mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-16 09:26:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

net-nds/openldap: Sync with Gentoo

Browse Source 
It's from Gentoo commit eac600cf87417f9312fae99b7f73536b5ff399d1.
This commit is contained in:
Krzesimir Nowak 2022-05-06 19:43:47 +02:00
parent d9ce0cb089
commit acd5bb5ebb
30 changed files with 3252 additions and 149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sdk_container/src/third_party/portage-stable/net-nds/openldap/Manifest vendored
View File

@ -1,3 +1,6 @@
DIST openldap-2.4.57.tgz 5883912 BLAKE2B 439605e1bebcf34968f0a552aaade1b72b7671ae2a94a0b700a84f9f715acd162e7b8dadfdd3ffd5b0a785f9306b5f5033ab956cf0ffd26b66119a7110d0aa57 SHA512 b929bced0f5ba9a90e015a24b8037c8958fbb7282db272bd0cacf43b5f7540ab42159a3c4441148074340228bb5f07f93651c0dbb2affde961be156058f99ce5
DIST openldap-2.4.58.tgz 5885225 BLAKE2B effb618dba03497796a497cd7f53ec52e389133769321dd242433bed5ec4b1f66cf7353f08a49d5f3465880f6bcfc9afc9c7d2a28e075b66f5fd926b02213541 SHA512 2fa2aa36117692eca44e55559f162c8c796f78469e6c2aee91b06d46f2b755d416979c913a3d89bbf9db14cc84881ecffee69af75b48e1d16b7aa9d2e3873baa
DIST openldap-2.4.59.tgz 5886272 BLAKE2B a2a8bed1d2af97fd41d651668152fd4740871bc5a8abf4b50390839228af82ac103346b3500ae0f8dd31b708acabb30435b90cd48dfafe510e648df5150d96b8 SHA512 233459ab446da6e107a7fc4ecd5668d6b08c11a11359ee76449550393e8f586a29b59d7ae09a050a1fca4fcf388ea61438ef60831b3ae802d92c048365ae3968
DIST openldap-2.5.4.tgz 6415235 BLAKE2B 16e466d01dc7642786bb88a101854513f1239f1e817fd05145e89deb54bc1b911a5dc5f42b132747f14bdd2a3355e7c398b8b14937e7093361f4a96bfb7e9197 SHA512 00b57c9179acf3b1bde738e91604f3b09b5f5309106362bb947154d131868f233713eaa75c9af9771bfad731902d67406e8fb429851bad227fc48054cace16a8
DIST openldap-OPENLDAP_REL_ENG_2_6_1.tar.gz 6211863 BLAKE2B 81f4591db483a214351c2e02631fef2875e17e0890fc621182d2ed61d927c3c029a4f290ee6c0788952495d6f7a76ed15e62557b8d8f2e241d867e19fdf223b7 SHA512 ca61c1dccf3194d8d149ca0c45a4834d6fadf67a3676cf348f5f62ab92c94bc7501216d7da681c3a6f87f646a18d0f3d116c3d3a24d2e5cbebc6c695c986e517
DIST rfc2307bis.schema-20140524 12262 BLAKE2B 98031f49e9bde1e4821e637af3382364d8344ed7017649686a088070d96a632dffa6c661552352656b1b159c0fd962965580069a64c7f3d5bb6a3ed75f60fd99 SHA512 83b89a1deeefc8566b97e7e865b9b6d04541099cbdf719e24538a7d27d61b6209e87ab9003a9f140bd9afd018ec569e71721e3a24090e1902c8b6659d2ba103e

5
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.2.14-perlthreadsfix.patch vendored
View File

@ -1,6 +1,5 @@
diff -ur openldap-2.2.14.orig/servers/slapd/back-perl/Makefile.in openldap-2.2.14/servers/slapd/back-perl/Makefile.in
--- openldap-2.2.14.orig/servers/slapd/back-perl/Makefile.in 2004-04-12 11:20:14.000000000 -0700
+++ openldap-2.2.14/servers/slapd/back-perl/Makefile.in 2004-06-20 18:43:41.000000000 -0700
--- a/servers/slapd/back-perl/Makefile.in
+++ b/servers/slapd/back-perl/Makefile.in
@@ -31,7 +31,7 @@
shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)

5
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.11-libldap_r.patch vendored
View File

@ -1,6 +1,5 @@
diff -Nuar openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in openldap-2.4.11/servers/slapd/slapi/Makefile.in
--- openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in 2008-02-11 15:26:49.000000000 -0800
+++ openldap-2.4.11/servers/slapd/slapi/Makefile.in 2008-10-14 02:10:18.402799262 -0700
--- a/servers/slapd/slapi/Makefile.in
+++ b/servers/slapd/slapi/Makefile.in
@@ -37,6 +37,7 @@
XLIBS = $(LIBRARY)
XXLIBS =

4
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.15-ppolicy.patch vendored
View File

@ -1,5 +1,5 @@
--- openldap-2.4.15/clients/tools/common.c.orig 2009-02-05 15:05:03.000000000 -0800
+++ openldap-2.4.15/clients/tools/common.c 2009-03-21 01:45:14.000000000 -0700
--- a/clients/tools/common.c
+++ b/clients/tools/common.c
@@ -1315,8 +1315,8 @@
int nsctrls = 0;

5
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.17-gcc44.patch vendored
View File

@ -1,6 +1,5 @@
diff -ur openldap-2.4.17.orig/contrib/ldapc++/src/SaslInteractionHandler.cpp openldap-2.4.17/contrib/ldapc++/src/SaslInteractionHandler.cpp
--- openldap-2.4.17.orig/contrib/ldapc++/src/SaslInteractionHandler.cpp 2008-04-15 02:09:26.000000000 +0300
+++ openldap-2.4.17/contrib/ldapc++/src/SaslInteractionHandler.cpp 2009-08-10 13:21:24.000000000 +0300
--- a/contrib/ldapc++/src/SaslInteractionHandler.cpp
+++ b/contrib/ldapc++/src/SaslInteractionHandler.cpp
@@ -13,6 +13,7 @@
#include <termios.h>
#endif

2
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.28-fix-dash.patch vendored
View File

@ -11,8 +11,6 @@ Patch unbreaks build when /bin/sh points to dash:
eval: 1: base_compile+= x86_64-pc-linux-gnu-gcc: not found
...
make[2]: *** [decode.lo] Error 1
diff --git a/build/top.mk b/build/top.mk
index 6fea488..ea324e3 100644
--- a/build/top.mk
+++ b/build/top.mk
@@ -20,7 +20,7 @@ VERSION= @VERSION@

4
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.28-gnutls-gcrypt.patch vendored
View File

@ -1,5 +1,5 @@
--- openldap-2.4.28/configure.in.orig 2012-02-11 22:40:36.004360795 +0000
+++ openldap-2.4.28/configure.in 2012-02-11 22:40:13.410986851 +0000
--- a/configure.in
+++ b/configure.in
@@ -1214,7 +1214,7 @@
ol_with_tls=gnutls
ol_link_tls=yes

5
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.35-contrib-samba4.patch vendored
View File

@ -1,6 +1,5 @@
diff -Nuar openldap-2.4.35.orig/contrib/slapd-modules/samba4/Makefile openldap-2.4.35/contrib/slapd-modules/samba4/Makefile
--- openldap-2.4.35.orig/contrib/slapd-modules/samba4/Makefile 2013-03-28 15:41:51.000000000 +0000
+++ openldap-2.4.35/contrib/slapd-modules/samba4/Makefile 2013-04-16 02:16:40.651868432 +0000
--- a/contrib/slapd-modules/samba4/Makefile
+++ b/contrib/slapd-modules/samba4/Makefile
@@ -20,7 +20,8 @@
LIBTOOL = $(LDAP_BUILD)/libtool

5
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.35-contrib-smbk5pwd.patch vendored
View File

@ -1,6 +1,5 @@
diff -Nuar openldap-2.4.35.orig/contrib/slapd-modules/smbk5pwd/Makefile openldap-2.4.35/contrib/slapd-modules/smbk5pwd/Makefile
--- openldap-2.4.35.orig/contrib/slapd-modules/smbk5pwd/Makefile 2013-03-28 15:41:51.000000000 +0000
+++ openldap-2.4.35/contrib/slapd-modules/smbk5pwd/Makefile 2013-04-16 02:13:38.939913119 +0000
--- a/contrib/slapd-modules/smbk5pwd/Makefile
+++ b/contrib/slapd-modules/smbk5pwd/Makefile
@@ -21,16 +21,23 @@
SSL_INC =
SSL_LIB = -lcrypto

16
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.42-mdb-unbundle.patch vendored
View File

@ -1,5 +1,5 @@
--- ./build/top.mk.orig 2014-10-24 14:34:59.260827298 +0200
+++ ./build/top.mk 2014-10-24 14:35:25.281168893 +0200
--- a/build/top.mk
+++ b/build/top.mk
@@ -160,6 +160,7 @@
LTHREAD_LIBS = @LTHREAD_LIBS@
@ -8,8 +8,8 @@
SLAPD_NDB_LIBS = @SLAPD_NDB_LIBS@
LDAP_LIBLBER_LA = $(LDAP_LIBDIR)/liblber/liblber.la
--- ./build/openldap.m4.orig 2014-10-24 10:52:02.837221734 +0200
+++ ./build/openldap.m4 2014-10-24 11:31:02.748087966 +0200
--- ./build/openldap.m4.orig
+++ ./build/openldap.m4
@@ -563,6 +563,38 @@
], [ol_cv_bdb_compat=yes], [ol_cv_bdb_compat=no])])
])
@ -49,8 +49,8 @@
dnl
dnl ====================================================================
dnl Check POSIX Thread version
--- ./servers/slapd/back-mdb/Makefile.in.orig 2014-10-24 10:31:30.860931076 +0200
+++ ./servers/slapd/back-mdb/Makefile.in 2014-10-24 14:33:33.803705424 +0200
--- a/servers/slapd/back-mdb/Makefile.in
+++ b/servers/slapd/back-mdb/Makefile.in
@@ -25,11 +25,10 @@
extended.lo operational.lo \
attr.lo index.lo key.lo filterindex.lo \
@ -85,8 +85,8 @@
-
veryclean-local-lib: FORCE
$(RM) $(XXHEADERS) $(XXSRCS) .links
--- ./configure.in.orig 2014-10-24 10:46:53.289139847 +0200
+++ ./configure.in 2014-10-24 10:51:34.372846374 +0200
--- a/configure.in
+++ b/configure.in
@@ -519,6 +519,7 @@
dnl Initialize vars
LDAP_LIBS=

4
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.45-fix-lmpasswd-gnutls-symbols.patch vendored
View File

@ -7,8 +7,8 @@ X-Gentoo-Bug: http://bugs.gentoo.org/show_bug.cgi?id=233633
X-Upstream-Bug: http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=4997
X-Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=245341
--- openldap-2.4.17.orig/libraries/liblutil/passwd.c 2009-07-27 18:59:19.635995474 -0700
+++ openldap-2.4.17/libraries/liblutil/passwd.c 2009-07-27 19:01:13.588069010 -0700
--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@@ -51,6 +51,26 @@ typedef unsigned char des_data_block[8];
typedef PK11Context *des_context[1];
#define DES_ENCRYPT CKA_ENCRYPT

58
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.47-libressl.patch vendored
View File

@ -1,58 +0,0 @@
diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
index b0277dfe9..8a3f47a74 100644
--- a/libraries/libldap/tls_o.c
+++ b/libraries/libldap/tls_o.c
@@ -50,7 +50,7 @@
#include <ssl.h>
#endif
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
#define ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
#endif
@@ -200,7 +200,7 @@ tlso_init( void )
(void) tlso_seed_PRNG( lo->ldo_tls_randfile );
#endif
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_digests();
@@ -252,7 +252,7 @@ static void
tlso_ctx_ref( tls_ctx *ctx )
{
tlso_ctx *c = (tlso_ctx *)ctx;
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
#define SSL_CTX_up_ref(ctx) CRYPTO_add( &(ctx->references), 1, CRYPTO_LOCK_SSL_CTX )
#endif
SSL_CTX_up_ref( c );
@@ -511,7 +511,7 @@ tlso_session_my_dn( tls_session *sess, struct berval *der_dn )
if (!x) return LDAP_INVALID_CREDENTIALS;
xn = X509_get_subject_name(x);
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
der_dn->bv_len = i2d_X509_NAME( xn, NULL );
der_dn->bv_val = xn->bytes->data;
#else
@@ -547,7 +547,7 @@ tlso_session_peer_dn( tls_session *sess, struct berval *der_dn )
return LDAP_INVALID_CREDENTIALS;
xn = X509_get_subject_name(x);
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
der_dn->bv_len = i2d_X509_NAME( xn, NULL );
der_dn->bv_val = xn->bytes->data;
#else
@@ -768,7 +768,7 @@ struct tls_data {
Sockbuf_IO_Desc *sbiod;
};
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
#define BIO_set_init(b, x) b->init = x
#define BIO_set_data(b, x) b->ptr = x
#define BIO_clear_flags(b, x) b->flags &= ~(x)

6
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.47-warnings.patch vendored
View File

@ -1,5 +1,3 @@
diff --git a/include/ldap.h b/include/ldap.h
index c245651c2..7f14f1051 100644
--- a/include/ldap.h
+++ b/include/ldap.h
@@ -2041,6 +2041,10 @@ LDAP_F( int )
@ -13,8 +11,6 @@ index c245651c2..7f14f1051 100644
LDAP_F( int )
ldap_url_parse LDAP_P((
LDAP_CONST char *url,
diff --git a/include/ldap_int_thread.h b/include/ldap_int_thread.h
index e2dd8a942..bbc07c845 100644
--- a/include/ldap_int_thread.h
+++ b/include/ldap_int_thread.h
@@ -33,7 +33,7 @@ LDAP_END_DECL
@ -26,8 +22,6 @@ index e2dd8a942..bbc07c845 100644
#include <pthread.h>
#ifdef HAVE_SCHED_H
#include <sched.h>
diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c
index d25c190ea..639f598e7 100644
--- a/libraries/libldap/tls2.c
+++ b/libraries/libldap/tls2.c
@@ -76,6 +76,8 @@ static oid_name oids[] = {

15
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.6-evolution-ntlm.patch vendored
View File

