From 38929f12ff742ac1b81fe08230d539c1d8522529 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kai=20L=C3=BCke?= Date: Mon, 10 Aug 2020 20:33:29 +0200 Subject: [PATCH] sys-auth/sssd: Sync from Gentoo --- .../coreos-overlay/sys-auth/sssd/ChangeLog | 101 ----- .../sys-auth/sssd/ChangeLog-2015 | 353 ------------------ .../coreos-overlay/sys-auth/sssd/Manifest | 31 +- .../coreos-overlay/sys-auth/sssd/files/sssd | 2 +- .../files/sssd-1.14.2-fix-krb5-config.patch | 25 -- .../sssd/files/sssd-curl-macros.patch | 34 ++ .../sssd/files/sssd-fix-CVE-2019-3811.patch | 96 +++++ .../sys-auth/sssd/files/sssd.service | 9 +- .../sys-auth/sssd/files/tmpfiles.d/sssd.conf | 9 - .../coreos-overlay/sys-auth/sssd/metadata.xml | 32 +- .../sys-auth/sssd/sssd-1.16.3-r3.ebuild | 233 ++++++++++++ ...-1.13.1-r7.ebuild => sssd-2.1.0-r1.ebuild} | 103 +++-- .../sys-auth/sssd/sssd-2.2.0-r1.ebuild | 230 ++++++++++++ .../sys-auth/sssd/sssd-2.2.2.ebuild | 230 ++++++++++++ .../sys-auth/sssd/sssd-2.2.3.ebuild | 230 ++++++++++++ 15 files changed, 1149 insertions(+), 569 deletions(-) delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/ChangeLog delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/ChangeLog-2015 delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-1.14.2-fix-krb5-config.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-curl-macros.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/tmpfiles.d/sssd.conf create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-1.16.3-r3.ebuild rename sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/{sssd-1.13.1-r7.ebuild => sssd-2.1.0-r1.ebuild} (64%) create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-2.2.0-r1.ebuild create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-2.2.2.ebuild create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-2.2.3.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/ChangeLog b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/ChangeLog deleted file mode 100644 index 66fb5b2e0c..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/ChangeLog +++ /dev/null @@ -1,101 +0,0 @@ -# ChangeLog for sys-auth/sssd -# Copyright 1999-2016 Gentoo Foundation; Distributed under the GPL v2 -# (auto-generated from git log) - -*sssd-1.13.0 (09 Aug 2015) -*sssd-1.12.5 (09 Aug 2015) -*sssd-1.12.4 (09 Aug 2015) -*sssd-1.12.1 (09 Aug 2015) -*sssd-1.9.7 (09 Aug 2015) -*sssd-1.9.6-r3 (09 Aug 2015) - - 09 Aug 2015; Robin H. Johnson - +files/0001_add_pthread_to_fix_as-needed.patch, - +files/0002_allow_xdm_openrc.patch, +files/0003_new_krb5.patch, - +files/allow_xdm.patch, +files/sssd, +files/sssd-1.13.0-fix-init.patch, - +files/sssd-1.9.6-fix-init.patch, +files/sssd.conf, +files/sssd.service, - +metadata.xml, +sssd-1.9.6-r3.ebuild, +sssd-1.9.7.ebuild, - +sssd-1.12.1.ebuild, +sssd-1.12.4.ebuild, +sssd-1.12.5.ebuild, - +sssd-1.13.0.ebuild: - proj/gentoo: Initial commit - - This commit represents a new era for Gentoo: - Storing the gentoo-x86 tree in Git, as converted from CVS. - - This commit is the start of the NEW history. - Any historical data is intended to be grafted onto this point. - - Creation process: - 1. Take final CVS checkout snapshot - 2. Remove ALL ChangeLog* files - 3. Transform all Manifests to thin - 4. Remove empty Manifests - 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ - 5.1. Do not touch files with -kb/-ko keyword flags. - - Signed-off-by: Robin H. Johnson - X-Thanks: Alec Warner - did the GSoC 2006 migration - tests - X-Thanks: Robin H. Johnson - infra guy, herding this - project - X-Thanks: Nguyen Thai Ngoc Duy - Former Gentoo - developer, wrote Git features for the migration - X-Thanks: Brian Harring - wrote much python to improve - cvs2svn - X-Thanks: Rich Freeman - validation scripts - X-Thanks: Patrick Lauer - Gentoo dev, running new 2014 - work in migration - X-Thanks: Michał Górny - scripts, QA, nagging - X-Thanks: All of other Gentoo developers - many ideas and lots of paint on - the bikeshed - - 24 Aug 2015; Justin Lecher metadata.xml: - Use https by default - - Convert all URLs for sites supporting encrypted connections from http to - https - - Signed-off-by: Justin Lecher - - 24 Aug 2015; Mike Gilbert metadata.xml: - Revert DOCTYPE SYSTEM https changes in metadata.xml - - repoman does not yet accept the https version. - This partially reverts eaaface92ee81f30a6ac66fe7acbcc42c00dc450. - - Bug: https://bugs.gentoo.org/552720 - - 28 Aug 2015; Lars Wendler sssd-1.12.1.ebuild, - sssd-1.12.4.ebuild, sssd-1.12.5.ebuild: - Stick to automake-1.13 (bug #557436) - - Committed on behalf of Markos Chandras (hwoarang) - - Package-Manager: portage-2.2.20.1 - Signed-off-by: Lars Wendler - -*sssd-1.13.1 (04 Nov 2015) - - 04 Nov 2015; Markos Chandras +sssd-1.13.1.ebuild: - Version bump - - Package-Manager: portage-2.2.23 - - 14 Nov 2015; Jeroen Roovers sssd-1.9.6-r3.ebuild, - sssd-1.9.7.ebuild, sssd-1.12.1.ebuild, sssd-1.12.4.ebuild, - sssd-1.12.5.ebuild, sssd-1.13.0.ebuild, sssd-1.13.1.ebuild: - Verbose build. - - Package-Manager: portage-2.2.24 - - 24 Jan 2016; Michał Górny metadata.xml: - Unify quoting in metadata.xml files for machine processing - - Force unified quoting in all metadata.xml files since lxml does not - preserve original use of single and double quotes. Ensuring unified - quoting before the process allows distinguishing the GLEP 67-related - metadata.xml changes from unrelated quoting changes. - - 24 Jan 2016; Michał Górny metadata.xml: - Set appropriate maintainer types in metadata.xml (GLEP 67) - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/ChangeLog-2015 b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/ChangeLog-2015 deleted file mode 100644 index 189f2d897c..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/ChangeLog-2015 +++ /dev/null @@ -1,353 +0,0 @@ -# ChangeLog for sys-auth/sssd -# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-auth/sssd/ChangeLog,v 1.74 2015/07/23 11:48:12 hwoarang Exp $ - - 23 Jul 2015; Markos Chandras sssd-1.13.0.ebuild: - Bring back the python-r1 eclass inclusion - - 22 Jul 2015; Markos Chandras - +files/sssd-1.13.0-fix-init.patch, sssd-1.13.0.ebuild: - Fix python support. Bug #554776. Respect SSSD_OPTIONS in init script. Bug - #553678 - -*sssd-1.13.0 (11 Jul 2015) - - 11 Jul 2015; Markos Chandras +sssd-1.13.0.ebuild: - Version bump - -*sssd-1.12.5 (13 Jun 2015) - - 13 Jun 2015; Markos Chandras +sssd-1.12.5.ebuild: - Version bump - - 18 Apr 2015; Markos Chandras sssd-1.12.4.ebuild: - Restore samba4 magic - - 10 Apr 2015; Anthony G. Basile sssd-1.12.1.ebuild, - sssd-1.12.4.ebuild, sssd-1.9.6-r3.ebuild, sssd-1.9.7.ebuild: - Keyword ~ppc ~ppc64. Bug #540540. - - 06 Mar 2015; Jeroen Roovers sssd-1.12.4.ebuild: - Marked ~hppa (bug #540540). - - 04 Mar 2015; Markos Chandras -sssd-1.12.2-r1.ebuild, - -sssd-1.12.2.ebuild, -sssd-1.12.3.ebuild: - Remove old - - 03 Mar 2015; Markus Meier sssd-1.12.4.ebuild: - add ~arm, bug #540540 - -*sssd-1.12.4 (22 Feb 2015) - - 22 Feb 2015; Markos Chandras +sssd-1.12.4.ebuild: - Version bump. Install with -j1 so we can workaround build system issues - -*sssd-1.12.3 (09 Jan 2015) - - 09 Jan 2015; Markos Chandras +sssd-1.12.3.ebuild: - Version bump - -*sssd-1.9.7 (10 Dec 2014) - - 10 Dec 2014; Markos Chandras +sssd-1.9.7.ebuild: - Version bump for the LTM branch. 