmbd.service winbindd.service
[Service]
Type=forking
PIDFile=/var/run/samba/smbd.pid
ExecStart=/usr/sbin/smbd -D
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target

9
sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/smbd.socket vendored
View File

@ -1,9 +0,0 @@
[Unit]
Description=Samba SMB/CIFS server socket
[Socket]
ListenStream=445
Accept=yes
[Install]
WantedBy=sockets.target

7
sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/smbd_at.service vendored
View File

@ -1,7 +0,0 @@
[Unit]
Description=Samba SMB/CIFS server instance
[Service]
ExecStart=/usr/sbin/smbd -F
ExecReload=/bin/kill -HUP $MAINPID
StandardInput=socket

12
sdk_container/src/third_party/coreos-overlay/net-fs/samba/files/winbindd.service vendored
View File

@ -1,12 +0,0 @@
[Unit]
Description=Samba Winbind daemon
After=network.target nmbd.service
[Service]
Type=forking
PIDFile=/var/run/samba/winbindd.pid
ExecStart=/usr/sbin/winbindd -D
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target

4
sdk_container/src/third_party/coreos-overlay/net-fs/samba/metadata.xml vendored
View File

@ -12,14 +12,16 @@
<flag name="addc">Enable Active Directory Domain Controller support</flag>
<flag name="addns">Enable AD DNS integration</flag>
<flag name="ads">Enable Active Directory support</flag>
<flag name="aio">Enable asynchronous IO support</flag>
<flag name="ceph">Enable support for Ceph distributed filesystem via <pkg>sys-cluster/ceph</pkg></flag>
<flag name="client">Enables the client part</flag>
<flag name="cluster">Enable support for clustering</flag>
<flag name="dmapi">Enable support for DMAPI. This currently works only in combination with XFS.</flag>
<flag name="gpg">Use <pkg>app-crypt/gpgme</pkg> for AD DC</flag>
<flag name="json">Enable json audit support through <pkg>dev-libs/jansson</pkg></flag>
<flag name="iprint">Enabling iPrint technology by Novell</flag>
<flag name="profiling-data">Enables support for collecting profiling data</flag>
<flag name="quota">Enables support for user quotas</flag>
<flag name="snapper">Enable vfs_snapper module (requires <pkg>sys-apps/dbus</pkg>)</flag>
<flag name="system-heimdal">Use <pkg>app-crypt/heimdal</pkg> instead of
bundled heimdal.</flag>
<flag name="system-mitkrb5">Use <pkg>app-crypt/mit-krb5</pkg> instead of

223
sdk_container/src/third_party/coreos-overlay/net-fs/samba/samba-4.8.6.ebuild → sdk_container/src/third_party/coreos-overlay/net-fs/samba/samba-4.11.13-r1.ebuild vendored
View File

