mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-11-16 16:12:00 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2501 from flatcar/krnowak/move-sssd

Browse Source 
Update SSSD, move to portage-stable
This commit is contained in:
Krzesimir Nowak 2024-12-04 17:30:34 +01:00 committed by GitHub
commit d2514c2fdf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
46 changed files with 1171 additions and 1128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/portage-stable-packages-list vendored
View File

@ -252,7 +252,6 @@ dev-libs/libltdl
dev-libs/libmspack dev-libs/libmspack
dev-libs/libnl dev-libs/libnl
dev-libs/libp11 dev-libs/libp11
dev-libs/libpcre
dev-libs/libpcre2 dev-libs/libpcre2
dev-libs/libpipeline dev-libs/libpipeline
dev-libs/libpwquality dev-libs/libpwquality
@ -502,6 +501,7 @@ net-dialup/lrzsz
net-dialup/minicom net-dialup/minicom
net-dns/bind net-dns/bind
net-dns/bind-tools
net-dns/c-ares net-dns/c-ares
net-dns/dnsmasq net-dns/dnsmasq
net-dns/libidn2 net-dns/libidn2
@ -512,7 +512,6 @@ net-firewall/ipset
net-fs/cifs-utils net-fs/cifs-utils
net-libs/gnutls net-libs/gnutls
net-libs/http-parser
net-libs/libmicrohttpd net-libs/libmicrohttpd
net-libs/libmnl net-libs/libmnl
net-libs/libnetfilter_conntrack net-libs/libnetfilter_conntrack
@ -614,6 +613,8 @@ sys-apps/util-linux
sys-apps/which sys-apps/which
sys-apps/zram-generator sys-apps/zram-generator
sys-auth/sssd
sys-block/open-iscsi sys-block/open-iscsi
sys-block/open-isns sys-block/open-isns
sys-block/parted sys-block/parted

1
changelog/security/2024-12-03-sssd-update.md Normal file
View File

@ -0,0 +1 @@
- sssd ([CVE-2023-3758](https://nvd.nist.gov/vuln/detail/CVE-2023-3758))

1
changelog/updates/2024-12-03-sssd-update.md Normal file
View File

@ -0,0 +1 @@
- sssd ([2.9.5](https://sssd.io/release-notes/sssd-2.9.5.html) (includes [2.9.4](https://sssd.io/release-notes/sssd-2.9.4.html), [2.9.3](https://sssd.io/release-notes/sssd-2.9.3.html), [2.9.2](https://sssd.io/release-notes/sssd-2.9.2.html), [2.9.1](https://sssd.io/release-notes/sssd-2.9.1.html), [2.9.0](https://sssd.io/release-notes/sssd-2.9.0.html), [2.8.0](https://sssd.io/release-notes/sssd-2.8.0.html), [2.7.0](https://sssd.io/release-notes/sssd-2.7.0.html), [2.6.0](https://sssd.io/release-notes/sssd-2.6.0.html), [2.5.0](https://sssd.io/release-notes/sssd-2.5.0.html), [2.4.0](https://sssd.io/release-notes/sssd-2.4.0.html))

16
sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-auth/sssd vendored
View File

@ -1 +1,15 @@
export ac_cv_member_struct_ldap_conncb_lc_arg=no # `--enable-sss-default-nss-plugin` enables nss lookup with sss
# plugin, even if sssd is not running.
export EXTRA_ECONF="--enable-sss-default-nss-plugin"
# We haven't switched to having pam config in /etc, so move the files
# to /usr.
cros_post_src_install_move_pamd() {
mkdir -p "${ED}/usr/share/"
mv "${ED}/etc/pam.d" "${ED}/usr/share/pam.d"
}
# This is to make sure that some sssd config is always in place.
cros_post_src_set_initial_config() {
cp -a "${ED}"/etc/sssd/sssd{-example,}.conf
}

34
sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-auth/sssd/0001-Assume-that-callbacks-are-not-broken-in-OpenLDAP-whe.patch vendored Normal file
View File