@ -1,6 +1,5 @@
diff -up evo-openldap-2.4.14/include/ldap.h.evolution-ntlm evo-openldap-2.4.14/include/ldap.h
--- evo-openldap-2.4.14/include/ldap.h.evolution-ntlm 2009-01-27 00:29:53.000000000 +0100
+++ evo-openldap-2.4.14/include/ldap.h 2009-02-17 10:10:00.000000000 +0100
--- a/include/ldap.h
+++ b/include/ldap.h
@@ -2461,5 +2461,26 @@ ldap_parse_deref_control LDAP_P((
LDAPControl **ctrls,
LDAPDerefRes **drp ));
@ -28,9 +27,8 @@ diff -up evo-openldap-2.4.14/include/ldap.h.evolution-ntlm evo-openldap-2.4.14/i
+
LDAP_END_DECL
#endif /* _LDAP_H */
diff -up evo-openldap-2.4.14/libraries/libldap/Makefile.in.evolution-ntlm evo-openldap-2.4.14/libraries/libldap/Makefile.in
--- evo-openldap-2.4.14/libraries/libldap/Makefile.in.evolution-ntlm 2009-01-27 00:29:53.000000000 +0100
+++ evo-openldap-2.4.14/libraries/libldap/Makefile.in 2009-02-17 10:10:00.000000000 +0100
--- a/libraries/libldap/Makefile.in
+++ b/libraries/libldap/Makefile.in
@@ -20,7 +20,7 @@ PROGRAMS = apitest dntest ftest ltest ur
SRCS = bind.c open.c result.c error.c compare.c search.c \
controls.c messages.c references.c extended.c cyrus.c \
@ -49,9 +47,8 @@ diff -up evo-openldap-2.4.14/libraries/libldap/Makefile.in.evolution-ntlm evo-op
filter.lo free.lo sort.lo passwd.lo whoami.lo \
getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \
diff -up /dev/null evo-openldap-2.4.14/libraries/libldap/ntlm.c
--- /dev/null 2009-02-17 09:19:52.829004420 +0100
+++ evo-openldap-2.4.14/libraries/libldap/ntlm.c 2009-02-17 10:10:00.000000000 +0100
--- /dev/null
+++ b/libraries/libldap/ntlm.c
@@ -0,0 +1,137 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */
+/*

21
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.6.1-cloak.patch vendored Normal file
View File

@ -0,0 +1,21 @@
--- a/contrib/slapd-modules/cloak/cloak.c
+++ b/contrib/slapd-modules/cloak/cloak.c
@@ -29,6 +29,7 @@
#include "ac/socket.h"
#include "lutil.h"
+#include "attr.h"
#include "slap.h"
#include "slap-config.h"
--- a/servers/slapd/attr.h
+++ b/servers/slapd/attr.h
@@ -0,0 +1,8 @@
+#ifndef OPENLDAP_SERVERS_SLAPD_ATTR_H_
+#define OPENLDAP_SERVERS_SLAPD_ATTR_H_
+
+#endif //OPENLDAP_SERVERS_SLAPD_ATTR_H_
+
+#include "slap.h"
+
+void attr_clean( Attribute *a );

11
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.6.1-fix-bashism-configure.patch vendored Normal file
View File

@ -0,0 +1,11 @@
--- a/configure.ac
+++ b/configure.ac
@@ -2055,7 +2055,7 @@ dnl
WITH_SYSTEMD=no
systemdsystemunitdir=
ol_link_systemd=no
-if test $ol_enable_slapd == no && test $ol_enable_balancer != yes ; then
+if test $ol_enable_slapd = no && test $ol_enable_balancer != yes ; then
if test $ol_with_systemd != no ; then
AC_MSG_WARN([servers disabled, ignoring --with-systemd=$ol_with_systemd argument])
ol_with_systemd=no

15
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.6.1-fix-missing-mapping.patch vendored Normal file
View File

@ -0,0 +1,15 @@
From 59e013602d7b1aa0d7da79d65367c9ec391b96f8 Mon Sep 17 00:00:00 2001
From: Simon Pichugin <spichugi@redhat.com>
Date: Wed, 3 Nov 2021 19:03:40 -0700
Subject: [PATCH] Fix missing mapping
--- a/libraries/liblber/lber.map
+++ b/libraries/liblber/lber.map
@@ -121,6 +121,7 @@ OPENLDAP_2.200
ber_sockbuf_io_fd;
ber_sockbuf_io_readahead;
ber_sockbuf_io_tcp;
+ ber_sockbuf_io_udp;
ber_sockbuf_remove_io;
ber_sos_dump;
ber_start;

352
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.6.1-flags.patch vendored Normal file
View File

@ -0,0 +1,352 @@
--- a/contrib/slapd-modules/acl/Makefile
+++ b/contrib/slapd-modules/acl/Makefile
@@ -8,7 +8,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS =
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB)
--- a/contrib/slapd-modules/addpartial/Makefile
+++ b/contrib/slapd-modules/addpartial/Makefile
@@ -8,7 +8,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS =
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB)
--- a/contrib/slapd-modules/adremap/Makefile
+++ b/contrib/slapd-modules/adremap/Makefile
@@ -19,7 +19,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
INSTALL = /usr/bin/install
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS = -DSLAPD_OVER_ADREMAP=SLAPD_MOD_DYNAMIC
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB)
--- a/contrib/slapd-modules/allop/Makefile
+++ b/contrib/slapd-modules/allop/Makefile
@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
INSTALL = /usr/bin/install
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS =
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB)
--- a/contrib/slapd-modules/allowed/Makefile
+++ b/contrib/slapd-modules/allowed/Makefile
@@ -20,7 +20,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS = -DSLAPD_OVER_ALLOWED=SLAPD_MOD_DYNAMIC
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB)
--- a/contrib/slapd-modules/authzid/Makefile
+++ b/contrib/slapd-modules/authzid/Makefile
@@ -20,7 +20,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS =
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB)
--- a/contrib/slapd-modules/autogroup/Makefile
+++ b/contrib/slapd-modules/autogroup/Makefile
@@ -8,7 +8,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS =
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB)
--- a/contrib/slapd-modules/cloak/Makefile
+++ b/contrib/slapd-modules/cloak/Makefile
@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
INSTALL = /usr/bin/install
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS = -DSLAPD_OVER_CLOAK=SLAPD_MOD_DYNAMIC
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB)
--- a/contrib/slapd-modules/comp_match/Makefile
+++ b/contrib/slapd-modules/comp_match/Makefile
@@ -31,7 +31,7 @@ SSL_LIB = -lcrypto -L$(SSL_DIR)/lib
LIBTOOL = $(LDAP_BUILD)/libtool
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS = -DLDAP_COMPONENT
INCS = $(LDAP_INC) $(SNACC_INC) $(SSL_INC)
LIBS = $(LDAP_LIB) $(SNACC_LIB) $(SSL_LIB)
--- a/contrib/slapd-modules/datamorph/Makefile
+++ b/contrib/slapd-modules/datamorph/Makefile
@@ -22,7 +22,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
INSTALL = /usr/bin/install
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS = -DSLAPD_OVER_DATAMORPH=SLAPD_MOD_DYNAMIC
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB)
--- a/contrib/slapd-modules/denyop/Makefile
+++ b/contrib/slapd-modules/denyop/Makefile
@@ -8,7 +8,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS = -DSLAPD_OVER_DENYOP=SLAPD_MOD_DYNAMIC
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB)
--- a/contrib/slapd-modules/dsaschema/Makefile
+++ b/contrib/slapd-modules/dsaschema/Makefile
@@ -8,7 +8,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS =
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB)
--- a/contrib/slapd-modules/dupent/Makefile
+++ b/contrib/slapd-modules/dupent/Makefile
@@ -20,7 +20,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS = -DSLAPD_OVER_DUPENT=SLAPD_MOD_DYNAMIC
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB)
--- a/contrib/slapd-modules/kinit/Makefile
+++ b/contrib/slapd-modules/kinit/Makefile
@@ -8,7 +8,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS =
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB) -lkrb5
--- a/contrib/slapd-modules/lastbind/Makefile
+++ b/contrib/slapd-modules/lastbind/Makefile
@@ -19,7 +19,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
INSTALL = /usr/bin/install
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS = -DSLAPD_OVER_LASTBIND=SLAPD_MOD_DYNAMIC
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB)
--- a/contrib/slapd-modules/lastmod/Makefile
+++ b/contrib/slapd-modules/lastmod/Makefile
@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
INSTALL = /usr/bin/install
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS = -DSLAPD_OVER_LASTMOD=SLAPD_MOD_DYNAMIC
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB)
--- a/contrib/slapd-modules/noopsrch/Makefile
+++ b/contrib/slapd-modules/noopsrch/Makefile
@@ -20,7 +20,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
CC = gcc
-OPT = -g -O2 -Wall
+OPT = -Wall -Wall
DEFS = -DSLAPD_OVER_NOOPSRCH=SLAPD_MOD_DYNAMIC
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB)
--- a/contrib/slapd-modules/nops/Makefile
+++ b/contrib/slapd-modules/nops/Makefile
@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
INSTALL = /usr/bin/install
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS = -DSLAPD_OVER_NOPS=SLAPD_MOD_DYNAMIC
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB)
--- a/contrib/slapd-modules/nssov/Makefile
+++ b/contrib/slapd-modules/nssov/Makefile
@@ -27,7 +27,7 @@ NLDAPD_INC=-Inss-pam-ldapd
LIBTOOL = $(LDAP_BUILD)/libtool
INSTALL = /usr/bin/install
-OPT = -g -O2
+OPT = -Wall
CC = gcc
DEFS =
INCS = $(LDAP_INC) $(NLDAPD_INC)
--- a/contrib/slapd-modules/passwd/Makefile
+++ b/contrib/slapd-modules/passwd/Makefile
@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
INSTALL = /usr/bin/install
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS =
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB)
--- a/contrib/slapd-modules/passwd/pbkdf2/Makefile
+++ b/contrib/slapd-modules/passwd/pbkdf2/Makefile
@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
INSTALL = /usr/bin/install
CC = gcc
-OPT = -g -O2
+OPT = -Wall
#DEFS = -DSLAPD_PBKDF2_DEBUG
SSL_INC =
--- a/contrib/slapd-modules/passwd/sha2/Makefile
+++ b/contrib/slapd-modules/passwd/sha2/Makefile
@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
INSTALL = /usr/bin/install
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS =
#DEFS = -DSLAPD_SHA2_DEBUG
INCS = $(LDAP_INC)
--- a/contrib/slapd-modules/passwd/totp/Makefile
+++ b/contrib/slapd-modules/passwd/totp/Makefile
@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
INSTALL = /usr/bin/install
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS =
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB)
--- a/contrib/slapd-modules/ppm/Makefile
+++ b/contrib/slapd-modules/ppm/Makefile
@@ -18,7 +18,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/liblber/liblber.la $(LDAP_BUILD)/libraries/li
LIBTOOL = $(LDAP_BUILD)/libtool
INSTALL = /usr/bin/install
CC = gcc
-OPT = -g -O2 -fpic
+OPT = -Wall -fpic
# To skip linking against CRACKLIB make CRACK=no
CRACK=yes
--- a/contrib/slapd-modules/proxyOld/Makefile
+++ b/contrib/slapd-modules/proxyOld/Makefile
@@ -20,7 +20,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS =
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB)
--- a/contrib/slapd-modules/rbac/Makefile
+++ b/contrib/slapd-modules/rbac/Makefile
@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
INSTALL = /usr/bin/install
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS = -DSLAPD_OVER_RBAC=SLAPD_MOD_DYNAMIC
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB)
--- a/contrib/slapd-modules/samba4/Makefile
+++ b/contrib/slapd-modules/samba4/Makefile
@@ -20,7 +20,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS = -DSLAPD_OVER_RDNVAL=SLAPD_MOD_DYNAMIC \
-DSLAPD_OVER_PGUID=SLAPD_MOD_DYNAMIC \
-DSLAPD_OVER_VERNUM=SLAPD_MOD_DYNAMIC
--- a/contrib/slapd-modules/smbk5pwd/Makefile
+++ b/contrib/slapd-modules/smbk5pwd/Makefile
@@ -27,7 +27,7 @@ HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv
LIBTOOL = $(LDAP_BUILD)/libtool
INSTALL = /usr/bin/install
CC = gcc
-OPT = -g -O2
+OPT = -Wall
# Omit DO_KRB5, DO_SAMBA or DO_SHADOW if you don't want to support it.
DEFS = -DDO_KRB5 -DDO_SAMBA -DDO_SHADOW
INCS = $(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC)
--- a/contrib/slapd-modules/trace/Makefile
+++ b/contrib/slapd-modules/trace/Makefile
@@ -8,7 +8,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS = -DSLAPD_OVER_TRACE=SLAPD_MOD_DYNAMIC
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB)
--- a/contrib/slapd-modules/usn/Makefile
+++ b/contrib/slapd-modules/usn/Makefile
@@ -8,7 +8,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS = -DSLAPD_OVER_USN=SLAPD_MOD_DYNAMIC
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB)
--- a/contrib/slapd-modules/variant/Makefile
+++ b/contrib/slapd-modules/variant/Makefile
@@ -22,7 +22,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
INSTALL = /usr/bin/install
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS = -DSLAPD_OVER_VARIANT=SLAPD_MOD_DYNAMIC
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB)
--- a/contrib/slapd-modules/vc/Makefile
+++ b/contrib/slapd-modules/vc/Makefile
@@ -20,7 +20,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
LIBTOOL = $(LDAP_BUILD)/libtool
CC = gcc
-OPT = -g -O2
+OPT = -Wall
DEFS =
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB)

59
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.6.1-make-flags.patch vendored Normal file
View File

@ -0,0 +1,59 @@
https://github.com/openldap/openldap/commit/8e3f87f86a51e78bffefb85968e5684213422cb7
From: Orgad Shaneh <orgad.shaneh@audiocodes.com>
Date: Tue, 25 Jan 2022 17:38:46 +0200
Subject: [PATCH] ITS#9788 Fix make jobserver warnings
Running make -j8 issues the following warning for each directory with
make 4.3:
make[2]: warning: -j8 forced in submake: resetting jobserver mode.
There is no need to pass MFLAGS. Make picks it up from the
environment anyway.
--- a/build/dir.mk
+++ b/build/dir.mk
@@ -21,7 +21,7 @@ all-common: FORCE
@echo "Making all in `$(PWD)`"
@for i in $(SUBDIRS) $(ALLDIRS); do \
echo " Entering subdirectory $$i"; \
- ( cd $$i && $(MAKE) $(MFLAGS) all ); \
+ ( cd $$i && $(MAKE) all ); \
if test $$? != 0 ; then exit 1; fi ; \
echo " "; \
done
@@ -30,7 +30,7 @@ install-common: FORCE
@echo "Making install in `$(PWD)`"
@for i in $(SUBDIRS) $(INSTALLDIRS); do \
echo " Entering subdirectory $$i"; \
- ( cd $$i && $(MAKE) $(MFLAGS) install ); \
+ ( cd $$i && $(MAKE) install ); \
if test $$? != 0 ; then exit 1; fi ; \
echo " "; \
done
@@ -39,7 +39,7 @@ clean-common: FORCE
@echo "Making clean in `$(PWD)`"
@for i in $(SUBDIRS) $(CLEANDIRS); do \
echo " Entering subdirectory $$i"; \
- ( cd $$i && $(MAKE) $(MFLAGS) clean ); \
+ ( cd $$i && $(MAKE) clean ); \
if test $$? != 0 ; then exit 1; fi ; \
echo " "; \
done
@@ -48,7 +48,7 @@ veryclean-common: FORCE
@echo "Making veryclean in `$(PWD)`"
@for i in $(SUBDIRS) $(CLEANDIRS); do \
echo " Entering subdirectory $$i"; \
- ( cd $$i && $(MAKE) $(MFLAGS) veryclean ); \
+ ( cd $$i && $(MAKE) veryclean ); \
if test $$? != 0 ; then exit 1; fi ; \
echo " "; \
done
@@ -57,7 +57,7 @@ depend-common: FORCE
@echo "Making depend in `$(PWD)`"
@for i in $(SUBDIRS) $(DEPENDDIRS); do \
echo " Entering subdirectory $$i"; \
- ( cd $$i && $(MAKE) $(MFLAGS) depend ); \
+ ( cd $$i && $(MAKE) depend ); \
if test $$? != 0 ; then exit 1; fi ; \
echo " "; \
done