@ -1,11 +1,11 @@
# Copyright 1999-2018 Gentoo Foundation
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=6
PYTHON_COMPAT=( python2_7 )
PYTHON_REQ_USE='threads(+),xml(+)'
inherit python-single-r1 waf-utils multilib-minimal linux-info systemd eutils
PYTHON_COMPAT=( python3_{6,7} )
PYTHON_REQ_USE='threads(+),xml(+)'
inherit python-single-r1 waf-utils multilib-minimal linux-info systemd pam
MY_PV="${PV/_rc/rc}"
MY_P="${PN}-${MY_PV}"
@ -15,23 +15,18 @@ SRC_PATH="stable"
SRC_URI="mirror://samba/${SRC_PATH}/${MY_P}.tar.gz"
[[ ${PV} = *_rc* ]] || \
KEYWORDS="alpha amd64 arm arm64 ~hppa ia64 ppc ppc64 sparc x86"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ppc ppc64 sparc x86"
DESCRIPTION="Samba Suite Version 4"
HOMEPAGE="http://www.samba.org/"
HOMEPAGE="https://www.samba.org/"
LICENSE="GPL-3"
SLOT="0"
IUSE="acl addc addns ads client cluster cups dmapi fam gnutls gpg iprint ldap pam
quota selinux syslog system-heimdal +system-mitkrb5 systemd test winbind zeroconf"
IUSE+=" +minimal" # COREOS: Only install libraries, not executables.
# the test suite is messed, it uses system-installed samba
# bits instead of what was built, tests things disabled via use
# flags, and generally just fails to work in a way ebuilds could
# rely on in its current state
RESTRICT="test"
IUSE="acl addc addns ads ceph client cluster cups debug dmapi fam gpg iprint
json ldap pam profiling-data python quota selinux snapper syslog
system-heimdal +system-mitkrb5 systemd test winbind zeroconf"
IUSE+=" +minimal" # Flatcar: Only install libraries, not executables.
MULTILIB_WRAPPED_HEADERS=(
/usr/include/samba-4.0/policy.h
@ -44,69 +39,93 @@ MULTILIB_WRAPPED_HEADERS=(
/usr/include/samba-4.0/ctdb_version.h
)
# sys-apps/attr is an automagic dependency (see bug #489748)
CDEPEND="
>=app-arch/libarchive-3.1.2[${MULTILIB_USEDEP}]
dev-libs/libaio[${MULTILIB_USEDEP}]
dev-libs/libbsd[${MULTILIB_USEDEP}]
dev-libs/iniparser:0
!minimal? ( dev-libs/libtasn1[${MULTILIB_USEDEP}] )
dev-libs/popt[${MULTILIB_USEDEP}]
sys-apps/attr[${MULTILIB_USEDEP}]
>=net-libs/gnutls-3.2.0[${MULTILIB_USEDEP}]
sys-libs/e2fsprogs-libs[${MULTILIB_USEDEP}]
sys-libs/libcap
sys-libs/ncurses:0=[${MULTILIB_USEDEP}]
sys-libs/ncurses:0=
sys-libs/readline:0=
sys-libs/zlib[${MULTILIB_USEDEP}]
virtual/libiconv
pam? ( virtual/pam )
pam? ( sys-libs/pam )
acl? ( virtual/acl )
addns? ( net-dns/bind-tools[gssapi] )
addns? (
net-dns/bind-tools[gssapi]
dev-python/dnspython
)
ceph? ( sys-cluster/ceph )
cluster? (
net-libs/rpcsvc-proto
!dev-db/ctdb
)
cups? ( net-print/cups )
debug? ( dev-util/lttng-ust )
dmapi? ( sys-apps/dmapi )
fam? ( virtual/fam )
gnutls? (
dev-libs/libgcrypt:0
>=net-libs/gnutls-1.4.0
)
gpg? ( app-crypt/gpgme )
json? ( dev-libs/jansson )
ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] )
snapper? ( sys-apps/dbus )
system-heimdal? ( >=app-crypt/heimdal-1.5[-ssl,${MULTILIB_USEDEP}] )
system-mitkrb5? ( app-crypt/mit-krb5[${MULTILIB_USEDEP}] )
systemd? ( sys-apps/systemd:0= )"
system-mitkrb5? ( >=app-crypt/mit-krb5-1.15.1[${MULTILIB_USEDEP}] )
systemd? ( sys-apps/systemd:0= )
zeroconf? ( net-dns/avahi[dbus] )
"
DEPEND="${CDEPEND}
${PYTHON_DEPS}
app-text/docbook-xsl-stylesheets
dev-lang/perl:=
dev-libs/libxslt
>=dev-util/cmocka-1.1.1[${MULTILIB_USEDEP}]
net-libs/libtirpc[${MULTILIB_USEDEP}]
virtual/pkgconfig
|| (
net-libs/rpcsvc-proto
<sys-libs/glibc-2.26[rpc(+)]
)
test? (
!system-mitkrb5? (
>=sys-libs/nss_wrapper-1.1.3
>=net-dns/resolv_wrapper-1.1.4
>=net-libs/socket_wrapper-1.1.7
>=net-libs/socket_wrapper-1.1.9
>=sys-libs/uid_wrapper-1.2.1
)
)"
RDEPEND="${CDEPEND}
python? ( ${PYTHON_DEPS} )
client? ( net-fs/cifs-utils[ads?] )
selinux? ( sec-policy/selinux-samba )
!dev-perl/Parse-Yapp
"
REQUIRED_USE="
addc? ( gnutls !system-mitkrb5 )
ads? ( acl gnutls ldap )
addc? ( python json winbind )
addns? ( python )
ads? ( acl ldap winbind )
cluster? ( ads )
gpg? ( addc )
test? ( python )
?? ( system-heimdal system-mitkrb5 )
${PYTHON_REQUIRED_USE}"
${PYTHON_REQUIRED_USE}
"
# the test suite is messed, it uses system-installed samba
# bits instead of what was built, tests things disabled via use
# flags, and generally just fails to work in a way ebuilds could
# rely on in its current state
RESTRICT="test"
S="${WORKDIR}/${MY_P}"
PATCHES=(
"${FILESDIR}/${PN}-4.4.0-pam.patch"
"${FILESDIR}/${PN}-4.5.1-compile_et_fix.patch"
"${FILESDIR}/${PN}-4.9.2-timespec.patch"
"${FILESDIR}/${PN}-4.13-winexe_option.patch"
"${FILESDIR}/${PN}-4.13-vfs_snapper_configure_option.patch"
)
#CONFDIR="${FILESDIR}/$(get_version_component_range 1-2)"
@ -117,6 +136,9 @@ WAF_BINARY="${S}/buildtools/bin/waf"
SHAREDMODS=""
pkg_setup() {
# Package fails to build with distcc
export DISTCC_DISABLE=1
python-single-r1_pkg_setup
if use cluster ; then
SHAREDMODS="idmap_rid,idmap_tdb2,idmap_ad"
@ -128,6 +150,14 @@ pkg_setup() {
src_prepare() {
default
# un-bundle dnspython
sed -i -e '/"dns.resolver":/d' "${S}"/third_party/wscript || die
# unbundle iso8601 unless tests are enabled
if ! use test ; then
sed -i -e '/"iso8601":/d' "${S}"/third_party/wscript || die
fi
sed -e 's:<gpgme\.h>:<gpgme/gpgme.h>:' \
-i source4/dsdb/samdb/ldb_modules/password_hash.c \
|| die
@ -144,75 +174,56 @@ multilib_src_configure() {
bundled_libs="heimbase,heimntlm,hdb,kdc,krb5,wind,gssapi,hcrypto,hx509,roken,asn1,com_err,NONE"
fi
# COREOS: Don't depend on tons of new packages with broken cross-compilation support.
# Flatcar: Don't depend on tons of new packages with broken cross-compilation support.
bundled_libs=ALL
