mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-06 20:47:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #999 from flatcar/dongsu/openldap-2.5.14

Browse Source 
net-nds/openldap: update to 2.5.14
This commit is contained in:
Dongsu Park 2023-07-24 17:42:37 +02:00 committed by GitHub
commit 679f0f1236
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
20 changed files with 2322 additions and 1047 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.github/workflows/portage-stable-packages-list vendored
View File

@ -343,6 +343,7 @@ net-misc/socat
net-misc/wget
net-misc/whois
net-nds/openldap
net-nds/rpcbind
net-vpn/wireguard-tools

1
changelog/security/2023-07-20-openldap-2.5.14.md Normal file
View File

@ -0,0 +1 @@
- openldap ([CVE-2023-2953](https://nvd.nist.gov/vuln/detail/CVE-2023-2953))

1
changelog/updates/2023-07-20-openldap-2.5.14.md Normal file
View File

@ -0,0 +1 @@
- openldap ([2.5.14](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/) (includes [2.5](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/BH3VDPG6IYYF5L5U6LZGHHKMJY5HFA3L/)))

5
sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.mask vendored
View File

@ -20,3 +20,8 @@
# Python 3.12 is in portage-stable (currently testing), so avoid picking it
# up. Update this to mask later versions when we switch to 3.11.
>=dev-lang/python-3.12
# Do not update to openldap 2.6.3+, to take 2 different steps of updating
# openldap, 1) from 2.4 to 2.5, 2) do an Alpha release around 2023-08, and
# 3) finally update from 2.5 to 2.6.
>=net-nds/openldap-2.6

8
sdk_container/src/third_party/portage-stable/net-nds/openldap/Manifest vendored
View File

@ -1,6 +1,6 @@
DIST openldap-2.4.57.tgz 5883912 BLAKE2B 439605e1bebcf34968f0a552aaade1b72b7671ae2a94a0b700a84f9f715acd162e7b8dadfdd3ffd5b0a785f9306b5f5033ab956cf0ffd26b66119a7110d0aa57 SHA512 b929bced0f5ba9a90e015a24b8037c8958fbb7282db272bd0cacf43b5f7540ab42159a3c4441148074340228bb5f07f93651c0dbb2affde961be156058f99ce5
DIST openldap-2.4.58.tgz 5885225 BLAKE2B effb618dba03497796a497cd7f53ec52e389133769321dd242433bed5ec4b1f66cf7353f08a49d5f3465880f6bcfc9afc9c7d2a28e075b66f5fd926b02213541 SHA512 2fa2aa36117692eca44e55559f162c8c796f78469e6c2aee91b06d46f2b755d416979c913a3d89bbf9db14cc84881ecffee69af75b48e1d16b7aa9d2e3873baa
DIST openldap-2.4.59.tgz 5886272 BLAKE2B a2a8bed1d2af97fd41d651668152fd4740871bc5a8abf4b50390839228af82ac103346b3500ae0f8dd31b708acabb30435b90cd48dfafe510e648df5150d96b8 SHA512 233459ab446da6e107a7fc4ecd5668d6b08c11a11359ee76449550393e8f586a29b59d7ae09a050a1fca4fcf388ea61438ef60831b3ae802d92c048365ae3968
DIST openldap-2.5.4.tgz 6415235 BLAKE2B 16e466d01dc7642786bb88a101854513f1239f1e817fd05145e89deb54bc1b911a5dc5f42b132747f14bdd2a3355e7c398b8b14937e7093361f4a96bfb7e9197 SHA512 00b57c9179acf3b1bde738e91604f3b09b5f5309106362bb947154d131868f233713eaa75c9af9771bfad731902d67406e8fb429851bad227fc48054cace16a8
DIST openldap-OPENLDAP_REL_ENG_2_6_1.tar.gz 6211863 BLAKE2B 81f4591db483a214351c2e02631fef2875e17e0890fc621182d2ed61d927c3c029a4f290ee6c0788952495d6f7a76ed15e62557b8d8f2e241d867e19fdf223b7 SHA512 ca61c1dccf3194d8d149ca0c45a4834d6fadf67a3676cf348f5f62ab92c94bc7501216d7da681c3a6f87f646a18d0f3d116c3d3a24d2e5cbebc6c695c986e517
DIST openldap-OPENLDAP_REL_ENG_2_5_14.tar.bz2 5024359 BLAKE2B ffdffbd47e76545c2dc2d433d290945ab6eebd910031a60249cd8f6eac24f67841098e61c7e57864428e20a183a46d36dac422bba8cf6f3596f97439875af96b SHA512 abd1e8bda0762500db028f283fe2da9480a419072927295d6f3e1448cae130592511f385a87585843cf88217417c90ef57174ca919cfcf163eb41642a72bb4e3
DIST openldap-OPENLDAP_REL_ENG_2_6_3.tar.gz 6244895 BLAKE2B 97792a1b368de44867b0ce9eef38601c3e64b7d40e4ca206295bee110097697c919040d2220eea6f0581812e09a2cc3e6afb4a243a5072a8a0a95f24f9fb354b SHA512 1c882a0cd0729b5d0f40b58588d0e36ae3b1cae6d569f0576e940c7c63d03c29ed2c9db87695a87594ba99a927ef4cba491bddba3ce049025fd5883463122ba7
DIST openldap-OPENLDAP_REL_ENG_2_6_4.tar.bz2 5043227 BLAKE2B 9bec77dbace0e52d1607d9ac13a77349e7d0b8876aa81fa635893638d00db58ec6bf8412f11fd266bba0440887be1aa21eb4a876122152f7f6de9fd8f75b6b4c SHA512 bff11bf1ae125bcabbd307f6c4e1c102a8df6f1091f84f5e7053fdbaa89ccd6aa0c86cc8dcce4fb9b6ffd853b5f8d3c933733f5713aeb4d6a9d77ab145293b48
DIST openldap-OPENLDAP_REL_ENG_2_6_5.tar.bz2 5040569 BLAKE2B d1835e560a81bc3df2eb44964162306057ad28869a1e41da7ab823460b4a33437cd385ec9448a6df9bc580afd04dff5c4680e0b91a2f16960ad2c5f3812410ba SHA512 d259ca5ac8fbdcf9bb477e24c0feaf05678ab660007164a54463a954f1b26c3f9740855d16155fa249adcb2652223fdcfc682bb4005b46a5f36e2d5cae37f158
DIST rfc2307bis.schema-20140524 12262 BLAKE2B 98031f49e9bde1e4821e637af3382364d8344ed7017649686a088070d96a632dffa6c661552352656b1b159c0fd962965580069a64c7f3d5bb6a3ed75f60fd99 SHA512 83b89a1deeefc8566b97e7e865b9b6d04541099cbdf719e24538a7d27d61b6209e87ab9003a9f140bd9afd018ec569e71721e3a24090e1902c8b6659d2ba103e

59
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.6.1-make-flags.patch vendored
View File

@ -1,59 +0,0 @@
https://github.com/openldap/openldap/commit/8e3f87f86a51e78bffefb85968e5684213422cb7
From: Orgad Shaneh <orgad.shaneh@audiocodes.com>
Date: Tue, 25 Jan 2022 17:38:46 +0200
Subject: [PATCH] ITS#9788 Fix make jobserver warnings
Running make -j8 issues the following warning for each directory with
make 4.3:
make[2]: warning: -j8 forced in submake: resetting jobserver mode.
There is no need to pass MFLAGS. Make picks it up from the
environment anyway.
--- a/build/dir.mk
+++ b/build/dir.mk
@@ -21,7 +21,7 @@ all-common: FORCE
@echo "Making all in `$(PWD)`"
@for i in $(SUBDIRS) $(ALLDIRS); do \
echo " Entering subdirectory $$i"; \
- ( cd $$i && $(MAKE) $(MFLAGS) all ); \
+ ( cd $$i && $(MAKE) all ); \
if test $$? != 0 ; then exit 1; fi ; \
echo " "; \
done
@@ -30,7 +30,7 @@ install-common: FORCE
@echo "Making install in `$(PWD)`"
@for i in $(SUBDIRS) $(INSTALLDIRS); do \
echo " Entering subdirectory $$i"; \
- ( cd $$i && $(MAKE) $(MFLAGS) install ); \
+ ( cd $$i && $(MAKE) install ); \
if test $$? != 0 ; then exit 1; fi ; \
echo " "; \
done
@@ -39,7 +39,7 @@ clean-common: FORCE
@echo "Making clean in `$(PWD)`"
@for i in $(SUBDIRS) $(CLEANDIRS); do \
echo " Entering subdirectory $$i"; \
- ( cd $$i && $(MAKE) $(MFLAGS) clean ); \
+ ( cd $$i && $(MAKE) clean ); \
if test $$? != 0 ; then exit 1; fi ; \
echo " "; \
done
@@ -48,7 +48,7 @@ veryclean-common: FORCE
@echo "Making veryclean in `$(PWD)`"
@for i in $(SUBDIRS) $(CLEANDIRS); do \
echo " Entering subdirectory $$i"; \
- ( cd $$i && $(MAKE) $(MFLAGS) veryclean ); \
+ ( cd $$i && $(MAKE) veryclean ); \
if test $$? != 0 ; then exit 1; fi ; \
echo " "; \
done
@@ -57,7 +57,7 @@ depend-common: FORCE
@echo "Making depend in `$(PWD)`"
@for i in $(SUBDIRS) $(DEPENDDIRS); do \
echo " Entering subdirectory $$i"; \
- ( cd $$i && $(MAKE) $(MFLAGS) depend ); \
+ ( cd $$i && $(MAKE) depend ); \
if test $$? != 0 ; then exit 1; fi ; \
echo " "; \
done

185
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.6.3-clang16.patch vendored Normal file
View File

@ -0,0 +1,185 @@
From ee4983302d6f052e77ab0332d2a128d169c2eacb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arsen=20Arsenovi=C4=87?= <arsen@aarsen.me>
Date: Tue, 15 Nov 2022 21:45:27 +0100
Subject: [PATCH] Remove default-int/k&r declarations from the configure macros
Recently, Clang tried to switch to having K&R prototypes and other
non-strictly-conforming prototypes error out, as a result of C2x changes
to the standard. These have been located across many packages, and
range in severity from mild compile errors to runtime misconfiguration
as a result of broken configure scripts.
This covers all the instances I could find by grepping around the
codebase, and gets OpenLDAP building on my system.
Bug: https://bugs.gentoo.org/871288
Bug: https://bugs.gentoo.org/871372
--- a/build/openldap.m4
+++ b/build/openldap.m4
@@ -154,6 +154,7 @@ fi
if test $ol_cv_header_stdc = yes; then
# /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
AC_RUN_IFELSE([AC_LANG_SOURCE([[#include <ctype.h>
+#include <stdlib.h>
#ifndef HAVE_EBCDIC
# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
@@ -394,9 +395,7 @@ AC_DEFUN([OL_PTHREAD_TEST_FUNCTION],[[
AC_DEFUN([OL_PTHREAD_TEST_PROGRAM],
[AC_LANG_SOURCE([OL_PTHREAD_TEST_INCLUDES
-int main(argc, argv)
- int argc;
- char **argv;
+int main(int argc, char **argv)
{
OL_PTHREAD_TEST_FUNCTION
}
@@ -518,7 +517,7 @@ AC_CACHE_CHECK([for compatible POSIX regex],ol_cv_c_posix_regex,[
#include <sys/types.h>
#include <regex.h>
static char *pattern, *string;
-main()
+int main(void)
{
int rc;
regex_t re;
@@ -545,7 +544,8 @@ AC_DEFUN([OL_C_UPPER_LOWER],
[AC_CACHE_CHECK([if toupper() requires islower()],ol_cv_c_upper_lower,[
AC_RUN_IFELSE([AC_LANG_SOURCE([[
#include <ctype.h>
-main()
+#include <stdlib.h>
+int main(void)
{
if ('C' == toupper('C'))
exit(0);
@@ -603,7 +603,7 @@ AC_DEFUN([OL_NONPOSIX_STRERROR_R],
]])],[ol_cv_nonposix_strerror_r=yes],[ol_cv_nonposix_strerror_r=no])
else
AC_RUN_IFELSE([AC_LANG_SOURCE([[
- main() {
+ int main(void) {
char buf[100];
buf[0] = 0;
strerror_r( 1, buf, sizeof buf );
--- a/configure.ac
+++ b/configure.ac
@@ -1031,7 +1031,11 @@ dnl ----------------------------------------------------------------
AC_CHECK_HEADERS( sys/epoll.h )
if test "${ac_cv_header_sys_epoll_h}" = yes; then
AC_MSG_CHECKING(for epoll system call)
- AC_RUN_IFELSE([AC_LANG_SOURCE([[int main(int argc, char **argv)
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[#include <stdlib.h>
+#ifdef HAVE_SYS_POLL_H
+#include <sys/epoll.h>
+#endif
+int main(int argc, char **argv)
{
int epfd = epoll_create(256);
exit (epfd == -1 ? 1 : 0);
@@ -1493,10 +1497,8 @@ pthread_rwlock_t rwlock;
dnl save the flags
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <pthread.h>
-#ifndef NULL
-#define NULL (void*)0
-#endif
-]], [[pthread_detach(NULL);]])],[ol_cv_func_pthread_detach=yes],[ol_cv_func_pthread_detach=no])
+pthread_t thread;
+]], [[pthread_detach(thread);]])],[ol_cv_func_pthread_detach=yes],[ol_cv_func_pthread_detach=no])
])
if test $ol_cv_func_pthread_detach = no ; then
@@ -1551,6 +1553,9 @@ dnl esac
AC_CACHE_CHECK([if select yields when using pthreads],
ol_cv_pthread_select_yields,[
AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#define _XOPEN_SOURCE 500 /* For pthread_setconcurrency() on glibc */
+#include <stdlib.h>
+#include <stdio.h>
#include <sys/types.h>
#include <sys/time.h>
#include <unistd.h>
@@ -1561,8 +1566,7 @@ dnl esac
static int fildes[2];
-static void *task(p)
- void *p;
+static void *task(void *p)
{
int i;
struct timeval tv;
@@ -1586,9 +1590,7 @@ static void *task(p)
exit(0); /* if we exit here, the select blocked the whole process */
}
-int main(argc, argv)
- int argc;
- char **argv;
+int main(int argc, char **argv)
{
pthread_t t;
--- a/contrib/ldaptcl/tclAppInit.c
+++ b/contrib/ldaptcl/tclAppInit.c
@@ -45,9 +45,7 @@ EXTERN int Tcltest_Init _ANSI_ARGS_((Tcl_Interp *interp));
*/
int
-main(argc, argv)
- int argc; /* Number of command-line arguments. */
- char **argv; /* Values of command-line arguments. */
+main(int argc, char **argv)
{
#ifdef USE_TCLX
TclX_Main(argc, argv, Tcl_AppInit);
--- a/contrib/ldaptcl/tkAppInit.c
+++ b/contrib/ldaptcl/tkAppInit.c
@@ -37,16 +37,9 @@ int (*tclDummyMathPtr)() = matherr;
* This is the main program for the application.
*-----------------------------------------------------------------------------
*/
-#ifdef __cplusplus
int
main (int argc,
char **argv)
-#else
-int
-main (argc, argv)
- int argc;
- char **argv;
-#endif
{
#ifdef USE_TCLX
TkX_Main(argc, argv, Tcl_AppInit);
@@ -68,14 +61,8 @@ main (argc, argv)
* interp->result if an error occurs.
*-----------------------------------------------------------------------------
*/
-#ifdef __cplusplus
int
Tcl_AppInit (Tcl_Interp *interp)
-#else
-int
-Tcl_AppInit (interp)
- Tcl_Interp *interp;
-#endif
{
if (Tcl_Init (interp) == TCL_ERROR) {
return TCL_ERROR;
--- a/servers/slapd/syslog.c
+++ b/servers/slapd/syslog.c
@@ -209,7 +209,7 @@ openlog(const char *ident, int logstat, int logfac)
}
void
-closelog()
+closelog(void)
{
(void)close(LogFile);
LogFile = -1;
--
2.38.1

64
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.6.3-slapd-conf vendored Normal file
View File

@ -0,0 +1,64 @@
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /run/openldap/slapd.pid
argsfile /run/openldap/slapd.args
# Load dynamic backend modules:
###INSERTDYNAMICMODULESHERE###
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
database mdb
suffix "dc=my-domain,dc=com"
# <kbyte> <min>
checkpoint 32 30
rootdn "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/openldap-data
# Indices to maintain
index objectClass eq

234
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.6.4-clang16.patch vendored Normal file
View File