140
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.6.1-system-mdb.patch vendored Normal file
View File

@ -0,0 +1,140 @@
--- a/build/openldap.m4
+++ b/build/openldap.m4
@@ -243,6 +243,40 @@ OL_RESOLVER_TRY(ol_cv_resolver_none)
OL_RESOLVER_TRY(ol_cv_resolver_resolv,[-lresolv])
OL_RESOLVER_TRY(ol_cv_resolver_bind,[-lbind])
])
+
+dnl --------------------------------------------------------------------
+dnl Check for version compatility with back-mdb
+AC_DEFUN([OL_MDB_COMPAT],
+[AC_CACHE_CHECK([if LMDB version supported by MDB backends], [ol_cv_mdb_compat],[
+ AC_EGREP_CPP(__mdb_version_compat,[
+#include <lmdb.h>
+
+/* require 0.9.18 or later */
+#if MDB_VERSION_FULL >= 0x000000090012
+ __mdb_version_compat
+#endif
+ ], [ol_cv_mdb_compat=yes], [ol_cv_mdb_compat=no])])
+])
+
+dnl
+dnl --------------------------------------------------------------------
+dnl Find any MDB
+AC_DEFUN([OL_MDB],
+[ol_cv_mdb=no
+AC_CHECK_HEADERS(lmdb.h)
+if test $ac_cv_header_lmdb_h = yes; then
+ OL_MDB_COMPAT
+
+ if test $ol_cv_mdb_compat != yes ; then
+ AC_MSG_ERROR([LMDB version incompatible with MDB backends])
+ fi
+
+ ol_cv_lib_mdb=-llmdb
+ ol_cv_mdb=yes
+fi
+])
+
+
dnl
dnl ====================================================================
dnl Check POSIX Thread version
--- a/build/top.mk
+++ b/build/top.mk
@@ -164,6 +164,7 @@ CLIENT_LIBS = @CLIENT_LIBS@
LUTIL_LIBS = @LUTIL_LIBS@
LTHREAD_LIBS = @LTHREAD_LIBS@
+MDB_LIBS = @MDB_LIBS@
SLAPD_NDB_LIBS = @SLAPD_NDB_LIBS@
WT_LIBS = @WT_LIBS@
--- a/configure.ac
+++ b/configure.ac
@@ -547,6 +547,7 @@ AC_MSG_RESULT(done)
dnl ----------------------------------------------------------------
dnl Initialize vars
LDAP_LIBS=
+MDB_LIBS=
SLAPD_NDB_LIBS=
SLAPD_NDB_INCS=
LTHREAD_LIBS=
@@ -646,6 +647,32 @@ dnl Checks for programs
AC_DEFINE(HAVE_MKVERSION, 1, [define this if you have mkversion])
+dnl ----------------------------------------------------------------
+ol_link_mdb=no
+
+AS_IF([test x$ol_enable_mdb != xno], [
+ OL_MDB
+
+ if test $ol_cv_mdb = no ; then
+ AC_MSG_ERROR(MDB: LMDB not available)
+ fi
+
+ AC_DEFINE(HAVE_MDB,1,
+ [define this if LMDB is available])
+
+ dnl $ol_cv_lib_mdb should be yes or -llmdb
+ dnl (it could be no, but that would be an error
+ if test $ol_cv_lib_mdb != yes ; then
+ MDB_LIBS="$MDB_LIBS $ol_cv_lib_mdb"
+ fi
+
+ SLAPD_LIBS="$SLAPD_LIBS \$(MDB_LIBS)"
+
+ ol_link_mdb=yes
+])
+
+dnl ----------------------------------------------------------------
+
dnl ----------------------------------------------------------------
dnl
dnl Determine which C translator to use
@@ -3150,6 +3177,7 @@ dnl pwmods
AC_SUBST(LDAP_LIBS)
AC_SUBST(CLIENT_LIBS)
AC_SUBST(SLAPD_LIBS)
+AC_SUBST(MDB_LIBS)
AC_SUBST(BALANCER_LIBS)
AC_SUBST(SLAPD_NDB_LIBS)
AC_SUBST(SLAPD_NDB_INCS)
--- a/servers/slapd/back-mdb/Makefile.in
+++ b/servers/slapd/back-mdb/Makefile.in
@@ -25,11 +25,10 @@ OBJS = init.lo tools.lo config.lo \
extended.lo operational.lo \
attr.lo index.lo key.lo filterindex.lo \
dn2entry.lo dn2id.lo id2entry.lo idl.lo \
- nextid.lo monitor.lo mdb.lo midl.lo
+ nextid.lo monitor.lo
LDAP_INCDIR= ../../../include
LDAP_LIBDIR= ../../../libraries
-MDB_SUBDIR = $(srcdir)/$(LDAP_LIBDIR)/liblmdb
BUILD_OPT = "--enable-mdb"
BUILD_MOD = @BUILD_MDB@
@@ -44,7 +43,7 @@ UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
LIBBASE = back_mdb
-XINCPATH = -I.. -I$(srcdir)/.. -I$(MDB_SUBDIR)
+XINCPATH = -I.. -I$(srcdir)/..
XDEFS = $(MODULES_CPPFLAGS)
all-local-lib: ../.backend
@@ -52,11 +51,5 @@ all-local-lib: ../.backend
../.backend: lib$(LIBBASE).a
@touch $@
-mdb.lo: $(MDB_SUBDIR)/mdb.c
- $(LTCOMPILE_MOD) $(MDB_SUBDIR)/mdb.c
-
-midl.lo: $(MDB_SUBDIR)/midl.c
- $(LTCOMPILE_MOD) $(MDB_SUBDIR)/midl.c
-
veryclean-local-lib: FORCE
$(RM) $(XXHEADERS) $(XXSRCS) .links

12
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/slapd-2.6.1.service vendored Normal file
View File

@ -0,0 +1,12 @@
[Unit]
Description=OpenLDAP Server Daemon
After=network.target
[Service]
Type=notify
PIDFile=/run/openldap/slapd.pid
ExecStartPre=/usr/sbin/slaptest -Q -u $SLAPD_OPTIONS
ExecStart=/usr/lib/openldap/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS
[Install]
WantedBy=multi-user.target

26
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/slapd-confd-2.6.1 vendored Normal file
View File

@ -0,0 +1,26 @@
# conf.d file for openldap
#
# To enable both the standard unciphered server and the ssl encrypted
# one uncomment this line or set any other server starting options
# you may desire.
# If you have multiple slapd instances per #376699, this will provide a default config
INSTANCE="openldap${SVCNAME#slapd}"
# If you use the classical configuration file:
OPTS_CONF="-f /etc/${INSTANCE}/slapd.conf"
# Uncomment this instead to use the new slapd.d configuration directory for openldap 2.3
#OPTS_CONF="-F /etc/${INSTANCE}/slapd.d"
# (the OPTS_CONF variable is also passed to slaptest during startup)
OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2frun%2fopenldap%2fslapd.sock'"
# Optional connectionless LDAP:
#OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2frun%2fopenldap%2fslapd.sock cldap://'"
# If you change the above listen statement to bind on a specific IP for
# listening, you should ensure that interface is up here (change eth0 as
# needed).
#rc_need="net.eth0"
# Specify the kerberos keytab file
#KRB5_KTNAME=/etc/openldap/krb5-ldap.keytab

8
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/slapd-initd vendored
View File

@ -8,7 +8,7 @@ depend() {
}
start() {
checkpath -q -d /var/run/openldap/ -o ldap:ldap
checkpath -q -d /var/run/openldap/ -o ldap:ldap
if ! checkconfig ; then
eerror "There is a problem with your slapd.conf!"
return 1
@ -20,10 +20,10 @@ start() {
stop() {
ebegin "Stopping ldap-server"
start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/slapd.pid
start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/slapd.pid
eend $?
}
checkconfig() {
/usr/sbin/slaptest -u "$@" ${OPTS_CONF}
checkconfig() {
/usr/sbin/slaptest -u "$@" ${OPTS_CONF}
}

2
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/slapd-initd-2.4.40-r2 vendored
View File

@ -57,7 +57,7 @@ checkconfig() {
if [ $? -ne 0 ]; then
ewarn "You have files in $d not owned by the ldap user, you must ensure they are accessible to the slapd instance!"
fi
[ ! -e $d/DB_CONFIG ] && ewarn "$d/DB_CONFIG does not exist, slapd performance may be sub-optimal"
[ ! -e $d/DB_CONFIG ] && ewarn "$d/DB_CONFIG does not exist, slapd performance may be sub-optimal"
done
# now test the config fully
/usr/sbin/slaptest -u "$@" ${OPTS_CONF}

7
sdk_container/src/third_party/portage-stable/net-nds/openldap/metadata.xml vendored
View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>zlogene@gentoo.org</email>
@ -9,6 +9,9 @@
<email>ldap-bugs@gentoo.org</email>
</maintainer>
<use>
<flag name="argon2">Enable password hashing algorithm from <pkg>app-crypt/argon2</pkg></flag>
<flag name="autoca">Automatic Certificate Authority overlay</flag>
<flag name="cleartext">Enable use of cleartext passwords</flag>
<flag name="experimental">Enable experimental backend options</flag>
<flag name="kinit">Enable support for kerberos init</flag>
<flag name="odbc">Enable ODBC and SQL backend options</flag>
@ -19,6 +22,8 @@
<flag name="sha2">Enable support for pw-sha2 password hashes</flag>
</use>
<upstream>
<bugs-to>https://bugs.openldap.org/</bugs-to>
<remote-id type="cpe">cpe:/a:openldap:openldap</remote-id>
<remote-id type="gitlab">openldap/openldap</remote-id>
</upstream>
</pkgmetadata>

36
sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.4.57.ebuild → sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.4.57-r2.ebuild vendored
View File

@ -1,9 +1,9 @@
# Copyright 1999-2021 Gentoo Authors
# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit autotools db-use flag-o-matic multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
inherit autotools db-use flag-o-matic multilib multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
BIS_PN=rfc2307bis.schema
BIS_PV=20140524
@ -22,14 +22,14 @@ SRC_URI="
LICENSE="OPENLDAP GPL-2"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x86-solaris"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x86-solaris"
IUSE_DAEMON="crypt samba tcpd experimental minimal"
IUSE_BACKEND="+berkdb"
IUSE_OVERLAY="overlays perl"
IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 libressl +syslog selinux static-libs test"
IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux static-libs test"
IUSE_CONTRIB="smbkrb5passwd kerberos kinit pbkdf2 sha2"
IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
RESTRICT="!test? ( test )"
@ -42,7 +42,7 @@ REQUIRED_USE="cxx? ( sasl )
# Do not add any AGPL-3 BDB here!
# See bug 525110, comment 15.
# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build.
BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 5.1 4.8 4.7 4.6 4.5 4.4}"
BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 4.8}"
BDB_PKGS=''
for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
@ -50,8 +50,7 @@ for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
COMMON_DEPEND="
ssl? (
!gnutls? (
!libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
libressl? ( dev-libs/libressl:0=[${MULTILIB_USEDEP}] )
>=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
)
gnutls? (
>=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
@ -61,23 +60,22 @@ COMMON_DEPEND="
sasl? ( dev-libs/cyrus-sasl:= )
!minimal? (
dev-libs/libltdl
sys-libs/e2fsprogs-libs
sys-fs/e2fsprogs
>=dev-db/lmdb-0.9.18:=
crypt? ( virtual/libcrypt:= )
tcpd? ( sys-apps/tcp-wrappers )
odbc? ( !iodbc? ( dev-db/unixODBC )
iodbc? ( dev-db/libiodbc ) )
perl? ( dev-lang/perl:=[-build(-)] )
samba? (
!libressl? ( dev-libs/openssl:0= )
libressl? ( dev-libs/libressl:0= )
dev-libs/openssl:0=
)
berkdb? (
<sys-libs/db-6.0:=
|| ( ${BDB_PKGS} )
)
smbkrb5passwd? (
!libressl? ( dev-libs/openssl:0= )
libressl? ( dev-libs/libressl:0= )
dev-libs/openssl:0=
kerberos? ( app-crypt/heimdal )
)
kerberos? (
@ -96,14 +94,13 @@ RDEPEND="${COMMON_DEPEND}
# The user/group are only used for running daemons which are
# disabled in minimal builds, so elide the accounts too.
# for tracking versions
BDEPEND="!minimal? (
acct-group/ldap
acct-user/ldap
)
"
# for tracking versions
OPENLDAP_VERSIONTAG=".version-tag"
OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
@ -177,9 +174,6 @@ PATCHES=(
# unbundle lmdb
"${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch
# bug #622464
"${FILESDIR}"/${PN}-2.4.47-libressl.patch
# fix some compiler warnings
"${FILESDIR}"/${PN}-2.4.47-warnings.patch
)
@ -825,13 +819,13 @@ multilib_src_install() {
#newdoc acl/README*
newdoc addpartial/README addpartial-README
newdoc allop/README allop-README
newdoc allowed/README allowed-README
newdoc allowed/README allowed-README
newdoc autogroup/README autogroup-README
newdoc dsaschema/README dsaschema-README
newdoc passwd/README passwd-README
cd "${S}/contrib/slapi-plugins" || die
insinto /usr/$(get_libdir)/openldap/openldap
doins */*.so
doins */*.so
docinto contrib
newdoc addrdnvalues/README addrdnvalues-README
@ -867,6 +861,8 @@ pkg_preinst() {
pkg_postinst() {
if ! use minimal ; then
tmpfiles_process slapd.conf
# You cannot build SSL certificates during src_install that will make
# binary packages containing your SSL key, which is both a security risk
# and a misconfiguration if multiple machines use the same key and cert.