local myconf=()
myconf=(
local myconf=(
--enable-fhs
--sysconfdir="${EPREFIX}/etc"
--localstatedir="${EPREFIX}/var"
--with-modulesdir="${EPREFIX}/usr/$(get_libdir)/samba"
--with-piddir="${EPREFIX}/run/${PN}"
--without-lttng
--bundled-libraries="${bundled_libs}"
--builtin-libraries=NONE
--disable-rpath
--disable-rpath-install
--nopyc
--nopyo
--disable-cephfs
--disable-python # COREOS: Don't build libraries requiring Python.
)
if multilib_is_native_abi ; then
myconf+=(
$(use_with acl acl-support)
$(usex addc '' '--without-ad-dc')
$(use_with addns dnsupdate)
$(use_with ads)
$(use_with cluster cluster-support)
$(use_enable cups)
$(use_with dmapi)
$(use_with fam)
$(use_enable gnutls)
$(use_with gpg gpgme)
$(use_enable iprint)
--without-winexe
--disable-python # Flatcar: Don't build libraries requiring Python.
$(multilib_native_use_with acl acl-support)
$(multilib_native_usex addc '' '--without-ad-dc')
$(multilib_native_use_with addns dnsupdate)
$(multilib_native_use_with ads)
$(multilib_native_use_enable ceph cephfs)
$(multilib_native_use_with cluster cluster-support)
$(multilib_native_use_enable cups)
$(multilib_native_use_with dmapi)
$(multilib_native_use_with fam)
$(multilib_native_use_with gpg gpgme)
$(multilib_native_use_with json)
$(multilib_native_use_enable iprint)
$(multilib_native_use_with pam)
$(multilib_native_usex pam "--with-pammodulesdir=${EPREFIX}/$(get_libdir)/security" '')
$(multilib_native_use_with quota quotas)
$(multilib_native_use_enable snapper)
$(multilib_native_use_with syslog)
$(multilib_native_use_with systemd)
--systemd-install-services
--with-systemddir="$(systemd_get_systemunitdir)"
$(multilib_native_use_with winbind)
$(multilib_native_usex python '' '--disable-python')
$(multilib_native_use_enable zeroconf avahi)
$(multilib_native_usex test '--enable-selftest' '')
$(usex system-mitkrb5 "--with-system-mitkrb5 $(multilib_native_usex addc --with-experimental-mit-ad-dc '')" '')
$(use_with debug lttng)
$(use_with ldap)
$(use_with pam)
$(usex pam "--with-pammodulesdir=${EPREFIX}/$(get_libdir)/security" '')
$(use_with quota quotas)
$(use_with syslog)
$(use_with systemd)
$(usex system-mitkrb5 '--with-system-mitkrb5' '')
$(use_with winbind)
$(usex test '--enable-selftest' '')
$(use_enable zeroconf avahi)
--with-shared-modules=${SHAREDMODS}
$(use_with profiling-data)
# bug #683148
--jobs 1
)
else
myconf+=(
--without-acl-support
--without-ad-dc
--without-dnsupdate
--without-ads
--disable-avahi
--without-cluster-support
--disable-cups
--without-dmapi
--without-fam
--disable-gnutls
--without-gpgme
--disable-iprint
$(use_with ldap)
--without-pam
--without-quotas
--without-syslog
--without-systemd
$(usex system-mitkrb5 '--with-system-mitkrb5' '')
--without-winbind
--disable-python
)
fi
multilib_is_native_abi && myconf+=( --with-shared-modules=${SHAREDMODS} )
CPPFLAGS="-I${SYSROOT}${EPREFIX}/usr/include/et ${CPPFLAGS}" \
waf-utils_src_configure ${myconf[@]}
@ -226,7 +237,7 @@ multilib_src_install() {
waf-utils_src_install
# Make all .so files executable
find "${D}" -type f -name "*.so" -exec chmod +x {} +
find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die
if multilib_is_native_abi ; then
# install ldap schema for server (bug #491002)
@ -260,13 +271,26 @@ multilib_src_install() {
if ! use minimal ; then
systemd_dotmpfilesd "${FILESDIR}"/samba.conf
fi
systemd_dounit "${FILESDIR}"/nmbd.service
systemd_dounit "${FILESDIR}"/smbd.{service,socket}
systemd_newunit "${FILESDIR}"/smbd_at.service 'smbd@.service'
systemd_dounit "${FILESDIR}"/winbindd.service
systemd_dounit "${FILESDIR}"/samba.service
use addc || rm "${D}/$(systemd_get_systemunitdir)/samba.service" || die
# Preserve functionality for old gentoo-specific unit names
dosym nmb.service "$(systemd_get_systemunitdir)/nmbd.service"
dosym smb.service "$(systemd_get_systemunitdir)/smbd.service"
dosym winbind.service "$(systemd_get_systemunitdir)/winbindd.service"
fi
if use pam && use winbind ; then
newpamd "${CONFDIR}/system-auth-winbind.pam" system-auth-winbind
# bugs #376853 and #590374
insinto /etc/security
doins examples/pam_winbind/pam_winbind.conf
fi
keepdir /var/cache/samba
keepdir /var/lib/ctdb
keepdir /var/lib/samba/{bind-dns,private}
keepdir /var/log/samba
rm -f "${ED%/}"/etc/samba/*
rm -f "${ED%/}"/usr/lib*/samba/ldb/*
if use minimal ; then
@ -281,6 +305,12 @@ multilib_src_install() {
fi
}
multilib_src_install_all() {
# Attempt to fix bug #673168
find "${ED}" -type d -name "Yapp" -print0 \
| xargs -0 --no-run-if-empty rm -r || die
}
multilib_src_test() {
if multilib_is_native_abi ; then
"${WAF_BINARY}" test || die "test failed"
@ -288,13 +318,12 @@ multilib_src_test() {
}
pkg_postinst() {
ewarn "Be aware the this release contains the best of all of Samba's"
ewarn "Be aware that this release contains the best of all of Samba's"
ewarn "technology parts, both a file server (that you can reasonably expect"
ewarn "to upgrade existing Samba 3.x releases to) and the AD domain"
ewarn "controller work previously known as 'samba4'."
elog "For further information and migration steps make sure to read "
elog "http://samba.org/samba/history/${P}.html "
elog "http://samba.org/samba/history/${PN}-4.5.0.html and"
elog "http://wiki.samba.org/index.php/Samba4/HOWTO "
elog "https://samba.org/samba/history/${P}.html "
elog "https://wiki.samba.org/index.php/Samba4/HOWTO "
}