@ -0,0 +1,34 @@
From a559550c8e2d162735ff8a43de6dc59af71cf3df Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Tue, 3 Dec 2024 19:05:44 +0100
Subject: [PATCH] Assume that callbacks are not broken in OpenLDAP when
cross-compiling
If we do cross-compiling against a known broken version of OpenLDAP,
we can do `export ac_cv_member_struct_ldap_conncb_lc_arg=no` before
running configure. This is rather unlikely now, as the test was done
to detect a bug that was fixed 16 years ago.
This allows the project to be configured successfully when
cross-compiling, without disabling connection callbacks.
---
src/external/ldap.m4 | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/external/ldap.m4 b/src/external/ldap.m4
index f42023cd4..09e44fc7b 100644
--- a/src/external/ldap.m4
+++ b/src/external/ldap.m4
@@ -80,7 +80,8 @@ AC_CHECK_MEMBERS([struct ldap_conncb.lc_arg],
[AC_DEFINE([HAVE_LDAP_CONNCB], [1],
[Define if LDAP connection callbacks are available])],
[AC_MSG_WARN([Found broken callback implementation])],
- [])],
+ [AC_DEFINE([HAVE_LDAP_CONNCB], [1],
+ [Define if LDAP connection callbacks are available])])],
[], [[#include <ldap.h>]])
AC_CHECK_TYPE([LDAPDerefRes],
--
2.34.1

3
sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-auth/sssd/README.md vendored Normal file
View File

@ -0,0 +1,3 @@
The `0001-Assume-that-callbacks-are-not-broken-in-OpenLDAP-whe.patch` allows
the project to be cross-compiled without disabling LDAP connection
callbacks. It is being upstreamed.

2
sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/generic/oem-aci/parent vendored
View File

@ -1,2 +0,0 @@
..
:coreos/targets/generic/oem-aci

3
sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/generic/package.use vendored
View File

@ -1,6 +1,3 @@
# Only ship microcode currently distributed by Intel # Only ship microcode currently distributed by Intel
# See https://bugs.gentoo.org/654638#c11 by iucode-tool maintainer # See https://bugs.gentoo.org/654638#c11 by iucode-tool maintainer
sys-firmware/intel-microcode vanilla sys-firmware/intel-microcode vanilla
# Enable gssapi only for amd64, to avoid build errors in arm64.
net-dns/bind gssapi

2
sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/generic/oem-aci/parent vendored
View File

@ -1,2 +0,0 @@
..
:coreos/targets/generic/oem-aci

4
sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.use vendored
View File

@ -1,4 +0,0 @@
# arm64 use
# Disable gssapi for arm64 to avoid build errors
net-dns/bind -gssapi

1
sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords vendored
View File

@ -104,6 +104,7 @@
# Keep versions on both arches in sync. # Keep versions on both arches in sync.
=sys-apps/kexec-tools-2.0.28 ~arm64 =sys-apps/kexec-tools-2.0.28 ~arm64
=sys-apps/zram-generator-1.1.2-r1 ~arm64 =sys-apps/zram-generator-1.1.2-r1 ~arm64
=sys-auth/sssd-2.9.5 ~arm64
=sys-boot/mokutil-0.7.2 ** =sys-boot/mokutil-0.7.2 **
# Enable ipvsadm for arm64. # Enable ipvsadm for arm64.

11
sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use vendored
View File

@ -51,8 +51,8 @@ sys-fs/squashfs-tools xz lz4 lzma lzo zstd
# make the kernel version discoverable via the traditional gentoo symlink # make the kernel version discoverable via the traditional gentoo symlink
sys-kernel/coreos-sources symlink sys-kernel/coreos-sources symlink
# set build options for ssdp # set build options for sssd
net-nds/openldap minimal sasl net-nds/openldap minimal sasl experimental
sys-libs/glibc nscd sys-libs/glibc nscd
# disable database build because otherwise it tries to generate a database in /etc # disable database build because otherwise it tries to generate a database in /etc
@ -100,7 +100,8 @@ sys-apps/kmod lzma
app-portage/portage-utils -qmanifest app-portage/portage-utils -qmanifest
# Disable unnecessary regedit in samba to minimize the package size. # Disable unnecessary regedit in samba to minimize the package size.
net-fs/samba -regedit # winbind needed by sssd
net-fs/samba -regedit winbind
# Drop extra dependencies # Drop extra dependencies
sys-libs/ldb -lmdb -python sys-libs/ldb -lmdb -python
@ -160,3 +161,7 @@ sys-fs/zfs minimal -rootfs
# Do not tinker with /boot partition at installation time. # Do not tinker with /boot partition at installation time.
sys-firmware/intel-microcode -initramfs sys-firmware/intel-microcode -initramfs
sys-fs/zfs-kmod -initramfs sys-fs/zfs-kmod -initramfs
# For sys-auth/sssd
net-dns/bind gssapi
net-dns/bind-tools gssapi

7
sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/oem-aci/README vendored
View File

@ -1,7 +0,0 @@
Profile settings specific to "oem-aci" images.
Settings here must *ONLY* influence installing binary packages and never
change build time settings like USE or CFLAGS because binary packages
are shared between dev and prod, dev just includes more stuff.
For example INSTALL_MASK, package.mask, and package.provided are ok.