905
sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.4.58-r2.ebuild vendored Normal file
View File

@ -0,0 +1,905 @@
# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit autotools db-use flag-o-matic multilib multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
BIS_PN=rfc2307bis.schema
BIS_PV=20140524
BIS_P="${BIS_PN}-${BIS_PV}"
DESCRIPTION="LDAP suite of application and development tools"
HOMEPAGE="https://www.OpenLDAP.org/"
# upstream mirrors are mostly not working, using canonical URI
SRC_URI="
https://openldap.org/software/download/OpenLDAP/openldap-release/${P}.tgz
http://gpl.savoirfairelinux.net/pub/mirrors/openldap/openldap-release/${P}.tgz
http://repository.linagora.org/OpenLDAP/openldap-release/${P}.tgz
http://mirror.eu.oneandone.net/software/openldap/openldap-release/${P}.tgz
mirror://gentoo/${BIS_P}"
LICENSE="OPENLDAP GPL-2"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x86-solaris"
IUSE_DAEMON="crypt samba tcpd experimental minimal"
IUSE_BACKEND="+berkdb"
IUSE_OVERLAY="overlays perl"
IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux static-libs test"
IUSE_CONTRIB="smbkrb5passwd kerberos kinit pbkdf2 sha2"
IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
RESTRICT="!test? ( test )"
REQUIRED_USE="cxx? ( sasl )
pbkdf2? ( ssl )
test? ( berkdb )
?? ( test minimal )"
# always list newer first
# Do not add any AGPL-3 BDB here!
# See bug 525110, comment 15.
# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build.
BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 4.8}"
BDB_PKGS=''
for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
# openssl is needed to generate lanman-passwords required by samba
COMMON_DEPEND="
ssl? (
!gnutls? (
>=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
)
gnutls? (
>=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
>=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}]
)
)
sasl? ( dev-libs/cyrus-sasl:= )
!minimal? (
dev-libs/libltdl
sys-fs/e2fsprogs
>=dev-db/lmdb-0.9.18:=
crypt? ( virtual/libcrypt:= )
tcpd? ( sys-apps/tcp-wrappers )
odbc? ( !iodbc? ( dev-db/unixODBC )
iodbc? ( dev-db/libiodbc ) )
perl? ( dev-lang/perl:=[-build(-)] )
samba? (
dev-libs/openssl:0=
)
berkdb? (
<sys-libs/db-6.0:=
|| ( ${BDB_PKGS} )
)
smbkrb5passwd? (
dev-libs/openssl:0=
kerberos? ( app-crypt/heimdal )
)
kerberos? (
virtual/krb5
kinit? ( !app-crypt/heimdal )
)
cxx? ( dev-libs/cyrus-sasl:= )
)
"
DEPEND="${COMMON_DEPEND}
sys-apps/groff
"
RDEPEND="${COMMON_DEPEND}
selinux? ( sec-policy/selinux-ldap )
"
# The user/group are only used for running daemons which are
# disabled in minimal builds, so elide the accounts too.
BDEPEND="!minimal? (
acct-group/ldap
acct-user/ldap
)
"
# for tracking versions
OPENLDAP_VERSIONTAG=".version-tag"
OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
MULTILIB_WRAPPED_HEADERS=(
# USE=cxx
/usr/include/LDAPAsynConnection.h
/usr/include/LDAPAttrType.h
/usr/include/LDAPAttribute.h
/usr/include/LDAPAttributeList.h
/usr/include/LDAPConnection.h
/usr/include/LDAPConstraints.h
/usr/include/LDAPControl.h
/usr/include/LDAPControlSet.h
/usr/include/LDAPEntry.h
/usr/include/LDAPEntryList.h
/usr/include/LDAPException.h
/usr/include/LDAPExtResult.h
/usr/include/LDAPMessage.h
/usr/include/LDAPMessageQueue.h
/usr/include/LDAPModList.h
/usr/include/LDAPModification.h
/usr/include/LDAPObjClass.h
/usr/include/LDAPRebind.h
/usr/include/LDAPRebindAuth.h
/usr/include/LDAPReferenceList.h
/usr/include/LDAPResult.h
/usr/include/LDAPSaslBindResult.h
/usr/include/LDAPSchema.h
/usr/include/LDAPSearchReference.h
/usr/include/LDAPSearchResult.h
/usr/include/LDAPSearchResults.h
/usr/include/LDAPUrl.h
/usr/include/LDAPUrlList.h
/usr/include/LdifReader.h
/usr/include/LdifWriter.h
/usr/include/SaslInteraction.h
/usr/include/SaslInteractionHandler.h
/usr/include/StringList.h
/usr/include/TlsOptions.h
)
PATCHES=(
"${FILESDIR}"/${PN}-2.4.17-gcc44.patch
"${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch
"${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
# bug #116045 - still present in 2.4.28
"${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
# bug #408077 - samba4
"${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
# bug #189817
"${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
# bug #233633
"${FILESDIR}"/${PN}-2.4.45-fix-lmpasswd-gnutls-symbols.patch
# bug #281495
"${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
# bug #294350
"${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
# unbreak /bin/sh -> dash
"${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
# bug #420959
"${FILESDIR}"/${PN}-2.4.31-gcc47.patch
# unbundle lmdb
"${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch
# fix some compiler warnings
"${FILESDIR}"/${PN}-2.4.47-warnings.patch
)
openldap_filecount() {
local dir="$1"
find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
}
openldap_find_versiontags() {
# scan for all datadirs
local openldap_datadirs=()
if [[ -f "${EROOT}"/etc/openldap/slapd.conf ]]; then
openldap_datadirs=( $(awk '{if($1 == "directory") print $2 }' "${EROOT}"/etc/openldap/slapd.conf) )
fi
openldap_datadirs+=( ${OPENLDAP_DEFAULTDIR_VERSIONTAG} )
einfo
einfo "Scanning datadir(s) from slapd.conf and"
einfo "the default installdir for Versiontags"
einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
einfo
# scan datadirs if we have a version tag
openldap_found_tag=0
have_files=0
for each in ${openldap_datadirs[@]} ; do
CURRENT_TAGDIR="${ROOT}$(sed "s:\/::" <<< ${each})"
CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
einfo "- Checking ${each}..."
if [[ -r "${CURRENT_TAG}" ]] ; then
# yey, we have one :)
einfo " Found Versiontag in ${each}"
source "${CURRENT_TAG}"
if [[ "${OLDPF}" == "" ]] ; then
eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
eerror "Please delete it"
eerror
die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
fi
OLD_MAJOR=$(ver_cut 2-3 ${OLDPF})
[[ "$(openldap_filecount ${CURRENT_TAGDIR})" -gt 0 ]] && have_files=1
# are we on the same branch?
if [[ "${OLD_MAJOR}" != "${PV:0:3}" ]] ; then
ewarn " Versiontag doesn't match current major release!"
if [[ "${have_files}" == "1" ]] ; then
eerror " Versiontag says other major and you (probably) have datafiles!"
echo
openldap_upgrade_howto
else
einfo " No real problem, seems there's no database."
fi
else
einfo " Versiontag is fine here :)"
fi
else
einfo " Non-tagged dir ${each}"
[[ "$(openldap_filecount ${each})" -gt 0 ]] && have_files=1
if [[ "${have_files}" == "1" ]] ; then
einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
echo
eerror
eerror "Your OpenLDAP Installation has a non tagged datadir that"
eerror "possibly contains a database at ${CURRENT_TAGDIR}"
eerror
eerror "Please export data if any entered and empty or remove"
eerror "the directory, installation has been stopped so you"
eerror "can take required action"
eerror
eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
eerror
openldap_upgrade_howto
die "Please move the datadir ${CURRENT_TAGDIR} away"
fi
fi
einfo
fi
done
[[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
# Now we must check for the major version of sys-libs/db linked against.
SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
| awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
if use berkdb; then
# find which one would be used
for bdb_slot in ${BDB_SLOTS} ; do
NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
[[ -n "${NEWVER}" ]] && break
done
fi
local fail=0
if [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
:
# Nothing wrong here.
elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was not built against"
eerror " any version of sys-libs/db, but the new one will build"
eerror " against ${NEWVER} and your database may be inaccessible."
echo
fail=1
elif [[ -n "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will not be"
eerror " built against any version and your database may be"
eerror " inaccessible."
echo
fail=1
elif [[ "${OLDVER}" != "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will build against"
eerror " ${NEWVER} and your database would be inaccessible."
echo
fail=1
fi
[[ "${fail}" == "1" ]] && openldap_upgrade_howto
fi
echo
einfo
einfo "All datadirs are fine, proceeding with merge now..."
einfo
}
openldap_upgrade_howto() {
local d l i
eerror
eerror "A (possible old) installation of OpenLDAP was detected,"
eerror "installation will not proceed for now."
eerror
eerror "As major version upgrades can corrupt your database,"
eerror "you need to dump your database and re-create it afterwards."
eerror
eerror "Additionally, rebuilding against different major versions of the"
eerror "sys-libs/db libraries will cause your database to be inaccessible."
eerror ""
d="$(date -u +%s)"
l="/root/ldapdump.${d}"
i="${l}.raw"
eerror " 1. /etc/init.d/slapd stop"
eerror " 2. slapcat -l ${i}"
eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
eerror " 5. emerge --update \=net-nds/${PF}"
eerror " 6. etc-update, and ensure that you apply the changes"
eerror " 7. slapadd -l ${l}"
eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
eerror " 9. /etc/init.d/slapd start"
eerror "10. check that your data is intact."
eerror "11. set up the new replication system."
eerror
if [[ "${FORCE_UPGRADE}" != "1" ]]; then
die "You need to upgrade your database first"
else
eerror "You have the magical FORCE_UPGRADE=1 in place."
eerror "Don't say you weren't warned about data loss."
fi
}
pkg_setup() {
if ! use sasl && use cxx ; then
die "To build the ldapc++ library you must emerge openldap with sasl support"
fi
# Bug #322787
if use minimal && ! has_version "net-nds/openldap" ; then
einfo "No datadir scan needed, openldap not installed"
elif use minimal && has_version 'net-nds/openldap[minimal]' ; then
einfo "Skipping scan for previous datadirs as requested by minimal useflag"
else
openldap_find_versiontags
fi
}
src_prepare() {
# ensure correct SLAPI path by default
sed -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
-i include/ldap_defaults.h || die
default
rm -r libraries/liblmdb || die
pushd build &>/dev/null || die "pushd build"
einfo "Making sure upstream build strip does not do stripping too early"
sed -i.orig \
-e '/^STRIP/s,-s,,g' \
top.mk || die "Failed to block stripping"
popd &>/dev/null || die
# wrong assumption that /bin/sh is /bin/bash
sed \
-e 's|/bin/sh|/bin/bash|g' \
-i tests/scripts/* || die "sed failed"
# Required for autoconf-2.70 #765043
sed 's@^AM_INIT_AUTOMAKE.*@AC_PROG_MAKE_SET@' -i configure.in || die
AT_NOEAUTOMAKE=yes eautoreconf
}
build_contrib_module() {
# <dir> <sources> <outputname>
pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
einfo "Compiling contrib-module: $3"
# Make sure it's uppercase
local define_name="$(LC_ALL=C tr '[:lower:]' '[:upper:]' <<< "SLAPD_OVER_${1}")"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-D${define_name}=SLAPD_MOD_DYNAMIC \
-I"${BUILD_DIR}"/include \
-I../../../include -I../../../servers/slapd ${CFLAGS} \
-o ${2%.c}.lo -c $2 || die "compiling $3 failed"
einfo "Linking contrib-module: $3"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o $3.la ${2%.c}.lo || die "linking $3 failed"
popd &>/dev/null || die
}
src_configure() {
# connectionless ldap per bug #342439
append-cppflags -DLDAP_CONNECTIONLESS
multilib-minimal_src_configure
}
multilib_src_configure() {
local myconf=()
use debug && myconf+=( $(use_enable debug) )
# ICU exists only in the configure, nowhere in the codebase, bug #510858
export ac_cv_header_unicode_utypes_h=no ol_cv_lib_icu=no
if ! use minimal && multilib_is_native_abi; then
local CPPFLAGS=${CPPFLAGS}
# re-enable serverside overlay chains per bug #296567
# see ldap docs chaper 12.3.1 for details
myconf+=( --enable-ldap )
# backends
myconf+=( --enable-slapd )
if use berkdb ; then
einfo "Using Berkeley DB for local backend"
myconf+=( --enable-bdb --enable-hdb )
DBINCLUDE=$(db_includedir ${BDB_SLOTS})
einfo "Using ${DBINCLUDE} for sys-libs/db version"
# We need to include the slotted db.h dir for FreeBSD
append-cppflags -I${DBINCLUDE}
else
myconf+=( --disable-bdb --disable-hdb )
fi
for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
myconf+=( --enable-${backend}=mod )
done
myconf+=( $(use_enable perl perl mod) )