@ -0,0 +1,234 @@
https://git.openldap.org/openldap/openldap/-/merge_requests/605
From 83e2db9bf9fc2530a0ea6ca538a7732f6ad9de0e Mon Sep 17 00:00:00 2001
From: Sam James <sam@gentoo.org>
Date: Thu, 9 Feb 2023 23:17:53 +0000
Subject: [PATCH 1/3] build: fix compatibility with stricter C99 compilers
Fix the following warnings:
- -Wimplicit-int (fatal with Clang 16)
- -Wimplicit-function-declaration (fatal with Clang 16)
- -Wincompatible-function-pointer-types (fatal with Clang 16)
- -Wint-conversion (fatal with Clang 15)
- Old style prototypes (K&R, removed from C23)
These warnings-now-error led to misconfigurations and failure to build
OpenLDAP, as the tests used during configure caused the wrong results
to be emitted.
For more information, see LWN.net [0] or LLVM's Discourse [1], the Gentoo wiki [2],
or the (new) c-std-porting mailing list [3].
[0] https://lwn.net/Articles/913505/
[1] https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213
[2] https://wiki.gentoo.org/wiki/Modern_C_porting
[3] hosted at lists.linux.dev.
Bug: https://bugs.gentoo.org/871288
Signed-off-by: Sam James <sam@gentoo.org>
--- a/build/openldap.m4
+++ b/build/openldap.m4
@@ -154,6 +154,7 @@ fi
if test $ol_cv_header_stdc = yes; then
# /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
AC_RUN_IFELSE([AC_LANG_SOURCE([[#include <ctype.h>
+#include <stdlib.h>
#ifndef HAVE_EBCDIC
# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
@@ -360,9 +361,7 @@ AC_DEFUN([OL_PTHREAD_TEST_FUNCTION],[[
AC_DEFUN([OL_PTHREAD_TEST_PROGRAM],
[AC_LANG_SOURCE([OL_PTHREAD_TEST_INCLUDES
-int main(argc, argv)
- int argc;
- char **argv;
+int main(int argc, char **argv)
{
OL_PTHREAD_TEST_FUNCTION
}
@@ -484,7 +483,7 @@ AC_CACHE_CHECK([for compatible POSIX regex],ol_cv_c_posix_regex,[
#include <sys/types.h>
#include <regex.h>
static char *pattern, *string;
-main()
+int main(void)
{
int rc;
regex_t re;
@@ -511,7 +510,8 @@ AC_DEFUN([OL_C_UPPER_LOWER],
[AC_CACHE_CHECK([if toupper() requires islower()],ol_cv_c_upper_lower,[
AC_RUN_IFELSE([AC_LANG_SOURCE([[
#include <ctype.h>
-main()
+#include <stdlib.h>
+int main(void)
{
if ('C' == toupper('C'))
exit(0);
@@ -569,7 +569,7 @@ AC_DEFUN([OL_NONPOSIX_STRERROR_R],
]])],[ol_cv_nonposix_strerror_r=yes],[ol_cv_nonposix_strerror_r=no])
else
AC_RUN_IFELSE([AC_LANG_SOURCE([[
- main() {
+ int main(void) {
char buf[100];
buf[0] = 0;
strerror_r( 1, buf, sizeof buf );
--- a/configure.ac
+++ b/configure.ac
@@ -1017,7 +1017,11 @@ dnl ----------------------------------------------------------------
AC_CHECK_HEADERS( sys/epoll.h )
if test "${ac_cv_header_sys_epoll_h}" = yes; then
AC_MSG_CHECKING(for epoll system call)
- AC_RUN_IFELSE([AC_LANG_SOURCE([[int main(int argc, char **argv)
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[#include <stdlib.h>
+#ifdef HAVE_SYS_POLL_H
+#include <sys/epoll.h>
+#endif
+int main(int argc, char **argv)
{
int epfd = epoll_create(256);
exit (epfd == -1 ? 1 : 0);
@@ -1479,10 +1483,8 @@ pthread_rwlock_t rwlock;
dnl save the flags
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <pthread.h>
-#ifndef NULL
-#define NULL (void*)0
-#endif
-]], [[pthread_detach(NULL);]])],[ol_cv_func_pthread_detach=yes],[ol_cv_func_pthread_detach=no])
+pthread_t thread;
+]], [[pthread_detach(thread);]])],[ol_cv_func_pthread_detach=yes],[ol_cv_func_pthread_detach=no])
])
if test $ol_cv_func_pthread_detach = no ; then
@@ -1537,6 +1539,9 @@ dnl esac
AC_CACHE_CHECK([if select yields when using pthreads],
ol_cv_pthread_select_yields,[
AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#define _XOPEN_SOURCE 500 /* For pthread_setconcurrency() on glibc */
+#include <stdlib.h>
+#include <stdio.h>
#include <sys/types.h>
#include <sys/time.h>
#include <unistd.h>
@@ -1547,8 +1552,7 @@ dnl esac
static int fildes[2];
-static void *task(p)
- void *p;
+static void *task(void *p)
{
int i;
struct timeval tv;
@@ -1572,9 +1576,7 @@ static void *task(p)
exit(0); /* if we exit here, the select blocked the whole process */
}
-int main(argc, argv)
- int argc;
- char **argv;
+int main(int argc, char **argv)
{
pthread_t t;
--
GitLab
From 853d613f39ae9e8d7dad4492076959c2d80e38c1 Mon Sep 17 00:00:00 2001
From: Sam James <sam@gentoo.org>
Date: Thu, 9 Feb 2023 23:20:32 +0000
Subject: [PATCH 2/3] contrib: fix old-style K&R declarations
Removed in C23.
For more information, see LWN.net [0] or LLVM's Discourse [1], the Gentoo wiki [2],
or the (new) c-std-porting mailing list [3].
[0] https://lwn.net/Articles/913505/
[1] https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213
[2] https://wiki.gentoo.org/wiki/Modern_C_porting
[3] hosted at lists.linux.dev.
Signed-off-by: Sam James <sam@gentoo.org>
--- a/contrib/ldaptcl/tclAppInit.c
+++ b/contrib/ldaptcl/tclAppInit.c
@@ -45,9 +45,7 @@ EXTERN int Tcltest_Init _ANSI_ARGS_((Tcl_Interp *interp));
*/
int
-main(argc, argv)
- int argc; /* Number of command-line arguments. */
- char **argv; /* Values of command-line arguments. */
+main(int argc, char **argv)
{
#ifdef USE_TCLX
TclX_Main(argc, argv, Tcl_AppInit);
--- a/contrib/ldaptcl/tkAppInit.c
+++ b/contrib/ldaptcl/tkAppInit.c
@@ -37,16 +37,9 @@ int (*tclDummyMathPtr)() = matherr;
* This is the main program for the application.
*-----------------------------------------------------------------------------
*/
-#ifdef __cplusplus
int
main (int argc,
char **argv)
-#else
-int
-main (argc, argv)
- int argc;
- char **argv;
-#endif
{
#ifdef USE_TCLX
TkX_Main(argc, argv, Tcl_AppInit);
@@ -68,14 +61,8 @@ main (argc, argv)
* interp->result if an error occurs.
*-----------------------------------------------------------------------------
*/
-#ifdef __cplusplus
int
Tcl_AppInit (Tcl_Interp *interp)
-#else
-int
-Tcl_AppInit (interp)
- Tcl_Interp *interp;
-#endif
{
if (Tcl_Init (interp) == TCL_ERROR) {
return TCL_ERROR;
--
GitLab
From b4b3d026461b16f4f462e70225a5a0493647f0c8 Mon Sep 17 00:00:00 2001
From: Sam James <sam@gentoo.org>
Date: Thu, 9 Feb 2023 23:20:51 +0000
Subject: [PATCH 3/3] servers: fix -Wstrict-prototypes
For more information, see LWN.net [0] or LLVM's Discourse [1], the Gentoo wiki [2],
or the (new) c-std-porting mailing list [3].
[0] https://lwn.net/Articles/913505/
[1] https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213
[2] https://wiki.gentoo.org/wiki/Modern_C_porting
[3] hosted at lists.linux.dev.
Signed-off-by: Sam James <sam@gentoo.org>
--- a/servers/slapd/syslog.c
+++ b/servers/slapd/syslog.c
@@ -209,7 +209,7 @@ openlog(const char *ident, int logstat, int logfac)
}
void
-closelog()
+closelog(void)
{
(void)close(LogFile);
LogFile = -1;
--
GitLab

38
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.6.4-libressl.patch vendored Normal file
View File

@ -0,0 +1,38 @@
https://bugs.gentoo.org/903001
https://bugs.openldap.org/show_bug.cgi?id=10039
https://git.openldap.org/openldap/openldap/-/merge_requests/613
https://git.openldap.org/openldap/openldap/-/commit/cb73e60a49f85bf5207b2fd0f557013be29ac072
From cb73e60a49f85bf5207b2fd0f557013be29ac072 Mon Sep 17 00:00:00 2001
From: orbea <orbea@riseup.net>
Date: Wed, 12 Apr 2023 12:55:46 -0700
Subject: [PATCH] ITS#10039 Test for SSL_CTX_set_ciphersuites()
When configuring OpenLDAP using --with-tls=openssl with LibreSSL the
configure will fail to detect SSL_export_keyring_material_early() since
LibreSSL doesn't support this function yet. However OpenLDAP doesn't
actually use this function and only checks for it to ensure a modern
OpenSSL API is used. This can be easily solved by checking for an
equivalent modern OpenSSL function which both LibreSSL and OpenSSL both
support such as SSL_CTX_set_ciphersuites(). Doing this allows the build
and tests to succeed with modern LibreSSL versions. This was tested with
LibreSSL >= 3.6.
Bug: https://bugs.openldap.org/show_bug.cgi?id=10039
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 2cf28ef346..c4e2a905e2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1243,7 +1243,7 @@ if test $ol_with_tls = openssl || test $ol_with_tls = auto ; then
[#endif]])],
, [AC_MSG_FAILURE([OpenSSL 1.1.1 or newer required])])
- AC_CHECK_LIB(ssl, SSL_export_keying_material_early,
+ AC_CHECK_LIB(ssl, SSL_CTX_set_ciphersuites,
[have_openssl=yes], [have_openssl=no],
[-lcrypto])

1
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/slapd-2.6.1.service vendored
View File

@ -7,6 +7,7 @@ Type=notify
PIDFile=/run/openldap/slapd.pid
ExecStartPre=/usr/sbin/slaptest -Q -u $SLAPD_OPTIONS
ExecStart=/usr/lib/openldap/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS
NotifyAccess=all
[Install]
WantedBy=multi-user.target

14
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/slapd-confd vendored
View File

@ -1,14 +0,0 @@
# conf.d file for openldap
#
# To enable both the standard unciphered server and the ssl encrypted
# one uncomment this line or set any other server starting options
# you may desire.
#
# OPTS="-h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
# Uncomment the below to use the new slapd configuration for openldap 2.3
#OPTS="-F /etc/openldap/slapd.d -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
#
# If you change the above listen statement to bind on a specific IP for
# listening, you should ensure that interface is up here (change eth0 as
# needed).
#rc_need="net.eth0"

29
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/slapd-initd vendored
View File

@ -1,29 +0,0 @@
#!/sbin/openrc-run
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
depend() {
need net.lo
before hald avahi-daemon
}
start() {
checkpath -q -d /var/run/openldap/ -o ldap:ldap
if ! checkconfig ; then
eerror "There is a problem with your slapd.conf!"
return 1
fi
ebegin "Starting ldap-server"
eval start-stop-daemon --start --pidfile /var/run/openldap/slapd.pid --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}"
eend $?
}
stop() {
ebegin "Stopping ldap-server"
start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/slapd.pid
eend $?
}
checkconfig() {
/usr/sbin/slaptest -u "$@" ${OPTS_CONF}
}

5
sdk_container/src/third_party/portage-stable/net-nds/openldap/metadata.xml vendored
View File

@ -1,10 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>zlogene@gentoo.org</email>
<name>Mikle Kolyada</name>
</maintainer>
<maintainer type="project">
<email>ldap-bugs@gentoo.org</email>
</maintainer>
@ -24,6 +20,7 @@
<upstream>
<bugs-to>https://bugs.openldap.org/</bugs-to>
<remote-id type="cpe">cpe:/a:openldap:openldap</remote-id>
<remote-id type="github">openldap/openldap</remote-id>
<remote-id type="gitlab">openldap/openldap</remote-id>
</upstream>
</pkgmetadata>

15
sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.4.59-r2.ebuild vendored
View File

@ -1,8 +1,11 @@
# Copyright 1999-2022 Gentoo Authors
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
# Re cleanups:
# 2.5.x is an LTS release so we want to keep it for a while.
inherit autotools db-use flag-o-matic multilib multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
BIS_PN=rfc2307bis.schema
@ -22,7 +25,7 @@ SRC_URI="
LICENSE="OPENLDAP GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-solaris"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux"
IUSE_DAEMON="crypt samba tcpd experimental minimal"
IUSE_BACKEND="+berkdb"
@ -36,7 +39,8 @@ RESTRICT="!test? ( test )"
REQUIRED_USE="cxx? ( sasl )
pbkdf2? ( ssl )
test? ( berkdb )
?? ( test minimal )"
?? ( test minimal )
kerberos? ( ?? ( kinit smbkrb5passwd ) )"
# always list newer first
# Do not add any AGPL-3 BDB here!
@ -321,7 +325,7 @@ openldap_upgrade_howto() {
i="${l}.raw"
eerror " 1. /etc/init.d/slapd stop"
eerror " 2. slapcat -l ${i}"
eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
eerror " 3. grep -E -v '^(entry|context)CSN:' <${i} >${l}"
eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
eerror " 5. emerge --update \=net-nds/${PF}"
eerror " 6. etc-update, and ensure that you apply the changes"
@ -749,7 +753,7 @@ multilib_src_install() {
configfile="${ED}"/etc/openldap/slapd.conf
# populate with built backends
ebegin "populate config with built backends"
einfo "populate config with built backends"
for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
einfo "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
@ -758,7 +762,6 @@ multilib_src_install() {
use prefix || fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default || die
eend
# install our own init scripts and systemd unit files
einfo "Install init scripts"

543
sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.5.4-r1.ebuild → sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.5.14.ebuild vendored
View File