47
sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/oem-aci/make.defaults vendored
View File

@ -1,47 +0,0 @@
# Copyright (c) 2016 The CoreOS Authors. All rights reserved.
# Distributed under the terms of the GNU General Public License v2
# Restrictive mask for OEM ACIs.
INSTALL_MASK="${INSTALL_MASK}
*.a *.la *.hpp *.o
/etc/sandbox.d
/usr/include
/usr/lib*/*/include
/usr/lib/debug
/usr/lib*/pkgconfig
/usr/share/aclocal*
/usr/share/awk
/usr/share/eselect
/usr/share/gdb
/usr/share/gettext
/usr/share/gobject-introspection-1.0
/usr/share/pkgconfig
/usr/share/readline
/usr/src
"
# Remove files which depend on interpreters not present in boards.
INSTALL_MASK="${INSTALL_MASK}
/usr/share/git/contrib/*
/usr/bin/diff-highlight
/usr/bin/autoscan-2.13
/usr/bin/autoupdate-2.69
/usr/bin/autoreconf-2.69
/usr/bin/automake-1.14
/usr/bin/autom4te-2.69
/usr/bin/autoheader-2.69
/usr/bin/aclocal-1.14
/usr/bin/aclocal-1.15
/usr/bin/automake-1.15
/usr/bin/ifnames-2.69
/usr/bin/intltool-update
/usr/bin/intltool-merge
/usr/bin/intltool-prepare
/usr/bin/intltool-extract
/usr/bin/autoscan-2.69
"
# There is no need to have boot stuff in a container.
INSTALL_MASK="${INSTALL_MASK}
/boot
"

2
sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/oem-aci/package.provided vendored
View File

@ -1,2 +0,0 @@
# Do not install SSSD in the container.
sys-auth/sssd-1.13.1

3
sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.use vendored
View File

@ -31,6 +31,3 @@ x11-libs/pixman static-libs
# Get latest EDK2 firmware for Secure Boot on arm64. # Get latest EDK2 firmware for Secure Boot on arm64.
app-emulation/qemu -pin-upstream-blobs app-emulation/qemu -pin-upstream-blobs
# Enable gssapi for SDK
net-dns/bind gssapi

1
sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/Manifest vendored
View File

@ -1 +0,0 @@
DIST sssd-2.3.1.tar.gz 7186526 BLAKE2B 6d630fe75b9b426ef54adbe1704fde8e01fc34df7861028c07ce2985db8a151ce743d633061386fea6460fe8eabb89242b816d4bac87975bb9b7b2064ad1d547 SHA512 6aeb52d5222c5992d581296996749327bcaf276e4eb4413a6a32ea6529343432cfe413006aca4245c19b38b515be1c4c2ef88a157c617d889274179253355bc6

21
sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd vendored
View File

@ -1,21 +0,0 @@
#!/sbin/openrc-run
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
command="/usr/sbin/sssd"
command_args="${SSSD_OPTIONS} -D"
start_stop_daemon_args="--quiet"
description="System Security Services Daemon"
depend(){
need localmount clock
use syslog xdm
}
if [ "${RC_VERSION:-0}" = "0" ]; then
start() {
eerror "This script cannot be used for baselayout-1."
return 1
}
fi

284
sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-2.3.1-CVE-2021-3621.patch vendored
View File