myconf+=( $(use_enable odbc sql mod) )
if use odbc ; then
local odbc_lib="unixodbc"
if use iodbc ; then
odbc_lib="iodbc"
append-cppflags -I"${EPREFIX}"/usr/include/iodbc
fi
myconf+=( --with-odbc=${odbc_lib} )
fi
# slapd options
myconf+=(
$(use_enable crypt)
--disable-slp
$(use_enable samba lmpasswd)
$(use_enable syslog)
)
if use experimental ; then
myconf+=(
--enable-dynacl
--enable-aci=mod
)
fi
for option in aci cleartext modules rewrite rlookups slapi; do
myconf+=( --enable-${option} )
done
# slapd overlay options
# Compile-in the syncprov, the others as module
myconf+=( --enable-syncprov=yes )
use overlays && myconf+=( --enable-overlays=mod )
else
myconf+=(
--disable-backends
--disable-slapd
--disable-bdb
--disable-hdb
--disable-mdb
--disable-overlays
--disable-syslog
)
fi
# basic functionality stuff
myconf+=(
$(use_enable ipv6)
$(multilib_native_use_with sasl cyrus-sasl)
$(multilib_native_use_enable sasl spasswd)
$(use_enable tcpd wrappers)
)
# Some cross-compiling tests don't pan out well.
tc-is-cross-compiler && myconf+=(
--with-yielding-select=yes
)
local ssl_lib="no"
if use ssl || ( ! use minimal && use samba ) ; then
ssl_lib="openssl"
use gnutls && ssl_lib="gnutls"
fi
myconf+=( --with-tls=${ssl_lib} )
for basicflag in dynamic local proctitle shared; do
myconf+=( --enable-${basicflag} )
done
tc-export AR CC CXX
CONFIG_SHELL="/bin/sh" \
ECONF_SOURCE="${S}" \
STRIP=/bin/true \
econf \
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
$(use_enable static-libs static) \
"${myconf[@]}"
emake depend
}
src_configure_cxx() {
# This needs the libraries built by the first build run.
# So we have to run it AFTER the main build, not just after the main
# configure.
local myconf_ldapcpp=(
--with-ldap-includes="${S}"/include
)
mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
-L"${BUILD_DIR}"/libraries/libldap/.libs
append-cppflags -I"${BUILD_DIR}"/include
ECONF_SOURCE=${S}/contrib/ldapc++ \
econf "${myconf_ldapcpp[@]}" \
CC="${CC}" \
CXX="${CXX}"
popd &>/dev/null || die
}
multilib_src_compile() {
tc-export AR CC CXX
emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/sh
local lt="${BUILD_DIR}/libtool"
export echo="echo"
if ! use minimal && multilib_is_native_abi ; then
if use cxx ; then
einfo "Building contrib library: ldapc++"
src_configure_cxx
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
emake CC="${CC}" CXX="${CXX}"
popd &>/dev/null || die
fi
if use smbkrb5passwd ; then
einfo "Building contrib-module: smbk5pwd"
pushd "${S}/contrib/slapd-modules/smbk5pwd" &>/dev/null || die "pushd contrib/slapd-modules/smbk5pwd"
MY_DEFS="-DDO_SHADOW"
if use samba ; then
MY_DEFS="${MY_DEFS} -DDO_SAMBA"
MY_KRB5_INC=""
fi
if use kerberos ; then
MY_DEFS="${MY_DEFS} -DDO_KRB5"
MY_KRB5_INC="$(krb5-config --cflags)"
fi
emake \
DEFS="${MY_DEFS}" \
KRB5_INC="${MY_KRB5_INC}" \
LDAP_BUILD="${BUILD_DIR}" \
CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
if use overlays ; then
einfo "Building contrib-module: samba4"
pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4"
emake \
LDAP_BUILD="${BUILD_DIR}" \
CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
if use kerberos ; then
if use kinit ; then
build_contrib_module "kinit" "kinit.c" "kinit"
fi
pushd "${S}/contrib/slapd-modules/passwd" &>/dev/null || die "pushd contrib/slapd-modules/passwd"
einfo "Compiling contrib-module: pw-kerberos"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CFLAGS} \
$(krb5-config --cflags) \
-DHAVE_KRB5 \
-o kerberos.lo \
-c kerberos.c || die "compiling pw-kerberos failed"
einfo "Linking contrib-module: pw-kerberos"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-kerberos.la \
kerberos.lo || die "linking pw-kerberos failed"
popd &>/dev/null || die
fi
if use pbkdf2; then
pushd "${S}/contrib/slapd-modules/passwd/pbkdf2" &>/dev/null || die "pushd contrib/slapd-modules/passwd/pbkdf2"
einfo "Compiling contrib-module: pw-pbkdf2"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../../include \
${CFLAGS} \
-o pbkdf2.lo \
-c pw-pbkdf2.c || die "compiling pw-pbkdf2 failed"
einfo "Linking contrib-module: pw-pbkdf2"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-pbkdf2.la \
pbkdf2.lo || die "linking pw-pbkdf2 failed"
popd &>/dev/null || die
fi
if use sha2 ; then
pushd "${S}/contrib/slapd-modules/passwd/sha2" &>/dev/null || die "pushd contrib/slapd-modules/passwd/sha2"
einfo "Compiling contrib-module: pw-sha2"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../../include \
${CFLAGS} \
-o sha2.lo \
-c sha2.c || die "compiling pw-sha2 failed"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../../include \
${CFLAGS} \
-o slapd-sha2.lo \
-c slapd-sha2.c || die "compiling pw-sha2 failed"
einfo "Linking contrib-module: pw-sha2"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-sha2.la \
sha2.lo slapd-sha2.lo || die "linking pw-sha2 failed"
popd &>/dev/null || die
fi
# We could build pw-radius if GNURadius would install radlib.h
pushd "${S}/contrib/slapd-modules/passwd" &>/dev/null || die "pushd contrib/slapd-modules/passwd"
einfo "Compiling contrib-module: pw-netscape"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CFLAGS} \
-o netscape.lo \
-c netscape.c || die "compiling pw-netscape failed"
einfo "Linking contrib-module: pw-netscape"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-netscape.la \
netscape.lo || die "linking pw-netscape failed"
#build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
#build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
build_contrib_module "allop" "allop.c" "overlay-allop"
build_contrib_module "allowed" "allowed.c" "allowed"
build_contrib_module "autogroup" "autogroup.c" "autogroup"
build_contrib_module "cloak" "cloak.c" "cloak"
# build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
build_contrib_module "denyop" "denyop.c" "denyop-overlay"
build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
build_contrib_module "dupent" "dupent.c" "dupent"
build_contrib_module "lastbind" "lastbind.c" "lastbind"
# lastmod may not play well with other overlays
build_contrib_module "lastmod" "lastmod.c" "lastmod"
build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
#build_contrib_module "nops" "nops.c" "nops-overlay" https://bugs.gentoo.org/641576
#build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
build_contrib_module "trace" "trace.c" "trace"
popd &>/dev/null || die
# build slapi-plugins
pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
einfo "Building contrib-module: addrdnvalues plugin"
"${CC}" -shared \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CFLAGS} \
-fPIC \
${LDFLAGS} \
-o libaddrdnvalues-plugin.so \
addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
popd &>/dev/null || die
fi
}
multilib_src_test() {
if multilib_is_native_abi; then
cd tests || die
emake tests
fi
}
multilib_src_install() {
local lt="${BUILD_DIR}/libtool"
emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
if ! use minimal && multilib_is_native_abi; then
# openldap modules go here
# TODO: write some code to populate slapd.conf with moduleload statements
keepdir /usr/$(get_libdir)/openldap/openldap/
# initial data storage dir
keepdir /var/lib/openldap-data
use prefix || fowners ldap:ldap /var/lib/openldap-data
fperms 0700 /var/lib/openldap-data
echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
# use our config
rm "${ED}"/etc/openldap/slapd.conf
insinto /etc/openldap
newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
configfile="${ED}"/etc/openldap/slapd.conf
# populate with built backends
ebegin "populate config with built backends"
for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
einfo "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
done
sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
use prefix || fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default || die
eend
# install our own init scripts and systemd unit files
einfo "Install init scripts"
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
doinitd "${T}"/slapd
newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
einfo "Install systemd service"
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd.service > "${T}"/slapd.service || die
systemd_dounit "${T}"/slapd.service
systemd_install_serviced "${FILESDIR}"/slapd.service.conf
newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
# If built without SLP, we don't need to be before avahi
sed -i \
-e '/before/{s/avahi-daemon//g}' \
"${ED}"/etc/init.d/slapd \
|| die
if use cxx ; then
einfo "Install the ldapc++ library"
cd "${BUILD_DIR}/contrib/ldapc++" || die
emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
cd "${S}"/contrib/ldapc++ || die
newdoc README ldapc++-README
fi
if use smbkrb5passwd ; then
einfo "Install the smbk5pwd module"
cd "${S}/contrib/slapd-modules/smbk5pwd" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
newdoc README smbk5pwd-README
fi
if use overlays ; then
einfo "Install the samba4 module"
cd "${S}/contrib/slapd-modules/samba4" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="/usr/$(get_libdir)/openldap" install
newdoc README samba4-README
fi
einfo "Installing contrib modules"
cd "${S}/contrib/slapd-modules" || die
for l in */*.la */*/*.la; do
[[ -e ${l} ]] || continue
"${lt}" --mode=install cp ${l} \
"${ED}"/usr/$(get_libdir)/openldap/openldap || \
die "installing ${l} failed"
done
dodoc "${FILESDIR}"/DB_CONFIG.fast.example
docinto contrib
doman */*.5
#newdoc acl/README*
newdoc addpartial/README addpartial-README
newdoc allop/README allop-README
newdoc allowed/README allowed-README
newdoc autogroup/README autogroup-README
newdoc dsaschema/README dsaschema-README
newdoc passwd/README passwd-README
cd "${S}/contrib/slapi-plugins" || die
insinto /usr/$(get_libdir)/openldap/openldap
doins */*.so
docinto contrib
newdoc addrdnvalues/README addrdnvalues-README
insinto /etc/openldap/schema
newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
dosbin "${S}"/contrib/slapd-tools/statslog
newdoc "${S}"/contrib/slapd-tools/README README.statslog
fi
if ! use static-libs ; then
find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die
fi
}
multilib_src_install_all() {
dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
docinto rfc ; dodoc doc/rfc/*.txt
}
pkg_preinst() {
# keep old libs if any
preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
# bug 440470, only display the getting started help there was no openldap before,
# or we are going to a non-minimal build
! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
OPENLDAP_PRINT_MESSAGES=$((! $?))
}
pkg_postinst() {
if ! use minimal ; then
tmpfiles_process slapd.conf
# You cannot build SSL certificates during src_install that will make
# binary packages containing your SSL key, which is both a security risk
# and a misconfiguration if multiple machines use the same key and cert.
if use ssl; then
install_cert /etc/openldap/ssl/ldap
use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.*
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "add 'TLS_REQCERT allow' if you want to use them."
fi
if use prefix; then
# Warn about prefix issues with slapd
eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
eerror "to start up, and requires that certain files directories be owned by"
eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
eerror "directories, you will have to manually fix this yourself."
fi
# These lines force the permissions of various content to be correct
if [[ -d "${EROOT}"/var/run/openldap ]]; then
use prefix || { chown ldap:ldap "${EROOT}"/var/run/openldap || die; }
chmod 0755 "${EROOT}"/var/run/openldap || die
fi
use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default}
chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die
use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data
fi
if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
elog "Getting started using OpenLDAP? There is some documentation available:"
elog "Gentoo Guide to OpenLDAP Authentication"
elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
elog "---"
elog "An example file for tuning BDB backends with openldap is"
elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
fi
preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
}