@ -1,51 +1,52 @@
# Copyright 1999-2022 Gentoo Authors
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
# Re cleanups:
# 2.5.x is an LTS release so we want to keep it for a while.
inherit autotools flag-o-matic multilib multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
MY_PV="$(ver_rs 1-2 _)"
BIS_PN=rfc2307bis.schema
BIS_PV=20140524
BIS_P="${BIS_PN}-${BIS_PV}"
DESCRIPTION="LDAP suite of application and development tools"
HOMEPAGE="https://www.OpenLDAP.org/"
# upstream mirrors are mostly not working, using canonical URI
HOMEPAGE="https://www.openldap.org/"
SRC_URI="
https://openldap.org/software/download/OpenLDAP/openldap-release/${P}.tgz
http://gpl.savoirfairelinux.net/pub/mirrors/openldap/openldap-release/${P}.tgz
http://repository.linagora.org/OpenLDAP/openldap-release/${P}.tgz
http://mirror.eu.oneandone.net/software/openldap/openldap-release/${P}.tgz
mirror://gentoo/${BIS_P}"
https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.bz2
mirror://gentoo/${BIS_P}
"
S="${WORKDIR}"/${PN}-OPENLDAP_REL_ENG_${MY_PV}
LICENSE="OPENLDAP GPL-2"
SLOT="0"
KEYWORDS=""
# Subslot added for bug #835654
SLOT="0/$(ver_cut 1-2)"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux"
IUSE_DAEMON="crypt samba tcpd experimental minimal"
IUSE_OVERLAY="overlays perl"
IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux static-libs test"
IUSE_CONTRIB="smbkrb5passwd kerberos kinit pbkdf2 sha2"
IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd"
IUSE_OVERLAY="overlays perl autoca"
IUSE_OPTIONAL="debug gnutls iodbc ipv6 odbc sasl ssl selinux static-libs +syslog test"
IUSE_CONTRIB="kerberos kinit pbkdf2 sha2 smbkrb5passwd"
IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
IUSE="systemd ${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
RESTRICT="!test? ( test )"
RESTRICT="!test? ( test )"
REQUIRED_USE="cxx? ( sasl )
pbkdf2? ( ssl )
?? ( test minimal )"
# always list newer first
# Do not add any AGPL-3 BDB here!
# See bug 525110, comment 15.
# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build.
BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 4.8}"
BDB_PKGS=''
for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
test? ( cleartext debug sasl )
autoca? ( !gnutls )
?? ( test minimal )
kerberos? ( ?? ( kinit smbkrb5passwd ) )"
SYSTEM_LMDB_VER=0.9.30
# openssl is needed to generate lanman-passwords required by samba
COMMON_DEPEND="
kernel_linux? ( sys-apps/util-linux )
ssl? (
!gnutls? (
>=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
@ -59,7 +60,8 @@ COMMON_DEPEND="
!minimal? (
dev-libs/libltdl
sys-fs/e2fsprogs
>=dev-db/lmdb-0.9.18:=
>=dev-db/lmdb-${SYSTEM_LMDB_VER}:=
argon2? ( app-crypt/argon2:= )
crypt? ( virtual/libcrypt:= )
tcpd? ( sys-apps/tcp-wrappers )
odbc? ( !iodbc? ( dev-db/unixODBC )
@ -71,12 +73,11 @@ COMMON_DEPEND="
smbkrb5passwd? (
dev-libs/openssl:0=
kerberos? ( app-crypt/heimdal )
)
)
kerberos? (
virtual/krb5
kinit? ( !app-crypt/heimdal )
)
cxx? ( dev-libs/cyrus-sasl:= )
)
)
"
DEPEND="${COMMON_DEPEND}
@ -136,6 +137,15 @@ MULTILIB_WRAPPED_HEADERS=(
/usr/include/TlsOptions.h
)
PATCHES=(
"${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
"${FILESDIR}"/${PN}-2.6.1-system-mdb.patch
"${FILESDIR}"/${PN}-2.6.1-cloak.patch
"${FILESDIR}"/${PN}-2.6.1-flags.patch
"${FILESDIR}"/${PN}-2.6.4-clang16.patch
"${FILESDIR}"/${PN}-2.6.4-libressl.patch #903001
)
openldap_filecount() {
local dir="$1"
find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
@ -159,7 +169,7 @@ openldap_find_versiontags() {
openldap_found_tag=0
have_files=0
for each in ${openldap_datadirs[@]} ; do
CURRENT_TAGDIR="${ROOT}$(sed "s:\/::" <<< ${each})"
CURRENT_TAGDIR="${EROOT}$(sed "s:\/::" <<< ${each})"
CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
einfo "- Checking ${each}..."
@ -218,12 +228,33 @@ openldap_find_versiontags() {
[[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
# Now we must check for the major version of sys-libs/db linked against.
# TODO: remove this as we dropped bdb support (gone upstream) in 2.6.1?
SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
| awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
local fail=0
if [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
# This will not cover detection of cn=Config based configuration, but
# it's hopefully good enough.
if grep -sq '^backend.*shell' "${EROOT}"/etc/openldap/slapd.conf; then
eerror " OpenLDAP >= 2.6.x has dropped support for Shell backend."
eerror " You will need to migrate per upstream's migration notes"
eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
eerror " Your existing database will not be accessible until it is"
eerror " converted away from backend shell!"
echo
fail=1
fi
if has_version "${CATEGORY}/${PN}[berkdb]" || grep -sq '^backend.*(bdb|hdb)' /etc/openldap/slapd.conf; then
eerror " OpenLDAP >= 2.5.x has dropped support for Berkeley DB."
eerror " You will need to migrate per upstream's migration notes"
eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
eerror " Your existing database will not be accessible until it is"
eerror " converted to mdb!"
echo
fail=1
elif [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
:
# Nothing wrong here.
elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
@ -272,15 +303,15 @@ openldap_upgrade_howto() {
i="${l}.raw"
eerror " 1. /etc/init.d/slapd stop"
eerror " 2. slapcat -l ${i}"
eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
eerror " 3. grep -E -v '^(entry|context)CSN:' <${i} >${l}"
eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
eerror " 5. emerge --update \=net-nds/${PF}"
eerror " 6. etc-update, and ensure that you apply the changes"
eerror " 7. slapadd -l ${l}"
eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
eerror " 9. /etc/init.d/slapd start"
eerror "10. check that your data is intact."
eerror "11. set up the new replication system."
eerror "10. Check that your data is intact."
eerror "11. Set up the new replication system."
eerror
if [[ "${FORCE_UPGRADE}" != "1" ]]; then
die "You need to upgrade your database first"
@ -305,187 +336,240 @@ pkg_setup() {
}
src_prepare() {
# ensure correct SLAPI path by default
sed -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
-i include/ldap_defaults.h || die
# The system copy of dev-db/lmdb must match the version that this copy
# of OpenLDAP shipped with! See bug #588792.
#
# Fish out MDB_VERSION_MAJOR/MDB_VERSION_MINOR/MDB_VERSION_PATCH from
# the bundled lmdb's header to find out the version.
local bundled_lmdb_version=$(sed -En '/^#define MDB_VERSION_(MAJOR|MINOR|PATCH)(\s+)?/{s/[^0-9.]//gp}' libraries/liblmdb/lmdb.h || die)
printf -v bundled_lmdb_version "%s." ${bundled_lmdb_version}
if [[ ${SYSTEM_LMDB_VER}. != ${bundled_lmdb_version} ]] ; then
eerror "Source lmdb version: ${bundled_lmdb_version}"
eerror "Ebuild lmdb version: ${SYSTEM_LMDB_VER}"
die "Ebuild needs to update SYSTEM_LMDB_VER!"
fi
rm -r libraries/liblmdb || die 'could not removed bundled lmdb directory'
local filename
for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do
iconv -f iso-8859-1 -t utf-8 "${filename}" > "${filename}.utf8"
mv "${filename}.utf8" "${filename}"
done
default
rm -r libraries/liblmdb || die
sed -i \
-e "s:\$(localstatedir)/run:${EPREFIX}/run:" \
-e '/MKDIR.*.(DESTDIR)\/run/d' \
-e '/MKDIR.*.(DESTDIR).*.(runstatedir)/d' \
servers/slapd/Makefile.in || die 'adjusting slapd Makefile.in failed'
pushd build &>/dev/null || die "pushd build"
einfo "Making sure upstream build strip does not do stripping too early"
sed -i.orig \
-e '/^STRIP/s,-s,,g' \
top.mk || die "Failed to block stripping"
top.mk || die "Failed to remove too early stripping"
popd &>/dev/null || die
AT_NOEAUTOMAKE=yes eautoreconf
# Fails with OpenSSL 3, bug #848894
# https://bugs.openldap.org/show_bug.cgi?id=10009
rm tests/scripts/test076-authid-rewrite || die
eautoreconf
multilib_copy_sources
}
build_contrib_module() {
# <dir> <sources> <outputname>
# <dir> [<target>]
pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
einfo "Compiling contrib-module: $3"
# Make sure it's uppercase
local define_name="$(LC_ALL=C tr '[:lower:]' '[:upper:]' <<< "SLAPD_OVER_${1}")"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-D${define_name}=SLAPD_MOD_DYNAMIC \
-I"${BUILD_DIR}"/include \
-I../../../include -I../../../servers/slapd ${CFLAGS} \
-o ${2%.c}.lo -c $2 || die "compiling $3 failed"
einfo "Linking contrib-module: $3"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o $3.la ${2%.c}.lo || die "linking $3 failed"
einfo "Compiling contrib-module: $1"
local target="${2:-all}"
emake \
LDAP_BUILD="${BUILD_DIR}" prefix="${EPREFIX}/usr" \
CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \
"${target}"
popd &>/dev/null || die
}
src_configure() {
# connectionless ldap per bug #342439
append-cppflags -DLDAP_CONNECTIONLESS
multilib-minimal_src_configure
}
multilib_src_configure() {
local myconf=()
# Optional Features
myconf+=(
--enable-option-checking
$(use_enable debug)
--enable-dynamic
$(use_enable syslog)
$(use_enable ipv6)
--enable-local
)
use debug && myconf+=( $(use_enable debug) )
# Optional Packages
myconf+=(
--without-fetch
)
# ICU exists only in the configure, nowhere in the codebase, bug #510858
export ac_cv_header_unicode_utypes_h=no ol_cv_lib_icu=no
if use experimental ; then
# connectionless ldap per bug #342439
# connectionless is a unsupported feature according to Howard Chu
# see https://bugs.openldap.org/show_bug.cgi?id=9739
# (see also bug #892009)
append-flags -DLDAP_CONNECTIONLESS
fi
if ! use minimal && multilib_is_native_abi; then
local CPPFLAGS=${CPPFLAGS}
# re-enable serverside overlay chains per bug #296567
# see ldap docs chaper 12.3.1 for details
myconf+=( --enable-ldap )
# backends
myconf+=( --enable-slapd )
for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
myconf+=( --enable-${backend}=mod )
done
myconf+=( $(use_enable perl perl mod) )
myconf+=( $(use_enable odbc sql mod) )
if use odbc ; then
local odbc_lib="unixodbc"
if use iodbc ; then
odbc_lib="iodbc"
append-cppflags -I"${EPREFIX}"/usr/include/iodbc
fi
myconf+=( --with-odbc=${odbc_lib} )
fi
# slapd options
# SLAPD (Standalone LDAP Daemon) Options
# overlay chaining requires '--enable-ldap' #296567
# see https://www.openldap.org/doc/admin26/overlays.html#Chaining
myconf+=(
--enable-ldap=yes
--enable-slapd
$(use_enable cleartext)
$(use_enable crypt)
$(multilib_native_use_enable sasl spasswd)
--disable-slp
$(use_enable samba lmpasswd)
$(use_enable syslog)
$(use_enable tcpd wrappers)
)
if use experimental ; then
myconf+=(
--enable-dynacl
--enable-aci=mod
# ACI build as dynamic module not supported (yet)
--enable-aci=yes
)
fi
for option in aci cleartext modules rewrite rlookups slapi; do
for option in modules rlookups slapi; do
myconf+=( --enable-${option} )
done
# slapd overlay options
# Compile-in the syncprov, the others as module
myconf+=( --enable-syncprov=yes )
use overlays && myconf+=( --enable-overlays=mod )
# static SLAPD backends
for backend in mdb; do
myconf+=( --enable-${backend}=yes )
done
# module SLAPD backends
for backend in asyncmeta dnssrv meta null passwd relay sock; do
# missing modules: wiredtiger (not available in portage)
myconf+=( --enable-${backend}=mod )
done
use perl && myconf+=( --enable-perl=mod )
if use odbc ; then
myconf+=( --enable-sql=mod )
if use iodbc ; then
myconf+=( --with-odbc="iodbc" )
append-cflags -I"${EPREFIX}"/usr/include/iodbc
else
myconf+=( --with-odbc="unixodbc" )
fi
fi
use overlays && myconf+=( --enable-overlays=mod )
use autoca && myconf+=( --enable-autoca=mod ) || myconf+=( --enable-autoca=no )
# compile-in the syncprov
myconf+=( --enable-syncprov=yes )
# SLAPD Password Module Options
myconf+=(
$(use_enable argon2)
)
# Optional Packages
myconf+=(
$(use_with systemd)
$(multilib_native_use_with sasl cyrus-sasl)
)
else
myconf+=(
--disable-backends
--disable-slapd
--disable-mdb
--disable-overlays
--disable-autoca
--disable-syslog
--without-systemd
)
fi
# basic functionality stuff
# Library Generation & Linking Options
myconf+=(
$(use_enable ipv6)
$(multilib_native_use_with sasl cyrus-sasl)
$(multilib_native_use_enable sasl spasswd)
$(use_enable tcpd wrappers)
$(use_enable static-libs static)
--enable-shared
--enable-versioning
--with-pic
)
# Some cross-compiling tests don't pan out well.
# some cross-compiling tests don't pan out well.
tc-is-cross-compiler && myconf+=(
--with-yielding-select=yes
)
local ssl_lib="no"
if use ssl || ( ! use minimal && use samba ) ; then
ssl_lib="openssl"
use gnutls && ssl_lib="gnutls"
if use gnutls ; then
myconf+=( --with-tls="gnutls" )
else
# disable MD2 hash function
append-cflags -DOPENSSL_NO_MD2
myconf+=( --with-tls="openssl" )
fi
else
myconf+=( --with-tls="no" )
fi
myconf+=( --with-tls=${ssl_lib} )
for basicflag in dynamic local shared; do
myconf+=( --enable-${basicflag} )
done
tc-export AR CC CXX
CONFIG_SHELL="/bin/sh" \
ECONF_SOURCE="${S}" \
STRIP=/bin/true \
econf \
ECONF_SOURCE="${S}" econf \
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
$(use_enable static-libs static) \
--localstatedir="${EPREFIX}"/var \
--runstatedir="${EPREFIX}"/run \
--sharedstatedir="${EPREFIX}"/var/lib \
"${myconf[@]}"
# argument '--runstatedir' seems to have no effect therefore this workaround
sed -i \
-e 's:^runstatedir=.*:runstatedir=${EPREFIX}/run:' \
configure contrib/ldapc++/configure contrib/ldaptcl/configure || die 'could not set runstatedir'
sed -i \
-e "s:/var/run/sasl2/mux:${EPREFIX}/run/sasl2/mux:" \
doc/guide/admin/security.sdf || die 'could not fix run path in doc'
emake depend
}
src_configure_cxx() {
# This needs the libraries built by the first build run.
# So we have to run it AFTER the main build, not just after the main
# configure.
# we have to run it AFTER the main build, not just after the main configure
local myconf_ldapcpp=(
--with-ldap-includes="${S}"/include
--with-libldap="${E}/lib"
--with-ldap-includes="${S}/include"
)
mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die "could not create ${BUILD_DIR}/contrib/ldapc++ directory"
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
-L"${BUILD_DIR}"/libraries/libldap/.libs
local LDFLAGS="${LDFLAGS}"
local CPPFLAGS="${CPPFLAGS}"
append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs -L"${BUILD_DIR}"/libraries/libldap/.libs
append-cppflags -I"${BUILD_DIR}"/include
ECONF_SOURCE=${S}/contrib/ldapc++ \
econf "${myconf_ldapcpp[@]}" \
CC="${CC}" \
CXX="${CXX}"
popd &>/dev/null || die
ECONF_SOURCE="${S}"/contrib/ldapc++ econf "${myconf_ldapcpp[@]}"
popd &>/dev/null || die "popd contrib/ldapc++"
}
multilib_src_compile() {
tc-export AR CC CXX
emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/sh
local lt="${BUILD_DIR}/libtool"
export echo="echo"
emake CC="$(tc-getCC)" SHELL="${EPREFIX}"/bin/sh
if ! use minimal && multilib_is_native_abi ; then
if use cxx ; then
einfo "Building contrib library: ldapc++"
src_configure_cxx
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
emake CC="${CC}" CXX="${CXX}"
emake
popd &>/dev/null || die
fi
@ -507,7 +591,7 @@ multilib_src_compile() {
DEFS="${MY_DEFS}" \
KRB5_INC="${MY_KRB5_INC}" \
LDAP_BUILD="${BUILD_DIR}" \
CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
@ -517,7 +601,7 @@ multilib_src_compile() {
emake \
LDAP_BUILD="${BUILD_DIR}" \
CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
CC="$(tc-getCC)" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
@ -525,121 +609,45 @@ multilib_src_compile() {
if use kinit ; then
build_contrib_module "kinit" "kinit.c" "kinit"
fi
pushd "${S}/contrib/slapd-modules/passwd" &>/dev/null || die "pushd contrib/slapd-modules/passwd"
einfo "Compiling contrib-module: pw-kerberos"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CFLAGS} \
$(krb5-config --cflags) \
-DHAVE_KRB5 \
-o kerberos.lo \
-c kerberos.c || die "compiling pw-kerberos failed"
einfo "Linking contrib-module: pw-kerberos"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-kerberos.la \
kerberos.lo || die "linking pw-kerberos failed"
popd &>/dev/null || die
build_contrib_module "passwd" "pw-kerberos.la"
fi
if use pbkdf2; then
pushd "${S}/contrib/slapd-modules/passwd/pbkdf2" &>/dev/null || die "pushd contrib/slapd-modules/passwd/pbkdf2"
einfo "Compiling contrib-module: pw-pbkdf2"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../../include \
${CFLAGS} \
-o pbkdf2.lo \
-c pw-pbkdf2.c || die "compiling pw-pbkdf2 failed"
einfo "Linking contrib-module: pw-pbkdf2"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-pbkdf2.la \
pbkdf2.lo || die "linking pw-pbkdf2 failed"
popd &>/dev/null || die
build_contrib_module "passwd/pbkdf2"
fi
if use sha2 ; then
pushd "${S}/contrib/slapd-modules/passwd/sha2" &>/dev/null || die "pushd contrib/slapd-modules/passwd/sha2"
einfo "Compiling contrib-module: pw-sha2"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../../include \
${CFLAGS} \
-o sha2.lo \
-c sha2.c || die "compiling pw-sha2 failed"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../../include \
${CFLAGS} \
-o slapd-sha2.lo \
-c slapd-sha2.c || die "compiling pw-sha2 failed"
einfo "Linking contrib-module: pw-sha2"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-sha2.la \
sha2.lo slapd-sha2.lo || die "linking pw-sha2 failed"
popd &>/dev/null || die
build_contrib_module "passwd/sha2"
fi
# We could build pw-radius if GNURadius would install radlib.h
pushd "${S}/contrib/slapd-modules/passwd" &>/dev/null || die "pushd contrib/slapd-modules/passwd"
einfo "Compiling contrib-module: pw-netscape"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CFLAGS} \
-o netscape.lo \
-c netscape.c || die "compiling pw-netscape failed"
einfo "Linking contrib-module: pw-netscape"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-netscape.la \
netscape.lo || die "linking pw-netscape failed"
build_contrib_module "passwd" "pw-netscape.la"
#build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
#build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
build_contrib_module "allop" "allop.c" "overlay-allop"
build_contrib_module "allowed" "allowed.c" "allowed"
build_contrib_module "autogroup" "autogroup.c" "autogroup"
build_contrib_module "cloak" "cloak.c" "cloak"
# build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
build_contrib_module "denyop" "denyop.c" "denyop-overlay"
build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
build_contrib_module "dupent" "dupent.c" "dupent"
build_contrib_module "lastbind" "lastbind.c" "lastbind"
#build_contrib_module "acl" "posixgroup.la" # example code only
#build_contrib_module "acl" "gssacl.la" # example code only, also needs kerberos
build_contrib_module "addpartial"
build_contrib_module "allop"
build_contrib_module "allowed"
build_contrib_module "autogroup"
build_contrib_module "cloak"
# build_contrib_module "comp_match" # really complex, adds new external deps, questionable demand
build_contrib_module "denyop"
build_contrib_module "dsaschema"
build_contrib_module "dupent"
build_contrib_module "lastbind"
# lastmod may not play well with other overlays
build_contrib_module "lastmod" "lastmod.c" "lastmod"
build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
#build_contrib_module "nops" "nops.c" "nops-overlay" https://bugs.gentoo.org/641576
#build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
build_contrib_module "trace" "trace.c" "trace"
popd &>/dev/null || die
build_contrib_module "lastmod"
build_contrib_module "noopsrch"
#build_contrib_module "nops" https://bugs.gentoo.org/641576
#build_contrib_module "nssov" RESO:LATER
build_contrib_module "trace"
# build slapi-plugins
pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
einfo "Building contrib-module: addrdnvalues plugin"
"${CC}" -shared \
$(tc-getCC) -shared \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CPPFLAGS} \
${CFLAGS} \
-fPIC \
${LDFLAGS} \
@ -652,13 +660,29 @@ multilib_src_compile() {
multilib_src_test() {
if multilib_is_native_abi; then
cd tests || die
emake tests
pwd
# Increase various test timeouts/delays, bug #894012
# We can't just double everything as there's a cumulative effect.
export SLEEP0=2 # originally 1
export SLEEP1=10 # originally 7
export SLEEP2=20 # originally 15
export TIMEOUT=16 # originally 8
# emake test => runs only lloadd & mdb, in serial; skips ldif,sql,wt,regression
# emake partests => runs ALL of the tests in parallel
# wt/WiredTiger is not supported in Gentoo
TESTS=( lloadd mdb )
#TESTS+=( pldif ) # not done by default, so also exclude here
#use odbc && TESTS+=( psql ) # not done by default, so also exclude here
emake "${TESTS[@]}"
fi
}
multilib_src_install() {
local lt="${BUILD_DIR}/libtool"
emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
emake CC="$(tc-getCC)" \
DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
if ! use minimal && multilib_is_native_abi; then
# openldap modules go here
@ -677,11 +701,11 @@ multilib_src_install() {
# use our config
rm "${ED}"/etc/openldap/slapd.conf
insinto /etc/openldap
newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
newins "${FILESDIR}"/${PN}-2.6.3-slapd-conf slapd.conf
configfile="${ED}"/etc/openldap/slapd.conf
# populate with built backends
ebegin "populate config with built backends"
einfo "populate config with built backends"
for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
einfo "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
@ -690,21 +714,24 @@ multilib_src_install() {
use prefix || fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default || die
eend
# install our own init scripts and systemd unit files
einfo "Install init scripts"
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
doinitd "${T}"/slapd
newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
newconfd "${FILESDIR}"/slapd-confd-2.6.1 slapd
einfo "Install systemd service"
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd.service > "${T}"/slapd.service || die
systemd_dounit "${T}"/slapd.service
systemd_install_serviced "${FILESDIR}"/slapd.service.conf
newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
if use systemd; then
# The systemd unit uses Type=notify, so it is useless without USE=systemd
einfo "Install systemd service"
rm -rf "${ED}"/{,usr/}lib/systemd
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die
systemd_dounit "${T}"/slapd.service
systemd_install_serviced "${FILESDIR}"/slapd.service.conf
newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
fi
# If built without SLP, we don't need to be before avahi
# if built without SLP, we don't need to be before avahi
sed -i \
-e '/before/{s/avahi-daemon//g}' \
"${ED}"/etc/init.d/slapd \
@ -732,7 +759,7 @@ multilib_src_install() {
cd "${S}/contrib/slapd-modules/samba4" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="/usr/$(get_libdir)/openldap" install
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
newdoc README samba4-README
fi
@ -740,7 +767,7 @@ multilib_src_install() {
cd "${S}/contrib/slapd-modules" || die
for l in */*.la */*/*.la; do
[[ -e ${l} ]] || continue
"${lt}" --mode=install cp ${l} \
libtool --mode=install cp ${l} \
"${ED}"/usr/$(get_libdir)/openldap/openldap || \
die "installing ${l} failed"
done
@ -765,7 +792,6 @@ multilib_src_install() {
newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
dosbin "${S}"/contrib/slapd-tools/statslog
@ -784,7 +810,7 @@ multilib_src_install_all() {
pkg_preinst() {
# keep old libs if any
preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
preserve_old_lib /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
# bug 440470, only display the getting started help there was no openldap before,
# or we are going to a non-minimal build
! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
@ -793,7 +819,9 @@ pkg_preinst() {
pkg_postinst() {
if ! use minimal ; then
tmpfiles_process slapd.conf
if use systemd; then
tmpfiles_process slapd.conf
fi
# You cannot build SSL certificates during src_install that will make
# binary packages containing your SSL key, which is both a security risk
@ -828,10 +856,7 @@ pkg_postinst() {
elog "Getting started using OpenLDAP? There is some documentation available:"
elog "Gentoo Guide to OpenLDAP Authentication"
elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
elog "---"
elog "An example file for tuning BDB backends with openldap is"
elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
fi
preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
}