1.9.7 is going to be the last one - -*sssd-1.12.2-r1 (20 Nov 2014) - - 20 Nov 2014; Michał Górny +sssd-1.12.2-r1.ebuild: - Enable multilib support, bug #409701. - -*sssd-1.12.2 (15 Nov 2014) - - 15 Nov 2014; Markos Chandras +sssd-1.12.2.ebuild, - -sssd-1.11.6.ebuild, -sssd-1.12.0.ebuild, -sssd-1.8.6-r1.ebuild, - -sssd-1.8.6.ebuild, -sssd-1.9.6-r2.ebuild: - Version bump. Remove some old ebuilds - - 02 Nov 2014; Sven Vermeulen sssd-1.12.1.ebuild: - Remove sec-policy/selinux-* dependency from DEPEND but keep in RDEPEND (bug - #527698) - - 06 Oct 2014; Agostino Sarubbo sssd-1.12.1.ebuild: - Stable for x86, wrt bug #511670 - - 06 Oct 2014; Agostino Sarubbo sssd-1.12.1.ebuild: - Stable for amd64, wrt bug #511670 - -*sssd-1.12.1 (14 Sep 2014) - - 14 Sep 2014; Markos Chandras +sssd-1.12.1.ebuild, - metadata.xml: - Version bump - -*sssd-1.12.0 (12 Jul 2014) - - 12 Jul 2014; Markos Chandras +sssd-1.12.0.ebuild, - metadata.xml: - Version bump - -*sssd-1.11.6 (14 Jun 2014) - - 14 Jun 2014; Markos Chandras +sssd-1.11.6.ebuild: - Version bump. Bug #477190 - - 27 May 2014; Michał Górny sssd-1.9.6-r3.ebuild: - Convert to python-single-r1. - -*sssd-1.9.6-r3 (26 May 2014) - - 26 May 2014; Markos Chandras +sssd-1.9.6-r3.ebuild: - Revbump for multiple fixes. See bug #511530, #499584 and 511528 - - 26 May 2014; Markos Chandras metadata.xml: - Take over maintainership - - 21 May 2014; Markos Chandras -sssd-1.9.4-r3.ebuild, - -sssd-1.9.5-r1.ebuild, -sssd-1.9.6-r1.ebuild: - Clean up old ebuilds per #462496 - -*sssd-1.9.6-r2 (10 Apr 2014) - - 10 Apr 2014; Markos Chandras +sssd-1.9.6-r2.ebuild, - +files/sssd.service: - Add systemd unit file based on upstream - https://git.fedorahosted.org/cgit/sssd.git/tree/src/sysv/systemd/sssd.service - .in one - - 07 Dec 2013; Markos Chandras - files/sssd-1.9.6-fix-init.patch: - Add upstream commit references for the init script improvements - - 02 Dec 2013; Markos Chandras sssd-1.9.6-r1.ebuild, - files/sssd-1.9.6-fix-init.patch: - Use sbindir instead of exec_prefix. No functional changes - -*sssd-1.9.6-r1 (02 Dec 2013) - - 02 Dec 2013; Markos Chandras sssd-1.9.6-r1.ebuild, - files/sssd-1.9.6-fix-init.patch: - More fixes in init script - - -*sssd-1.9.6 (01 Dec 2013) - - 01 Dec 2013; Markos Chandras - +files/sssd-1.9.6-fix-init.patch, +sssd-1.9.6.ebuild: - Version bump. Remove nscd dependency from the init script. Bug #491608 - - 27 Oct 2013; Michał Górny sssd-1.8.6-r1.ebuild, - sssd-1.8.6.ebuild, sssd-1.9.4-r3.ebuild, sssd-1.9.5-r1.ebuild: - Replace calls to deprecated remove_libtool_files (and prune_libtool_files) - with AUTOTOOLS_PRUNE_LIBTOOL_FILES var. - - 03 Jul 2013; Markos Chandras metadata.xml, - sssd-1.9.5-r1.ebuild: - Allow ldb versions higher than 1.1.15-r1 - -*sssd-1.9.5-r1 (03 Jul 2013) -*sssd-1.9.4-r3 (03 Jul 2013) - - 03 Jul 2013; Markos Chandras +sssd-1.9.4-r3.ebuild, - +sssd-1.9.5-r1.ebuild, -sssd-1.9.4-r1.ebuild, -sssd-1.9.4-r2.ebuild, - -sssd-1.9.4.ebuild, -sssd-1.9.5.ebuild, metadata.xml, sssd-1.8.6-r1.ebuild, - sssd-1.8.6.ebuild: - Revbump to fix sys-libs/ldb dependencies and runtime problems against sys- - libs/ldb-1.1.15-r1. Remove old versions - -*sssd-1.9.5 (21 May 2013) - - 21 May 2013; Markos Chandras +sssd-1.9.5.ebuild: - Version bump. Bug #470728 - - 12 May 2013; Patrick Lauer metadata.xml: - Drop obsolete use flags from metadata.xml - - 12 Apr 2013; Maxim Koltsov +files/0003_new_krb5.patch, - -files/new_krb5.patch, files/allow_xdm.patch: - Fix new_krb5 patch file name to match 0*.patch glob in ebuilds, thanks to - Night Nord. - - 05 Apr 2013; Maxim Koltsov +files/new_krb5.patch: - Fix build with mit-krb5-1.11.1, bug #463812. Thanks to slepnoga and Andrian - Nord. - -*sssd-1.9.4-r2 (05 Apr 2013) -*sssd-1.8.6-r1 (05 Apr 2013) - - 05 Apr 2013; Maxim Koltsov +sssd-1.8.6-r1.ebuild, - +sssd-1.9.4-r2.ebuild: - Fix glibc[nscd] dependency, bug #463832. Thanks to slepnoga. - - 17 Mar 2013; Markos Chandras metadata.xml: - Add proxy-maintainers to metadata.xml - -*sssd-1.9.4-r1 (20 Feb 2013) - - 20 Feb 2013; Maxim Koltsov +sssd-1.9.4-r1.ebuild: - Remove samba-4 dep until it's unmasked. - - 31 Jan 2013; Agostino Sarubbo -sssd-1.8.1-r1.ebuild, - -sssd-1.8.2.ebuild, -sssd-1.8.4.ebuild, -sssd-1.8.5.ebuild, - -sssd-1.9.2.ebuild: - Remove old - - 31 Jan 2013; Agostino Sarubbo sssd-1.8.6.ebuild: - Stable for x86, wrt bug #453808 - - 31 Jan 2013; Agostino Sarubbo sssd-1.8.6.ebuild: - Stable for amd64, wrt bug #453808 - -*sssd-1.8.6 (31 Jan 2013) -*sssd-1.9.4 (31 Jan 2013) - - 31 Jan 2013; Maxim Koltsov +sssd-1.8.6.ebuild, - +sssd-1.9.4.ebuild, -sssd-1.9.3.ebuild: - Bump to 1.9.4 and 1.8.6, clean vulnerable 1.9.x versions, fixes security bug - 453808 - - 06 Jan 2013; Maxim Koltsov sssd-1.9.3.ebuild: - Change 1.9.3 depends to make it build, bug #450226. Thanks to slepnoga. - -*sssd-1.9.3 (02 Jan 2013) - - 02 Jan 2013; Maxim Koltsov +sssd-1.9.3.ebuild: - Bump to 1.9.3, thanks to slepnoga - - 04 Dec 2012; Maxim Koltsov sssd-1.9.2.ebuild: - Fix bug #445478, thanks to Reto Gantenbein - - 21 Nov 2012; Agostino Sarubbo sssd-1.8.4.ebuild: - Stable for x86, wrt bug #434352 - -*sssd-1.9.2 (17 Oct 2012) - - 17 Oct 2012; Maxim Koltsov - +files/0001_add_pthread_to_fix_as-needed.patch, - +files/0002_allow_xdm_openrc.patch, +sssd-1.9.2.ebuild, metadata.xml: - Bump to 1.9.2, thanks to slepnoga - -*sssd-1.8.5 (14 Oct 2012) - - 14 Oct 2012; Sergey Popov +sssd-1.8.5.ebuild: - Version bump - - 09 Sep 2012; Agostino Sarubbo sssd-1.8.4.ebuild: - Stable for amd64, wrt bug #434352 - - 03 Aug 2012; Andreas Schuerch sssd-1.8.1-r1.ebuild: - x86 stable, see bug 413977. Thanks Myckel - - 27 Jun 2012; Alexander Vershilov Manifest: - fixing metadata (due #423701) asked by slepnoga - -*sssd-1.8.4 (21 Jun 2012) - - 21 Jun 2012; Maxim Koltsov +sssd-1.8.4.ebuild: - Bump to 1.8.4, thanks to slepnoga - - 02 Jun 2012; Maxim Koltsov -sssd-1.6.4-r1.ebuild, - -sssd-1.6.4.ebuild: - Remove old 1.6.4 - - 05 May 2012; Markos Chandras sssd-1.8.1-r1.ebuild: - Stable on amd64 wrt bug #413977 - -*sssd-1.8.2 (14 Apr 2012) - - 14 Apr 2012; Maxim Koltsov +sssd-1.8.2.ebuild, - -sssd-1.8.1.ebuild: - Bump to 1.8.2, thanks to slepnoga - -*sssd-1.6.4-r1 (08 Apr 2012) -*sssd-1.8.1-r1 (08 Apr 2012) - - 08 Apr 2012; Maxim Koltsov +sssd-1.6.4-r1.ebuild, - +sssd-1.8.1-r1.ebuild, -sssd-1.7.0.ebuild, -sssd-1.8.0.ebuild, - sssd-1.6.4.ebuild: - Cleanup old versions, revision-bump the rest adding selinux policy dependency. - Thanks to slepnoga - -*sssd-1.8.1 (16 Mar 2012) - - 16 Mar 2012; Maxim Koltsov +sssd-1.8.1.ebuild: - Bump to 1.8.1, thanks to slepnoga - - 05 Mar 2012; Maxim Koltsov sssd-1.6.4.ebuild, - sssd-1.7.0.ebuild, sssd-1.8.0.ebuild: - Block ~net-nds/openldap-2.4.28, bug #405343. Thanks to slepnoga - -*sssd-1.8.0 (02 Mar 2012) - - 02 Mar 2012; Maxim Koltsov +sssd-1.8.0.ebuild: - Bump to 1.8.0, drop libunistring depend, make logrotate installation - unconditional. Thanks to slepnoga - - 02 Mar 2012; Agostino Sarubbo sssd-1.6.4.ebuild: - Stable for amd64, wrt bug #406291 - -*sssd-1.7.0 (24 Feb 2012) - - 24 Feb 2012; Maxim Koltsov +sssd-1.7.0.ebuild, - -sssd-1.6.1-r2.ebuild, -sssd-1.6.2.ebuild: - Bump to 1.7.0, remove old versions. Thanks to slepnoga - - 04 Feb 2012; Maxim Koltsov metadata.xml: - Fix maintainer's email in metadata - -*sssd-1.6.4 (19 Dec 2011) - - 19 Dec 2011; Maxim Koltsov +sssd-1.6.4.ebuild, - metadata.xml: - Bump to 1.6.4 and EAPI 4, thanks so slepnoga. Bug 394699 - -*sssd-1.6.2 (28 Oct 2011) - - 28 Oct 2011; Maxim Koltsov -sssd-1.6.1-r1.ebuild, - +sssd-1.6.2.ebuild: - Bump to 1.6.2, bug #388787. Removed obsolete 1.6.1-r1 - -*sssd-1.6.1-r2 (23 Oct 2011) - - 23 Oct 2011; Maxim Koltsov +sssd-1.6.1-r2.ebuild, - +files/sssd, +files/sssd.conf: - Fix depends in init script, bug 385157 - - 17 Sep 2011; Maxim Koltsov -sssd-1.6.1.ebuild, - sssd-1.6.1-r1.ebuild: - Drop static-libs use flag, finish work on #382703. Thanks to Andreis - Vinogradovs - -*sssd-1.6.1-r1 (16 Sep 2011) - - 16 Sep 2011; Maxim Koltsov -sssd-1.5.13.ebuild, - +sssd-1.6.1-r1.ebuild: - (ChangeLog by Andreis Vinogradovs ) - Fix #382703 - remove useless .la files; - Thanks Samuli Suominen for report - - 31 Aug 2011; Maxim Koltsov +files/allow_xdm.patch: - Add forgotten patch - -*sssd-1.6.1 (31 Aug 2011) -*sssd-1.5.13 (31 Aug 2011) - - 31 Aug 2011; Maxim Koltsov -sssd-1.5.12-r1.ebuild, - +sssd-1.5.13.ebuild, +sssd-1.6.1.ebuild: - Bumped to 1.5.13 and 1.6.1, removed old 1.5.12-r1 - - 20 Aug 2011; Maxim Koltsov sssd-1.5.12-r1.ebuild: - Fix LDB path again - -*sssd-1.5.12-r1 (20 Aug 2011) - - 20 Aug 2011; Maxim Koltsov +sssd-1.5.12-r1.ebuild, - -sssd-1.5.12.ebuild: - Revision bump: fixed LDB library path and .la files, thanks to slepnoga. Old - revision dropped cause it can't work due to wrong LDB search path. - -*sssd-1.5.12 (14 Aug 2011) - - 14 Aug 2011; Maxim Koltsov +sssd-1.5.12.ebuild, +metadata.xml: - Add sssd-1.5.12, 1.6.0 is not yet considered ready by ebuild author. Thanks - to - slepnoga, bug #321875 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/Manifest index 6160bb5165..f45db817a6 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/Manifest @@ -1,26 +1,5 @@ -AUX 0001_add_pthread_to_fix_as-needed.patch 744 SHA256 3d9f822d93555393c19fc9bdbface08092e78e640dd939424700f6403f11ac1f SHA512 fee020fa5f1ef22065c91e93178d99e3a451769cc5fb1ebdceef446a9bea5547727189c65310de2fe68a12f975eb1980af7a5b737882c0c6cdd5129b76659f82 WHIRLPOOL dac4c364fe617d23f0f66675bf98e8dd33c378709c997783df52007e33a89ba871e9f455a705da09e4d213c34707fed864fa5c46c8260c81e83db809a0c7f895 -AUX 0002_allow_xdm_openrc.patch 472 SHA256 9d0462096d7eb03489dbb4f5920c767828068cc87d2e41c75c37631f95850368 SHA512 c728b3619746902584d2f75ef57829a249c964139a24bd012530399ce3fb478fd2236efaa6c5313dd8132ea46ecb9a8c899f7a10c5b063da2a03ba9f9ba2650f WHIRLPOOL 