34
sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.4.58.ebuild → sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.4.59-r2.ebuild vendored
View File

@ -1,9 +1,9 @@
# Copyright 1999-2021 Gentoo Authors
# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit autotools db-use flag-o-matic multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
inherit autotools db-use flag-o-matic multilib multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
BIS_PN=rfc2307bis.schema
BIS_PV=20140524
@ -27,9 +27,9 @@ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~
IUSE_DAEMON="crypt samba tcpd experimental minimal"
IUSE_BACKEND="+berkdb"
IUSE_OVERLAY="overlays perl"
IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 libressl +syslog selinux static-libs test"
IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux static-libs test"
IUSE_CONTRIB="smbkrb5passwd kerberos kinit pbkdf2 sha2"
IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
RESTRICT="!test? ( test )"
@ -42,7 +42,7 @@ REQUIRED_USE="cxx? ( sasl )
# Do not add any AGPL-3 BDB here!
# See bug 525110, comment 15.
# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build.
BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 5.1 4.8 4.7 4.6 4.5 4.4}"
BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 4.8}"
BDB_PKGS=''
for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
@ -50,8 +50,7 @@ for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
COMMON_DEPEND="
ssl? (
!gnutls? (
!libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
libressl? ( dev-libs/libressl:0=[${MULTILIB_USEDEP}] )
>=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
)
gnutls? (
>=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
@ -61,23 +60,22 @@ COMMON_DEPEND="
sasl? ( dev-libs/cyrus-sasl:= )
!minimal? (
dev-libs/libltdl
sys-libs/e2fsprogs-libs
sys-fs/e2fsprogs
>=dev-db/lmdb-0.9.18:=
crypt? ( virtual/libcrypt:= )
tcpd? ( sys-apps/tcp-wrappers )
odbc? ( !iodbc? ( dev-db/unixODBC )
iodbc? ( dev-db/libiodbc ) )
perl? ( dev-lang/perl:=[-build(-)] )
samba? (
!libressl? ( dev-libs/openssl:0= )
libressl? ( dev-libs/libressl:0= )
dev-libs/openssl:0=
)
berkdb? (
<sys-libs/db-6.0:=
|| ( ${BDB_PKGS} )
)
smbkrb5passwd? (
!libressl? ( dev-libs/openssl:0= )
libressl? ( dev-libs/libressl:0= )
dev-libs/openssl:0=
kerberos? ( app-crypt/heimdal )
)
kerberos? (
@ -96,14 +94,13 @@ RDEPEND="${COMMON_DEPEND}
# The user/group are only used for running daemons which are
# disabled in minimal builds, so elide the accounts too.
# for tracking versions
BDEPEND="!minimal? (
acct-group/ldap
acct-user/ldap
)
"
# for tracking versions
OPENLDAP_VERSIONTAG=".version-tag"
OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
@ -177,9 +174,6 @@ PATCHES=(
# unbundle lmdb
"${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch
# bug #622464
"${FILESDIR}"/${PN}-2.4.47-libressl.patch
# fix some compiler warnings
"${FILESDIR}"/${PN}-2.4.47-warnings.patch
)
@ -825,13 +819,13 @@ multilib_src_install() {
#newdoc acl/README*
newdoc addpartial/README addpartial-README
newdoc allop/README allop-README
newdoc allowed/README allowed-README
newdoc allowed/README allowed-README
newdoc autogroup/README autogroup-README
newdoc dsaschema/README dsaschema-README
newdoc passwd/README passwd-README
cd "${S}/contrib/slapi-plugins" || die
insinto /usr/$(get_libdir)/openldap/openldap
doins */*.so
doins */*.so
docinto contrib
newdoc addrdnvalues/README addrdnvalues-README
@ -867,6 +861,8 @@ pkg_preinst() {
pkg_postinst() {
if ! use minimal ; then
tmpfiles_process slapd.conf
# You cannot build SSL certificates during src_install that will make
# binary packages containing your SSL key, which is both a security risk
# and a misconfiguration if multiple machines use the same key and cert.