2
sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords vendored
View File

@ -66,8 +66,6 @@
=sys-fs/quota-4.04-r1 ~arm64
=sys-libs/binutils-libs-2.29.1-r1 ~arm64
=sys-libs/libcap-ng-0.7.8 ~arm64
=sys-libs/tdb-1.3.8 ~arm64
=sys-libs/tevent-0.9.28 ~arm64
=virtual/krb5-0-r1 ~arm64
=virtual/libudev-232 ~arm64
=virtual/libusb-1-r2 ~arm64

3
sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords vendored
View File

@ -20,9 +20,6 @@ dev-python/boto
# no version marked stable upstream
dev-util/checkbashisms
# Older versions of sssd fail to build
=sys-auth/sssd-1.13.1 ~amd64 ~arm64
# jq 1.5-r2 for heap overflow fix
# https://bugs.gentoo.org/show_bug.cgi?id=580606
# jq 1.6-r3 for CVE-2015-8863

3
sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.provided vendored
View File

@ -1,2 +1,5 @@
# Skip MTA dependencies.
virtual/mta-1
# pulled in by dev-libs/cyrus-sasl
net-mail/mailbase-1.1

6
sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use vendored
View File

@ -28,6 +28,10 @@ sys-apps/portage -python_targets_python3_6
# python3 only
dev-util/gdbus-codegen python_single_target_python3_6
dev-util/glib-utils python_single_target_python3_6
net-fs/samba python_single_target_python3_6
sys-libs/talloc python_single_target_python3_6
sys-libs/tdb python_single_target_python3_6
sys-libs/tevent python_single_target_python3_6
sys-apps/gptfdisk -icu
@ -73,7 +77,7 @@ sys-libs/glibc nscd
dev-libs/cyrus-sasl kerberos -berkdb -gdbm
# don't build manpages for sssd
sys-auth/sssd -manpages -python samba kerberos gssapi ssh sudo
sys-auth/sssd -python samba kerberos gssapi ssh sudo
# needed for realmd build
sys-auth/polkit introspection

3
sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/prod/package.mask vendored
View File

@ -7,9 +7,6 @@ dev-lang/perl
dev-lang/python
dev-lang/ruby
# Since all SSL/TLS implementations are bad we minimize the number we ship.
net-libs/gnutls
# We do not configure/install grub like other distros so shipping the user
# space tools would have limited utility.
sys-boot/grub

2
sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/Manifest vendored
View File

@ -1 +1 @@
DIST sssd-1.16.3.tar.gz 6217114 BLAKE2B eefaf8de466d0d76e9a4b60aefef6eb63c17a55b9a1f2e07e973a61d71cbe5432e92357656a1eb353d45bbc2fa92290cef45898d0b315d4a4c4074652ff25a23 SHA512 6165923f652f624bbe3ddc625ae682c4867eb7a20652d0cf74bbb8dda2307c917d3189ede26fd21a4fb5fd5926149271a65fa09f3affe928029ed99e6422b728
DIST sssd-2.3.1.tar.gz 7186526 BLAKE2B 6d630fe75b9b426ef54adbe1704fde8e01fc34df7861028c07ce2985db8a151ce743d633061386fea6460fe8eabb89242b816d4bac87975bb9b7b2064ad1d547 SHA512 6aeb52d5222c5992d581296996749327bcaf276e4eb4413a6a32ea6529343432cfe413006aca4245c19b38b515be1c4c2ef88a157c617d889274179253355bc6

10
sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-2.3.1-disable-nsupdate-realm.patch vendored Normal file
View File

@ -0,0 +1,10 @@
--- a/src/external/nsupdate.m4 2020-11-05 16:27:14.661566136 +0100
+++ b/src/external/nsupdate.m4 2020-11-05 16:27:30.060674381 +0100
@@ -9,7 +9,6 @@
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
- AC_MSG_ERROR([nsupdate does not support 'realm'])
fi
else