93d4fdd206602833104f43eae576fc22bee4975e3ba116dd4caff1067a0394c230726d70d8e74d90288c984b46c3f9d26856bb2ee663dd63ace425ce6acc4d71 -AUX 0003_new_krb5.patch 1702 SHA256 5ad16a7c733824dea87dc0df4ac8b1e9ec3edbd94093856bf379875dbbef4602 SHA512 a55285885d076250890765f25b3c2af5e28649de7efcc275d12ba751784182dccdab76b0f72f5e68863581b588cd4ddd615a218ebdd47be4317983f4c919fc9a WHIRLPOOL 55590c98ef738179e4ec0b4f3791d3fe38c7074173569408f32e102df38e1b86f29b729b85b791fd5661fff69f81c72d86402474eee5669fa079a090311fe47b -AUX allow_xdm.patch 472 SHA256 9d0462096d7eb03489dbb4f5920c767828068cc87d2e41c75c37631f95850368 SHA512 c728b3619746902584d2f75ef57829a249c964139a24bd012530399ce3fb478fd2236efaa6c5313dd8132ea46ecb9a8c899f7a10c5b063da2a03ba9f9ba2650f WHIRLPOOL 93d4fdd206602833104f43eae576fc22bee4975e3ba116dd4caff1067a0394c230726d70d8e74d90288c984b46c3f9d26856bb2ee663dd63ace425ce6acc4d71 -AUX sssd 488 SHA256 464f6ecb559cbe14dcd1974837aeab338f4ce38686cc464bcddf1db28839caa5 SHA512 274473cf69e62f405c2af2ea94e9964f579140c47623f4d7712f33c9e34525fda6b77c8fe8d180e8b45905ad6c4d581f9ae4f173aafa0660e48f61da0069e65d WHIRLPOOL ceb70b5c0bf11f6620f0c31fab6c7f4fe5c7ff84fc07aa4f63a6a73be05f0bca62d1f9ab0d422ec0c97939569ec3a6ca7ed63b13ede84f6e39c4ac3c12cc0ba4 -AUX sssd-1.13.0-fix-init.patch 814 SHA256 edb1d019c8642794700f25a7f6b4adf06748d00a5def81c535415828498c9024 SHA512 6e25c091789fe31ca515de85510a473189b4007c9ad180f20e6c372ea4a78a64f1c881fbf36ac4c648897dcef3d61586bb4d66b7256c7bba3bca83d11f83ecc8 WHIRLPOOL 07cdc90f2c66b22856fee3f46969bc65a4fe2e7e55fe0a617c5d094c1745122bea1692dda5c67d7e74aad66890181653186dbc08e068330aed66f911745f726e -AUX sssd-1.9.6-fix-init.patch 1020 SHA256 d9c1044ed9fca08cc4c104622aea56faa182465f5ce82796963636915de41ab9 SHA512 7718f990265fb1d4a717b3ca3863279b3351625438acea4bb3325ee3db7cdfef332290042856019badf22c1de604095686521c733fb0c725f2eaef0df61e5100 WHIRLPOOL 602bf7f3a4747b28d6af97284edaeadee82b9c1b28239a388b17166c5a0ea8b6b99842b4f3921ea94c40889987dcb3fee782435ce82eef3a0070a6655789f9d3 -AUX sssd.conf 124 SHA256 bc5154f0ee2c2e6cffd5b6e371d4302a5952bd04343dd4c56689f43821a5fb94 SHA512 f16908c44b213edbf6b0c6e8d49df92e8c06fc623279037074fe51e49b8aca7dc18f5ed83f71909fc8209df80dfc150583edb1687f88e61588bdf9d1fbf6ed5a WHIRLPOOL 37151473420598bd24d90ef1975ba83c5e9f5301a459b8d73d5df540d5b67686494b9f826b8e985b42765c65861d5f82b6ef705ebe577e68bbf57a893a24f32b -AUX sssd.service 341 SHA256 633a4824ba95524a0d9cf8b42cd1a5dc3f9b40f6aeda9ffc60d56edf72b2015e SHA512 99510d11f390722f56bc164059033fc40299dd4ea29f98cd5f08b2648f31b2e70afeb6b2d90f919bde595546c80b4e6941cf6f48130661ead09c0576043e4cf5 WHIRLPOOL 57963f1251e8f24d2ca67b1c71108171c468077e8ace27347d22e21ce854ab339a4131741397fa39607d8b10621c8fc33420a14bef1fdbd236442ad733299182 -DIST sssd-1.12.1.tar.gz 4088341 SHA256 18b2d7e93e77435708feaf3ff65656f89e5a531ae6d48c4bff98168f171ba8ff SHA512 9514586eb51ac7e8d9639f2aba52cfd5cf71c442ee0a6c652e7838a96cf0fcb62ce4ffa9f9b956d984cd5ecfb3d13b8c21a66677e1e3e9e76f13202792ee2a7e WHIRLPOOL 73b34d373b3b557dc1a075eef94c69ff12051ffef04cd607e81bd84366ca233b67a1b815b02f6aa80d14fbc0453cbe301cdee75e4cc1e218aef8160b2a875e8e -DIST sssd-1.12.4.tar.gz 4226841 SHA256 ea3be3a40b20284bd3126481dd0747cd07e39d5ef7ef7026d4902d96fc3e9edf SHA512 817141378d4c535ee1018c4246c77a61b963ab10c026e6983e1be90860fa68698dd60cd27ab7ac77da096057f8c71cba90387cf3329e9d43e98a23163f8bb233 WHIRLPOOL 7ee273fcb2e2311f9239face618be1d2eb88c4b6df177ce61854e3465fe6e484753b55a7e864f3b6e4beb2ebea43ae348a06d3ea29eb2560a2ebe3c8a8d0ffed -DIST sssd-1.12.5.tar.gz 4300869 SHA256 243d8db7c72ecb21aa9db8a09fe9f9b10049dbdb35a1cc2f55e214f21e3ce256 SHA512 573947c58dc53b92b6b60390375a70f3842e0bfd22c696e60dd84b8dd671bc508f30f3a0952135b0c6a1e555d43493f59ce60f780a5130696cada06cc467fa6c WHIRLPOOL 6614d32f0808b97e55b33f996e12207b4960b6f694a7321235e26b7760aa84acad7dd68c2019857ce08d32585f9157e28d2a4be6f944f1eeaaf2f6b84c807638 -DIST sssd-1.13.0.tar.gz 4417697 SHA256 bd1dd95165bca02a08fbd0ea8ac6aa296bc339798d6c6566aee823c536718a5a SHA512 c11303557180d6491933f5732ed831d1725d33e7444d92d5a20ba24a35d77845711d8427d869fe526fbdea482944269469f5bbbb779e3006998fbe09403ebf7f WHIRLPOOL 0ef934e4e22d1c5a8d1e5f649de29e162717e421a341839cecc9ac089d022a30f843463966dc572619b959fd4e850d651bf372e2d511dba24994f790f1006a55 -DIST sssd-1.13.1.tar.gz 4517171 SHA256 ff6425d455a5cae2359e32c8627832e67b5cc0bbec4081a16d926b6e1b431ae7 SHA512 93d7f9230e6464c3346abad374e7b4a17a148a5d6e37736a4d1aaf9c99dce6065e0b1eed329c8de997c7cf902728077dd31ec4920a8d192fc67cc27f16723346 WHIRLPOOL 1b169a5ada95968508314e0f5f466a3c5655839e106a875ecf0f6001aaafe1c2228a6e79c10d9d23392fa54c375f5514c2f2d52b414d57b089de521b3f3cac77 -DIST sssd-1.9.6.tar.gz 3180066 SHA256 ca96e8d98eb4113396b13d9601dbdd20f4b2f2613d0f29a0157ffd05e3748601 SHA512 32d6056db1a17fe348f0b932d4242ce3b3dc615d4d93ebf580f5f9a3e16985324d9955e092803cf9a2bf35724feab0450737f516e9ce003f6812a0debf54ba15 WHIRLPOOL e496d63a042b39dd5d269a7d24b9a535c73a47741a4429e78e2a9d1282515747a83251338d6c94d75b2de06a415bfed18f7223864b1b4e9a824a25d41afa6a59 -DIST sssd-1.9.7.tar.gz 3485351 SHA256 ed2b7e9835143404cbc0e3e105607b7c554f568e4af024b5db0f10ca4f809c7e SHA512 1c73078f2127c1359c13601900e39dcb7527c5ca1346dfbb2fdcf07d98d3542f7b79aed8acc9dd289ab1a679f0b5477e08a9f1d58da4847ada53bdb4f3f606e2 WHIRLPOOL 691164b8edbcdc5acba024a00ead18e1769175cf6f9c3e49f065d31c84b55b315e569fbf04a841c9cd67ce76531f26875a97e0c553b462aecee29aa9428493be -EBUILD sssd-1.12.1.ebuild 3438 SHA256 a742120dbf88db2387731323dcd45798767342e2cd19ba27c10d22a7d819be0f SHA512 8aab2f9912a4959645d1ed0fa68c25a4bf5483e33edf9218a81b5f92a568e0094952fb6dc82459daf7d825bea6c3154d562362b83d55a53a18664f4d0c39198b WHIRLPOOL a0dddadf7983e466b9d47edeb11d38e15dc70a113451a1456c7e8402ef9c50b1aed3c8cf5f6ffa4cf9e0819440a903a30137d1746cc33441bb6ff17d8ed0fc98 -EBUILD sssd-1.12.4.ebuild 5287 SHA256 d24f2ec4cbc28719fd98e5f7cd230ca4ff959a91f9a7b33fd92a367d6add8dbb SHA512 6a99828a719f7c5224e21d10b818c5076a0707e32ce25c712c253e02aba3611b862d7de8fc174822a7164f3add15399ae8c1838a05a38d3fbb70c8c424fd3b03 WHIRLPOOL d36de690c78e802fe90874dc6e9ee8cd652f6cd139a43c65347531b556b349e9f2bce548b7c4fecca14c464fa644f141dd66d4f87b3f6408c82beae63ed74630 -EBUILD sssd-1.12.5.ebuild 5287 SHA256 d24f2ec4cbc28719fd98e5f7cd230ca4ff959a91f9a7b33fd92a367d6add8dbb SHA512 6a99828a719f7c5224e21d10b818c5076a0707e32ce25c712c253e02aba3611b862d7de8fc174822a7164f3add15399ae8c1838a05a38d3fbb70c8c424fd3b03 WHIRLPOOL d36de690c78e802fe90874dc6e9ee8cd652f6cd139a43c65347531b556b349e9f2bce548b7c4fecca14c464fa644f141dd66d4f87b3f6408c82beae63ed74630 -EBUILD sssd-1.13.0.ebuild 5494 SHA256 0a3e02ddf9301319cc165a034b3e45bd57a43a7ef392d167377594b639d93bc5 SHA512 864d970f8cf72043167e8a9c6643582906e1286256d657ea249a126cb95a5b66c9dc001e636b5f93b97793cf1939425d19b97dd4a69c6712eeac7f450c2799a4 WHIRLPOOL c809a59252a3204b6274e96cad87e65c790dcb7ee5081d234dfc71a054dc7173c62892a82b89d46f3e74242d1aa2ef59ecd913f433f44d000fdac29438245bde -EBUILD sssd-1.13.1.ebuild 5436 SHA256 d960862b23ef0efd44c5bb9f44286fa73cac1e18523420ed2c09a3bfa65d45bc SHA512 baa89853f0b5813f0cb599f077808c9bf66acdd285e36c4dc002c98995009a41118fcdcf0f70d79df02eb01c2ccf7bcb3d61b0e950b99b212642ae66900e7820 WHIRLPOOL 3f0f3e8c7d840e1e27cacde6992ff70cf75bdb52b72e1867c3b296ddf90c8cc3c233087e018b422ac1543418de90e212277678e0b7105a317d2d809050cd4918 -EBUILD sssd-1.9.6-r3.ebuild 3118 SHA256 4d5583207b3bf13db0bfc654439ab76afb95603c402532c37363ecd9464adf56 SHA512 52e897cb939780d505e2ce3e72f6160642253db550124f568f376613564d2719a6e41debc0468e2dc55d83d2a4be0135d0fa3bf677b01e4e3fd37e04160d1ff3 WHIRLPOOL 1a7ba4dbeac0ac399fbf6199672108ae4dc3befb5dddca2b73147e38d7dd9f4710ad7ae84181052b048a37144618431e8d142e11a25b82c0c9da174a2464d976 -EBUILD sssd-1.9.7.ebuild 3133 SHA256 7f4e1bba3508a4a4585f130a2ccda8ed8cccc53427fd275d80602d9e642a6015 SHA512 0bbb8bb8e31843f0baddd466345f2849d8f9b2aaef88d947263f3ee50e07b948cc4553951d3a93d3368a1b6d667ff7e995429854bc5efb953b7cee6cc4875fb8 WHIRLPOOL 99c71b4e5b4b94ad058a0f613139f9eee18fd811e25a9a31f945a9d8f0337296ec4fc8d3d8a1f7b47a5902fc17248259079d2e4551d0ea4ba7bc8ea195056a8d -MISC ChangeLog 3773 SHA256 b4f6a0f45702526e37c23d3a5f90fd3a7b0a23f8d0d262a26450272604ff4447 SHA512 58721f69badc3a7880caee75e807c0e3e1ea757b4c1a381e252d4fb872bf0e081f150e7c96bc37b3e455d8607f5f418693ccd624b376dfd1719cd771cba5f756 WHIRLPOOL a10e5be4fc054656cd301d4d372f57886aff5bfca3a330d7837c7a8ecaca99f04fc2a86664415211347ec38a098d1921df3ef1119a873a40eca81fa7afe194dc -MISC ChangeLog-2015 11963 SHA256 154e1613682ee02aa2e786fe88b8d2de96f2a16ee7e88fe253e426d5980f1c44 SHA512 062523e93acd6935c90c3edd1da99310460582a3d4c8ceb0976cb087f2c8d108d485d866d21fd2d6a354b6d0e692f1618647307409f71cac93b9e71a655f010d