837
sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.5.4-r1.ebuild vendored Normal file
View File

@ -0,0 +1,837 @@
# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit autotools flag-o-matic multilib multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
BIS_PN=rfc2307bis.schema
BIS_PV=20140524
BIS_P="${BIS_PN}-${BIS_PV}"
DESCRIPTION="LDAP suite of application and development tools"
HOMEPAGE="https://www.OpenLDAP.org/"
# upstream mirrors are mostly not working, using canonical URI
SRC_URI="
https://openldap.org/software/download/OpenLDAP/openldap-release/${P}.tgz
http://gpl.savoirfairelinux.net/pub/mirrors/openldap/openldap-release/${P}.tgz
http://repository.linagora.org/OpenLDAP/openldap-release/${P}.tgz
http://mirror.eu.oneandone.net/software/openldap/openldap-release/${P}.tgz
mirror://gentoo/${BIS_P}"
LICENSE="OPENLDAP GPL-2"
SLOT="0"
KEYWORDS=""
IUSE_DAEMON="crypt samba tcpd experimental minimal"
IUSE_OVERLAY="overlays perl"
IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux static-libs test"
IUSE_CONTRIB="smbkrb5passwd kerberos kinit pbkdf2 sha2"
IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
RESTRICT="!test? ( test )"
REQUIRED_USE="cxx? ( sasl )
pbkdf2? ( ssl )
?? ( test minimal )"
# always list newer first
# Do not add any AGPL-3 BDB here!
# See bug 525110, comment 15.
# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build.
BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 4.8}"
BDB_PKGS=''
for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
# openssl is needed to generate lanman-passwords required by samba
COMMON_DEPEND="
ssl? (
!gnutls? (
>=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
)
gnutls? (
>=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
>=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}]
)
)
sasl? ( dev-libs/cyrus-sasl:= )
!minimal? (
dev-libs/libltdl
sys-fs/e2fsprogs
>=dev-db/lmdb-0.9.18:=
crypt? ( virtual/libcrypt:= )
tcpd? ( sys-apps/tcp-wrappers )
odbc? ( !iodbc? ( dev-db/unixODBC )
iodbc? ( dev-db/libiodbc ) )
perl? ( dev-lang/perl:=[-build(-)] )
samba? (
dev-libs/openssl:0=
)
smbkrb5passwd? (
dev-libs/openssl:0=
kerberos? ( app-crypt/heimdal )
)
kerberos? (
virtual/krb5
kinit? ( !app-crypt/heimdal )
)
cxx? ( dev-libs/cyrus-sasl:= )
)
"
DEPEND="${COMMON_DEPEND}
sys-apps/groff
"
RDEPEND="${COMMON_DEPEND}
selinux? ( sec-policy/selinux-ldap )
"
# The user/group are only used for running daemons which are
# disabled in minimal builds, so elide the accounts too.
BDEPEND="!minimal? (
acct-group/ldap
acct-user/ldap
)
"
# for tracking versions
OPENLDAP_VERSIONTAG=".version-tag"
OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
MULTILIB_WRAPPED_HEADERS=(
# USE=cxx
/usr/include/LDAPAsynConnection.h
/usr/include/LDAPAttrType.h
/usr/include/LDAPAttribute.h
/usr/include/LDAPAttributeList.h
/usr/include/LDAPConnection.h
/usr/include/LDAPConstraints.h
/usr/include/LDAPControl.h
/usr/include/LDAPControlSet.h
/usr/include/LDAPEntry.h
/usr/include/LDAPEntryList.h
/usr/include/LDAPException.h
/usr/include/LDAPExtResult.h
/usr/include/LDAPMessage.h
/usr/include/LDAPMessageQueue.h
/usr/include/LDAPModList.h
/usr/include/LDAPModification.h
/usr/include/LDAPObjClass.h
/usr/include/LDAPRebind.h
/usr/include/LDAPRebindAuth.h
/usr/include/LDAPReferenceList.h
/usr/include/LDAPResult.h
/usr/include/LDAPSaslBindResult.h
/usr/include/LDAPSchema.h
/usr/include/LDAPSearchReference.h
/usr/include/LDAPSearchResult.h
/usr/include/LDAPSearchResults.h
/usr/include/LDAPUrl.h
/usr/include/LDAPUrlList.h
/usr/include/LdifReader.h
/usr/include/LdifWriter.h
/usr/include/SaslInteraction.h
/usr/include/SaslInteractionHandler.h
/usr/include/StringList.h
/usr/include/TlsOptions.h
)
openldap_filecount() {
local dir="$1"
find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
}
openldap_find_versiontags() {
# scan for all datadirs
local openldap_datadirs=()
if [[ -f "${EROOT}"/etc/openldap/slapd.conf ]]; then
openldap_datadirs=( $(awk '{if($1 == "directory") print $2 }' "${EROOT}"/etc/openldap/slapd.conf) )
fi
openldap_datadirs+=( ${OPENLDAP_DEFAULTDIR_VERSIONTAG} )
einfo
einfo "Scanning datadir(s) from slapd.conf and"
einfo "the default installdir for Versiontags"
einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
einfo
# scan datadirs if we have a version tag
openldap_found_tag=0
have_files=0
for each in ${openldap_datadirs[@]} ; do
CURRENT_TAGDIR="${ROOT}$(sed "s:\/::" <<< ${each})"
CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
einfo "- Checking ${each}..."
if [[ -r "${CURRENT_TAG}" ]] ; then
# yey, we have one :)
einfo " Found Versiontag in ${each}"
source "${CURRENT_TAG}"
if [[ "${OLDPF}" == "" ]] ; then
eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
eerror "Please delete it"
eerror
die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
fi
OLD_MAJOR=$(ver_cut 2-3 ${OLDPF})
[[ "$(openldap_filecount ${CURRENT_TAGDIR})" -gt 0 ]] && have_files=1
# are we on the same branch?
if [[ "${OLD_MAJOR}" != "${PV:0:3}" ]] ; then
ewarn " Versiontag doesn't match current major release!"
if [[ "${have_files}" == "1" ]] ; then
eerror " Versiontag says other major and you (probably) have datafiles!"
echo
openldap_upgrade_howto
else
einfo " No real problem, seems there's no database."
fi
else
einfo " Versiontag is fine here :)"
fi
else
einfo " Non-tagged dir ${each}"
[[ "$(openldap_filecount ${each})" -gt 0 ]] && have_files=1
if [[ "${have_files}" == "1" ]] ; then
einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
echo
eerror
eerror "Your OpenLDAP Installation has a non tagged datadir that"
eerror "possibly contains a database at ${CURRENT_TAGDIR}"
eerror
eerror "Please export data if any entered and empty or remove"
eerror "the directory, installation has been stopped so you"
eerror "can take required action"
eerror
eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
eerror
openldap_upgrade_howto
die "Please move the datadir ${CURRENT_TAGDIR} away"
fi
fi
einfo
fi
done
[[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
# Now we must check for the major version of sys-libs/db linked against.
SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
| awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
local fail=0
if [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
:
# Nothing wrong here.
elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was not built against"
eerror " any version of sys-libs/db, but the new one will build"
eerror " against ${NEWVER} and your database may be inaccessible."
echo
fail=1
elif [[ -n "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will not be"
eerror " built against any version and your database may be"
eerror " inaccessible."
echo
fail=1
elif [[ "${OLDVER}" != "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will build against"
eerror " ${NEWVER} and your database would be inaccessible."
echo
fail=1
fi
[[ "${fail}" == "1" ]] && openldap_upgrade_howto
fi
echo
einfo
einfo "All datadirs are fine, proceeding with merge now..."
einfo
}
openldap_upgrade_howto() {
local d l i
eerror
eerror "A (possible old) installation of OpenLDAP was detected,"
eerror "installation will not proceed for now."
eerror
eerror "As major version upgrades can corrupt your database,"
eerror "you need to dump your database and re-create it afterwards."
eerror
eerror "Additionally, rebuilding against different major versions of the"
eerror "sys-libs/db libraries will cause your database to be inaccessible."
eerror ""
d="$(date -u +%s)"
l="/root/ldapdump.${d}"
i="${l}.raw"
eerror " 1. /etc/init.d/slapd stop"
eerror " 2. slapcat -l ${i}"
eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
eerror " 5. emerge --update \=net-nds/${PF}"
eerror " 6. etc-update, and ensure that you apply the changes"
eerror " 7. slapadd -l ${l}"
eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
eerror " 9. /etc/init.d/slapd start"
eerror "10. check that your data is intact."
eerror "11. set up the new replication system."
eerror
if [[ "${FORCE_UPGRADE}" != "1" ]]; then
die "You need to upgrade your database first"
else
eerror "You have the magical FORCE_UPGRADE=1 in place."
eerror "Don't say you weren't warned about data loss."
fi
}
pkg_setup() {
if ! use sasl && use cxx ; then
die "To build the ldapc++ library you must emerge openldap with sasl support"
fi
# Bug #322787
if use minimal && ! has_version "net-nds/openldap" ; then
einfo "No datadir scan needed, openldap not installed"
elif use minimal && has_version 'net-nds/openldap[minimal]' ; then
einfo "Skipping scan for previous datadirs as requested by minimal useflag"
else
openldap_find_versiontags
fi
}
src_prepare() {
# ensure correct SLAPI path by default
sed -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
-i include/ldap_defaults.h || die
default
rm -r libraries/liblmdb || die
pushd build &>/dev/null || die "pushd build"
einfo "Making sure upstream build strip does not do stripping too early"
sed -i.orig \
-e '/^STRIP/s,-s,,g' \
top.mk || die "Failed to block stripping"
popd &>/dev/null || die
AT_NOEAUTOMAKE=yes eautoreconf
}
build_contrib_module() {
# <dir> <sources> <outputname>
pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
einfo "Compiling contrib-module: $3"
# Make sure it's uppercase
local define_name="$(LC_ALL=C tr '[:lower:]' '[:upper:]' <<< "SLAPD_OVER_${1}")"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-D${define_name}=SLAPD_MOD_DYNAMIC \
-I"${BUILD_DIR}"/include \
-I../../../include -I../../../servers/slapd ${CFLAGS} \
-o ${2%.c}.lo -c $2 || die "compiling $3 failed"
einfo "Linking contrib-module: $3"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o $3.la ${2%.c}.lo || die "linking $3 failed"
popd &>/dev/null || die
}
src_configure() {
# connectionless ldap per bug #342439
append-cppflags -DLDAP_CONNECTIONLESS
multilib-minimal_src_configure
}
multilib_src_configure() {
local myconf=()
use debug && myconf+=( $(use_enable debug) )
# ICU exists only in the configure, nowhere in the codebase, bug #510858
export ac_cv_header_unicode_utypes_h=no ol_cv_lib_icu=no
if ! use minimal && multilib_is_native_abi; then
local CPPFLAGS=${CPPFLAGS}
# re-enable serverside overlay chains per bug #296567
# see ldap docs chaper 12.3.1 for details
myconf+=( --enable-ldap )
# backends
myconf+=( --enable-slapd )
for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
myconf+=( --enable-${backend}=mod )
done
myconf+=( $(use_enable perl perl mod) )
myconf+=( $(use_enable odbc sql mod) )
if use odbc ; then
local odbc_lib="unixodbc"
if use iodbc ; then
odbc_lib="iodbc"
append-cppflags -I"${EPREFIX}"/usr/include/iodbc
fi
myconf+=( --with-odbc=${odbc_lib} )
fi
# slapd options
myconf+=(
$(use_enable crypt)
--disable-slp
$(use_enable samba lmpasswd)
$(use_enable syslog)
)
if use experimental ; then
myconf+=(
--enable-dynacl
--enable-aci=mod
)
fi
for option in aci cleartext modules rewrite rlookups slapi; do
myconf+=( --enable-${option} )
done
# slapd overlay options
# Compile-in the syncprov, the others as module
myconf+=( --enable-syncprov=yes )
use overlays && myconf+=( --enable-overlays=mod )
else
myconf+=(
--disable-backends
--disable-slapd
--disable-mdb
--disable-overlays
--disable-syslog
)
fi
# basic functionality stuff
myconf+=(
$(use_enable ipv6)
$(multilib_native_use_with sasl cyrus-sasl)
$(multilib_native_use_enable sasl spasswd)
$(use_enable tcpd wrappers)
)
# Some cross-compiling tests don't pan out well.
tc-is-cross-compiler && myconf+=(
--with-yielding-select=yes
)
local ssl_lib="no"
if use ssl || ( ! use minimal && use samba ) ; then
ssl_lib="openssl"
use gnutls && ssl_lib="gnutls"
fi
myconf+=( --with-tls=${ssl_lib} )
for basicflag in dynamic local shared; do
myconf+=( --enable-${basicflag} )
done
tc-export AR CC CXX
CONFIG_SHELL="/bin/sh" \
ECONF_SOURCE="${S}" \
STRIP=/bin/true \
econf \
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
$(use_enable static-libs static) \
"${myconf[@]}"
emake depend
}
src_configure_cxx() {
# This needs the libraries built by the first build run.
# So we have to run it AFTER the main build, not just after the main
# configure.
local myconf_ldapcpp=(
--with-ldap-includes="${S}"/include
)
mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
-L"${BUILD_DIR}"/libraries/libldap/.libs
append-cppflags -I"${BUILD_DIR}"/include
ECONF_SOURCE=${S}/contrib/ldapc++ \
econf "${myconf_ldapcpp[@]}" \
CC="${CC}" \
CXX="${CXX}"
popd &>/dev/null || die
}
multilib_src_compile() {
tc-export AR CC CXX
emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/sh
local lt="${BUILD_DIR}/libtool"
export echo="echo"
if ! use minimal && multilib_is_native_abi ; then
if use cxx ; then
einfo "Building contrib library: ldapc++"
src_configure_cxx
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
emake CC="${CC}" CXX="${CXX}"
popd &>/dev/null || die
fi
if use smbkrb5passwd ; then
einfo "Building contrib-module: smbk5pwd"
pushd "${S}/contrib/slapd-modules/smbk5pwd" &>/dev/null || die "pushd contrib/slapd-modules/smbk5pwd"
MY_DEFS="-DDO_SHADOW"
if use samba ; then
MY_DEFS="${MY_DEFS} -DDO_SAMBA"
MY_KRB5_INC=""
fi
if use kerberos ; then
MY_DEFS="${MY_DEFS} -DDO_KRB5"
MY_KRB5_INC="$(krb5-config --cflags)"
fi
emake \
DEFS="${MY_DEFS}" \
KRB5_INC="${MY_KRB5_INC}" \
LDAP_BUILD="${BUILD_DIR}" \
CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
if use overlays ; then
einfo "Building contrib-module: samba4"
pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4"
emake \
LDAP_BUILD="${BUILD_DIR}" \
CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
if use kerberos ; then
if use kinit ; then
build_contrib_module "kinit" "kinit.c" "kinit"
fi
pushd "${S}/contrib/slapd-modules/passwd" &>/dev/null || die "pushd contrib/slapd-modules/passwd"
einfo "Compiling contrib-module: pw-kerberos"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CFLAGS} \
$(krb5-config --cflags) \
-DHAVE_KRB5 \
-o kerberos.lo \
-c kerberos.c || die "compiling pw-kerberos failed"
einfo "Linking contrib-module: pw-kerberos"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-kerberos.la \
kerberos.lo || die "linking pw-kerberos failed"
popd &>/dev/null || die
fi
if use pbkdf2; then
pushd "${S}/contrib/slapd-modules/passwd/pbkdf2" &>/dev/null || die "pushd contrib/slapd-modules/passwd/pbkdf2"
einfo "Compiling contrib-module: pw-pbkdf2"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../../include \
${CFLAGS} \
-o pbkdf2.lo \
-c pw-pbkdf2.c || die "compiling pw-pbkdf2 failed"
einfo "Linking contrib-module: pw-pbkdf2"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-pbkdf2.la \
pbkdf2.lo || die "linking pw-pbkdf2 failed"
popd &>/dev/null || die
fi
if use sha2 ; then
pushd "${S}/contrib/slapd-modules/passwd/sha2" &>/dev/null || die "pushd contrib/slapd-modules/passwd/sha2"
einfo "Compiling contrib-module: pw-sha2"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../../include \
${CFLAGS} \
-o sha2.lo \
-c sha2.c || die "compiling pw-sha2 failed"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../../include \
${CFLAGS} \
-o slapd-sha2.lo \
-c slapd-sha2.c || die "compiling pw-sha2 failed"
einfo "Linking contrib-module: pw-sha2"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-sha2.la \
sha2.lo slapd-sha2.lo || die "linking pw-sha2 failed"
popd &>/dev/null || die
fi
# We could build pw-radius if GNURadius would install radlib.h
pushd "${S}/contrib/slapd-modules/passwd" &>/dev/null || die "pushd contrib/slapd-modules/passwd"
einfo "Compiling contrib-module: pw-netscape"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CFLAGS} \
-o netscape.lo \
-c netscape.c || die "compiling pw-netscape failed"
einfo "Linking contrib-module: pw-netscape"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-netscape.la \
netscape.lo || die "linking pw-netscape failed"
#build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
#build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
build_contrib_module "allop" "allop.c" "overlay-allop"
build_contrib_module "allowed" "allowed.c" "allowed"
build_contrib_module "autogroup" "autogroup.c" "autogroup"
build_contrib_module "cloak" "cloak.c" "cloak"
# build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
build_contrib_module "denyop" "denyop.c" "denyop-overlay"
build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
build_contrib_module "dupent" "dupent.c" "dupent"
build_contrib_module "lastbind" "lastbind.c" "lastbind"
# lastmod may not play well with other overlays
build_contrib_module "lastmod" "lastmod.c" "lastmod"
build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
#build_contrib_module "nops" "nops.c" "nops-overlay" https://bugs.gentoo.org/641576
#build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
build_contrib_module "trace" "trace.c" "trace"
popd &>/dev/null || die
# build slapi-plugins
pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
einfo "Building contrib-module: addrdnvalues plugin"
"${CC}" -shared \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CFLAGS} \
-fPIC \
${LDFLAGS} \
-o libaddrdnvalues-plugin.so \
addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
popd &>/dev/null || die
fi
}
multilib_src_test() {
if multilib_is_native_abi; then
cd tests || die
emake tests
fi
}
multilib_src_install() {
local lt="${BUILD_DIR}/libtool"
emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
if ! use minimal && multilib_is_native_abi; then
# openldap modules go here
# TODO: write some code to populate slapd.conf with moduleload statements
keepdir /usr/$(get_libdir)/openldap/openldap/
# initial data storage dir
keepdir /var/lib/openldap-data
use prefix || fowners ldap:ldap /var/lib/openldap-data
fperms 0700 /var/lib/openldap-data
echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
# use our config
rm "${ED}"/etc/openldap/slapd.conf
insinto /etc/openldap
newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
configfile="${ED}"/etc/openldap/slapd.conf
# populate with built backends
ebegin "populate config with built backends"
for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
einfo "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
done
sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
use prefix || fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default || die
eend
# install our own init scripts and systemd unit files
einfo "Install init scripts"
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
doinitd "${T}"/slapd
newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
einfo "Install systemd service"
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd.service > "${T}"/slapd.service || die
systemd_dounit "${T}"/slapd.service
systemd_install_serviced "${FILESDIR}"/slapd.service.conf
newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
# If built without SLP, we don't need to be before avahi
sed -i \
-e '/before/{s/avahi-daemon//g}' \
"${ED}"/etc/init.d/slapd \
|| die
if use cxx ; then
einfo "Install the ldapc++ library"
cd "${BUILD_DIR}/contrib/ldapc++" || die
emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
cd "${S}"/contrib/ldapc++ || die
newdoc README ldapc++-README
fi
if use smbkrb5passwd ; then
einfo "Install the smbk5pwd module"
cd "${S}/contrib/slapd-modules/smbk5pwd" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
newdoc README smbk5pwd-README
fi
if use overlays ; then
einfo "Install the samba4 module"
cd "${S}/contrib/slapd-modules/samba4" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="/usr/$(get_libdir)/openldap" install
newdoc README samba4-README
fi
einfo "Installing contrib modules"
cd "${S}/contrib/slapd-modules" || die
for l in */*.la */*/*.la; do
[[ -e ${l} ]] || continue
"${lt}" --mode=install cp ${l} \
"${ED}"/usr/$(get_libdir)/openldap/openldap || \
die "installing ${l} failed"
done
dodoc "${FILESDIR}"/DB_CONFIG.fast.example
docinto contrib
doman */*.5
#newdoc acl/README*
newdoc addpartial/README addpartial-README
newdoc allop/README allop-README
newdoc allowed/README allowed-README
newdoc autogroup/README autogroup-README
newdoc dsaschema/README dsaschema-README
newdoc passwd/README passwd-README
cd "${S}/contrib/slapi-plugins" || die
insinto /usr/$(get_libdir)/openldap/openldap
doins */*.so
docinto contrib
newdoc addrdnvalues/README addrdnvalues-README
insinto /etc/openldap/schema
newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
dosbin "${S}"/contrib/slapd-tools/statslog
newdoc "${S}"/contrib/slapd-tools/README README.statslog
fi
if ! use static-libs ; then
find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die
fi
}
multilib_src_install_all() {
dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
docinto rfc ; dodoc doc/rfc/*.txt
}
pkg_preinst() {
# keep old libs if any
preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
# bug 440470, only display the getting started help there was no openldap before,
# or we are going to a non-minimal build
! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
OPENLDAP_PRINT_MESSAGES=$((! $?))
}
pkg_postinst() {
if ! use minimal ; then
tmpfiles_process slapd.conf
# You cannot build SSL certificates during src_install that will make
# binary packages containing your SSL key, which is both a security risk
# and a misconfiguration if multiple machines use the same key and cert.
if use ssl; then
install_cert /etc/openldap/ssl/ldap
use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.*
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "add 'TLS_REQCERT allow' if you want to use them."
fi
if use prefix; then
# Warn about prefix issues with slapd
eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
eerror "to start up, and requires that certain files directories be owned by"
eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
eerror "directories, you will have to manually fix this yourself."
fi
# These lines force the permissions of various content to be correct
if [[ -d "${EROOT}"/var/run/openldap ]]; then
use prefix || { chown ldap:ldap "${EROOT}"/var/run/openldap || die; }
chmod 0755 "${EROOT}"/var/run/openldap || die
fi
use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default}
chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die
use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data
fi
if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
elog "Getting started using OpenLDAP? There is some documentation available:"
elog "Gentoo Guide to OpenLDAP Authentication"
elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
elog "---"
elog "An example file for tuning BDB backends with openldap is"
elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
fi
preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
}