32
sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-2.3.1-test_ca-Look-for-libsofthsm2.so-in-usr-libdir-sofths.patch vendored Normal file
View File

@ -0,0 +1,32 @@
From fc79d035ccc4c1a5da26bbd780aeb7e0a0afebf5 Mon Sep 17 00:00:00 2001
From: Matt Turner <mattst88@gmail.com>
Date: Fri, 14 Aug 2020 13:36:30 -0700
Subject: [PATCH] test_ca: Look for libsofthsm2.so in /usr/${libdir}/softhsm
too
Signed-off-by: Matt Turner <mattst88@gmail.com>
---
src/external/test_ca.m4 | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/external/test_ca.m4 b/src/external/test_ca.m4
index 4d45a5a16..d318789bc 100644
--- a/src/external/test_ca.m4
+++ b/src/external/test_ca.m4
@@ -33,9 +33,10 @@ AC_DEFUN([AM_CHECK_TEST_CA],
AM_CONDITIONAL([BUILD_TEST_CA], [test -x "$OPENSSL" -a -x "$SSH_KEYGEN" -a -x "$CERTUTIL" -a -x "$PK12UTIL"])
else
- for p in /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so; do
- if test -f "${p}"; then
- SOFTHSM2_PATH="${p}"
+ for p in /usr/lib{64,}/{softhsm,pkcs11} /usr/lib/x86_64-linux-gnu/softhsm; do
+ f="${p}/libsofthsm2.so"
+ if test -f "${f}"; then
+ SOFTHSM2_PATH="${f}"
break;
fi
done
--
2.26.2

34
sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-curl-macros.patch vendored
View File

@ -1,34 +0,0 @@
From d3cdf9cbfbace4874c6e5c96f1e5ef5b342c813e Mon Sep 17 00:00:00 2001
From: Mikle Kolyada <zlogene@gentoo.org>
Date: Sun, 16 Dec 2018 20:42:39 +0300
Subject: [PATCH] tev_curl.c: remove case duplication
CURLE_SSL_CACERT and CURLE_PEER_FAILED_VERIFICATION macros are provided
by net-misc/curl-7.62.0 and older
---
tev_curl.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/tev_curl.c b/tev_curl.c
index 6a7a580..ce6fdba 100644
--- a/src/util/tev_curl.c
+++ b/src/util/tev_curl.c
@@ -97,7 +97,6 @@ static errno_t curl_code2errno(CURLcode crv)
return ETIMEDOUT;
case CURLE_SSL_ISSUER_ERROR:
case CURLE_SSL_CACERT_BADFILE:
- case CURLE_SSL_CACERT:
case CURLE_SSL_CERTPROBLEM:
return ERR_INVALID_CERT;
@@ -110,8 +109,6 @@ static errno_t curl_code2errno(CURLcode crv)
case CURLE_SSL_ENGINE_NOTFOUND:
case CURLE_SSL_CONNECT_ERROR:
return ERR_SSL_FAILURE;
- case CURLE_PEER_FAILED_VERIFICATION:
- return ERR_UNABLE_TO_VERIFY_PEER;
case CURLE_COULDNT_RESOLVE_HOST:
return ERR_UNABLE_TO_RESOLVE_HOST;
default:
--
2.19.2

96
sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch vendored
View File

@ -1,96 +0,0 @@
From 28792523a01a7d21bcc8931794164f253e691a68 Mon Sep 17 00:00:00 2001
From: Tomas Halman <thalman@redhat.com>
Date: Mon, 3 Dec 2018 14:11:31 +0100
Subject: [PATCH] nss: sssd returns '/' for emtpy home directories
For empty home directory in passwd file sssd returns "/". Sssd
should respect system behaviour and return the same as nsswitch
"files" module - return empty string.
Resolves:
https://pagure.io/SSSD/sssd/issue/3901
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 90f32399b4100ce39cf665649fde82d215e5eb49)
---
src/confdb/confdb.c | 9 +++++++++
src/man/include/ad_modified_defaults.xml | 19 +++++++++++++++++++
src/responder/nss/nss_protocol_pwent.c | 2 +-
src/tests/intg/test_files_provider.py | 2 +-
4 files changed, 30 insertions(+), 2 deletions(-)
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index a3eb9c66d9..17bb4f8274 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -1301,6 +1301,15 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
ret = ENOMEM;
goto done;
}
+ } else {
+ if (strcasecmp(domain->provider, "ad") == 0) {
+ /* ad provider default */
+ domain->fallback_homedir = talloc_strdup(domain, "/home/%d/%u");
+ if (!domain->fallback_homedir) {
+ ret = ENOMEM;
+ goto done;
+ }
+ }
}
tmp = ldb_msg_find_attr_as_string(res->msgs[0],
diff --git a/src/man/include/ad_modified_defaults.xml b/src/man/include/ad_modified_defaults.xml
index 818a2bf787..425b7e8ee0 100644
--- a/src/man/include/ad_modified_defaults.xml
+++ b/src/man/include/ad_modified_defaults.xml
@@ -76,4 +76,23 @@
</listitem>
</itemizedlist>
</refsect2>
+ <refsect2 id='nss_modifications'>
+ <title>NSS configuration</title>
+ <itemizedlist>
+ <listitem>
+ <para>
+ fallback_homedir = /home/%d/%u
+ </para>
+ <para>
+ The AD provider automatically sets
+ "fallback_homedir = /home/%d/%u" to provide personal
+ home directories for users without the homeDirectory
+ attribute. If your AD Domain is properly
+ populated with Posix attributes, and you want to avoid
+ this fallback behavior, you can explicitly
+ set "fallback_homedir = %o".
+ </para>
+ </listitem>
+ </itemizedlist>
+ </refsect2>
</refsect1>
diff --git a/src/responder/nss/nss_protocol_pwent.c b/src/responder/nss/nss_protocol_pwent.c
index af9e74fc86..86fa4ec465 100644
--- a/src/responder/nss/nss_protocol_pwent.c
+++ b/src/responder/nss/nss_protocol_pwent.c
@@ -118,7 +118,7 @@ nss_get_homedir(TALLOC_CTX *mem_ctx,
homedir = nss_get_homedir_override(mem_ctx, msg, nss_ctx, domain, &hd_ctx);
if (homedir == NULL) {
- return "/";
+ return "";
}
return homedir;
diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py
index ead1cc4c34..4761f1bd15 100644
--- a/src/tests/intg/test_files_provider.py
+++ b/src/tests/intg/test_files_provider.py
@@ -678,7 +678,7 @@ def test_user_no_dir(setup_pw_with_canary, files_domain_only):
Test that resolving a user without a homedir defined works and returns
a fallback value
"""
- check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', '/'))
+ check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', ''))
def test_user_no_gecos(setup_pw_with_canary, files_domain_only):