78
sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.6.1-r1.ebuild → sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.6.3-r7.ebuild vendored
View File

@ -1,8 +1,11 @@
# Copyright 1999-2022 Gentoo Authors
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
# Re cleanups:
# 2.5.x is an LTS release so we want to keep it for a while.
inherit autotools flag-o-matic multilib multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
MY_PV="$(ver_rs 1-2 _)"
@ -12,16 +15,17 @@ BIS_PV=20140524
BIS_P="${BIS_PN}-${BIS_PV}"
DESCRIPTION="LDAP suite of application and development tools"
HOMEPAGE="https://www.OpenLDAP.org/"
HOMEPAGE="https://www.openldap.org/"
SRC_URI="
https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.gz
mirror://gentoo/${BIS_P}"
mirror://gentoo/${BIS_P}
"
S="${WORKDIR}"/${PN}-OPENLDAP_REL_ENG_${MY_PV}
LICENSE="OPENLDAP GPL-2"
# Subslot added for bug #835654
SLOT="0/$(ver_cut 1-2)"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-solaris"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux"
IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd"
IUSE_OVERLAY="overlays perl autoca"
@ -36,9 +40,8 @@ REQUIRED_USE="cxx? ( sasl )
pbkdf2? ( ssl )
test? ( cleartext sasl )
autoca? ( !gnutls )
?? ( test minimal )"
S=${WORKDIR}/${PN}-OPENLDAP_REL_ENG_${MY_PV}
?? ( test minimal )
kerberos? ( ?? ( kinit smbkrb5passwd ) )"
# openssl is needed to generate lanman-passwords required by samba
COMMON_DEPEND="
@ -69,7 +72,7 @@ COMMON_DEPEND="
smbkrb5passwd? (
dev-libs/openssl:0=
kerberos? ( app-crypt/heimdal )
)
)
kerberos? (
virtual/krb5
kinit? ( !app-crypt/heimdal )
@ -139,8 +142,8 @@ PATCHES=(
"${FILESDIR}"/${PN}-2.6.1-cloak.patch
"${FILESDIR}"/${PN}-2.6.1-flags.patch
"${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch
"${FILESDIR}"/${PN}-2.6.1-make-flags.patch
"${FILESDIR}"/${PN}-2.6.1-fix-bashism-configure.patch
"${FILESDIR}"/${PN}-2.6.3-clang16.patch
)
openldap_filecount() {
@ -166,7 +169,7 @@ openldap_find_versiontags() {
openldap_found_tag=0
have_files=0
for each in ${openldap_datadirs[@]} ; do
CURRENT_TAGDIR="${ROOT}$(sed "s:\/::" <<< ${each})"
CURRENT_TAGDIR="${EROOT}$(sed "s:\/::" <<< ${each})"
CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
einfo "- Checking ${each}..."
@ -231,7 +234,27 @@ openldap_find_versiontags() {
OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
| awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
local fail=0
if [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
# This will not cover detection of cn=Config based configuration, but
# it's hopefully good enough.
if grep -sq '^backend.*shell' "${EROOT}"/etc/openldap/slapd.conf; then
eerror " OpenLDAP >= 2.5.x has dropped support for Shell backend."
eerror " You will need to migrate per upstream's migration notes"
eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
eerror " Your existing database will not be accessible until it is"
eerror " converted away from backend shell!"
echo
fail=1
fi
if has_version "${CATEGORY}/${PN}[berkdb]" || grep -sq '^backend.*(bdb|hdb)' /etc/openldap/slapd.conf; then
eerror " OpenLDAP >= 2.5.x has dropped support for Berkeley DB."
eerror " You will need to migrate per upstream's migration notes"
eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
eerror " Your existing database will not be accessible until it is"
eerror " converted to mdb!"
echo
fail=1
elif [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
:
# Nothing wrong here.
elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
@ -280,15 +303,15 @@ openldap_upgrade_howto() {
i="${l}.raw"
eerror " 1. /etc/init.d/slapd stop"
eerror " 2. slapcat -l ${i}"
eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
eerror " 3. grep -E -v '^(entry|context)CSN:' <${i} >${l}"
eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
eerror " 5. emerge --update \=net-nds/${PF}"
eerror " 6. etc-update, and ensure that you apply the changes"
eerror " 7. slapadd -l ${l}"
eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
eerror " 9. /etc/init.d/slapd start"
eerror "10. check that your data is intact."
eerror "11. set up the new replication system."
eerror "10. Check that your data is intact."
eerror "11. Set up the new replication system."
eerror
if [[ "${FORCE_UPGRADE}" != "1" ]]; then
die "You need to upgrade your database first"
@ -324,6 +347,8 @@ src_prepare() {
sed -i \
-e "s:\$(localstatedir)/run:${EPREFIX}/run:" \
-e '/MKDIR.*.(DESTDIR)\/run/d' \
-e '/MKDIR.*.(DESTDIR).*.(runstatedir)/d' \
servers/slapd/Makefile.in || die 'adjusting slapd Makefile.in failed'
pushd build &>/dev/null || die "pushd build"
@ -643,11 +668,11 @@ multilib_src_install() {
# use our config
rm "${ED}"/etc/openldap/slapd.conf
insinto /etc/openldap
newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
newins "${FILESDIR}"/${PN}-2.6.3-slapd-conf slapd.conf
configfile="${ED}"/etc/openldap/slapd.conf
# populate with built backends
ebegin "populate config with built backends"
einfo "populate config with built backends"
for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
einfo "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
@ -656,7 +681,6 @@ multilib_src_install() {
use prefix || fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default || die
eend $?
# install our own init scripts and systemd unit files
einfo "Install init scripts"
@ -664,11 +688,15 @@ multilib_src_install() {
doinitd "${T}"/slapd
newconfd "${FILESDIR}"/slapd-confd-2.6.1 slapd
einfo "Install systemd service"
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die
systemd_dounit "${T}"/slapd.service
systemd_install_serviced "${FILESDIR}"/slapd.service.conf
newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
if use systemd; then
# The systemd unit uses Type=notify, so it is useless without USE=systemd
einfo "Install systemd service"
rm -rf "${ED}"/{,usr/}lib/systemd
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die
systemd_dounit "${T}"/slapd.service
systemd_install_serviced "${FILESDIR}"/slapd.service.conf
newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
fi
# if built without SLP, we don't need to be before avahi
sed -i \
@ -758,7 +786,9 @@ pkg_preinst() {
pkg_postinst() {
if ! use minimal ; then
tmpfiles_process slapd.conf
if use systemd; then
tmpfiles_process slapd.conf
fi
# You cannot build SSL certificates during src_install that will make
# binary packages containing your SSL key, which is both a security risk

604
sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.4.57-r2.ebuild → sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.6.4-r1.ebuild vendored
View File