WHIRLPOOL ce0a1ca173c71a004b3eb4d93d18dda3d239cfae49e18e2a8a49f998918366f5bc1e0e30373bced0685aede13131497db7c6dd8c581519428feea267b00b7f69 -MISC metadata.xml 1037 SHA256 9509811fba6f4021d94d02b3e3e1da972bfbc05f6c3ca9c23842a7f4f729d9d3 SHA512 1269a811a3891fa298387667d321da5b8cc67440b4d69865c80ce0ac72a12a05eec6734e3ffeef8f4b7316dbd419a6eed98844ff120d5c3752d6ca0918401731 WHIRLPOOL 84e4351e84a229942a4ad3d7e6cdc2894989455a4bd9ad57983ebe13f65e2bf2d493fd5c9015125238685a65e3e3d57d1899a457e98acf1a12cb59a1899109d3 +DIST sssd-1.16.3.tar.gz 6217114 BLAKE2B eefaf8de466d0d76e9a4b60aefef6eb63c17a55b9a1f2e07e973a61d71cbe5432e92357656a1eb353d45bbc2fa92290cef45898d0b315d4a4c4074652ff25a23 SHA512 6165923f652f624bbe3ddc625ae682c4867eb7a20652d0cf74bbb8dda2307c917d3189ede26fd21a4fb5fd5926149271a65fa09f3affe928029ed99e6422b728 +DIST sssd-2.1.0.tar.gz 6463331 BLAKE2B 9226370dc384c58841d944bdf9b067d953bf138ee7a289f01a4b8bb5d09beee3b9f21609989123d8f4f9fc13237670d61e32dcb194555ddc6785c598ce78d08c SHA512 12a7e5b89d462350af3c43e15b24a437dd985ac4a2e419d5e52cc0d05c6eacb9319d39b23681595ef860120cd1ae6e5fb265054afeddcb05d3d5f5de5d6ffa63 +DIST sssd-2.2.0.tar.gz 6642715 BLAKE2B e6c16ca69effe59769fc166c02203faee445ebe2bf551c6a1460bdee2474ccbce1a38b3aa59b1ae4a79bb170696a784b800a9299025bf6a58bc9aeb94b946338 SHA512 9ebd8784e1f0c72cb808bbc153c0b0aa9bf507938f78336a260073a89b49350dc2c6172653509738ea7a50bb9da596725e1d6c92f99c7a03308aa42f6378dbbb +DIST sssd-2.2.2.tar.gz 6767578 BLAKE2B e0eedaf1da1de953903730c96479af0709ee14dd83eca82a11316dc96c29573b5f3de5965f386d5c12a69e7d98b6168c9d197bbd46ac51f0122feababe52dfe1 SHA512 4cce8fdbcc05d1469dad5ba987cb0f9bc33702b37f85e8e248975461bb50b0740fec92ff213bdb640b506405be7ead936ff253ab02d4a27205ddf20cc0e54801 +DIST sssd-2.2.3.tar.gz 6894302 BLAKE2B b72443ebd4f50581a0d9d2b7cf691fdda0dfe3cfb2ed82c383595aeca8d6198c7f44f1c49e56bdfeac23f9151897ac2df70d1afbbeceb2231daee71492884420 SHA512 b61d52a53e26e8efa9cb799fc6efc2314bf9d174d3cacfe591a4ca77530637591eacc0dc70c0555252e04a9617e8b134b1ab2d9b0f7351b4228e7b61499e6a10 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd index dbf7850227..c79b79ac1e 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright 1999-2011 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-1.14.2-fix-krb5-config.patch b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-1.14.2-fix-krb5-config.patch deleted file mode 100644 index 20c57209a3..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-1.14.2-fix-krb5-config.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 79c0ed5d08fdcc093baef155a118829caf4af63b Mon Sep 17 00:00:00 2001 -From: David Michael -Date: Wed, 14 Dec 2016 15:08:28 -0800 -Subject: [PATCH] BUILD: Find a host-prefixed krb5-config when cross-compiling - ---- - src/external/krb5.m4 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/external/krb5.m4 b/src/external/krb5.m4 -index 8fc9096..b844c2f 100644 ---- a/src/external/krb5.m4 -+++ b/src/external/krb5.m4 -@@ -9,7 +9,7 @@ if test x$KRB5_CFLAGS != x; then - KRB5_PASSED_CFLAGS=$KRB5_CFLAGS - fi - --AC_PATH_PROG(KRB5_CONFIG, krb5-config) -+AC_PATH_TOOL(KRB5_CONFIG, krb5-config) - AC_MSG_CHECKING(for working krb5-config) - if test -x "$KRB5_CONFIG"; then - KRB5_CFLAGS="`$KRB5_CONFIG --cflags`" --- -2.7.4 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-curl-macros.patch b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-curl-macros.patch new file mode 100644 index 0000000000..91e71e8378 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-curl-macros.patch @@ -0,0 +1,34 @@ +From d3cdf9cbfbace4874c6e5c96f1e5ef5b342c813e Mon Sep 17 00:00:00 2001 +From: Mikle Kolyada +Date: Sun, 16 Dec 2018 20:42:39 +0300 +Subject: [PATCH] tev_curl.c: remove case duplication + +CURLE_SSL_CACERT and CURLE_PEER_FAILED_VERIFICATION macros are provided +by net-misc/curl-7.62.0 and older +--- + tev_curl.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/tev_curl.c b/tev_curl.c +index 6a7a580..ce6fdba 100644 +--- a/src/util/tev_curl.c ++++ b/src/util/tev_curl.c +@@ -97,7 +97,6 @@ static errno_t curl_code2errno(CURLcode crv) + return ETIMEDOUT; + case CURLE_SSL_ISSUER_ERROR: + case CURLE_SSL_CACERT_BADFILE: +- case CURLE_SSL_CACERT: + case CURLE_SSL_CERTPROBLEM: + return ERR_INVALID_CERT; + +@@ -110,8 +109,6 @@ static errno_t curl_code2errno(CURLcode crv) + case CURLE_SSL_ENGINE_NOTFOUND: + case CURLE_SSL_CONNECT_ERROR: + return ERR_SSL_FAILURE; +- case CURLE_PEER_FAILED_VERIFICATION: +- return ERR_UNABLE_TO_VERIFY_PEER; + case CURLE_COULDNT_RESOLVE_HOST: + return ERR_UNABLE_TO_RESOLVE_HOST; + default: +-- +2.19.2 \ No newline at end of file diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch new file mode 100644 index 0000000000..87db45fd24 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch @@ -0,0 +1,96 @@ +From 28792523a01a7d21bcc8931794164f253e691a68 Mon Sep 17 00:00:00 2001 +From: Tomas Halman +Date: Mon, 3 Dec 2018 14:11:31 +0100 +Subject: [PATCH] nss: sssd returns '/' for emtpy home directories + +For empty home directory in passwd file sssd returns "/". Sssd +should respect system behaviour and return the same as nsswitch +"files" module - return empty string. + +Resolves: +https://pagure.io/SSSD/sssd/issue/3901 + +Reviewed-by: Simo Sorce +Reviewed-by: Jakub Hrozek +(cherry picked from commit 90f32399b4100ce39cf665649fde82d215e5eb49) +--- + src/confdb/confdb.c | 9 +++++++++ + src/man/include/ad_modified_defaults.xml | 19 +++++++++++++++++++ + src/responder/nss/nss_protocol_pwent.c | 2 +- + src/tests/intg/test_files_provider.py | 2 +- + 4 files changed, 30 insertions(+), 2 deletions(-) + +diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c +index a3eb9c66d9..17bb4f8274 100644 +--- a/src/confdb/confdb.c ++++ b/src/confdb/confdb.c +@@ -1301,6 +1301,15 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, + ret = ENOMEM; + goto done; + } ++ } else { ++ if (strcasecmp(domain->provider, "ad") == 0) { ++ /* ad provider default */ ++ domain->fallback_homedir = talloc_strdup(domain, "/home/%d/%u"); ++ if (!domain->fallback_homedir) { ++ ret = ENOMEM; ++ goto done; ++ } ++ } + } + + tmp = ldb_msg_find_attr_as_string(res->msgs[0], +diff --git a/src/man/include/ad_modified_defaults.xml b/src/man/include/ad_modified_defaults.xml +index 818a2bf787..425b7e8ee0 100644 +--- a/src/man/include/ad_modified_defaults.xml ++++ b/src/man/include/ad_modified_defaults.xml +@@ -76,4 +76,23 @@ + + + ++ ++ NSS configuration ++ ++ ++ ++ fallback_homedir = /home/%d/%u ++ ++ ++ The AD provider automatically sets ++ "fallback_homedir = /home/%d/%u" to provide personal ++ home directories for users without the homeDirectory ++ attribute. If your AD Domain is properly ++ populated with Posix attributes, and you want to avoid ++ this fallback behavior, you can explicitly ++ set "fallback_homedir = %o". ++ ++ ++ ++ + +diff --git a/src/responder/nss/nss_protocol_pwent.c b/src/responder/nss/nss_protocol_pwent.c +index af9e74fc86..86fa4ec465 100644 +--- a/src/responder/nss/nss_protocol_pwent.c ++++ b/src/responder/nss/nss_protocol_pwent.c +@@ -118,7 +118,7 @@ nss_get_homedir(TALLOC_CTX *mem_ctx, + + homedir = nss_get_homedir_override(mem_ctx, msg, nss_ctx, domain, &hd_ctx); + if (homedir == NULL) { +- return "/"; ++ return ""; + } + + return homedir; +diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py +index ead1cc4c34..4761f1bd15 100644 +--- a/src/tests/intg/test_files_provider.py ++++ b/src/tests/intg/test_files_provider.py +@@ -678,7 +678,7 @@ def test_user_no_dir(setup_pw_with_canary, files_domain_only): + Test that resolving a user without a homedir defined works and returns + a fallback value + """ +- check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', '/')) ++ check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', '')) + + + def test_user_no_gecos(setup_pw_with_canary, files_domain_only): diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd.service b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd.service index a6afb4682c..1821089a60 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd.service +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd.service @@ -1,10 +1,15 @@ [Unit] Description=System Security Services Daemon -After=nscd.service +# SSSD will not be started until syslog is +After=syslog.target [Service] -ExecStart=/usr/sbin/sssd -i +ExecStart=/usr/sbin/sssd -D -f +# These two should be used with traditional UNIX forking daemons +# consult systemd.service(5) for more details +Type=forking PIDFile=/run/sssd.pid [Install] WantedBy=multi-user.target + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/tmpfiles.d/sssd.conf b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/tmpfiles.d/sssd.conf deleted file mode 100644 index 1347b5c621..