14
sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/metadata.xml vendored
View File

@ -1,21 +1,29 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>base-system@gentoo.org</email>
<name>Gentoo Base System</name>
</maintainer>
<maintainer type="person">
<email>alexxy@gentoo.org</email>
<name>Alexey Shvetsov</name>
</maintainer>
<use>
<flag name="acl"> Build and use the cifsidmap plugin</flag>
<flag name="autofs">Build helper to let <pkg>net-fs/autofs</pkg> use sssd provided information</flag>
<flag name="locator">Install sssd's Kerberos plugin</flag>
<flag name="man">Build man pages with <pkg>dev-libs/libxslt</pkg></flag>
<flag name="manpages">Build man pages with <pkg>dev-libs/libxslt</pkg></flag>
<flag name="netlink">Add support for netlink protocol via <pkg>dev-libs/libnl</pkg></flag>
<flag name="nfsv4">Add support for the nfsv4 idmapd plugin provided by <pkg>net-libs/libnfsidmap</pkg></flag>
<flag name="manpages">Build man pages with <pkg>dev-libs/libxslt</pkg></flag>
<flag name="autofs">Build helper to let <pkg>net-fs/autofs</pkg> use sssd provided information</flag>
<flag name="pac">Add Privileged Attribute Certificate Support for Kerberos</flag>
<flag name="ssh">Build helper to let <pkg>net-misc/openssh</pkg> use sssd provided information</flag>
<flag name="sudo">Build helper to let <pkg>app-admin/sudo</pkg> use sssd provided information</flag>
<flag name="valgrind">Depend on <pkg>dev-util/valgrind</pkg> for test suite</flag>
</use>
<upstream>
<remote-id type="cpe">cpe:/a:fedorahosted:sssd</remote-id>
<remote-id type="cpe">cpe:/a:fedoraproject:sssd</remote-id>
<remote-id type="github">SSSD/sssd</remote-id>
</upstream>
</pkgmetadata>

203
sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-1.16.3-r3.ebuild → sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-2.3.1-r2.ebuild vendored
View File