@ -1,53 +1,52 @@
# Copyright 1999-2022 Gentoo Authors
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit autotools db-use flag-o-matic multilib multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
# Re cleanups:
# 2.5.x is an LTS release so we want to keep it for a while.
inherit autotools flag-o-matic multilib multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
MY_PV="$(ver_rs 1-2 _)"
BIS_PN=rfc2307bis.schema
BIS_PV=20140524
BIS_P="${BIS_PN}-${BIS_PV}"
DESCRIPTION="LDAP suite of application and development tools"
HOMEPAGE="https://www.OpenLDAP.org/"
# upstream mirrors are mostly not working, using canonical URI
HOMEPAGE="https://www.openldap.org/"
SRC_URI="
https://openldap.org/software/download/OpenLDAP/openldap-release/${P}.tgz
http://gpl.savoirfairelinux.net/pub/mirrors/openldap/openldap-release/${P}.tgz
http://repository.linagora.org/OpenLDAP/openldap-release/${P}.tgz
http://mirror.eu.oneandone.net/software/openldap/openldap-release/${P}.tgz
mirror://gentoo/${BIS_P}"
https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.bz2
mirror://gentoo/${BIS_P}
"
S="${WORKDIR}"/${PN}-OPENLDAP_REL_ENG_${MY_PV}
LICENSE="OPENLDAP GPL-2"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x86-solaris"
# Subslot added for bug #835654
SLOT="0/$(ver_cut 1-2)"
KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
IUSE_DAEMON="crypt samba tcpd experimental minimal"
IUSE_BACKEND="+berkdb"
IUSE_OVERLAY="overlays perl"
IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux static-libs test"
IUSE_CONTRIB="smbkrb5passwd kerberos kinit pbkdf2 sha2"
IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd"
IUSE_OVERLAY="overlays perl autoca"
IUSE_OPTIONAL="debug gnutls iodbc ipv6 odbc sasl ssl selinux static-libs +syslog test"
IUSE_CONTRIB="kerberos kinit pbkdf2 sha2 smbkrb5passwd"
IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
IUSE="systemd ${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
RESTRICT="!test? ( test )"
RESTRICT="!test? ( test )"
REQUIRED_USE="cxx? ( sasl )
pbkdf2? ( ssl )
test? ( berkdb )
?? ( test minimal )"
# always list newer first
# Do not add any AGPL-3 BDB here!
# See bug 525110, comment 15.
# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build.
BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 4.8}"
BDB_PKGS=''
for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
test? ( cleartext sasl )
autoca? ( !gnutls )
?? ( test minimal )
kerberos? ( ?? ( kinit smbkrb5passwd ) )"
SYSTEM_LMDB_VER=0.9.30
# openssl is needed to generate lanman-passwords required by samba
COMMON_DEPEND="
kernel_linux? ( sys-apps/util-linux )
ssl? (
!gnutls? (
>=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
@ -61,7 +60,8 @@ COMMON_DEPEND="
!minimal? (
dev-libs/libltdl
sys-fs/e2fsprogs
>=dev-db/lmdb-0.9.18:=
>=dev-db/lmdb-${SYSTEM_LMDB_VER}:=
argon2? ( app-crypt/argon2:= )
crypt? ( virtual/libcrypt:= )
tcpd? ( sys-apps/tcp-wrappers )
odbc? ( !iodbc? ( dev-db/unixODBC )
@ -70,19 +70,14 @@ COMMON_DEPEND="
samba? (
dev-libs/openssl:0=
)
berkdb? (
<sys-libs/db-6.0:=
|| ( ${BDB_PKGS} )
)
smbkrb5passwd? (
dev-libs/openssl:0=
kerberos? ( app-crypt/heimdal )
)
)
kerberos? (
virtual/krb5
kinit? ( !app-crypt/heimdal )
)
cxx? ( dev-libs/cyrus-sasl:= )
)
)
"
DEPEND="${COMMON_DEPEND}
@ -143,39 +138,13 @@ MULTILIB_WRAPPED_HEADERS=(
)
PATCHES=(
"${FILESDIR}"/${PN}-2.4.17-gcc44.patch
"${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch
"${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
# bug #116045 - still present in 2.4.28
"${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
# bug #408077 - samba4
"${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
# bug #189817
"${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
# bug #233633
"${FILESDIR}"/${PN}-2.4.45-fix-lmpasswd-gnutls-symbols.patch
# bug #281495
"${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
# bug #294350
"${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
# unbreak /bin/sh -> dash
"${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
# bug #420959
"${FILESDIR}"/${PN}-2.4.31-gcc47.patch
# unbundle lmdb
"${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch
# fix some compiler warnings
"${FILESDIR}"/${PN}-2.4.47-warnings.patch
"${FILESDIR}"/${PN}-2.6.1-system-mdb.patch
"${FILESDIR}"/${PN}-2.6.1-cloak.patch
"${FILESDIR}"/${PN}-2.6.1-flags.patch
"${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch
"${FILESDIR}"/${PN}-2.6.4-clang16.patch
"${FILESDIR}"/${PN}-2.6.4-libressl.patch #903001
)
openldap_filecount() {
@ -201,7 +170,7 @@ openldap_find_versiontags() {
openldap_found_tag=0
have_files=0
for each in ${openldap_datadirs[@]} ; do
CURRENT_TAGDIR="${ROOT}$(sed "s:\/::" <<< ${each})"
CURRENT_TAGDIR="${EROOT}$(sed "s:\/::" <<< ${each})"
CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
einfo "- Checking ${each}..."
@ -260,19 +229,33 @@ openldap_find_versiontags() {
[[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
# Now we must check for the major version of sys-libs/db linked against.
# TODO: remove this as we dropped bdb support (gone upstream) in 2.6.1?
SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
| awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
if use berkdb; then
# find which one would be used
for bdb_slot in ${BDB_SLOTS} ; do
NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
[[ -n "${NEWVER}" ]] && break
done
fi
local fail=0
if [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
# This will not cover detection of cn=Config based configuration, but
# it's hopefully good enough.
if grep -sq '^backend.*shell' "${EROOT}"/etc/openldap/slapd.conf; then
eerror " OpenLDAP >= 2.5.x has dropped support for Shell backend."
eerror " You will need to migrate per upstream's migration notes"
eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
eerror " Your existing database will not be accessible until it is"
eerror " converted away from backend shell!"
echo
fail=1
fi
if has_version "${CATEGORY}/${PN}[berkdb]" || grep -sq '^backend.*(bdb|hdb)' /etc/openldap/slapd.conf; then
eerror " OpenLDAP >= 2.5.x has dropped support for Berkeley DB."
eerror " You will need to migrate per upstream's migration notes"
eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
eerror " Your existing database will not be accessible until it is"
eerror " converted to mdb!"
echo
fail=1
elif [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
:
# Nothing wrong here.
elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
@ -321,15 +304,15 @@ openldap_upgrade_howto() {
i="${l}.raw"
eerror " 1. /etc/init.d/slapd stop"
eerror " 2. slapcat -l ${i}"
eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
eerror " 3. grep -E -v '^(entry|context)CSN:' <${i} >${l}"
eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
eerror " 5. emerge --update \=net-nds/${PF}"
eerror " 6. etc-update, and ensure that you apply the changes"
eerror " 7. slapadd -l ${l}"
eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
eerror " 9. /etc/init.d/slapd start"
eerror "10. check that your data is intact."
eerror "11. set up the new replication system."
eerror "10. Check that your data is intact."
eerror "11. Set up the new replication system."
eerror
if [[ "${FORCE_UPGRADE}" != "1" ]]; then
die "You need to upgrade your database first"
@ -354,206 +337,240 @@ pkg_setup() {
}
src_prepare() {
# ensure correct SLAPI path by default
sed -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
-i include/ldap_defaults.h || die
# The system copy of dev-db/lmdb must match the version that this copy
# of OpenLDAP shipped with! See bug #588792.
#
# Fish out MDB_VERSION_MAJOR/MDB_VERSION_MINOR/MDB_VERSION_PATCH from
# the bundled lmdb's header to find out the version.
local bundled_lmdb_version=$(sed -En '/^#define MDB_VERSION_(MAJOR|MINOR|PATCH)(\s+)?/{s/[^0-9.]//gp}' libraries/liblmdb/lmdb.h || die)
printf -v bundled_lmdb_version "%s." ${bundled_lmdb_version}
if [[ ${SYSTEM_LMDB_VER}. != ${bundled_lmdb_version} ]] ; then
eerror "Source lmdb version: ${bundled_lmdb_version}"
eerror "Ebuild lmdb version: ${SYSTEM_LMDB_VER}"
die "Ebuild needs to update SYSTEM_LMDB_VER!"
fi
rm -r libraries/liblmdb || die 'could not removed bundled lmdb directory'
local filename
for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do
iconv -f iso-8859-1 -t utf-8 "${filename}" > "${filename}.utf8"
mv "${filename}.utf8" "${filename}"
done
default
rm -r libraries/liblmdb || die
sed -i \
-e "s:\$(localstatedir)/run:${EPREFIX}/run:" \
-e '/MKDIR.*.(DESTDIR)\/run/d' \
-e '/MKDIR.*.(DESTDIR).*.(runstatedir)/d' \
servers/slapd/Makefile.in || die 'adjusting slapd Makefile.in failed'
pushd build &>/dev/null || die "pushd build"
einfo "Making sure upstream build strip does not do stripping too early"
sed -i.orig \
-e '/^STRIP/s,-s,,g' \
top.mk || die "Failed to block stripping"
top.mk || die "Failed to remove too early stripping"
popd &>/dev/null || die
# wrong assumption that /bin/sh is /bin/bash
sed \
-e 's|/bin/sh|/bin/bash|g' \
-i tests/scripts/* || die "sed failed"
# Fails with OpenSSL 3, bug #848894
# https://bugs.openldap.org/show_bug.cgi?id=10009
rm tests/scripts/test076-authid-rewrite || die
# Required for autoconf-2.70 #765043
sed 's@^AM_INIT_AUTOMAKE.*@AC_PROG_MAKE_SET@' -i configure.in || die
AT_NOEAUTOMAKE=yes eautoreconf
eautoreconf
multilib_copy_sources
}
build_contrib_module() {
# <dir> <sources> <outputname>
# <dir> [<target>]
pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
einfo "Compiling contrib-module: $3"
# Make sure it's uppercase
local define_name="$(LC_ALL=C tr '[:lower:]' '[:upper:]' <<< "SLAPD_OVER_${1}")"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-D${define_name}=SLAPD_MOD_DYNAMIC \
-I"${BUILD_DIR}"/include \
-I../../../include -I../../../servers/slapd ${CFLAGS} \
-o ${2%.c}.lo -c $2 || die "compiling $3 failed"
einfo "Linking contrib-module: $3"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o $3.la ${2%.c}.lo || die "linking $3 failed"
einfo "Compiling contrib-module: $1"
local target="${2:-all}"
emake \
LDAP_BUILD="${BUILD_DIR}" prefix="${EPREFIX}/usr" \
CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \
"${target}"
popd &>/dev/null || die
}
src_configure() {
# connectionless ldap per bug #342439
append-cppflags -DLDAP_CONNECTIONLESS
multilib-minimal_src_configure
}
multilib_src_configure() {
local myconf=()
# Optional Features
myconf+=(
--enable-option-checking
$(use_enable debug)
--enable-dynamic
$(use_enable syslog)
$(use_enable ipv6)
--enable-local
)
use debug && myconf+=( $(use_enable debug) )
# Optional Packages
myconf+=(
--without-fetch
)
# ICU exists only in the configure, nowhere in the codebase, bug #510858
export ac_cv_header_unicode_utypes_h=no ol_cv_lib_icu=no
if use experimental ; then
# connectionless ldap per bug #342439
# connectionless is a unsupported feature according to Howard Chu
# see https://bugs.openldap.org/show_bug.cgi?id=9739
# (see also bug #892009)
append-flags -DLDAP_CONNECTIONLESS
fi
if ! use minimal && multilib_is_native_abi; then
local CPPFLAGS=${CPPFLAGS}
# re-enable serverside overlay chains per bug #296567
# see ldap docs chaper 12.3.1 for details
myconf+=( --enable-ldap )
# backends
myconf+=( --enable-slapd )
if use berkdb ; then
einfo "Using Berkeley DB for local backend"
myconf+=( --enable-bdb --enable-hdb )
DBINCLUDE=$(db_includedir ${BDB_SLOTS})
einfo "Using ${DBINCLUDE} for sys-libs/db version"
# We need to include the slotted db.h dir for FreeBSD
append-cppflags -I${DBINCLUDE}
else
myconf+=( --disable-bdb --disable-hdb )
fi
for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
myconf+=( --enable-${backend}=mod )
done
myconf+=( $(use_enable perl perl mod) )
myconf+=( $(use_enable odbc sql mod) )
if use odbc ; then
local odbc_lib="unixodbc"
if use iodbc ; then
odbc_lib="iodbc"
append-cppflags -I"${EPREFIX}"/usr/include/iodbc
fi
myconf+=( --with-odbc=${odbc_lib} )
fi
# slapd options
# SLAPD (Standalone LDAP Daemon) Options
# overlay chaining requires '--enable-ldap' #296567
# see https://www.openldap.org/doc/admin26/overlays.html#Chaining
myconf+=(
--enable-ldap=yes
--enable-slapd
$(use_enable cleartext)
$(use_enable crypt)
$(multilib_native_use_enable sasl spasswd)
--disable-slp
$(use_enable samba lmpasswd)
$(use_enable syslog)
$(use_enable tcpd wrappers)
)
if use experimental ; then
myconf+=(
--enable-dynacl
--enable-aci=mod
# ACI build as dynamic module not supported (yet)
--enable-aci=yes
)
fi
for option in aci cleartext modules rewrite rlookups slapi; do
for option in modules rlookups slapi; do
myconf+=( --enable-${option} )
done
# slapd overlay options
# Compile-in the syncprov, the others as module
myconf+=( --enable-syncprov=yes )
use overlays && myconf+=( --enable-overlays=mod )
# static SLAPD backends
for backend in mdb; do
myconf+=( --enable-${backend}=yes )
done
# module SLAPD backends
for backend in asyncmeta dnssrv meta null passwd relay sock; do
# missing modules: wiredtiger (not available in portage)
myconf+=( --enable-${backend}=mod )
done
use perl && myconf+=( --enable-perl=mod )
if use odbc ; then
myconf+=( --enable-sql=mod )
if use iodbc ; then
myconf+=( --with-odbc="iodbc" )
append-cflags -I"${EPREFIX}"/usr/include/iodbc
else
myconf+=( --with-odbc="unixodbc" )
fi
fi
use overlays && myconf+=( --enable-overlays=mod )
use autoca && myconf+=( --enable-autoca=mod ) || myconf+=( --enable-autoca=no )
# compile-in the syncprov
myconf+=( --enable-syncprov=yes )
# SLAPD Password Module Options
myconf+=(
$(use_enable argon2)
)
# Optional Packages
myconf+=(
$(use_with systemd)
$(multilib_native_use_with sasl cyrus-sasl)
)
else
myconf+=(
--disable-backends
--disable-slapd
--disable-bdb
--disable-hdb
--disable-mdb
--disable-overlays
--disable-autoca
--disable-syslog
--without-systemd
)
fi
# basic functionality stuff
# Library Generation & Linking Options
myconf+=(
$(use_enable ipv6)
$(multilib_native_use_with sasl cyrus-sasl)
$(multilib_native_use_enable sasl spasswd)
$(use_enable tcpd wrappers)
$(use_enable static-libs static)
--enable-shared
--enable-versioning
--with-pic
)
# Some cross-compiling tests don't pan out well.
# some cross-compiling tests don't pan out well.
tc-is-cross-compiler && myconf+=(
--with-yielding-select=yes
)
local ssl_lib="no"
if use ssl || ( ! use minimal && use samba ) ; then
ssl_lib="openssl"
use gnutls && ssl_lib="gnutls"
if use gnutls ; then
myconf+=( --with-tls="gnutls" )
else
# disable MD2 hash function
append-cflags -DOPENSSL_NO_MD2
myconf+=( --with-tls="openssl" )
fi
else
myconf+=( --with-tls="no" )
fi
myconf+=( --with-tls=${ssl_lib} )
for basicflag in dynamic local proctitle shared; do
myconf+=( --enable-${basicflag} )
done
tc-export AR CC CXX
CONFIG_SHELL="/bin/sh" \
ECONF_SOURCE="${S}" \
STRIP=/bin/true \
econf \
ECONF_SOURCE="${S}" econf \
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
$(use_enable static-libs static) \
--localstatedir="${EPREFIX}"/var \
--runstatedir="${EPREFIX}"/run \
--sharedstatedir="${EPREFIX}"/var/lib \
"${myconf[@]}"
# argument '--runstatedir' seems to have no effect therefore this workaround
sed -i \
-e 's:^runstatedir=.*:runstatedir=${EPREFIX}/run:' \
configure contrib/ldapc++/configure contrib/ldaptcl/configure || die 'could not set runstatedir'
sed -i \
-e "s:/var/run/sasl2/mux:${EPREFIX}/run/sasl2/mux:" \
doc/guide/admin/security.sdf || die 'could not fix run path in doc'
emake depend
}
src_configure_cxx() {
# This needs the libraries built by the first build run.
# So we have to run it AFTER the main build, not just after the main
# configure.
# we have to run it AFTER the main build, not just after the main configure
local myconf_ldapcpp=(
--with-ldap-includes="${S}"/include
--with-libldap="${E}/lib"
--with-ldap-includes="${S}/include"
)
mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die "could not create ${BUILD_DIR}/contrib/ldapc++ directory"
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
-L"${BUILD_DIR}"/libraries/libldap/.libs
local LDFLAGS="${LDFLAGS}"
local CPPFLAGS="${CPPFLAGS}"
append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs -L"${BUILD_DIR}"/libraries/libldap/.libs
append-cppflags -I"${BUILD_DIR}"/include
ECONF_SOURCE=${S}/contrib/ldapc++ \
econf "${myconf_ldapcpp[@]}" \
CC="${CC}" \
CXX="${CXX}"
popd &>/dev/null || die
ECONF_SOURCE="${S}"/contrib/ldapc++ econf "${myconf_ldapcpp[@]}"
popd &>/dev/null || die "popd contrib/ldapc++"
}
multilib_src_compile() {
tc-export AR CC CXX
emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/sh
local lt="${BUILD_DIR}/libtool"
export echo="echo"
emake CC="$(tc-getCC)" SHELL="${EPREFIX}"/bin/sh
if ! use minimal && multilib_is_native_abi ; then
if use cxx ; then
einfo "Building contrib library: ldapc++"
src_configure_cxx
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
emake CC="${CC}" CXX="${CXX}"
emake
popd &>/dev/null || die
fi
@ -575,7 +592,7 @@ multilib_src_compile() {
DEFS="${MY_DEFS}" \
KRB5_INC="${MY_KRB5_INC}" \
LDAP_BUILD="${BUILD_DIR}" \
CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
@ -585,7 +602,7 @@ multilib_src_compile() {
emake \
LDAP_BUILD="${BUILD_DIR}" \
CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
CC="$(tc-getCC)" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
@ -593,121 +610,45 @@ multilib_src_compile() {
if use kinit ; then
build_contrib_module "kinit" "kinit.c" "kinit"
fi
pushd "${S}/contrib/slapd-modules/passwd" &>/dev/null || die "pushd contrib/slapd-modules/passwd"
einfo "Compiling contrib-module: pw-kerberos"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CFLAGS} \
$(krb5-config --cflags) \
-DHAVE_KRB5 \
-o kerberos.lo \
-c kerberos.c || die "compiling pw-kerberos failed"
einfo "Linking contrib-module: pw-kerberos"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-kerberos.la \
kerberos.lo || die "linking pw-kerberos failed"
popd &>/dev/null || die
build_contrib_module "passwd" "pw-kerberos.la"
fi
if use pbkdf2; then
pushd "${S}/contrib/slapd-modules/passwd/pbkdf2" &>/dev/null || die "pushd contrib/slapd-modules/passwd/pbkdf2"
einfo "Compiling contrib-module: pw-pbkdf2"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../../include \
${CFLAGS} \
-o pbkdf2.lo \
-c pw-pbkdf2.c || die "compiling pw-pbkdf2 failed"
einfo "Linking contrib-module: pw-pbkdf2"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-pbkdf2.la \
pbkdf2.lo || die "linking pw-pbkdf2 failed"
popd &>/dev/null || die
build_contrib_module "passwd/pbkdf2"
fi
if use sha2 ; then
pushd "${S}/contrib/slapd-modules/passwd/sha2" &>/dev/null || die "pushd contrib/slapd-modules/passwd/sha2"
einfo "Compiling contrib-module: pw-sha2"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../../include \
${CFLAGS} \
-o sha2.lo \
-c sha2.c || die "compiling pw-sha2 failed"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../../include \
${CFLAGS} \
-o slapd-sha2.lo \
-c slapd-sha2.c || die "compiling pw-sha2 failed"
einfo "Linking contrib-module: pw-sha2"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-sha2.la \
sha2.lo slapd-sha2.lo || die "linking pw-sha2 failed"
popd &>/dev/null || die
build_contrib_module "passwd/sha2"
fi
# We could build pw-radius if GNURadius would install radlib.h
pushd "${S}/contrib/slapd-modules/passwd" &>/dev/null || die "pushd contrib/slapd-modules/passwd"
einfo "Compiling contrib-module: pw-netscape"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CFLAGS} \
-o netscape.lo \
-c netscape.c || die "compiling pw-netscape failed"
einfo "Linking contrib-module: pw-netscape"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-netscape.la \
netscape.lo || die "linking pw-netscape failed"
build_contrib_module "passwd" "pw-netscape.la"
#build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
#build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
build_contrib_module "allop" "allop.c" "overlay-allop"
build_contrib_module "allowed" "allowed.c" "allowed"
build_contrib_module "autogroup" "autogroup.c" "autogroup"
build_contrib_module "cloak" "cloak.c" "cloak"
# build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
build_contrib_module "denyop" "denyop.c" "denyop-overlay"
build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
build_contrib_module "dupent" "dupent.c" "dupent"
build_contrib_module "lastbind" "lastbind.c" "lastbind"
#build_contrib_module "acl" "posixgroup.la" # example code only
#build_contrib_module "acl" "gssacl.la" # example code only, also needs kerberos
build_contrib_module "addpartial"
build_contrib_module "allop"
build_contrib_module "allowed"
build_contrib_module "autogroup"
build_contrib_module "cloak"
# build_contrib_module "comp_match" # really complex, adds new external deps, questionable demand
build_contrib_module "denyop"
build_contrib_module "dsaschema"
build_contrib_module "dupent"
build_contrib_module "lastbind"
# lastmod may not play well with other overlays
build_contrib_module "lastmod" "lastmod.c" "lastmod"
build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
#build_contrib_module "nops" "nops.c" "nops-overlay" https://bugs.gentoo.org/641576
#build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
build_contrib_module "trace" "trace.c" "trace"
popd &>/dev/null || die
build_contrib_module "lastmod"
build_contrib_module "noopsrch"
#build_contrib_module "nops" https://bugs.gentoo.org/641576
#build_contrib_module "nssov" RESO:LATER
build_contrib_module "trace"
# build slapi-plugins
pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
einfo "Building contrib-module: addrdnvalues plugin"
"${CC}" -shared \
$(tc-getCC) -shared \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CPPFLAGS} \
${CFLAGS} \
-fPIC \
${LDFLAGS} \
@ -720,13 +661,29 @@ multilib_src_compile() {
multilib_src_test() {
if multilib_is_native_abi; then
cd tests || die
emake tests
pwd
# Increase various test timeouts/delays, bug #894012
# We can't just double everything as there's a cumulative effect.
export SLEEP0=2 # originally 1
export SLEEP1=10 # originally 7
export SLEEP2=20 # originally 15
export TIMEOUT=16 # originally 8
# emake test => runs only lloadd & mdb, in serial; skips ldif,sql,wt,regression
# emake partests => runs ALL of the tests in parallel
# wt/WiredTiger is not supported in Gentoo
TESTS=( plloadd pmdb )
#TESTS+=( pldif ) # not done by default, so also exclude here
#use odbc && TESTS+=( psql ) # not done by default, so also exclude here
emake "${TESTS[@]}"
fi
}
multilib_src_install() {
local lt="${BUILD_DIR}/libtool"
emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
emake CC="$(tc-getCC)" \
DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
if ! use minimal && multilib_is_native_abi; then
# openldap modules go here
@ -745,11 +702,11 @@ multilib_src_install() {
# use our config
rm "${ED}"/etc/openldap/slapd.conf
insinto /etc/openldap
newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
newins "${FILESDIR}"/${PN}-2.6.3-slapd-conf slapd.conf
configfile="${ED}"/etc/openldap/slapd.conf
# populate with built backends
ebegin "populate config with built backends"
einfo "populate config with built backends"
for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
einfo "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
@ -758,21 +715,24 @@ multilib_src_install() {
use prefix || fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default || die
eend
# install our own init scripts and systemd unit files
einfo "Install init scripts"
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
doinitd "${T}"/slapd
newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
newconfd "${FILESDIR}"/slapd-confd-2.6.1 slapd
einfo "Install systemd service"
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd.service > "${T}"/slapd.service || die
systemd_dounit "${T}"/slapd.service
systemd_install_serviced "${FILESDIR}"/slapd.service.conf
newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
if use systemd; then
# The systemd unit uses Type=notify, so it is useless without USE=systemd
einfo "Install systemd service"
rm -rf "${ED}"/{,usr/}lib/systemd
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die
systemd_dounit "${T}"/slapd.service
systemd_install_serviced "${FILESDIR}"/slapd.service.conf
newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
fi
# If built without SLP, we don't need to be before avahi
# if built without SLP, we don't need to be before avahi
sed -i \
-e '/before/{s/avahi-daemon//g}' \
"${ED}"/etc/init.d/slapd \
@ -800,7 +760,7 @@ multilib_src_install() {
cd "${S}/contrib/slapd-modules/samba4" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="/usr/$(get_libdir)/openldap" install
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
newdoc README samba4-README
fi
@ -808,7 +768,7 @@ multilib_src_install() {
cd "${S}/contrib/slapd-modules" || die
for l in */*.la */*/*.la; do
[[ -e ${l} ]] || continue
"${lt}" --mode=install cp ${l} \
libtool --mode=install cp ${l} \
"${ED}"/usr/$(get_libdir)/openldap/openldap || \
die "installing ${l} failed"
done
@ -833,7 +793,6 @@ multilib_src_install() {
newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
dosbin "${S}"/contrib/slapd-tools/statslog
@ -852,7 +811,7 @@ multilib_src_install_all() {
pkg_preinst() {
# keep old libs if any
preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
preserve_old_lib /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
# bug 440470, only display the getting started help there was no openldap before,
# or we are going to a non-minimal build
! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
@ -861,7 +820,9 @@ pkg_preinst() {
pkg_postinst() {
if ! use minimal ; then
tmpfiles_process slapd.conf
if use systemd; then
tmpfiles_process slapd.conf
fi
# You cannot build SSL certificates during src_install that will make
# binary packages containing your SSL key, which is both a security risk
@ -896,10 +857,7 @@ pkg_postinst() {
elog "Getting started using OpenLDAP? There is some documentation available:"
elog "Gentoo Guide to OpenLDAP Authentication"
elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
elog "---"
elog "An example file for tuning BDB backends with openldap is"
elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
fi
preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
}