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/tmpfiles.d/sssd.conf +++ /dev/null @@ -1,9 +0,0 @@ -d /etc/sssd 0700 root root - - -C /etc/sssd/sssd.conf 0600 root root - /usr/share/sssd/sssd-example.conf -d /var/lib/sss - root root - - -d /var/lib/sss/db 0700 root root - - -d /var/lib/sss/mc 0700 root root - - -d /var/lib/sss/pipes - root root - - -d /var/lib/sss/pipes/private 0700 root root - - -d /var/lib/sss/pubconf 0700 root root - - -d /var/lib/sss/pubconf/krb5.include.d 0700 root root - - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/metadata.xml b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/metadata.xml index 7c6b99de06..5b5f4a6f7a 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/metadata.xml @@ -1,19 +1,21 @@ - - hwoarang@gentoo.org - Markos Chandras - - - Build and use the cifsidmap plugin - Build internal configuration library - Install sssd's Kerberos plugin - Add support for netlink protocol via dev-libs/libnl - Add support for the nfsv4 idmapd plugin provided by net-libs/libnfsidmap - Build man pages with dev-libs/libxslt - Build helper to let net-fs/autofs use sssd provided information - Build helper to let net-misc/openssh use sssd provided information - Build helper to let app-admin/sudo use sssd provided information - + + alexxy@gentoo.org + Alexey Shvetsov + + + Build and use the cifsidmap plugin + Install sssd's Kerberos plugin + Add support for netlink protocol via dev-libs/libnl + Add support for the nfsv4 idmapd plugin provided by net-libs/libnfsidmap + Build man pages with dev-libs/libxslt + Build helper to let net-fs/autofs use sssd provided information + Build helper to let net-misc/openssh use sssd provided information + Build helper to let app-admin/sudo use sssd provided information + + + cpe:/a:fedorahosted:sssd + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-1.16.3-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-1.16.3-r3.ebuild new file mode 100644 index 0000000000..a887a0cb72 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-1.16.3-r3.ebuild @@ -0,0 +1,233 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools flag-o-matic linux-info multilib-minimal pam systemd toolchain-funcs + +DESCRIPTION="System Security Services Daemon provides access to identity and authentication" +HOMEPAGE="https://pagure.io/SSSD/sssd" +SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz" +KEYWORDS="amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc x86" + +LICENSE="GPL-3" +SLOT="0" +IUSE="acl autofs +locator +netlink nfsv4 nls +manpages samba selinux sudo ssh test" +RESTRICT="!test? ( test )" + +COMMON_DEP=" + >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] + >=dev-libs/popt-1.16 + dev-libs/glib:2 + >=dev-libs/ding-libs-0.2 + >=sys-libs/talloc-2.0.7 + >=sys-libs/tdb-1.2.9 + >=sys-libs/tevent-0.9.16 + >=sys-libs/ldb-1.1.17-r1:= + >=net-nds/openldap-2.4.30[sasl] + net-libs/http-parser + >=dev-libs/libpcre-8.30 + >=app-crypt/mit-krb5-1.10.3 + dev-libs/jansson + net-misc/curl + locator? ( + >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}] + >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}] + ) + >=sys-apps/keyutils-1.5:= + >=net-dns/c-ares-1.7.4 + >=dev-libs/nss-3.12.9 + selinux? ( + >=sys-libs/libselinux-2.1.9 + >=sys-libs/libsemanage-2.1 + ) + >=net-dns/bind-tools-9.9[gssapi] + >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] + >=sys-apps/dbus-1.6 + acl? ( net-fs/cifs-utils[acl] ) + nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) ) + nls? ( >=sys-devel/gettext-0.18 ) + virtual/libintl + netlink? ( dev-libs/libnl:3 ) + samba? ( >=net-fs/samba-4.5 ) + " + +RDEPEND="${COMMON_DEP} + >=sys-libs/glibc-2.17[nscd] + selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 ) + " +DEPEND="${COMMON_DEP} + test? ( dev-libs/check ) + manpages? ( + >=dev-libs/libxslt-1.1.26 + app-text/docbook-xml-dtd:4.4 + )" + +CONFIG_CHECK="~KEYS" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/ipa_hbac.h + /usr/include/sss_idmap.h + /usr/include/sss_nss_idmap.h + /usr/include/wbclient_sssd.h + # --with-ifp + /usr/include/sss_sifp.h + /usr/include/sss_sifp_dbus.h + # from 1.15.3 + /usr/include/sss_certmap.h +) + +pkg_setup() { + linux-info_pkg_setup +} + +src_prepare() { + sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \ + "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in" + + eapply "${FILESDIR}"/${PN}-curl-macros.patch + eapply "${FILESDIR}"/${PN}-fix-CVE-2019-3811.patch + + default + eautoreconf + multilib_copy_sources +} + +src_configure() { + local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1) + + multilib-minimal_src_configure +} + +multilib_src_configure() { + # set initscript to sysv because the systemd option needs systemd to + # be installed. We provide our own systemd file anyway. + local myconf=() + #Work around linker dependency problem. + append-ldflags "-Wl,--allow-shlib-undefined" + + myconf+=( + --localstatedir="${EPREFIX}"/var + --enable-nsslibdir="${EPREFIX}"/$(get_libdir) + --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd + --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir) + --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb + --with-os=gentoo + --with-nscd + --with-unicode-lib="glib2" + --disable-rpath + --sbindir=/usr/sbin + --without-kcm + $(use_with samba libwbclient) + --with-secrets + $(multilib_native_use_with samba) + $(multilib_native_use_enable acl cifs-idmap-plugin) + $(multilib_native_use_with selinux) + $(multilib_native_use_with selinux semanage) + $(use_enable locator krb5-locator-plugin) + $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin) + $(use_enable nls ) + $(multilib_native_use_with netlink libnl) + $(multilib_native_use_with manpages) + $(multilib_native_use_with sudo) + $(multilib_native_use_with autofs) + $(multilib_native_use_with ssh) + --with-crypto="nss" + --with-initscript="sysv" + --without-python2-bindings + --without-python3-bindings + + KRB5_CONFIG=/usr/bin/${CHOST}-krb5-config + ) + + if ! multilib_is_native_abi; then + # work-around all the libraries that are used for CLI and server + myconf+=( + {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' ' + # ldb headers are fine since native needs it + # ldb lib fails... but it does not seem to bother + {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1}}_{CFLAGS,LIBS}=' ' + {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO}_{CFLAGS,LIBS}=' ' + + # use native include path for dbus (needed for build) + DBUS_CFLAGS="${native_dbus_cflags}" + + # non-pkgconfig checks + ac_cv_lib_ldap_ldap_search=yes + --without-secrets + --without-libwbclient + --without-kcm + --with-crypto="" + ) + + use locator || myconf+=( + KRB5_CONFIG=/bin/true + ) + fi + + econf "${myconf[@]}" +} + +multilib_src_compile() { + if multilib_is_native_abi; then + default + else + emake libnss_sss.la pam_sss.la + use locator && emake sssd_krb5_locator_plugin.la + fi +} + +multilib_src_install() { + if multilib_is_native_abi; then + emake -j1 DESTDIR="${D}" "${_at_args[@]}" install + else + # easier than playing with automake... + dopammod .libs/pam_sss.so + + into / + dolib.so .libs/libnss_sss.so* + + if use locator; then + exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 + doexe .libs/sssd_krb5_locator_plugin.so + fi + fi +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -type f -name '*.la' -delete || die + + insinto /etc/sssd + insopts -m600 + doins "${S}"/src/examples/sssd-example.conf + + insinto /etc/logrotate.d + insopts -m644 + newins "${S}"/src/examples/logrotate sssd + + newconfd "${FILESDIR}"/sssd.conf sssd + newinitd "${FILESDIR}"/sssd sssd + + keepdir /var/lib/sss/db + keepdir /var/lib/sss/deskprofile + keepdir /var/lib/sss/gpo_cache + keepdir /var/lib/sss/keytabs + keepdir /var/lib/sss/mc + keepdir /var/lib/sss/pipes/private + keepdir /var/lib/sss/pubconf/krb5.include.d + keepdir /var/lib/sss/secrets + keepdir /var/log/sssd + + systemd_dounit "${FILESDIR}/${PN}.service" +} + +multilib_src_test() { + default +} + +pkg_postinst() { + elog "You must set up sssd.conf (default installed into /etc/sssd)" + elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" + elog "features. Please see howto in https://docs.pagure.org/SSSD.sssd/design_pages/index.html#implemented-in-1-16-x" +} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-1.13.1-r7.