@ -8,66 +8,94 @@
EAPI=7
inherit autotools flag-o-matic linux-info multilib-minimal pam systemd toolchain-funcs
PYTHON_COMPAT=( python3_7 )
inherit autotools flag-o-matic linux-info multilib-minimal python-single-r1 pam systemd toolchain-funcs
DESCRIPTION="System Security Services Daemon provides access to identity and authentication"
HOMEPAGE="https://pagure.io/SSSD/sssd"
SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz"
HOMEPAGE="https://github.com/SSSD/sssd"
SRC_URI="https://github.com/SSSD/sssd/releases/download/${PN}-${PV//./_}/${P}.tar.gz"
# Flatcar: stabilize arm64
KEYWORDS="amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc x86"
LICENSE="GPL-3"
SLOT="0"
IUSE="acl autofs +locator +netlink nfsv4 nls +manpages samba selinux sudo ssh test"
IUSE="acl doc +locator +netlink nfsv4 nls +man pac python samba selinux sudo systemd test valgrind"
RESTRICT="!test? ( test )"
# Flatcar: don't force gssapi for >=net-dns/bind-tools-9.9
COMMON_DEP="
>=sys-libs/pam-0-r1[${MULTILIB_USEDEP}]
>=dev-libs/popt-1.16
dev-libs/glib:2
REQUIRED_USE="pac? ( samba )
python? ( ${PYTHON_REQUIRED_USE} )"
# Flatcar: do not force gssapi for >=net-dns/bind-tools-9.9
# do not force winbind for net-fs/samba
DEPEND="
>=app-crypt/mit-krb5-1.10.3
app-crypt/p11-kit
>=dev-libs/ding-libs-0.2
dev-libs/glib:2
>=dev-libs/cyrus-sasl-2.1.25-r3[kerberos]
>=dev-libs/libpcre-8.30:=
>=dev-libs/popt-1.16
>=dev-libs/openssl-1.0.2:0=
>=net-dns/bind-tools-9.9
>=net-dns/c-ares-1.7.4
>=net-nds/openldap-2.4.30[sasl]
>=sys-apps/dbus-1.6
>=sys-apps/keyutils-1.5:=
>=sys-libs/pam-0-r1[${MULTILIB_USEDEP}]
>=sys-libs/talloc-2.0.7
>=sys-libs/tdb-1.2.9
>=sys-libs/tevent-0.9.16
>=sys-libs/ldb-1.1.17-r1:=
>=net-nds/openldap-2.4.30[sasl]
net-libs/http-parser
>=dev-libs/libpcre-8.30
>=app-crypt/mit-krb5-1.10.3
dev-libs/jansson
net-misc/curl
virtual/libintl
locator? (
>=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}]
>=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}]
)
>=sys-apps/keyutils-1.5:=
>=net-dns/c-ares-1.7.4
>=dev-libs/nss-3.12.9
acl? ( net-fs/cifs-utils[acl] )
netlink? ( dev-libs/libnl:3 )
nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) )
nls? ( >=sys-devel/gettext-0.18 )
pac? (
app-crypt/mit-krb5[${MULTILIB_USEDEP}]
net-fs/samba
)
python? ( ${PYTHON_DEPS} )
samba? ( >=net-fs/samba-4.10.2 )
selinux? (
>=sys-libs/libselinux-2.1.9
>=sys-libs/libsemanage-2.1
)
>=net-dns/bind-tools-9.9
>=dev-libs/cyrus-sasl-2.1.25-r3[kerberos]
>=sys-apps/dbus-1.6
acl? ( net-fs/cifs-utils[acl] )
nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) )
nls? ( >=sys-devel/gettext-0.18 )
virtual/libintl
netlink? ( dev-libs/libnl:3 )
samba? ( >=net-fs/samba-4.5 )
systemd? (
dev-libs/jansson:0=
net-libs/http-parser:0=
net-misc/curl:0=
)
"
RDEPEND="${COMMON_DEP}
RDEPEND="${DEPEND}
>=sys-libs/glibc-2.17[nscd]
selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )
"
DEPEND="${COMMON_DEP}
test? ( dev-libs/check )
manpages? (
>=dev-libs/libxslt-1.1.26
# Flatcar: require only autoconf:2.69
BDEPEND="
sys-devel/autoconf:2.69
doc? ( app-doc/doxygen )
test? (
dev-libs/check
dev-libs/softhsm:2
dev-util/cmocka
net-libs/gnutls[pkcs11,tools]
sys-libs/libfaketime
sys-libs/nss_wrapper
sys-libs/pam_wrapper
sys-libs/uid_wrapper
valgrind? ( dev-util/valgrind )
)
man? (
app-text/docbook-xml-dtd:4.4
>=dev-libs/libxslt-1.1.26
nls? ( app-text/po4a )
)"
CONFIG_CHECK="~KEYS"
@ -76,7 +104,6 @@ MULTILIB_WRAPPED_HEADERS=(
/usr/include/ipa_hbac.h
/usr/include/sss_idmap.h
/usr/include/sss_nss_idmap.h
/usr/include/wbclient_sssd.h
# --with-ifp
/usr/include/sss_sifp.h
/usr/include/sss_sifp_dbus.h
@ -84,20 +111,25 @@ MULTILIB_WRAPPED_HEADERS=(
/usr/include/sss_certmap.h
)
PATCHES=(
"${FILESDIR}"/${P}-test_ca-Look-for-libsofthsm2.so-in-usr-libdir-sofths.patch
"${FILESDIR}"/${P}-disable-nsupdate-realm.patch
)
pkg_setup() {
linux-info_pkg_setup
}
src_prepare() {
sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \
"${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in"
eapply "${FILESDIR}"/${PN}-curl-macros.patch
eapply "${FILESDIR}"/${PN}-fix-CVE-2019-3811.patch
sed -i 's:/var/run:/run:' \
"${S}"/src/examples/logrotate || die
default
eautoreconf
multilib_copy_sources
if use python && multilib_is_native_abi; then
python_setup
fi
}
src_configure() {
@ -107,19 +139,23 @@ src_configure() {
}
multilib_src_configure() {
# Flatcar: delete, use systemd and not sysv
#Work around linker dependency problem.
append-ldflags "-Wl,--allow-shlib-undefined"
local myconf=()
myconf+=(
--localstatedir="${EPREFIX}"/var
--enable-nsslibdir="${EPREFIX}"/$(get_libdir)
--with-pid-path="${EPREFIX}"/run
--with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd
--enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir)
--with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb
--with-db-path="${EPREFIX}"/var/lib/sss/db
--with-gpo-cache-path="${EPREFIX}"/var/lib/sss/gpo_cache