614
sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.4.58-r2.ebuild → sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.6.4-r2.ebuild vendored
View File

@ -1,53 +1,53 @@
# Copyright 1999-2022 Gentoo Authors
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
EAPI=8
inherit autotools db-use flag-o-matic multilib multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
# Re cleanups:
# 2.5.x is an LTS release so we want to keep it for a while.
inherit autotools flag-o-matic multibuild multilib multilib-minimal preserve-libs
inherit ssl-cert toolchain-funcs systemd tmpfiles
MY_PV="$(ver_rs 1-2 _)"
BIS_PN=rfc2307bis.schema
BIS_PV=20140524
BIS_P="${BIS_PN}-${BIS_PV}"
DESCRIPTION="LDAP suite of application and development tools"
HOMEPAGE="https://www.OpenLDAP.org/"
# upstream mirrors are mostly not working, using canonical URI
HOMEPAGE="https://www.openldap.org/"
SRC_URI="
https://openldap.org/software/download/OpenLDAP/openldap-release/${P}.tgz
http://gpl.savoirfairelinux.net/pub/mirrors/openldap/openldap-release/${P}.tgz
http://repository.linagora.org/OpenLDAP/openldap-release/${P}.tgz
http://mirror.eu.oneandone.net/software/openldap/openldap-release/${P}.tgz
mirror://gentoo/${BIS_P}"
https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.bz2
mirror://gentoo/${BIS_P}
"
S="${WORKDIR}"/${PN}-OPENLDAP_REL_ENG_${MY_PV}
LICENSE="OPENLDAP GPL-2"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x86-solaris"
# Subslot added for bug #835654
SLOT="0/$(ver_cut 1-2)"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
IUSE_DAEMON="crypt samba tcpd experimental minimal"
IUSE_BACKEND="+berkdb"
IUSE_OVERLAY="overlays perl"
IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux static-libs test"
IUSE_CONTRIB="smbkrb5passwd kerberos kinit pbkdf2 sha2"
IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd"
IUSE_OVERLAY="overlays perl autoca"
IUSE_OPTIONAL="debug gnutls iodbc odbc sasl ssl selinux static-libs +syslog test"
IUSE_CONTRIB="kerberos kinit pbkdf2 sha2 smbkrb5passwd"
IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
IUSE="systemd ${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
RESTRICT="!test? ( test )"
RESTRICT="!test? ( test )"
REQUIRED_USE="cxx? ( sasl )
pbkdf2? ( ssl )
test? ( berkdb )
?? ( test minimal )"
# always list newer first
# Do not add any AGPL-3 BDB here!
# See bug 525110, comment 15.
# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build.
BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 4.8}"
BDB_PKGS=''
for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
test? ( cleartext sasl )
autoca? ( !gnutls )
?? ( test minimal )
kerberos? ( ?? ( kinit smbkrb5passwd ) )"
SYSTEM_LMDB_VER=0.9.30
# openssl is needed to generate lanman-passwords required by samba
COMMON_DEPEND="
kernel_linux? ( sys-apps/util-linux )
ssl? (
!gnutls? (
>=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
@ -59,9 +59,11 @@ COMMON_DEPEND="
)
sasl? ( dev-libs/cyrus-sasl:= )
!minimal? (
dev-libs/libevent:=
dev-libs/libltdl
sys-fs/e2fsprogs
>=dev-db/lmdb-0.9.18:=
>=dev-db/lmdb-${SYSTEM_LMDB_VER}:=
argon2? ( app-crypt/argon2:= )
crypt? ( virtual/libcrypt:= )
tcpd? ( sys-apps/tcp-wrappers )
odbc? ( !iodbc? ( dev-db/unixODBC )
@ -70,19 +72,14 @@ COMMON_DEPEND="
samba? (
dev-libs/openssl:0=
)
berkdb? (
<sys-libs/db-6.0:=
|| ( ${BDB_PKGS} )
)
smbkrb5passwd? (
dev-libs/openssl:0=
kerberos? ( app-crypt/heimdal )
)
)
kerberos? (
virtual/krb5
kinit? ( !app-crypt/heimdal )
)
cxx? ( dev-libs/cyrus-sasl:= )
)
)
"
DEPEND="${COMMON_DEPEND}
@ -143,39 +140,13 @@ MULTILIB_WRAPPED_HEADERS=(
)
PATCHES=(
"${FILESDIR}"/${PN}-2.4.17-gcc44.patch
"${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch
"${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
# bug #116045 - still present in 2.4.28
"${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
# bug #408077 - samba4
"${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
# bug #189817
"${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
# bug #233633
"${FILESDIR}"/${PN}-2.4.45-fix-lmpasswd-gnutls-symbols.patch
# bug #281495
"${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
# bug #294350
"${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
# unbreak /bin/sh -> dash
"${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
# bug #420959
"${FILESDIR}"/${PN}-2.4.31-gcc47.patch
# unbundle lmdb
"${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch
# fix some compiler warnings
"${FILESDIR}"/${PN}-2.4.47-warnings.patch
"${FILESDIR}"/${PN}-2.6.1-system-mdb.patch
"${FILESDIR}"/${PN}-2.6.1-cloak.patch
"${FILESDIR}"/${PN}-2.6.1-flags.patch
"${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch
"${FILESDIR}"/${PN}-2.6.4-clang16.patch
"${FILESDIR}"/${PN}-2.6.4-libressl.patch #903001
)
openldap_filecount() {
@ -201,7 +172,7 @@ openldap_find_versiontags() {
openldap_found_tag=0
have_files=0
for each in ${openldap_datadirs[@]} ; do
CURRENT_TAGDIR="${ROOT}$(sed "s:\/::" <<< ${each})"
CURRENT_TAGDIR="${EROOT}$(sed "s:\/::" <<< ${each})"
CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
einfo "- Checking ${each}..."
@ -260,19 +231,33 @@ openldap_find_versiontags() {
[[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
# Now we must check for the major version of sys-libs/db linked against.
# TODO: remove this as we dropped bdb support (gone upstream) in 2.6.1?
SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
| awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
if use berkdb; then
# find which one would be used
for bdb_slot in ${BDB_SLOTS} ; do
NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
[[ -n "${NEWVER}" ]] && break
done
fi
local fail=0
if [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
# This will not cover detection of cn=Config based configuration, but
# it's hopefully good enough.
if grep -sq '^backend.*shell' "${EROOT}"/etc/openldap/slapd.conf; then
eerror " OpenLDAP >= 2.5.x has dropped support for Shell backend."
eerror " You will need to migrate per upstream's migration notes"
eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
eerror " Your existing database will not be accessible until it is"
eerror " converted away from backend shell!"
echo
fail=1
fi
if has_version "${CATEGORY}/${PN}[berkdb]" || grep -sq '^backend.*(bdb|hdb)' /etc/openldap/slapd.conf; then
eerror " OpenLDAP >= 2.5.x has dropped support for Berkeley DB."
eerror " You will need to migrate per upstream's migration notes"
eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
eerror " Your existing database will not be accessible until it is"
eerror " converted to mdb!"
echo
fail=1
elif [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
:
# Nothing wrong here.
elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
@ -321,15 +306,15 @@ openldap_upgrade_howto() {
i="${l}.raw"
eerror " 1. /etc/init.d/slapd stop"
eerror " 2. slapcat -l ${i}"
eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
eerror " 3. grep -E -v '^(entry|context)CSN:' <${i} >${l}"
eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
eerror " 5. emerge --update \=net-nds/${PF}"
eerror " 6. etc-update, and ensure that you apply the changes"
eerror " 7. slapadd -l ${l}"
eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
eerror " 9. /etc/init.d/slapd start"
eerror "10. check that your data is intact."
eerror "11. set up the new replication system."
eerror "10. Check that your data is intact."
eerror "11. Set up the new replication system."
eerror
if [[ "${FORCE_UPGRADE}" != "1" ]]; then
die "You need to upgrade your database first"
@ -354,206 +339,243 @@ pkg_setup() {
}
src_prepare() {
# ensure correct SLAPI path by default
sed -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
-i include/ldap_defaults.h || die
# The system copy of dev-db/lmdb must match the version that this copy
# of OpenLDAP shipped with! See bug #588792.
#
# Fish out MDB_VERSION_MAJOR/MDB_VERSION_MINOR/MDB_VERSION_PATCH from
# the bundled lmdb's header to find out the version.
local bundled_lmdb_version=$(sed -En '/^#define MDB_VERSION_(MAJOR|MINOR|PATCH)(\s+)?/{s/[^0-9.]//gp}' \
libraries/liblmdb/lmdb.h || die)
printf -v bundled_lmdb_version "%s." ${bundled_lmdb_version}
if [[ ${SYSTEM_LMDB_VER}. != ${bundled_lmdb_version} ]] ; then
eerror "Source lmdb version: ${bundled_lmdb_version}"
eerror "Ebuild lmdb version: ${SYSTEM_LMDB_VER}"
die "Ebuild needs to update SYSTEM_LMDB_VER!"
fi
rm -r libraries/liblmdb || die 'could not removed bundled lmdb directory'
local filename
for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do
iconv -f iso-8859-1 -t utf-8 "${filename}" > "${filename}.utf8"
mv "${filename}.utf8" "${filename}"
done
default
rm -r libraries/liblmdb || die
sed -i \
-e "s:\$(localstatedir)/run:${EPREFIX}/run:" \
-e '/MKDIR.*.(DESTDIR)\/run/d' \
servers/slapd/Makefile.in || die 'adjusting slapd Makefile.in failed'
pushd build &>/dev/null || die "pushd build"
einfo "Making sure upstream build strip does not do stripping too early"
sed -i.orig \
-e '/^STRIP/s,-s,,g' \
top.mk || die "Failed to block stripping"
top.mk || die "Failed to remove too early stripping"
popd &>/dev/null || die
# wrong assumption that /bin/sh is /bin/bash
sed \
-e 's|/bin/sh|/bin/bash|g' \
-i tests/scripts/* || die "sed failed"
# Fails with OpenSSL 3, bug #848894
# https://bugs.openldap.org/show_bug.cgi?id=10009
rm tests/scripts/test076-authid-rewrite || die
# Required for autoconf-2.70 #765043
sed 's@^AM_INIT_AUTOMAKE.*@AC_PROG_MAKE_SET@' -i configure.in || die
AT_NOEAUTOMAKE=yes eautoreconf
eautoreconf
multilib_copy_sources
}
build_contrib_module() {
# <dir> <sources> <outputname>
# <dir> [<target>]
pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
einfo "Compiling contrib-module: $3"
# Make sure it's uppercase
local define_name="$(LC_ALL=C tr '[:lower:]' '[:upper:]' <<< "SLAPD_OVER_${1}")"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-D${define_name}=SLAPD_MOD_DYNAMIC \
-I"${BUILD_DIR}"/include \
-I../../../include -I../../../servers/slapd ${CFLAGS} \
-o ${2%.c}.lo -c $2 || die "compiling $3 failed"
einfo "Linking contrib-module: $3"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o $3.la ${2%.c}.lo || die "linking $3 failed"
einfo "Compiling contrib-module: $1"
local target="${2:-all}"
emake \
LDAP_BUILD="${BUILD_DIR}" prefix="${EPREFIX}/usr" \
CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \
"${target}"
popd &>/dev/null || die
}
src_configure() {
# connectionless ldap per bug #342439
append-cppflags -DLDAP_CONNECTIONLESS
multilib-minimal_src_configure
}
multilib_src_configure() {
local myconf=()
# Optional Features
myconf+=(
--enable-option-checking
$(use_enable debug)
--enable-dynamic
$(use_enable syslog)
--enable-ipv6
--enable-local
)
use debug && myconf+=( $(use_enable debug) )
# Optional Packages
myconf+=(
--without-fetch
)
# ICU exists only in the configure, nowhere in the codebase, bug #510858
export ac_cv_header_unicode_utypes_h=no ol_cv_lib_icu=no
if use experimental ; then
# connectionless ldap per bug #342439
# connectionless is a unsupported feature according to Howard Chu
# see https://bugs.openldap.org/show_bug.cgi?id=9739
# (see also bug #892009)
append-flags -DLDAP_CONNECTIONLESS
fi
if ! use minimal && multilib_is_native_abi; then
local CPPFLAGS=${CPPFLAGS}
# re-enable serverside overlay chains per bug #296567
# see ldap docs chaper 12.3.1 for details
myconf+=( --enable-ldap )
# backends
myconf+=( --enable-slapd )
if use berkdb ; then
einfo "Using Berkeley DB for local backend"
myconf+=( --enable-bdb --enable-hdb )
DBINCLUDE=$(db_includedir ${BDB_SLOTS})
einfo "Using ${DBINCLUDE} for sys-libs/db version"
# We need to include the slotted db.h dir for FreeBSD
append-cppflags -I${DBINCLUDE}
else
myconf+=( --disable-bdb --disable-hdb )
fi
for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
myconf+=( --enable-${backend}=mod )
done
myconf+=( $(use_enable perl perl mod) )
myconf+=( $(use_enable odbc sql mod) )
if use odbc ; then
local odbc_lib="unixodbc"
if use iodbc ; then
odbc_lib="iodbc"
append-cppflags -I"${EPREFIX}"/usr/include/iodbc
fi
myconf+=( --with-odbc=${odbc_lib} )
fi
# slapd options
# SLAPD (Standalone LDAP Daemon) Options
# overlay chaining requires '--enable-ldap' #296567
# see https://www.openldap.org/doc/admin26/overlays.html#Chaining
myconf+=(
--enable-ldap=yes
--enable-slapd
$(use_enable cleartext)
$(use_enable crypt)
$(multilib_native_use_enable sasl spasswd)
--disable-slp
$(use_enable samba lmpasswd)
$(use_enable syslog)
$(use_enable tcpd wrappers)
)
if use experimental ; then
myconf+=(
--enable-dynacl
--enable-aci=mod
# ACI build as dynamic module not supported (yet)
--enable-aci=yes
)
fi
for option in aci cleartext modules rewrite rlookups slapi; do
for option in modules rlookups slapi; do
myconf+=( --enable-${option} )
done
# slapd overlay options
# Compile-in the syncprov, the others as module
myconf+=( --enable-syncprov=yes )
use overlays && myconf+=( --enable-overlays=mod )
# static SLAPD backends
for backend in mdb; do
myconf+=( --enable-${backend}=yes )
done
# module SLAPD backends
for backend in asyncmeta dnssrv meta null passwd relay sock; do
# missing modules: wiredtiger (not available in portage)
myconf+=( --enable-${backend}=mod )
done
use perl && myconf+=( --enable-perl=mod )
if use odbc ; then