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-2.1.0-r1.ebuild similarity index 64% rename from sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-1.13.1-r7.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-2.1.0-r1.ebuild index 7773192f89..98af8535a8 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-1.13.1-r7.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-2.1.0-r1.ebuild @@ -1,24 +1,22 @@ -# Copyright 1999-2015 Gentoo Foundation +# Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -# $Id$ -EAPI=5 +EAPI=7 -PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} ) - -inherit eutils multilib pam linux-info autotools multilib-minimal python-r1 systemd toolchain-funcs +inherit autotools flag-o-matic linux-info multilib-minimal pam systemd toolchain-funcs DESCRIPTION="System Security Services Daemon provides access to identity and authentication" -HOMEPAGE="http://fedorahosted.org/sssd/" -SRC_URI="http://fedorahosted.org/released/${PN}/${P}.tar.gz" +HOMEPAGE="https://pagure.io/SSSD/sssd" +SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz" +KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" LICENSE="GPL-3" SLOT="0" -KEYWORDS="amd64 arm64 ~hppa ~ppc ~ppc64 ~x86" -IUSE="acl augeas autofs +locator netlink nfsv4 nls +manpages python samba selinux sudo ssh test" +IUSE="acl autofs +locator +netlink nfsv4 nls +manpages samba selinux sudo ssh test" +RESTRICT="!test? ( test )" COMMON_DEP=" - >=virtual/pam-0-r1[${MULTILIB_USEDEP}] + >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] >=dev-libs/popt-1.16 dev-libs/glib:2 >=dev-libs/ding-libs-0.2 @@ -27,29 +25,31 @@ COMMON_DEP=" >=sys-libs/tevent-0.9.16 >=sys-libs/ldb-1.1.17-r1:= >=net-nds/openldap-2.4.30[sasl] + net-libs/http-parser >=dev-libs/libpcre-8.30 >=app-crypt/mit-krb5-1.10.3 + dev-libs/jansson + net-misc/curl locator? ( >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}] >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}] ) - >=sys-apps/keyutils-1.5 + >=sys-apps/keyutils-1.5:= >=net-dns/c-ares-1.7.4 >=dev-libs/nss-3.12.9 selinux? ( >=sys-libs/libselinux-2.1.9 >=sys-libs/libsemanage-2.1 ) - >=net-dns/bind-tools-9.9 + >=net-dns/bind-tools-9.9[gssapi] >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] >=sys-apps/dbus-1.6 acl? ( net-fs/cifs-utils[acl] ) - augeas? ( app-admin/augeas ) - nfsv4? ( net-libs/libnfsidmap ) + nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) ) nls? ( >=sys-devel/gettext-0.18 ) virtual/libintl netlink? ( dev-libs/libnl:3 ) - samba? ( >=net-fs/samba-4.0 ) + samba? ( >=net-fs/samba-4.10.2[winbind] ) " RDEPEND="${COMMON_DEP} @@ -73,21 +73,21 @@ MULTILIB_WRAPPED_HEADERS=( # --with-ifp /usr/include/sss_sifp.h /usr/include/sss_sifp_dbus.h + # from 1.15.3 + /usr/include/sss_certmap.h ) -pkg_setup(){ +pkg_setup() { linux-info_pkg_setup } src_prepare() { - epatch "${FILESDIR}"/sssd-1.14.2-fix-krb5-config.patch + sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \ + "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in" + default eautoreconf - multilib_copy_sources - - # Maybe run it before eautoreconf? - epatch_user } src_configure() { @@ -97,21 +97,28 @@ src_configure() { } multilib_src_configure() { + # set initscript to sysv because the systemd option needs systemd to + # be installed. We provide our own systemd file anyway. + local myconf=() + #Work around linker dependency problem. + append-ldflags "-Wl,--allow-shlib-undefined" + myconf+=( --localstatedir="${EPREFIX}"/var --enable-nsslibdir="${EPREFIX}"/$(get_libdir) --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir) --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb - --without-nscd + --with-os=gentoo + --with-nscd --with-unicode-lib="glib2" --disable-rpath - --disable-silent-rules - --enable-sss-default-nss-plugin --sbindir=/usr/sbin + --without-kcm + $(use_with samba libwbclient) + --with-secrets $(multilib_native_use_with samba) $(multilib_native_use_enable acl cifs-idmap-plugin) - $(multilib_native_use_enable augeas config-lib) $(multilib_native_use_with selinux) $(multilib_native_use_with selinux semanage) $(use_enable locator krb5-locator-plugin) @@ -122,11 +129,13 @@ multilib_src_configure() { $(multilib_native_use_with sudo) $(multilib_native_use_with autofs) $(multilib_native_use_with ssh) - --with-crypto="libcrypto" + --with-crypto="nss" --with-initscript="sysv" --without-python2-bindings --without-python3-bindings - ) + + KRB5_CONFIG=/usr/bin/${CHOST}-krb5-config + ) if ! multilib_is_native_abi; then # work-around all the libraries that are used for CLI and server @@ -142,10 +151,14 @@ multilib_src_configure() { # non-pkgconfig checks ac_cv_lib_ldap_ldap_search=yes + --without-secrets + --without-libwbclient + --without-kcm + --with-crypto="" ) use locator || myconf+=( - KRB5_CONFIG=/bin/true + KRB5_CONFIG=/bin/true ) fi @@ -163,13 +176,13 @@ multilib_src_compile() { multilib_src_install() { if multilib_is_native_abi; then - emake -j1 DESTDIR="${D}" sysconfdir="/usr/share" "${_at_args[@]}" install + emake -j1 DESTDIR="${D}" "${_at_args[@]}" install else # easier than playing with automake... dopammod .libs/pam_sss.so into / - dolib .libs/libnss_sss.so* + dolib.so .libs/libnss_sss.so* if use locator; then exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 @@ -180,22 +193,38 @@ multilib_src_install() { multilib_src_install_all() { einstalldocs - prune_libtool_files --all + find "${ED}" -type f -name '*.la' -delete || die - insinto /usr/share/sssd + insinto /etc/sssd + insopts -m600 doins "${S}"/src/examples/sssd-example.conf + insinto /etc/logrotate.d + insopts -m644 + newins "${S}"/src/examples/logrotate sssd + + newconfd "${FILESDIR}"/sssd.conf sssd + newinitd "${FILESDIR}"/sssd sssd + + keepdir /var/lib/sss/db + keepdir /var/lib/sss/deskprofile + keepdir /var/lib/sss/gpo_cache + keepdir /var/lib/sss/keytabs + keepdir /var/lib/sss/mc + keepdir /var/lib/sss/pipes/private + keepdir /var/lib/sss/pubconf/krb5.include.d + keepdir /var/lib/sss/secrets + keepdir /var/log/sssd + systemd_dounit "${FILESDIR}/${PN}.service" - systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/sssd.conf" - rm -rf "${D}/etc/rc.d" } multilib_src_test() { default } -pkg_postinst(){ +pkg_postinst() { elog "You must set up sssd.conf (default installed into /etc/sssd)" elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" - elog "features. Please see howto in http://fedorahosted.org/sssd/wiki/HOWTO_Configure_1_0_2" + elog "features. Please see howto in https://docs.pagure.org/SSSD.sssd/design_pages/smartcard_authentication_require.html" } diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-2.2.0-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-2.2.0-r1.ebuild new file mode 100644 index 0000000000..98af8535a8 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-2.2.0-r1.ebuild @@ -0,0 +1,230 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools flag-o-matic linux-info multilib-minimal pam systemd toolchain-funcs + +DESCRIPTION="System Security Services Daemon provides access to identity and authentication" +HOMEPAGE="https://pagure.io/SSSD/sssd" +SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz" +KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" + +LICENSE="GPL-3" +SLOT="0" +IUSE="acl autofs +locator +netlink nfsv4 nls +manpages samba selinux sudo ssh test" +RESTRICT="!test? ( test )" + +COMMON_DEP=" + >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] + >=dev-libs/popt-1.16 + dev-libs/glib:2 + >=dev-libs/ding-libs-0.2 + >=sys-libs/talloc-2.0.7 + >=sys-libs/tdb-1.2.9 + >=sys-libs/tevent-0.9.16 + >=sys-libs/ldb-1.1.17-r1:= + >=net-nds/openldap-2.4.30[sasl] + net-libs/http-parser + >=dev-libs/libpcre-8.30 + >=app-crypt/mit-krb5-1.10.3 + dev-libs/jansson + net-misc/curl + locator? ( + >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}] + >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}] + ) + >=sys-apps/keyutils-1.5:= + >=net-dns/c-ares-1.7.4 + >=dev-libs/nss-3.12.9 + selinux? ( + >=sys-libs/libselinux-2.1.9 + >=sys-libs/libsemanage-2.1 + ) + >=net-dns/bind-tools-9.9[gssapi] + >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] + >=sys-apps/dbus-1.6 + acl? ( net-fs/cifs-utils[acl] ) + nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) ) + nls? ( >=sys-devel/gettext-0.18 ) + virtual/libintl + netlink? ( dev-libs/libnl:3 ) + samba? ( >=net-fs/samba-4.10.2[winbind] ) + " + +RDEPEND="${COMMON_DEP} + >=sys-libs/glibc-2.17[nscd] + selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 ) + " +DEPEND="${COMMON_DEP} + test? ( dev-libs/check ) + manpages? ( + >=dev-libs/libxslt-1.1.26 + app-text/docbook-xml-dtd:4.4 + )" + +CONFIG_CHECK="~KEYS" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/ipa_hbac.h + /usr/include/sss_idmap.h + /usr/include/sss_nss_idmap.h + /usr/include/wbclient_sssd.h + # --with-ifp + /usr/include/sss_sifp.h + /usr/include/sss_sifp_dbus.h + # from 1.15.3 + /usr/include/sss_certmap.h +) + +pkg_setup() { + linux-info_pkg_setup +} + +src_prepare() { + sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \ + "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in" + + default + eautoreconf + multilib_copy_sources +} + +src_configure() { + local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1) + + multilib-minimal_src_configure +} + +multilib_src_configure() { + # set initscript to sysv because the systemd option needs systemd to + # be installed. We provide our own systemd file anyway. + local myconf=() + #Work around linker dependency problem. + append-ldflags "-Wl,--allow-shlib-undefined" + + myconf+=( + --localstatedir="${EPREFIX}"/var + --enable-nsslibdir="${EPREFIX}"/$(get_libdir) + --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd + --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir) + --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb + --with-os=gentoo + --with-nscd + --with-unicode-lib="glib2" + --disable-rpath + --sbindir=/usr/sbin + --without-kcm + $(use_with samba libwbclient) + --with-secrets + $(multilib_native_use_with samba) + $(multilib_native_use_enable acl cifs-idmap-plugin) + $(multilib_native_use_with selinux) + $(multilib_native_use_with selinux semanage) + $(use_enable locator krb5-locator-plugin) + $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin) + $(use_enable nls ) + $(multilib_native_use_with netlink libnl) + $(multilib_native_use_with manpages) + $(multilib_native_use_with sudo) + $(multilib_native_use_with autofs) + $(multilib_native_use_with ssh) + --with-crypto="nss" + --with-initscript="sysv" + --without-python2-bindings + --without-python3-bindings + + KRB5_CONFIG=/usr/bin/${CHOST}-krb5-config + ) + + if ! multilib_is_native_abi; then + # work-around all the libraries that are used for CLI and server + myconf+=( + {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' ' + # ldb headers are fine since native needs it + # ldb lib fails... but it does not seem to bother + {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1}}_{CFLAGS,LIBS}=' ' + {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO}_{CFLAGS,LIBS}=' ' + + # use native include path for dbus (needed for build) + DBUS_CFLAGS="${native_dbus_cflags}" + + # non-pkgconfig checks + ac_cv_lib_ldap_ldap_search=yes + --without-secrets + --without-libwbclient + --without-kcm + --with-crypto="" + ) + + use locator || myconf+=( + KRB5_CONFIG=/bin/true + ) + fi + + econf "${myconf[@]}" +} + +multilib_src_compile() { + if multilib_is_native_abi; then + default + else + emake libnss_sss.la pam_sss.la + use locator && emake sssd_krb5_locator_plugin.la + fi +} + +multilib_src_install() { + if multilib_is_native_abi; then + emake -j1 DESTDIR="${D}" "${_at_args[@]}" install + else + # easier than playing with automake... + dopammod .libs/pam_sss.so + + into / + dolib.so .libs/libnss_sss.so* + + if use locator; then + exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 + doexe .libs/sssd_krb5_locator_plugin.so + fi + fi +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -type f -name '*.la' -delete || die + + insinto /etc/sssd + insopts -m600 + doins "${S}"/src/examples/sssd-example.conf + + insinto /etc/logrotate.d + insopts -m644 + newins "${S}"/src/examples/logrotate sssd + + newconfd "${FILESDIR}"/sssd.conf sssd + newinitd "${FILESDIR}"/sssd sssd + + keepdir /var/lib/sss/db + keepdir /var/lib/sss/deskprofile + keepdir /var/lib/sss/gpo_cache + keepdir /var/lib/sss/keytabs + keepdir /var/lib/sss/mc + keepdir /var/lib/sss/pipes/private + keepdir /var/lib/sss/pubconf/krb5.include.d + keepdir /var/lib/sss/secrets + keepdir /var/log/sssd + + systemd_dounit "${FILESDIR}/${PN}.service" +} + +multilib_src_test() { + default +} + +pkg_postinst() { + elog "You must set up sssd.conf (default installed into /etc/sssd)" + elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" + elog "features. Please see howto in https://docs.pagure.org/SSSD.sssd/design_pages/smartcard_authentication_require.html" +} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-2.2.2.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-2.2.2.ebuild new file mode 100644 index 0000000000..98af8535a8 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-2.2.2.ebuild @@ -0,0 +1,230 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools flag-o-matic linux-info multilib-minimal pam systemd toolchain-funcs + +DESCRIPTION="System Security Services Daemon provides access to identity and authentication" +HOMEPAGE="https://pagure.io/SSSD/sssd" +SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz" +KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" + +LICENSE="GPL-3" +SLOT="0" +IUSE="acl autofs +locator +netlink nfsv4 nls +manpages samba selinux sudo ssh test" +RESTRICT="!test? ( test )" + +COMMON_DEP=" + >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] + >=dev-libs/popt-1.16 + dev-libs/glib:2 + >=dev-libs/ding-libs-0.2 + >=sys-libs/talloc-2.0.7 + >=sys-libs/tdb-1.2.9 + >=sys-libs/tevent-0.9.16 + >=sys-libs/ldb-1.1.17-r1:= + >=net-nds/openldap-2.4.30[sasl] + net-libs/http-parser + >=dev-libs/libpcre-8.30 + >=app-crypt/mit-krb5-1.10.3 + dev-libs/jansson + net-misc/curl + locator? ( + >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}] + >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}] + ) + >=sys-apps/keyutils-1.5:= + >=net-dns/c-ares-1.7.4 + >=dev-libs/nss-3.12.9 + selinux? ( + >=sys-libs/libselinux-2.1.9 + >=sys-libs/libsemanage-2.1 + ) + >=net-dns/bind-tools-9.9[gssapi] + >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] + >=sys-apps/dbus-1.6 + acl? ( net-fs/cifs-utils[acl] ) + nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) ) + nls? ( >=sys-devel/gettext-0.18 ) + virtual/libintl + netlink? ( dev-libs/libnl:3 ) + samba? ( >=net-fs/samba-4.10.2[winbind] ) + " + +RDEPEND="${COMMON_DEP} + >=sys-libs/glibc-2.17[nscd] + selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 ) + " +DEPEND="${COMMON_DEP} + test? ( dev-libs/check ) + manpages? ( + >=dev-libs/libxslt-1.1.26 + app-text/docbook-xml-dtd:4.4 + )" + +CONFIG_CHECK="~KEYS" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/ipa_hbac.h + /usr/include/sss_idmap.h + /usr/include/sss_nss_idmap.h + /usr/include/wbclient_sssd.h + # --with-ifp + /usr/include/sss_sifp.h + /usr/include/sss_sifp_dbus.h + # from 1.15.3 + /usr/include/sss_certmap.h +) + +pkg_setup() { + linux-info_pkg_setup +} + +src_prepare() { + sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \ + "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in" + + default + eautoreconf + multilib_copy_sources +} + +src_configure() { + local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1) + + multilib-minimal_src_configure +} + +multilib_src_configure() { + # set initscript to sysv because the systemd option needs systemd to + # be installed. We provide our own systemd file anyway. + local myconf=() + #Work around linker dependency problem. + append-ldflags "-Wl,--allow-shlib-undefined" + + myconf+=( + --localstatedir="${EPREFIX}"/var + --enable-nsslibdir="${EPREFIX}"/$(get_libdir) + --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd + --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir) + --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb + --with-os=gentoo + --with-nscd + --with-unicode-lib="glib2" + --disable-rpath + --sbindir=/usr/sbin + --without-kcm + $(use_with samba libwbclient) + --with-secrets + $(multilib_native_use_with samba) + $(multilib_native_use_enable acl cifs-idmap-plugin) + $(multilib_native_use_with selinux) + $(multilib_native_use_with selinux semanage) + $(use_enable locator krb5-locator-plugin) + $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin) + $(use_enable nls ) + $(multilib_native_use_with netlink libnl) + $(multilib_native_use_with manpages) + $(multilib_native_use_with sudo) + $(multilib_native_use_with autofs) + $(multilib_native_use_with ssh) + --with-crypto="nss" + --with-initscript="sysv" + --without-python2-bindings + --without-python3-bindings + + KRB5_CONFIG=/usr/bin/${CHOST}-krb5-config + ) + + if ! multilib_is_native_abi; then + # work-around all the libraries that are used for CLI and server + myconf+=( + {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' ' + # ldb headers are fine since native needs it + # ldb lib fails... but it does not seem to bother + {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1}}_{CFLAGS,LIBS}=' ' + {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO}_{CFLAGS,LIBS}=' ' + + # use native include path for dbus (needed for build) + DBUS_CFLAGS="${native_dbus_cflags}" + + # non-pkgconfig checks + ac_cv_lib_ldap_ldap_search=yes + --without-secrets + --without-libwbclient + --without-kcm + --with-crypto="" + ) + + use locator || myconf+=( + KRB5_CONFIG=/bin/true + ) + fi + + econf "${myconf[@]}" +} + +multilib_src_compile() { + if multilib_is_native_abi; then + default + else + emake libnss_sss.la pam_sss.la + use locator && emake sssd_krb5_locator_plugin.la + fi +} + +multilib_src_install() { + if multilib_is_native_abi; then + emake -j1 DESTDIR="${D}" "${_at_args[@]}" install + else + # easier than playing with automake... + dopammod .libs/pam_sss.so + + into / + dolib.so .libs/libnss_sss.so* + + if use locator; then + exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 + doexe .libs/sssd_krb5_locator_plugin.so + fi + fi +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -type f -name '*.la' -delete || die + + insinto /etc/sssd + insopts -m600 + doins "${S}"/src/examples/sssd-example.conf + + insinto /etc/logrotate.d + insopts -m644 + newins "${S}"/src/examples/logrotate sssd + + newconfd "${FILESDIR}"/sssd.conf sssd + newinitd "${FILESDIR}"/sssd sssd + + keepdir /var/lib/sss/db + keepdir /var/lib/sss/deskprofile + keepdir /var/lib/sss/gpo_cache + keepdir /var/lib/sss/keytabs + keepdir /var/lib/sss/mc + keepdir /var/lib/sss/pipes/private + keepdir /var/lib/sss/pubconf/krb5.include.d + keepdir /var/lib/sss/secrets + keepdir /var/log/sssd + + systemd_dounit "${FILESDIR}/${PN}.service" +} + +multilib_src_test() { + default +} + +pkg_postinst() { + elog "You must set up sssd.conf (default installed into /etc/sssd)" + elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" + elog "features. Please see howto in https://docs.pagure.org/SSSD.sssd/design_pages/smartcard_authentication_require.html" +} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-2.2.3.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-2.2.3.ebuild new file mode 100644 index 0000000000..98af8535a8 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-2.2.3.ebuild @@ -0,0 +1,230 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools flag-o-matic linux-info multilib-minimal pam systemd toolchain-funcs + +DESCRIPTION="System Security Services Daemon provides access to identity and authentication" +HOMEPAGE="https://pagure.io/SSSD/sssd" +SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz" +KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" + +LICENSE="GPL-3" +SLOT="0" +IUSE="acl autofs +locator +netlink nfsv4 nls +manpages samba selinux sudo ssh test" +RESTRICT="!test? ( test )" + +COMMON_DEP=" + >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] + >=dev-libs/popt-1.16 + dev-libs/glib:2 + >=dev-libs/ding-libs-0.2 + >=sys-libs/talloc-2.0.7 + >=sys-libs/tdb-1.2.9 + >=sys-libs/tevent-0.9.16 + >=sys-libs/ldb-1.1.17-r1:= + >=net-nds/openldap-2.4.30[sasl] + net-libs/http-parser + >=dev-libs/libpcre-8.30 + >=app-crypt/mit-krb5-1.10.3 + dev-libs/jansson + net-misc/curl + locator? ( + >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}] + >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}] + ) + >=sys-apps/keyutils-1.5:= + >=net-dns/c-ares-1.7.4 + >=dev-libs/nss-3.12.9 + selinux? ( + >=sys-libs/libselinux-2.1.9 + >=sys-libs/libsemanage-2.1 + ) + >=net-dns/bind-tools-9.9[gssapi] + >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] + >=sys-apps/dbus-1.6 + acl? ( net-fs/cifs-utils[acl] ) + nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) ) + nls? ( >=sys-devel/gettext-0.18 ) + virtual/libintl + netlink? ( dev-libs/libnl:3 ) + samba? ( >=net-fs/samba-4.10.2[winbind] ) + " + +RDEPEND="${COMMON_DEP} + >=sys-libs/glibc-2.17[nscd] + selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 ) + " +DEPEND="${COMMON_DEP} + test? ( dev-libs/check ) + manpages? ( + >=dev-libs/libxslt-1.1.26 + app-text/docbook-xml-dtd:4.4 + )" + +CONFIG_CHECK="~KEYS" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/ipa_hbac.h + /usr/include/sss_idmap.h + /usr/include/sss_nss_idmap.h + /usr/include/wbclient_sssd.h + # --with-ifp + /usr/include/sss_sifp.h + /usr/include/sss_sifp_dbus.h + # from 1.15.3 + /usr/include/sss_certmap.h +) + +pkg_setup() { + linux-info_pkg_setup +} + +src_prepare() { + sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \ + "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in" + + default + eautoreconf + multilib_copy_sources +} + +src_configure() { + local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1) + + multilib-minimal_src_configure +} + +multilib_src_configure() { + # set initscript to sysv because the systemd option needs systemd to + # be installed. We provide our own systemd file anyway. + local myconf=() + #Work around linker dependency problem. + append-ldflags "-Wl,--allow-shlib-undefined" + + myconf+=( + --localstatedir="${EPREFIX}"/var + --enable-nsslibdir="${EPREFIX}"/$(get_libdir) + --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd + --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir) + --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb + --with-os=gentoo + --with-nscd + --with-unicode-lib="glib2" + --disable-rpath + --sbindir=/usr/sbin + --without-kcm + $(use_with samba libwbclient) + --with-secrets + $(multilib_native_use_with samba) + $(multilib_native_use_enable acl cifs-idmap-plugin) + $(multilib_native_use_with selinux) + $(multilib_native_use_with selinux semanage) + $(use_enable locator krb5-locator-plugin) + $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin) + $(use_enable nls ) + $(multilib_native_use_with netlink libnl) + $(multilib_native_use_with manpages) + $(multilib_native_use_with sudo) + $(multilib_native_use_with autofs) + $(multilib_native_use_with ssh) + --with-crypto="nss" + --with-initscript="sysv" + --without-python2-bindings + --without-python3-bindings + + KRB5_CONFIG=/usr/bin/${CHOST}-krb5-config + ) + + if ! multilib_is_native_abi; then + # work-around all the libraries that are used for CLI and server + myconf+=( + {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' ' + # ldb headers are fine since native needs it + # ldb lib fails... but it does not seem to bother + {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1}}_{CFLAGS,LIBS}=' ' + {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO}_{CFLAGS,LIBS}=' ' + + # use native include path for dbus (needed for build) + DBUS_CFLAGS="${native_dbus_cflags}" + + # non-pkgconfig checks + ac_cv_lib_ldap_ldap_search=yes + --without-secrets + --without-libwbclient + --without-kcm + --with-crypto="" + ) + + use locator || myconf+=( + KRB5_CONFIG=/bin/true + ) + fi + + econf "${myconf[@]}" +} + +multilib_src_compile() { + if multilib_is_native_abi; then + default + else + emake libnss_sss.la pam_sss.la + use locator && emake sssd_krb5_locator_plugin.la + fi +} + +multilib_src_install() { + if multilib_is_native_abi; then + emake -j1 DESTDIR="${D}" "${_at_args[@]}" install + else + # easier than playing with automake... + dopammod .libs/pam_sss.so + + into / + dolib.so .libs/libnss_sss.so* + + if use locator; then + exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 + doexe .libs/sssd_krb5_locator_plugin.so + fi + fi +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -type f -name '*.la' -delete || die + + insinto /etc/sssd + insopts -m600 + doins "${S}"/src/examples/sssd-example.conf + + insinto /etc/logrotate.d + insopts -m644 + newins "${S}"/src/examples/logrotate sssd + + newconfd "${FILESDIR}"/sssd.conf sssd + newinitd "${FILESDIR}"/sssd sssd + + keepdir /var/lib/sss/db + keepdir /var/lib/sss/deskprofile + keepdir /var/lib/sss/gpo_cache + keepdir /var/lib/sss/keytabs + keepdir /var/lib/sss/mc + keepdir /var/lib/sss/pipes/private + keepdir /var/lib/sss/pubconf/krb5.include.d + keepdir /var/lib/sss/secrets + keepdir /var/log/sssd + + systemd_dounit "${FILESDIR}/${PN}.service" +} + +multilib_src_test() { + default +} + +pkg_postinst() { + elog "You must set up sssd.conf (default installed into /etc/sssd)" + elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" + elog "features. Please see howto in https://docs.pagure.org/SSSD.sssd/design_pages/smartcard_authentication_require.html" +}