--with-pubconf-path="${EPREFIX}"/var/lib/sss/pubconf
--with-pipe-path="${EPREFIX}"/var/lib/sss/pipes
--with-mcache-path="${EPREFIX}"/var/lib/sss/mc
--with-secrets-db-path="${EPREFIX}"/var/lib/sss/secrets
--with-log-path="${EPREFIX}"/var/log/sssd
--with-os=gentoo
--with-nscd
--with-nscd="${EPREFIX}"/usr/sbin/nscd
--with-unicode-lib="glib2"
--disable-rpath
# Flatcar: make nss lookups succeed when not running
@ -129,36 +165,48 @@ multilib_src_configure() {
$(use_with samba smb-idmap-interface-version=6)
#
--sbindir=/usr/sbin
--without-kcm
$(use_with samba libwbclient)
--with-secrets
$(multilib_native_use_with samba)
--with-crypto="libcrypto"
--enable-local-provider
$(multilib_native_use_with systemd kcm)
$(multilib_native_use_with systemd secrets)
$(use_with samba)
--with-smb-idmap-interface-version=6
$(multilib_native_use_enable acl cifs-idmap-plugin)
$(multilib_native_use_with selinux)
$(multilib_native_use_with selinux semanage)
$(use_enable locator krb5-locator-plugin)
$(use_enable pac pac-responder)
$(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin)
$(use_enable nls)
$(multilib_native_use_with netlink libnl)
$(multilib_native_use_with manpages)
$(multilib_native_use_with man manpages)
$(multilib_native_use_with sudo)
$(multilib_native_use_with autofs)
$(multilib_native_use_with ssh)
--with-crypto="nss"
--with-initscript="sysv"
$(multilib_native_with autofs)
$(multilib_native_with ssh)
$(use_enable valgrind)
--without-python2-bindings
--without-python3-bindings
# Flatcar: delete, fix krb5-config detection
$(multilib_native_use_with python python3-bindings)
)
# Annoyingly configure requires that you pick systemd XOR sysv
if use systemd; then
myconf+=(
--with-initscript="systemd"
--with-systemdunitdir=$(systemd_get_systemunitdir)
)
else
myconf+=(--with-initscript="sysv")
fi
if ! multilib_is_native_abi; then
# work-around all the libraries that are used for CLI and server
myconf+=(
{POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' '
# ldb headers are fine since native needs it
# ldb lib fails... but it does not seem to bother
{DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1}}_{CFLAGS,LIBS}=' '
{PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO}_{CFLAGS,LIBS}=' '
{DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1,1_3}}_{CFLAGS,LIBS}=' '
{PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO,P11_KIT}_{CFLAGS,LIBS}=' '
{NDR_NBT,SMBCLIENT,NDR_KRB5PAC}_{CFLAGS,LIBS}=' '
# use native include path for dbus (needed for build)
DBUS_CFLAGS="${native_dbus_cflags}"
@ -166,13 +214,7 @@ multilib_src_configure() {
# non-pkgconfig checks
ac_cv_lib_ldap_ldap_search=yes
--without-secrets
--without-libwbclient
--without-kcm
--with-crypto=""
)
use locator || myconf+=(
KRB5_CONFIG=/bin/true
)
fi
@ -181,17 +223,29 @@ multilib_src_configure() {
multilib_src_compile() {
if multilib_is_native_abi; then
default
# Flatcar: add runstatedir to make commands to avoid configure error
default runstatedir="${EPREFIX}"/run
use doc && emake docs
if use man || use nls; then
emake update-po
fi
else
emake libnss_sss.la pam_sss.la
use locator && emake sssd_krb5_locator_plugin.la
use pac && emake sssd_pac_plugin.la
fi
}
multilib_src_install() {
if multilib_is_native_abi; then
# Flatcar: add sysconfdir
emake -j1 DESTDIR="${D}" sysconfdir="/usr/share" "${_at_args[@]}" install
# Flatcar: add runstatedir, sysconfdir
emake -j1 DESTDIR="${D}" runstatedir="${EPREFIX}"/run \
sysconfdir="/usr/share" "${_at_args[@]}" install
if use python; then
python_optimize
python_fix_shebang "${ED}"
fi
else
# easier than playing with automake...
dopammod .libs/pam_sss.so
@ -203,6 +257,11 @@ multilib_src_install() {
exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5
doexe .libs/sssd_krb5_locator_plugin.so
fi
if use pac; then
exeinto /usr/$(get_libdir)/krb5/plugins/authdata
doexe .libs/sssd_pac_plugin.so
fi
fi
}
@ -216,18 +275,24 @@ multilib_src_install_all() {
# Flatcar: delete, remove /var files taken care of by tmpfiles
systemd_dounit "${FILESDIR}/${PN}.service"
# Flatcar: add tmpfile directive and remove /etc/rc.d
systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/sssd.conf"
rm -rf "${D}/etc/rc.d"
# strip empty dirs
if ! use doc ; then
rm -r "${ED}"/usr/share/doc/"${PF}"/doc || die
rm -r "${ED}"/usr/share/doc/"${PF}"/{hbac,idmap,nss_idmap,sss_simpleifp}_doc || die
fi
rm -r "${ED}"/run || die
}
multilib_src_test() {
default
multilib_is_native_abi && emake check
}
pkg_postinst() {
elog "You must set up sssd.conf (default installed into /etc/sssd)"
elog "and (optionally) configuration in /etc/pam.d in order to use SSSD"
elog "features. Please see howto in https://docs.pagure.org/SSSD.sssd/design_pages/index.html#implemented-in-1-16-x"
elog "features. Please see howto in https://sssd.io/docs/design_pages/smartcard_authentication_require.html"
}