myconf+=( --enable-sql=mod )
if use iodbc ; then
myconf+=( --with-odbc="iodbc" )
append-cflags -I"${EPREFIX}"/usr/include/iodbc
else
myconf+=( --with-odbc="unixodbc" )
fi
fi
use overlays && myconf+=( --enable-overlays=mod )
use autoca && myconf+=( --enable-autoca=mod ) || myconf+=( --enable-autoca=no )
# compile-in the syncprov
myconf+=( --enable-syncprov=yes )
# Build the standalone load balancer (lloadd) - also available as a slapd module; --enable-balancer=mod
myconf+=( --enable-balancer=yes )
# SLAPD Password Module Options
myconf+=(
$(use_enable argon2)
)
# Optional Packages
myconf+=(
$(use_with systemd)
$(multilib_native_use_with sasl cyrus-sasl)
)
else
myconf+=(
--disable-backends
--disable-slapd
--disable-bdb
--disable-hdb
--disable-mdb
--disable-overlays
--disable-autoca
--disable-syslog
--without-systemd
)
fi
# basic functionality stuff
# Library Generation & Linking Options
myconf+=(
$(use_enable ipv6)
$(multilib_native_use_with sasl cyrus-sasl)
$(multilib_native_use_enable sasl spasswd)
$(use_enable tcpd wrappers)
$(use_enable static-libs static)
--enable-shared
--enable-versioning
--with-pic
)
# Some cross-compiling tests don't pan out well.
# some cross-compiling tests don't pan out well.
tc-is-cross-compiler && myconf+=(
--with-yielding-select=yes
)
local ssl_lib="no"
if use ssl || ( ! use minimal && use samba ) ; then
ssl_lib="openssl"
use gnutls && ssl_lib="gnutls"
if use gnutls ; then
myconf+=( --with-tls="gnutls" )
else
# disable MD2 hash function
append-cflags -DOPENSSL_NO_MD2
myconf+=( --with-tls="openssl" )
fi
else
myconf+=( --with-tls="no" )
fi
myconf+=( --with-tls=${ssl_lib} )
for basicflag in dynamic local proctitle shared; do
myconf+=( --enable-${basicflag} )
done
tc-export AR CC CXX
CONFIG_SHELL="/bin/sh" \
ECONF_SOURCE="${S}" \
STRIP=/bin/true \
econf \
ECONF_SOURCE="${S}" econf \
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
$(use_enable static-libs static) \
--localstatedir="${EPREFIX}"/var \
--runstatedir="${EPREFIX}"/run \
--sharedstatedir="${EPREFIX}"/var/lib \
"${myconf[@]}"
# argument '--runstatedir' seems to have no effect therefore this workaround
sed -i \
-e 's:^runstatedir=.*:runstatedir=${EPREFIX}/run:' \
configure contrib/ldapc++/configure contrib/ldaptcl/configure || die 'could not set runstatedir'
sed -i \
-e "s:/var/run/sasl2/mux:${EPREFIX}/run/sasl2/mux:" \
doc/guide/admin/security.sdf || die 'could not fix run path in doc'
emake depend
}
src_configure_cxx() {
# This needs the libraries built by the first build run.
# So we have to run it AFTER the main build, not just after the main
# configure.
# we have to run it AFTER the main build, not just after the main configure
local myconf_ldapcpp=(
--with-ldap-includes="${S}"/include
--with-libldap="${E}/lib"
--with-ldap-includes="${S}/include"
)
mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die "could not create ${BUILD_DIR}/contrib/ldapc++ directory"
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
-L"${BUILD_DIR}"/libraries/libldap/.libs
local LDFLAGS="${LDFLAGS}"
local CPPFLAGS="${CPPFLAGS}"
append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs -L"${BUILD_DIR}"/libraries/libldap/.libs
append-cppflags -I"${BUILD_DIR}"/include
ECONF_SOURCE=${S}/contrib/ldapc++ \
econf "${myconf_ldapcpp[@]}" \
CC="${CC}" \
CXX="${CXX}"
popd &>/dev/null || die
ECONF_SOURCE="${S}"/contrib/ldapc++ econf "${myconf_ldapcpp[@]}"
popd &>/dev/null || die "popd contrib/ldapc++"
}
multilib_src_compile() {
tc-export AR CC CXX
emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/sh
local lt="${BUILD_DIR}/libtool"
export echo="echo"
emake CC="$(tc-getCC)" SHELL="${EPREFIX}"/bin/sh
if ! use minimal && multilib_is_native_abi ; then
if use cxx ; then
einfo "Building contrib library: ldapc++"
src_configure_cxx
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
emake CC="${CC}" CXX="${CXX}"
emake
popd &>/dev/null || die
fi
@ -575,7 +597,7 @@ multilib_src_compile() {
DEFS="${MY_DEFS}" \
KRB5_INC="${MY_KRB5_INC}" \
LDAP_BUILD="${BUILD_DIR}" \
CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
@ -585,7 +607,7 @@ multilib_src_compile() {
emake \
LDAP_BUILD="${BUILD_DIR}" \
CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
CC="$(tc-getCC)" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
@ -593,121 +615,45 @@ multilib_src_compile() {
if use kinit ; then
build_contrib_module "kinit" "kinit.c" "kinit"
fi
pushd "${S}/contrib/slapd-modules/passwd" &>/dev/null || die "pushd contrib/slapd-modules/passwd"
einfo "Compiling contrib-module: pw-kerberos"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CFLAGS} \
$(krb5-config --cflags) \
-DHAVE_KRB5 \
-o kerberos.lo \
-c kerberos.c || die "compiling pw-kerberos failed"
einfo "Linking contrib-module: pw-kerberos"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-kerberos.la \
kerberos.lo || die "linking pw-kerberos failed"
popd &>/dev/null || die
build_contrib_module "passwd" "pw-kerberos.la"
fi
if use pbkdf2; then
pushd "${S}/contrib/slapd-modules/passwd/pbkdf2" &>/dev/null || die "pushd contrib/slapd-modules/passwd/pbkdf2"
einfo "Compiling contrib-module: pw-pbkdf2"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../../include \
${CFLAGS} \
-o pbkdf2.lo \
-c pw-pbkdf2.c || die "compiling pw-pbkdf2 failed"
einfo "Linking contrib-module: pw-pbkdf2"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-pbkdf2.la \
pbkdf2.lo || die "linking pw-pbkdf2 failed"
popd &>/dev/null || die
build_contrib_module "passwd/pbkdf2"
fi
if use sha2 ; then
pushd "${S}/contrib/slapd-modules/passwd/sha2" &>/dev/null || die "pushd contrib/slapd-modules/passwd/sha2"
einfo "Compiling contrib-module: pw-sha2"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../../include \
${CFLAGS} \
-o sha2.lo \
-c sha2.c || die "compiling pw-sha2 failed"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../../include \
${CFLAGS} \
-o slapd-sha2.lo \
-c slapd-sha2.c || die "compiling pw-sha2 failed"
einfo "Linking contrib-module: pw-sha2"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-sha2.la \
sha2.lo slapd-sha2.lo || die "linking pw-sha2 failed"
popd &>/dev/null || die
build_contrib_module "passwd/sha2"
fi
# We could build pw-radius if GNURadius would install radlib.h
pushd "${S}/contrib/slapd-modules/passwd" &>/dev/null || die "pushd contrib/slapd-modules/passwd"
einfo "Compiling contrib-module: pw-netscape"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CFLAGS} \
-o netscape.lo \
-c netscape.c || die "compiling pw-netscape failed"
einfo "Linking contrib-module: pw-netscape"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-netscape.la \
netscape.lo || die "linking pw-netscape failed"
build_contrib_module "passwd" "pw-netscape.la"
#build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
#build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
build_contrib_module "allop" "allop.c" "overlay-allop"
build_contrib_module "allowed" "allowed.c" "allowed"
build_contrib_module "autogroup" "autogroup.c" "autogroup"
build_contrib_module "cloak" "cloak.c" "cloak"
# build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
build_contrib_module "denyop" "denyop.c" "denyop-overlay"
build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
build_contrib_module "dupent" "dupent.c" "dupent"
build_contrib_module "lastbind" "lastbind.c" "lastbind"
#build_contrib_module "acl" "posixgroup.la" # example code only
#build_contrib_module "acl" "gssacl.la" # example code only, also needs kerberos
build_contrib_module "addpartial"
build_contrib_module "allop"
build_contrib_module "allowed"
build_contrib_module "autogroup"
build_contrib_module "cloak"
# build_contrib_module "comp_match" # really complex, adds new external deps, questionable demand
build_contrib_module "denyop"
build_contrib_module "dsaschema"
build_contrib_module "dupent"
build_contrib_module "lastbind"
# lastmod may not play well with other overlays
build_contrib_module "lastmod" "lastmod.c" "lastmod"
build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
#build_contrib_module "nops" "nops.c" "nops-overlay" https://bugs.gentoo.org/641576
#build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
build_contrib_module "trace" "trace.c" "trace"
popd &>/dev/null || die
build_contrib_module "lastmod"
build_contrib_module "noopsrch"
#build_contrib_module "nops" https://bugs.gentoo.org/641576
#build_contrib_module "nssov" RESO:LATER
build_contrib_module "trace"
# build slapi-plugins
pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
einfo "Building contrib-module: addrdnvalues plugin"
"${CC}" -shared \
$(tc-getCC) -shared \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CPPFLAGS} \
${CFLAGS} \
-fPIC \
${LDFLAGS} \
@ -720,13 +666,29 @@ multilib_src_compile() {
multilib_src_test() {
if multilib_is_native_abi; then
cd tests || die
emake tests
pwd
# Increase various test timeouts/delays, bug #894012
# We can't just double everything as there's a cumulative effect.
export SLEEP0=2 # originally 1
export SLEEP1=10 # originally 7
export SLEEP2=20 # originally 15
export TIMEOUT=16 # originally 8
# emake test => runs only lloadd & mdb, in serial; skips ldif,sql,wt,regression
# emake partests => runs ALL of the tests in parallel
# wt/WiredTiger is not supported in Gentoo
TESTS=( plloadd pmdb )
#TESTS+=( pldif ) # not done by default, so also exclude here
#use odbc && TESTS+=( psql ) # not done by default, so also exclude here
emake "${TESTS[@]}"
fi
}
multilib_src_install() {
local lt="${BUILD_DIR}/libtool"
emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
emake CC="$(tc-getCC)" \
DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
if ! use minimal && multilib_is_native_abi; then
# openldap modules go here
@ -745,34 +707,38 @@ multilib_src_install() {
# use our config
rm "${ED}"/etc/openldap/slapd.conf
insinto /etc/openldap
newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
newins "${FILESDIR}"/${PN}-2.6.3-slapd-conf slapd.conf
configfile="${ED}"/etc/openldap/slapd.conf
# populate with built backends
ebegin "populate config with built backends"
einfo "populate config with built backends"
for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
einfo "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
done
sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" \
-i "${configfile}" || die
use prefix || fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default || die
eend
# install our own init scripts and systemd unit files
einfo "Install init scripts"
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
doinitd "${T}"/slapd
newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
newconfd "${FILESDIR}"/slapd-confd-2.6.1 slapd
einfo "Install systemd service"
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd.service > "${T}"/slapd.service || die
systemd_dounit "${T}"/slapd.service
systemd_install_serviced "${FILESDIR}"/slapd.service.conf
newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
if use systemd; then
# The systemd unit uses Type=notify, so it is useless without USE=systemd
einfo "Install systemd service"
rm -rf "${ED}"/{,usr/}lib/systemd
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die
systemd_dounit "${T}"/slapd.service
systemd_install_serviced "${FILESDIR}"/slapd.service.conf
newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
fi
# If built without SLP, we don't need to be before avahi
# if built without SLP, we don't need to be before avahi
sed -i \
-e '/before/{s/avahi-daemon//g}' \
"${ED}"/etc/init.d/slapd \
@ -800,7 +766,7 @@ multilib_src_install() {
cd "${S}/contrib/slapd-modules/samba4" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="/usr/$(get_libdir)/openldap" install
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
newdoc README samba4-README
fi
@ -808,7 +774,7 @@ multilib_src_install() {
cd "${S}/contrib/slapd-modules" || die
for l in */*.la */*/*.la; do
[[ -e ${l} ]] || continue
"${lt}" --mode=install cp ${l} \
libtool --mode=install cp ${l} \
"${ED}"/usr/$(get_libdir)/openldap/openldap || \
die "installing ${l} failed"
done
@ -833,7 +799,6 @@ multilib_src_install() {
newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
dosbin "${S}"/contrib/slapd-tools/statslog
@ -852,7 +817,7 @@ multilib_src_install_all() {
pkg_preinst() {
# keep old libs if any
preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
preserve_old_lib /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
# bug 440470, only display the getting started help there was no openldap before,
# or we are going to a non-minimal build
! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
@ -861,7 +826,9 @@ pkg_preinst() {
pkg_postinst() {
if ! use minimal ; then
tmpfiles_process slapd.conf
if use systemd; then
tmpfiles_process slapd.conf
fi
# You cannot build SSL certificates during src_install that will make
# binary packages containing your SSL key, which is both a security risk
@ -896,10 +863,7 @@ pkg_postinst() {
elog "Getting started using OpenLDAP? There is some documentation available:"
elog "Gentoo Guide to OpenLDAP Authentication"
elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
elog "---"
elog "An example file for tuning BDB backends with openldap is"
elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
fi
preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
}