799
sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.6.1-r1.ebuild vendored Normal file
View File

@ -0,0 +1,799 @@
# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit autotools flag-o-matic multilib multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
MY_PV="$(ver_rs 1-2 _)"
BIS_PN=rfc2307bis.schema
BIS_PV=20140524
BIS_P="${BIS_PN}-${BIS_PV}"
DESCRIPTION="LDAP suite of application and development tools"
HOMEPAGE="https://www.OpenLDAP.org/"
SRC_URI="
https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.gz
mirror://gentoo/${BIS_P}"
LICENSE="OPENLDAP GPL-2"
# Subslot added for bug #835654
SLOT="0/$(ver_cut 1-2)"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-solaris"
IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd"
IUSE_OVERLAY="overlays perl autoca"
IUSE_OPTIONAL="debug gnutls iodbc ipv6 odbc sasl ssl selinux static-libs +syslog test"
IUSE_CONTRIB="kerberos kinit pbkdf2 sha2 smbkrb5passwd"
IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
IUSE="systemd ${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
RESTRICT="!test? ( test )"
RESTRICT="!test? ( test )"
REQUIRED_USE="cxx? ( sasl )
pbkdf2? ( ssl )
test? ( cleartext sasl )
autoca? ( !gnutls )
?? ( test minimal )"
S=${WORKDIR}/${PN}-OPENLDAP_REL_ENG_${MY_PV}
# openssl is needed to generate lanman-passwords required by samba
COMMON_DEPEND="
kernel_linux? ( sys-apps/util-linux )
ssl? (
!gnutls? (
>=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
)
gnutls? (
>=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
>=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}]
)
)
sasl? ( dev-libs/cyrus-sasl:= )
!minimal? (
dev-libs/libltdl
sys-fs/e2fsprogs
>=dev-db/lmdb-0.9.18:=
argon2? ( app-crypt/argon2:= )
crypt? ( virtual/libcrypt:= )
tcpd? ( sys-apps/tcp-wrappers )
odbc? ( !iodbc? ( dev-db/unixODBC )
iodbc? ( dev-db/libiodbc ) )
perl? ( dev-lang/perl:=[-build(-)] )
samba? (
dev-libs/openssl:0=
)
smbkrb5passwd? (
dev-libs/openssl:0=
kerberos? ( app-crypt/heimdal )
)
kerberos? (
virtual/krb5
kinit? ( !app-crypt/heimdal )
)
)
"
DEPEND="${COMMON_DEPEND}
sys-apps/groff
"
RDEPEND="${COMMON_DEPEND}
selinux? ( sec-policy/selinux-ldap )
"
# The user/group are only used for running daemons which are
# disabled in minimal builds, so elide the accounts too.
BDEPEND="!minimal? (
acct-group/ldap
acct-user/ldap
)
"
# for tracking versions
OPENLDAP_VERSIONTAG=".version-tag"
OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
MULTILIB_WRAPPED_HEADERS=(
# USE=cxx
/usr/include/LDAPAsynConnection.h
/usr/include/LDAPAttrType.h
/usr/include/LDAPAttribute.h
/usr/include/LDAPAttributeList.h
/usr/include/LDAPConnection.h
/usr/include/LDAPConstraints.h
/usr/include/LDAPControl.h
/usr/include/LDAPControlSet.h
/usr/include/LDAPEntry.h
/usr/include/LDAPEntryList.h
/usr/include/LDAPException.h
/usr/include/LDAPExtResult.h
/usr/include/LDAPMessage.h
/usr/include/LDAPMessageQueue.h
/usr/include/LDAPModList.h
/usr/include/LDAPModification.h
/usr/include/LDAPObjClass.h
/usr/include/LDAPRebind.h
/usr/include/LDAPRebindAuth.h
/usr/include/LDAPReferenceList.h
/usr/include/LDAPResult.h
/usr/include/LDAPSaslBindResult.h
/usr/include/LDAPSchema.h
/usr/include/LDAPSearchReference.h
/usr/include/LDAPSearchResult.h
/usr/include/LDAPSearchResults.h
/usr/include/LDAPUrl.h
/usr/include/LDAPUrlList.h
/usr/include/LdifReader.h
/usr/include/LdifWriter.h
/usr/include/SaslInteraction.h
/usr/include/SaslInteractionHandler.h
/usr/include/StringList.h
/usr/include/TlsOptions.h
)
PATCHES=(
"${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
"${FILESDIR}"/${PN}-2.6.1-system-mdb.patch
"${FILESDIR}"/${PN}-2.6.1-cloak.patch
"${FILESDIR}"/${PN}-2.6.1-flags.patch
"${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch
"${FILESDIR}"/${PN}-2.6.1-make-flags.patch
"${FILESDIR}"/${PN}-2.6.1-fix-bashism-configure.patch
)
openldap_filecount() {
local dir="$1"
find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
}
openldap_find_versiontags() {
# scan for all datadirs
local openldap_datadirs=()
if [[ -f "${EROOT}"/etc/openldap/slapd.conf ]]; then
openldap_datadirs=( $(awk '{if($1 == "directory") print $2 }' "${EROOT}"/etc/openldap/slapd.conf) )
fi
openldap_datadirs+=( ${OPENLDAP_DEFAULTDIR_VERSIONTAG} )
einfo
einfo "Scanning datadir(s) from slapd.conf and"
einfo "the default installdir for Versiontags"
einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
einfo
# scan datadirs if we have a version tag
openldap_found_tag=0
have_files=0
for each in ${openldap_datadirs[@]} ; do
CURRENT_TAGDIR="${ROOT}$(sed "s:\/::" <<< ${each})"
CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
einfo "- Checking ${each}..."
if [[ -r "${CURRENT_TAG}" ]] ; then
# yey, we have one :)
einfo " Found Versiontag in ${each}"
source "${CURRENT_TAG}"
if [[ "${OLDPF}" == "" ]] ; then
eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
eerror "Please delete it"
eerror
die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
fi
OLD_MAJOR=$(ver_cut 2-3 ${OLDPF})
[[ "$(openldap_filecount ${CURRENT_TAGDIR})" -gt 0 ]] && have_files=1
# are we on the same branch?
if [[ "${OLD_MAJOR}" != "${PV:0:3}" ]] ; then
ewarn " Versiontag doesn't match current major release!"
if [[ "${have_files}" == "1" ]] ; then
eerror " Versiontag says other major and you (probably) have datafiles!"
echo
openldap_upgrade_howto
else
einfo " No real problem, seems there's no database."
fi
else
einfo " Versiontag is fine here :)"
fi
else
einfo " Non-tagged dir ${each}"
[[ "$(openldap_filecount ${each})" -gt 0 ]] && have_files=1
if [[ "${have_files}" == "1" ]] ; then
einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
echo
eerror
eerror "Your OpenLDAP Installation has a non tagged datadir that"
eerror "possibly contains a database at ${CURRENT_TAGDIR}"
eerror
eerror "Please export data if any entered and empty or remove"
eerror "the directory, installation has been stopped so you"
eerror "can take required action"
eerror
eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
eerror
openldap_upgrade_howto
die "Please move the datadir ${CURRENT_TAGDIR} away"
fi
fi
einfo
fi
done
[[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
# Now we must check for the major version of sys-libs/db linked against.
# TODO: remove this as we dropped bdb support (gone upstream) in 2.6.1?
SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
| awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
local fail=0
if [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
:
# Nothing wrong here.
elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was not built against"
eerror " any version of sys-libs/db, but the new one will build"
eerror " against ${NEWVER} and your database may be inaccessible."
echo
fail=1
elif [[ -n "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will not be"
eerror " built against any version and your database may be"
eerror " inaccessible."
echo
fail=1
elif [[ "${OLDVER}" != "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will build against"
eerror " ${NEWVER} and your database would be inaccessible."
echo
fail=1
fi
[[ "${fail}" == "1" ]] && openldap_upgrade_howto
fi
echo
einfo
einfo "All datadirs are fine, proceeding with merge now..."
einfo
}
openldap_upgrade_howto() {
local d l i
eerror
eerror "A (possible old) installation of OpenLDAP was detected,"
eerror "installation will not proceed for now."
eerror
eerror "As major version upgrades can corrupt your database,"
eerror "you need to dump your database and re-create it afterwards."
eerror
eerror "Additionally, rebuilding against different major versions of the"
eerror "sys-libs/db libraries will cause your database to be inaccessible."
eerror ""
d="$(date -u +%s)"
l="/root/ldapdump.${d}"
i="${l}.raw"
eerror " 1. /etc/init.d/slapd stop"
eerror " 2. slapcat -l ${i}"
eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
eerror " 5. emerge --update \=net-nds/${PF}"
eerror " 6. etc-update, and ensure that you apply the changes"
eerror " 7. slapadd -l ${l}"
eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
eerror " 9. /etc/init.d/slapd start"
eerror "10. check that your data is intact."
eerror "11. set up the new replication system."
eerror
if [[ "${FORCE_UPGRADE}" != "1" ]]; then
die "You need to upgrade your database first"
else
eerror "You have the magical FORCE_UPGRADE=1 in place."
eerror "Don't say you weren't warned about data loss."
fi
}
pkg_setup() {
if ! use sasl && use cxx ; then
die "To build the ldapc++ library you must emerge openldap with sasl support"
fi
# Bug #322787
if use minimal && ! has_version "net-nds/openldap" ; then
einfo "No datadir scan needed, openldap not installed"
elif use minimal && has_version 'net-nds/openldap[minimal]' ; then
einfo "Skipping scan for previous datadirs as requested by minimal useflag"
else
openldap_find_versiontags
fi
}
src_prepare() {
rm -r libraries/liblmdb || die 'could not removed bundled lmdb directory'
for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do
iconv -f iso-8859-1 -t utf-8 "$filename" > "$filename.utf8"
mv "$filename.utf8" "$filename"
done
default
sed -i \
-e "s:\$(localstatedir)/run:${EPREFIX}/run:" \
servers/slapd/Makefile.in || die 'adjusting slapd Makefile.in failed'
pushd build &>/dev/null || die "pushd build"
einfo "Making sure upstream build strip does not do stripping too early"
sed -i.orig \
-e '/^STRIP/s,-s,,g' \
top.mk || die "Failed to remove to early stripping"
popd &>/dev/null || die
eautoreconf
multilib_copy_sources
}
build_contrib_module() {
# <dir> [<target>]
pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
einfo "Compiling contrib-module: $1"
local target="${2:-all}"
emake \
LDAP_BUILD="${BUILD_DIR}" prefix="${EPREFIX}/usr" \
CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \
"$target"
popd &>/dev/null || die
}
multilib_src_configure() {
# Optional Features
myconf+=(
--enable-option-checking
$(use_enable debug)
--enable-dynamic
$(use_enable syslog)
$(use_enable ipv6)
--enable-local
)
# Optional Packages
myconf+=(
--without-fetch
)
if ! use minimal && multilib_is_native_abi; then
# SLAPD (Standalone LDAP Daemon) Options
# overlay chaining requires '--enable-ldap' #296567
# see https://www.openldap.org/doc/admin26/overlays.html#Chaining
myconf+=(
--enable-ldap=yes
--enable-slapd
$(use_enable cleartext)
$(use_enable crypt)
$(multilib_native_use_enable sasl spasswd)
--disable-slp
$(use_enable tcpd wrappers)
)
if use experimental ; then
# connectionless ldap per bug #342439
# connectionless is a unsupported feature according to Howard Chu
# see https://bugs.openldap.org/show_bug.cgi?id=9739
append-cppflags -DLDAP_CONNECTIONLESS
myconf+=(
--enable-dynacl
# ACI build as dynamic module not supported (yet)
--enable-aci=yes
)
fi
for option in modules rlookups slapi; do
myconf+=( --enable-${option} )
done
# static SLAPD backends
for backend in mdb; do
myconf+=( --enable-${backend}=yes )
done
# module SLAPD backends
for backend in asyncmeta dnssrv meta null passwd relay sock; do
# missing modules: wiredtiger (not available in portage)
myconf+=( --enable-${backend}=mod )
done
use perl && myconf+=( --enable-perl=mod )
if use odbc ; then
myconf+=( --enable-sql=mod )
if use iodbc ; then
myconf+=( --with-odbc="iodbc" )
append-cflags -I"${EPREFIX}"/usr/include/iodbc
else
myconf+=( --with-odbc="unixodbc" )
fi
fi
use overlays && myconf+=( --enable-overlays=mod )
use autoca && myconf+=( --enable-autoca=mod ) || myconf+=( --enable-autoca=no )
# compile-in the syncprov
myconf+=( --enable-syncprov=yes )
# SLAPD Password Module Options
myconf+=(
$(use_enable argon2)
)
# Optional Packages
myconf+=(
$(use_with systemd)
$(multilib_native_use_with sasl cyrus-sasl)
)
else
myconf+=(
--disable-backends
--disable-slapd
--disable-mdb
--disable-overlays
--disable-autoca
--disable-syslog
--without-systemd
)
fi
# Library Generation & Linking Options
myconf+=(
$(use_enable static-libs static)
--enable-shared
--enable-versioning
--with-pic
)
# some cross-compiling tests don't pan out well.
tc-is-cross-compiler && myconf+=(
--with-yielding-select=yes
)
local ssl_lib="no"
if use ssl || ( ! use minimal && use samba ) ; then
if use gnutls ; then
myconf+=( --with-tls="gnutls" )
else
# disable MD2 hash function
append-cflags -DOPENSSL_NO_MD2
myconf+=( --with-tls="openssl" )
fi
else
myconf+=( --with-tls="no" )
fi
tc-export AR CC CXX
ECONF_SOURCE="${S}" econf \
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
--localstatedir="${EPREFIX}"/var \
--runstatedir="${EPREFIX}"/run \
--sharedstatedir="${EPREFIX}"/var/lib \
"${myconf[@]}"
# argument '--runstatedir' seems to have no effect therefore this workaround
sed -i \
-e 's:^runstatedir=.*:runstatedir=${EPREFIX}/run:' \
configure contrib/ldapc++/configure contrib/ldaptcl/configure || die 'could not set runstatedir'
sed -i \
-e "s:/var/run/sasl2/mux:${EPREFIX}/run/sasl2/mux:" \
doc/guide/admin/security.sdf || die 'could not fix run path in doc'
emake depend
}
src_configure_cxx() {
# This needs the libraries built by the first build run.
# we have to run it AFTER the main build, not just after the main configure
local myconf_ldapcpp=(
--with-libldap="${E}/lib"
--with-ldap-includes="${S}/include"
)
mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die "could not create ${BUILD_DIR}/contrib/ldapc++ directory"
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
local LDFLAGS=${LDFLAGS}
local CPPFLAGS=${CPPFLAGS}
append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
-L"${BUILD_DIR}"/libraries/libldap/.libs
append-cppflags -I"${BUILD_DIR}"/include
ECONF_SOURCE=${S}/contrib/ldapc++ \
econf "${myconf_ldapcpp[@]}"
popd &>/dev/null || die "popd contrib/ldapc++"
}
multilib_src_compile() {
tc-export AR CC CXX
emake CC="$(tc-getCC)" SHELL="${EPREFIX}"/bin/sh
if ! use minimal && multilib_is_native_abi ; then
if use cxx ; then
einfo "Building contrib library: ldapc++"
src_configure_cxx
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
emake
popd &>/dev/null || die
fi
if use smbkrb5passwd ; then
einfo "Building contrib-module: smbk5pwd"
pushd "${S}/contrib/slapd-modules/smbk5pwd" &>/dev/null || die "pushd contrib/slapd-modules/smbk5pwd"
MY_DEFS="-DDO_SHADOW"
if use samba ; then
MY_DEFS="${MY_DEFS} -DDO_SAMBA"
MY_KRB5_INC=""
fi
if use kerberos ; then
MY_DEFS="${MY_DEFS} -DDO_KRB5"
MY_KRB5_INC="$(krb5-config --cflags)"
fi
emake \
DEFS="${MY_DEFS}" \
KRB5_INC="${MY_KRB5_INC}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
if use overlays ; then
einfo "Building contrib-module: samba4"
pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4"
emake \
LDAP_BUILD="${BUILD_DIR}" \
CC="$(tc-getCC)" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
if use kerberos ; then
if use kinit ; then
build_contrib_module "kinit" "kinit.c" "kinit"
fi
build_contrib_module "passwd" "pw-kerberos.la"
fi
if use pbkdf2; then
build_contrib_module "passwd/pbkdf2"
fi
if use sha2 ; then
build_contrib_module "passwd/sha2"
fi
# We could build pw-radius if GNURadius would install radlib.h
build_contrib_module "passwd" "pw-netscape.la"
#build_contrib_module "acl" "posixgroup.la" # example code only
#build_contrib_module "acl" "gssacl.la" # example code only, also needs kerberos
build_contrib_module "addpartial"
build_contrib_module "allop"
build_contrib_module "allowed"
build_contrib_module "autogroup"
build_contrib_module "cloak"
# build_contrib_module "comp_match" # really complex, adds new external deps, questionable demand
build_contrib_module "denyop"
build_contrib_module "dsaschema"
build_contrib_module "dupent"
build_contrib_module "lastbind"
# lastmod may not play well with other overlays
build_contrib_module "lastmod"
build_contrib_module "noopsrch"
#build_contrib_module "nops" https://bugs.gentoo.org/641576
#build_contrib_module "nssov" RESO:LATER
build_contrib_module "trace"
# build slapi-plugins
pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
einfo "Building contrib-module: addrdnvalues plugin"
$(tc-getCC) -shared \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CFLAGS} \
-fPIC \
${LDFLAGS} \
-o libaddrdnvalues-plugin.so \
addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
popd &>/dev/null || die
fi
}
multilib_src_test() {
if multilib_is_native_abi; then
cd "tests"
pwd
# emake test => runs only lloadd & mdb, in serial; skips ldif,sql,wt,regression
# emake partests => runs ALL of the tests in parallel
# wt/WiredTiger is not supported in Gentoo
TESTS=( plloadd pmdb )
#TESTS+=( pldif ) # not done by default, so also exclude here
#use odbc && TESTS+=( psql ) # not done by default, so also exclude here
emake "${TESTS[@]}"
fi
}
multilib_src_install() {
emake CC="$(tc-getCC)" \
DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
if ! use minimal && multilib_is_native_abi; then
# openldap modules go here
# TODO: write some code to populate slapd.conf with moduleload statements
keepdir /usr/$(get_libdir)/openldap/openldap/
# initial data storage dir
keepdir /var/lib/openldap-data
use prefix || fowners ldap:ldap /var/lib/openldap-data
fperms 0700 /var/lib/openldap-data
echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
# use our config
rm "${ED}"/etc/openldap/slapd.conf
insinto /etc/openldap
newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
configfile="${ED}"/etc/openldap/slapd.conf
# populate with built backends
ebegin "populate config with built backends"
for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
einfo "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
done
sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
use prefix || fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default || die
eend $?
# install our own init scripts and systemd unit files
einfo "Install init scripts"
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
doinitd "${T}"/slapd
newconfd "${FILESDIR}"/slapd-confd-2.6.1 slapd
einfo "Install systemd service"
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die
systemd_dounit "${T}"/slapd.service
systemd_install_serviced "${FILESDIR}"/slapd.service.conf
newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
# if built without SLP, we don't need to be before avahi
sed -i \
-e '/before/{s/avahi-daemon//g}' \
"${ED}"/etc/init.d/slapd \
|| die
if use cxx ; then
einfo "Install the ldapc++ library"
cd "${BUILD_DIR}/contrib/ldapc++" || die
emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
cd "${S}"/contrib/ldapc++ || die
newdoc README ldapc++-README
fi
if use smbkrb5passwd ; then
einfo "Install the smbk5pwd module"
cd "${S}/contrib/slapd-modules/smbk5pwd" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
newdoc README smbk5pwd-README
fi
if use overlays ; then
einfo "Install the samba4 module"
cd "${S}/contrib/slapd-modules/samba4" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
newdoc README samba4-README
fi
einfo "Installing contrib modules"
cd "${S}/contrib/slapd-modules" || die
for l in */*.la */*/*.la; do
[[ -e ${l} ]] || continue
libtool --mode=install cp ${l} \
"${ED}"/usr/$(get_libdir)/openldap/openldap || \
die "installing ${l} failed"
done
dodoc "${FILESDIR}"/DB_CONFIG.fast.example
docinto contrib
doman */*.5
#newdoc acl/README*
newdoc addpartial/README addpartial-README
newdoc allop/README allop-README
newdoc allowed/README allowed-README
newdoc autogroup/README autogroup-README
newdoc dsaschema/README dsaschema-README
newdoc passwd/README passwd-README
cd "${S}/contrib/slapi-plugins" || die
insinto /usr/$(get_libdir)/openldap/openldap
doins */*.so
docinto contrib
newdoc addrdnvalues/README addrdnvalues-README
insinto /etc/openldap/schema
newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
dosbin "${S}"/contrib/slapd-tools/statslog
newdoc "${S}"/contrib/slapd-tools/README README.statslog
fi
if ! use static-libs ; then
find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die
fi
}
multilib_src_install_all() {
dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
docinto rfc ; dodoc doc/rfc/*.txt
}
pkg_preinst() {
# keep old libs if any
preserve_old_lib /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
# bug 440470, only display the getting started help there was no openldap before,
# or we are going to a non-minimal build
! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
OPENLDAP_PRINT_MESSAGES=$((! $?))
}
pkg_postinst() {
if ! use minimal ; then
tmpfiles_process slapd.conf
# You cannot build SSL certificates during src_install that will make
# binary packages containing your SSL key, which is both a security risk
# and a misconfiguration if multiple machines use the same key and cert.
if use ssl; then
install_cert /etc/openldap/ssl/ldap
use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.*
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "add 'TLS_REQCERT allow' if you want to use them."
fi
if use prefix; then
# Warn about prefix issues with slapd
eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
eerror "to start up, and requires that certain files directories be owned by"
eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
eerror "directories, you will have to manually fix this yourself."
fi
# These lines force the permissions of various content to be correct
if [[ -d "${EROOT}"/var/run/openldap ]]; then
use prefix || { chown ldap:ldap "${EROOT}"/var/run/openldap || die; }
chmod 0755 "${EROOT}"/var/run/openldap || die
fi
use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default}
chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die
use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data
fi
if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
elog "Getting started using OpenLDAP? There is some documentation available:"
elog "Gentoo Guide to OpenLDAP Authentication"
elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
fi
preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
}