870
sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.6.5.ebuild vendored Normal file
View File

@ -0,0 +1,870 @@
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
# Re cleanups:
# 2.5.x is an LTS release so we want to keep it for a while.
inherit autotools flag-o-matic multibuild multilib multilib-minimal preserve-libs
inherit ssl-cert toolchain-funcs systemd tmpfiles
MY_PV="$(ver_rs 1-2 _)"
BIS_PN=rfc2307bis.schema
BIS_PV=20140524
BIS_P="${BIS_PN}-${BIS_PV}"
DESCRIPTION="LDAP suite of application and development tools"
HOMEPAGE="https://www.openldap.org/"
SRC_URI="
https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.bz2
mirror://gentoo/${BIS_P}
"
S="${WORKDIR}"/${PN}-OPENLDAP_REL_ENG_${MY_PV}
LICENSE="OPENLDAP GPL-2"
# Subslot added for bug #835654
SLOT="0/$(ver_cut 1-2)"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd"
IUSE_OVERLAY="overlays perl autoca"
IUSE_OPTIONAL="debug gnutls iodbc odbc sasl ssl selinux static-libs +syslog test"
IUSE_CONTRIB="kerberos kinit pbkdf2 sha2 smbkrb5passwd"
IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
IUSE="systemd ${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
RESTRICT="!test? ( test )"
REQUIRED_USE="
cxx? ( sasl )
pbkdf2? ( ssl )
test? ( cleartext sasl )
autoca? ( !gnutls )
?? ( test minimal )
kerberos? ( ?? ( kinit smbkrb5passwd ) )
"
SYSTEM_LMDB_VER=0.9.31
# openssl is needed to generate lanman-passwords required by samba
COMMON_DEPEND="
kernel_linux? ( sys-apps/util-linux )
ssl? (
!gnutls? (
>=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
)
gnutls? (
>=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
>=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}]
)
)
sasl? ( dev-libs/cyrus-sasl:= )
!minimal? (
dev-libs/libevent:=
dev-libs/libltdl
sys-fs/e2fsprogs
>=dev-db/lmdb-${SYSTEM_LMDB_VER}:=
argon2? ( app-crypt/argon2:= )
crypt? ( virtual/libcrypt:= )
tcpd? ( sys-apps/tcp-wrappers )
odbc? ( !iodbc? ( dev-db/unixODBC )
iodbc? ( dev-db/libiodbc ) )
perl? ( dev-lang/perl:=[-build(-)] )
samba? (
dev-libs/openssl:0=
)
smbkrb5passwd? (
dev-libs/openssl:0=
kerberos? ( app-crypt/heimdal )
)
kerberos? (
virtual/krb5
kinit? ( !app-crypt/heimdal )
)
)
"
DEPEND="
${COMMON_DEPEND}
sys-apps/groff
"
RDEPEND="
${COMMON_DEPEND}
selinux? ( sec-policy/selinux-ldap )
"
# The user/group are only used for running daemons which are
# disabled in minimal builds, so elide the accounts too.
BDEPEND="
!minimal? (
acct-group/ldap
acct-user/ldap
)
"
# for tracking versions
OPENLDAP_VERSIONTAG=".version-tag"
OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
MULTILIB_WRAPPED_HEADERS=(
# USE=cxx
/usr/include/LDAPAsynConnection.h
/usr/include/LDAPAttrType.h
/usr/include/LDAPAttribute.h
/usr/include/LDAPAttributeList.h
/usr/include/LDAPConnection.h
/usr/include/LDAPConstraints.h
/usr/include/LDAPControl.h
/usr/include/LDAPControlSet.h
/usr/include/LDAPEntry.h
/usr/include/LDAPEntryList.h
/usr/include/LDAPException.h
/usr/include/LDAPExtResult.h
/usr/include/LDAPMessage.h
/usr/include/LDAPMessageQueue.h
/usr/include/LDAPModList.h
/usr/include/LDAPModification.h
/usr/include/LDAPObjClass.h
/usr/include/LDAPRebind.h
/usr/include/LDAPRebindAuth.h
/usr/include/LDAPReferenceList.h
/usr/include/LDAPResult.h
/usr/include/LDAPSaslBindResult.h
/usr/include/LDAPSchema.h
/usr/include/LDAPSearchReference.h
/usr/include/LDAPSearchResult.h
/usr/include/LDAPSearchResults.h
/usr/include/LDAPUrl.h
/usr/include/LDAPUrlList.h
/usr/include/LdifReader.h
/usr/include/LdifWriter.h
/usr/include/SaslInteraction.h
/usr/include/SaslInteractionHandler.h
/usr/include/StringList.h
/usr/include/TlsOptions.h
)
PATCHES=(
"${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
"${FILESDIR}"/${PN}-2.6.1-system-mdb.patch
"${FILESDIR}"/${PN}-2.6.1-cloak.patch
"${FILESDIR}"/${PN}-2.6.1-flags.patch
"${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch
)
openldap_filecount() {
local dir="$1"
find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
}
openldap_find_versiontags() {
# scan for all datadirs
local openldap_datadirs=()
if [[ -f "${EROOT}"/etc/openldap/slapd.conf ]]; then
openldap_datadirs=( $(awk '{if($1 == "directory") print $2 }' "${EROOT}"/etc/openldap/slapd.conf) )
fi
openldap_datadirs+=( ${OPENLDAP_DEFAULTDIR_VERSIONTAG} )
einfo
einfo "Scanning datadir(s) from slapd.conf and"
einfo "the default installdir for Versiontags"
einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
einfo
# scan datadirs if we have a version tag
openldap_found_tag=0
have_files=0
for each in ${openldap_datadirs[@]} ; do
CURRENT_TAGDIR="${EROOT}$(sed "s:\/::" <<< ${each})"
CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
einfo "- Checking ${each}..."
if [[ -r "${CURRENT_TAG}" ]] ; then
# yey, we have one :)
einfo " Found Versiontag in ${each}"
source "${CURRENT_TAG}"
if [[ "${OLDPF}" == "" ]] ; then
eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
eerror "Please delete it"
eerror
die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
fi
OLD_MAJOR=$(ver_cut 2-3 ${OLDPF})
[[ "$(openldap_filecount ${CURRENT_TAGDIR})" -gt 0 ]] && have_files=1
# are we on the same branch?
if [[ "${OLD_MAJOR}" != "${PV:0:3}" ]] ; then
ewarn " Versiontag doesn't match current major release!"
if [[ "${have_files}" == "1" ]] ; then
eerror " Versiontag says other major and you (probably) have datafiles!"
echo
openldap_upgrade_howto
else
einfo " No real problem, seems there's no database."
fi
else
einfo " Versiontag is fine here :)"
fi
else
einfo " Non-tagged dir ${each}"
[[ "$(openldap_filecount ${each})" -gt 0 ]] && have_files=1
if [[ "${have_files}" == "1" ]] ; then
einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
echo
eerror
eerror "Your OpenLDAP Installation has a non tagged datadir that"
eerror "possibly contains a database at ${CURRENT_TAGDIR}"
eerror
eerror "Please export data if any entered and empty or remove"
eerror "the directory, installation has been stopped so you"
eerror "can take required action"
eerror
eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
eerror
openldap_upgrade_howto
die "Please move the datadir ${CURRENT_TAGDIR} away"
fi
fi
einfo
fi
done
[[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
# Now we must check for the major version of sys-libs/db linked against.
# TODO: remove this as we dropped bdb support (gone upstream) in 2.6.1?
SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
| awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
local fail=0
# This will not cover detection of cn=Config based configuration, but
# it's hopefully good enough.
if grep -sq '^backend.*shell' "${EROOT}"/etc/openldap/slapd.conf; then
eerror " OpenLDAP >= 2.5.x has dropped support for Shell backend."
eerror " You will need to migrate per upstream's migration notes"
eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
eerror " Your existing database will not be accessible until it is"
eerror " converted away from backend shell!"
echo
fail=1
fi
if has_version "${CATEGORY}/${PN}[berkdb]" || grep -sq '^backend.*(bdb|hdb)' /etc/openldap/slapd.conf; then
eerror " OpenLDAP >= 2.5.x has dropped support for Berkeley DB."
eerror " You will need to migrate per upstream's migration notes"
eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
eerror " Your existing database will not be accessible until it is"
eerror " converted to mdb!"
echo
fail=1
elif [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
:
# Nothing wrong here.
elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was not built against"
eerror " any version of sys-libs/db, but the new one will build"
eerror " against ${NEWVER} and your database may be inaccessible."
echo
fail=1
elif [[ -n "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will not be"
eerror " built against any version and your database may be"
eerror " inaccessible."
echo
fail=1
elif [[ "${OLDVER}" != "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will build against"
eerror " ${NEWVER} and your database would be inaccessible."
echo
fail=1
fi
[[ "${fail}" == "1" ]] && openldap_upgrade_howto
fi
echo
einfo
einfo "All datadirs are fine, proceeding with merge now..."
einfo
}
openldap_upgrade_howto() {
local d l i
eerror
eerror "A (possible old) installation of OpenLDAP was detected,"
eerror "installation will not proceed for now."
eerror
eerror "As major version upgrades can corrupt your database,"
eerror "you need to dump your database and re-create it afterwards."
eerror
eerror "Additionally, rebuilding against different major versions of the"
eerror "sys-libs/db libraries will cause your database to be inaccessible."
eerror ""
d="$(date -u +%s)"
l="/root/ldapdump.${d}"
i="${l}.raw"
eerror " 1. /etc/init.d/slapd stop"
eerror " 2. slapcat -l ${i}"
eerror " 3. grep -E -v '^(entry|context)CSN:' <${i} >${l}"
eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
eerror " 5. emerge --update \=net-nds/${PF}"
eerror " 6. etc-update, and ensure that you apply the changes"
eerror " 7. slapadd -l ${l}"
eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
eerror " 9. /etc/init.d/slapd start"
eerror "10. Check that your data is intact."
eerror "11. Set up the new replication system."
eerror
if [[ "${FORCE_UPGRADE}" != "1" ]]; then
die "You need to upgrade your database first"
else
eerror "You have the magical FORCE_UPGRADE=1 in place."
eerror "Don't say you weren't warned about data loss."
fi
}
pkg_setup() {
if ! use sasl && use cxx ; then
die "To build the ldapc++ library you must emerge openldap with sasl support"
fi
# Bug #322787
if use minimal && ! has_version "net-nds/openldap" ; then
einfo "No datadir scan needed, openldap not installed"
elif use minimal && has_version 'net-nds/openldap[minimal]' ; then
einfo "Skipping scan for previous datadirs as requested by minimal useflag"
else
openldap_find_versiontags
fi
}
src_prepare() {
# The system copy of dev-db/lmdb must match the version that this copy
# of OpenLDAP shipped with! See bug #588792.
#
# Fish out MDB_VERSION_MAJOR/MDB_VERSION_MINOR/MDB_VERSION_PATCH from
# the bundled lmdb's header to find out the version.
local bundled_lmdb_version=$(sed -En '/^#define MDB_VERSION_(MAJOR|MINOR|PATCH)(\s+)?/{s/[^0-9.]//gp}' \
libraries/liblmdb/lmdb.h || die)
printf -v bundled_lmdb_version "%s." ${bundled_lmdb_version}
if [[ ${SYSTEM_LMDB_VER}. != ${bundled_lmdb_version} ]] ; then
eerror "Source lmdb version: ${bundled_lmdb_version}"
eerror "Ebuild lmdb version: ${SYSTEM_LMDB_VER}"
die "Ebuild needs to update SYSTEM_LMDB_VER!"
fi
rm -r libraries/liblmdb || die 'could not removed bundled lmdb directory'
local filename
for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do
iconv -f iso-8859-1 -t utf-8 "${filename}" > "${filename}.utf8"
mv "${filename}.utf8" "${filename}"
done
default
sed -i \
-e "s:\$(localstatedir)/run:${EPREFIX}/run:" \
-e '/MKDIR.*.(DESTDIR)\/run/d' \
servers/slapd/Makefile.in || die 'adjusting slapd Makefile.in failed'
pushd build &>/dev/null || die "pushd build"
einfo "Making sure upstream build strip does not do stripping too early"
sed -i.orig \
-e '/^STRIP/s,-s,,g' \
top.mk || die "Failed to remove too early stripping"
popd &>/dev/null || die
# Fails with OpenSSL 3, bug #848894
# https://bugs.openldap.org/show_bug.cgi?id=10009
rm tests/scripts/test076-authid-rewrite || die
eautoreconf
multilib_copy_sources
}
build_contrib_module() {
# <dir> [<target>]
pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
einfo "Compiling contrib-module: $1"
local target="${2:-all}"
emake \
LDAP_BUILD="${BUILD_DIR}" prefix="${EPREFIX}/usr" \
CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \
"${target}"
popd &>/dev/null || die
}
multilib_src_configure() {
# Optional Features
myconf+=(
--enable-option-checking
$(use_enable debug)
--enable-dynamic
$(use_enable syslog)
--enable-ipv6
--enable-local
)
# Optional Packages
myconf+=(
--without-fetch
)
if use experimental ; then
# connectionless ldap per bug #342439
# connectionless is a unsupported feature according to Howard Chu
# see https://bugs.openldap.org/show_bug.cgi?id=9739
# (see also bug #892009)
append-flags -DLDAP_CONNECTIONLESS
fi
if ! use minimal && multilib_is_native_abi; then
# SLAPD (Standalone LDAP Daemon) Options
# overlay chaining requires '--enable-ldap' #296567
# see https://www.openldap.org/doc/admin26/overlays.html#Chaining
myconf+=(
--enable-ldap=yes
--enable-slapd
$(use_enable cleartext)
$(use_enable crypt)
$(multilib_native_use_enable sasl spasswd)
--disable-slp
$(use_enable tcpd wrappers)
)
if use experimental ; then
myconf+=(
--enable-dynacl
# ACI build as dynamic module not supported (yet)
--enable-aci=yes
)
fi
for option in modules rlookups slapi; do
myconf+=( --enable-${option} )
done
# static SLAPD backends
for backend in mdb; do
myconf+=( --enable-${backend}=yes )
done
# module SLAPD backends
for backend in asyncmeta dnssrv meta null passwd relay sock; do
# missing modules: wiredtiger (not available in portage)
myconf+=( --enable-${backend}=mod )
done
use perl && myconf+=( --enable-perl=mod )
if use odbc ; then
myconf+=( --enable-sql=mod )
if use iodbc ; then
myconf+=( --with-odbc="iodbc" )
append-cflags -I"${EPREFIX}"/usr/include/iodbc
else
myconf+=( --with-odbc="unixodbc" )
fi
fi
use overlays && myconf+=( --enable-overlays=mod )
use autoca && myconf+=( --enable-autoca=mod ) || myconf+=( --enable-autoca=no )
# compile-in the syncprov
myconf+=( --enable-syncprov=yes )
# Build the standalone load balancer (lloadd) - also available as a slapd module; --enable-balancer=mod
myconf+=( --enable-balancer=yes )
# SLAPD Password Module Options
myconf+=(
$(use_enable argon2)
)
# Optional Packages
myconf+=(
$(use_with systemd)
$(multilib_native_use_with sasl cyrus-sasl)
)
else
myconf+=(
--disable-backends
--disable-slapd
--disable-mdb
--disable-overlays
--disable-autoca
--disable-syslog
--without-systemd
)
fi
# Library Generation & Linking Options
myconf+=(
$(use_enable static-libs static)
--enable-shared
--enable-versioning
--with-pic
)
# some cross-compiling tests don't pan out well.
tc-is-cross-compiler && myconf+=(
--with-yielding-select=yes
)
local ssl_lib="no"
if use ssl || ( ! use minimal && use samba ) ; then
if use gnutls ; then
myconf+=( --with-tls="gnutls" )
else
# disable MD2 hash function
append-cflags -DOPENSSL_NO_MD2
myconf+=( --with-tls="openssl" )
fi
else
myconf+=( --with-tls="no" )
fi
tc-export AR CC CXX
ECONF_SOURCE="${S}" econf \
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
--localstatedir="${EPREFIX}"/var \
--runstatedir="${EPREFIX}"/run \
--sharedstatedir="${EPREFIX}"/var/lib \
"${myconf[@]}"
# argument '--runstatedir' seems to have no effect therefore this workaround
sed -i \
-e 's:^runstatedir=.*:runstatedir=${EPREFIX}/run:' \
configure contrib/ldapc++/configure contrib/ldaptcl/configure || die 'could not set runstatedir'
sed -i \
-e "s:/var/run/sasl2/mux:${EPREFIX}/run/sasl2/mux:" \
doc/guide/admin/security.sdf || die 'could not fix run path in doc'
emake depend
}
src_configure_cxx() {
# This needs the libraries built by the first build run.
# we have to run it AFTER the main build, not just after the main configure
local myconf_ldapcpp=(
--with-libldap="${E}/lib"
--with-ldap-includes="${S}/include"
)
mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die "could not create ${BUILD_DIR}/contrib/ldapc++ directory"
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
local LDFLAGS="${LDFLAGS}"
local CPPFLAGS="${CPPFLAGS}"
append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs -L"${BUILD_DIR}"/libraries/libldap/.libs
append-cppflags -I"${BUILD_DIR}"/include
ECONF_SOURCE="${S}"/contrib/ldapc++ econf "${myconf_ldapcpp[@]}"
popd &>/dev/null || die "popd contrib/ldapc++"
}
multilib_src_compile() {
tc-export AR CC CXX
emake CC="$(tc-getCC)" SHELL="${EPREFIX}"/bin/sh
if ! use minimal && multilib_is_native_abi ; then
if use cxx ; then
einfo "Building contrib library: ldapc++"
src_configure_cxx
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
emake
popd &>/dev/null || die
fi
if use smbkrb5passwd ; then
einfo "Building contrib-module: smbk5pwd"
pushd "${S}/contrib/slapd-modules/smbk5pwd" &>/dev/null || die "pushd contrib/slapd-modules/smbk5pwd"
MY_DEFS="-DDO_SHADOW"
if use samba ; then
MY_DEFS="${MY_DEFS} -DDO_SAMBA"
MY_KRB5_INC=""
fi
if use kerberos ; then
MY_DEFS="${MY_DEFS} -DDO_KRB5"
MY_KRB5_INC="$(krb5-config --cflags)"
fi
emake \
DEFS="${MY_DEFS}" \
KRB5_INC="${MY_KRB5_INC}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
if use overlays ; then
einfo "Building contrib-module: samba4"
pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4"
emake \
LDAP_BUILD="${BUILD_DIR}" \
CC="$(tc-getCC)" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
if use kerberos ; then
if use kinit ; then
build_contrib_module "kinit" "kinit.c" "kinit"
fi
build_contrib_module "passwd" "pw-kerberos.la"
fi
if use pbkdf2; then
build_contrib_module "passwd/pbkdf2"
fi
if use sha2 ; then
build_contrib_module "passwd/sha2"
fi
# We could build pw-radius if GNURadius would install radlib.h
build_contrib_module "passwd" "pw-netscape.la"
#build_contrib_module "acl" "posixgroup.la" # example code only
#build_contrib_module "acl" "gssacl.la" # example code only, also needs kerberos
build_contrib_module "addpartial"
build_contrib_module "allop"
build_contrib_module "allowed"
build_contrib_module "autogroup"
build_contrib_module "cloak"
# build_contrib_module "comp_match" # really complex, adds new external deps, questionable demand
build_contrib_module "denyop"
build_contrib_module "dsaschema"
build_contrib_module "dupent"
build_contrib_module "lastbind"
# lastmod may not play well with other overlays
build_contrib_module "lastmod"
build_contrib_module "noopsrch"
#build_contrib_module "nops" https://bugs.gentoo.org/641576
#build_contrib_module "nssov" RESO:LATER
build_contrib_module "trace"
# build slapi-plugins
pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
einfo "Building contrib-module: addrdnvalues plugin"
$(tc-getCC) -shared \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CPPFLAGS} \
${CFLAGS} \
-fPIC \
${LDFLAGS} \
-o libaddrdnvalues-plugin.so \
addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
popd &>/dev/null || die
fi
}
multilib_src_test() {
if multilib_is_native_abi; then
cd tests || die
pwd
# Increase various test timeouts/delays, bug #894012
# We can't just double everything as there's a cumulative effect.
export SLEEP0=2 # originally 1
export SLEEP1=10 # originally 7
export SLEEP2=20 # originally 15
export TIMEOUT=16 # originally 8
# emake test => runs only lloadd & mdb, in serial; skips ldif,sql,wt,regression
# emake partests => runs ALL of the tests in parallel
# wt/WiredTiger is not supported in Gentoo
TESTS=( plloadd pmdb )
#TESTS+=( pldif ) # not done by default, so also exclude here
#use odbc && TESTS+=( psql ) # not done by default, so also exclude here
emake -Onone "${TESTS[@]}"
fi
}
multilib_src_install() {
emake CC="$(tc-getCC)" \
DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
if ! use minimal && multilib_is_native_abi; then
# openldap modules go here
# TODO: write some code to populate slapd.conf with moduleload statements
keepdir /usr/$(get_libdir)/openldap/openldap/
# initial data storage dir
keepdir /var/lib/openldap-data
use prefix || fowners ldap:ldap /var/lib/openldap-data
fperms 0700 /var/lib/openldap-data
echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
# use our config
rm "${ED}"/etc/openldap/slapd.conf
insinto /etc/openldap
newins "${FILESDIR}"/${PN}-2.6.3-slapd-conf slapd.conf
configfile="${ED}"/etc/openldap/slapd.conf
# populate with built backends
einfo "populate config with built backends"
for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
einfo "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
done
sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" \
-i "${configfile}" || die
use prefix || fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default || die
# install our own init scripts and systemd unit files
einfo "Install init scripts"
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
doinitd "${T}"/slapd
newconfd "${FILESDIR}"/slapd-confd-2.6.1 slapd
if use systemd; then
# The systemd unit uses Type=notify, so it is useless without USE=systemd
einfo "Install systemd service"
rm -rf "${ED}"/{,usr/}lib/systemd
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die
systemd_dounit "${T}"/slapd.service
systemd_install_serviced "${FILESDIR}"/slapd.service.conf
newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
fi
# if built without SLP, we don't need to be before avahi
sed -i \
-e '/before/{s/avahi-daemon//g}' \
"${ED}"/etc/init.d/slapd \
|| die
if use cxx ; then
einfo "Install the ldapc++ library"
cd "${BUILD_DIR}/contrib/ldapc++" || die
emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
cd "${S}"/contrib/ldapc++ || die
newdoc README ldapc++-README
fi
if use smbkrb5passwd ; then
einfo "Install the smbk5pwd module"
cd "${S}/contrib/slapd-modules/smbk5pwd" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
newdoc README smbk5pwd-README
fi
if use overlays ; then
einfo "Install the samba4 module"
cd "${S}/contrib/slapd-modules/samba4" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
newdoc README samba4-README
fi
einfo "Installing contrib modules"
cd "${S}/contrib/slapd-modules" || die
for l in */*.la */*/*.la; do
[[ -e ${l} ]] || continue
libtool --mode=install cp ${l} \
"${ED}"/usr/$(get_libdir)/openldap/openldap || \
die "installing ${l} failed"
done
dodoc "${FILESDIR}"/DB_CONFIG.fast.example
docinto contrib
doman */*.5
#newdoc acl/README*
newdoc addpartial/README addpartial-README
newdoc allop/README allop-README
newdoc allowed/README allowed-README
newdoc autogroup/README autogroup-README
newdoc dsaschema/README dsaschema-README
newdoc passwd/README passwd-README
cd "${S}/contrib/slapi-plugins" || die
insinto /usr/$(get_libdir)/openldap/openldap
doins */*.so
docinto contrib
newdoc addrdnvalues/README addrdnvalues-README
insinto /etc/openldap/schema
newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
dosbin "${S}"/contrib/slapd-tools/statslog
newdoc "${S}"/contrib/slapd-tools/README README.statslog
fi
if ! use static-libs ; then
find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die
fi
}
multilib_src_install_all() {
dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
docinto rfc ; dodoc doc/rfc/*.txt
}
pkg_preinst() {
# keep old libs if any
preserve_old_lib /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
# bug 440470, only display the getting started help there was no openldap before,
# or we are going to a non-minimal build
! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
OPENLDAP_PRINT_MESSAGES=$((! $?))
}
pkg_postinst() {
if ! use minimal ; then
if use systemd; then
tmpfiles_process slapd.conf
fi
# You cannot build SSL certificates during src_install that will make
# binary packages containing your SSL key, which is both a security risk
# and a misconfiguration if multiple machines use the same key and cert.
if use ssl; then
install_cert /etc/openldap/ssl/ldap
use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.*
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "add 'TLS_REQCERT allow' if you want to use them."
fi
if use prefix; then
# Warn about prefix issues with slapd
eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
eerror "to start up, and requires that certain files directories be owned by"
eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
eerror "directories, you will have to manually fix this yourself."
fi
# These lines force the permissions of various content to be correct
if [[ -d "${EROOT}"/var/run/openldap ]]; then
use prefix || { chown ldap:ldap "${EROOT}"/var/run/openldap || die; }
chmod 0755 "${EROOT}"/var/run/openldap || die
fi
use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default}
chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die
use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data
fi
if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
elog "Getting started using OpenLDAP? There is some documentation available:"
elog "Gentoo Guide to OpenLDAP Authentication"
elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
fi
preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
}