@ -1,284 +0,0 @@
From 9377cc4c25a1d889e241f23ec7efcd40fced3c63 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Fri, 18 Jun 2021 13:17:19 +0200
Subject: [PATCH] TOOLS: replace system() with execvp() to avoid execution of
user supplied command
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
:relnote: A flaw was found in SSSD, where the sssctl command was
vulnerable to shell command injection via the logs-fetch and
cache-expire subcommands. This flaw allows an attacker to trick
the root user into running a specially crafted sssctl command,
such as via sudo, to gain root access. The highest threat from this
vulnerability is to confidentiality, integrity, as well as system
availability.
This patch fixes a flaw by replacing system() with execvp().
:fixes: CVE-2021-3621
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
---
src/tools/sssctl/sssctl.c | 39 ++++++++++++++++-------
src/tools/sssctl/sssctl.h | 2 +-
src/tools/sssctl/sssctl_data.c | 57 +++++++++++-----------------------
src/tools/sssctl/sssctl_logs.c | 32 +++++++++++++++----
4 files changed, 73 insertions(+), 57 deletions(-)
diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c
index 2997dbf96..8adaf3091 100644
--- a/src/tools/sssctl/sssctl.c
+++ b/src/tools/sssctl/sssctl.c
@@ -97,22 +97,36 @@ sssctl_prompt(const char *message,
return SSSCTL_PROMPT_ERROR;
}
-errno_t sssctl_run_command(const char *command)
+errno_t sssctl_run_command(const char *const argv[])
{
int ret;
+ int wstatus;
- DEBUG(SSSDBG_TRACE_FUNC, "Running %s\n", command);
+ DEBUG(SSSDBG_TRACE_FUNC, "Running '%s'\n", argv[0]);
- ret = system(command);
+ ret = fork();
if (ret == -1) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Unable to execute %s\n", command);
ERROR("Error while executing external command\n");
return EFAULT;
- } else if (WEXITSTATUS(ret) != 0) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Command %s failed with [%d]\n",
- command, WEXITSTATUS(ret));
+ }
+
+ if (ret == 0) {
+ /* cast is safe - see
+ https://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html
+ "The statement about argv[] and envp[] being constants ... "
+ */
+ execvp(argv[0], discard_const_p(char * const, argv));
ERROR("Error while executing external command\n");
- return EIO;
+ _exit(1);
+ } else {
+ if (waitpid(ret, &wstatus, 0) == -1) {
+ ERROR("Error while executing external command '%s'\n", argv[0]);
+ return EFAULT;
+ } else if (WEXITSTATUS(wstatus) != 0) {
+ ERROR("Command '%s' failed with [%d]\n",
+ argv[0], WEXITSTATUS(wstatus));
+ return EIO;
+ }
}
return EOK;
@@ -132,11 +146,14 @@ static errno_t sssctl_manage_service(enum sssctl_svc_action action)
#elif defined(HAVE_SERVICE)
switch (action) {
case SSSCTL_SVC_START:
- return sssctl_run_command(SERVICE_PATH" sssd start");
+ return sssctl_run_command(
+ (const char *[]){SERVICE_PATH, "sssd", "start", NULL});
case SSSCTL_SVC_STOP:
- return sssctl_run_command(SERVICE_PATH" sssd stop");
+ return sssctl_run_command(
+ (const char *[]){SERVICE_PATH, "sssd", "stop", NULL});
case SSSCTL_SVC_RESTART:
- return sssctl_run_command(SERVICE_PATH" sssd restart");
+ return sssctl_run_command(
+ (const char *[]){SERVICE_PATH, "sssd", "restart", NULL});
}
#endif
diff --git a/src/tools/sssctl/sssctl.h b/src/tools/sssctl/sssctl.h
index 0115b2457..599ef6519 100644
--- a/src/tools/sssctl/sssctl.h
+++ b/src/tools/sssctl/sssctl.h
@@ -47,7 +47,7 @@ enum sssctl_prompt_result
sssctl_prompt(const char *message,
enum sssctl_prompt_result defval);
-errno_t sssctl_run_command(const char *command);
+errno_t sssctl_run_command(const char *const argv[]); /* argv[0] - command */
bool sssctl_start_sssd(bool force);
bool sssctl_stop_sssd(bool force);
bool sssctl_restart_sssd(bool force);
diff --git a/src/tools/sssctl/sssctl_data.c b/src/tools/sssctl/sssctl_data.c
index 8d79b977f..bf2291341 100644
--- a/src/tools/sssctl/sssctl_data.c
+++ b/src/tools/sssctl/sssctl_data.c
@@ -105,15 +105,15 @@ static errno_t sssctl_backup(bool force)
}
}
- ret = sssctl_run_command("sss_override user-export "
- SSS_BACKUP_USER_OVERRIDES);
+ ret = sssctl_run_command((const char *[]){"sss_override", "user-export",
+ SSS_BACKUP_USER_OVERRIDES, NULL});
if (ret != EOK) {
ERROR("Unable to export user overrides\n");
return ret;
}
- ret = sssctl_run_command("sss_override group-export "
- SSS_BACKUP_GROUP_OVERRIDES);
+ ret = sssctl_run_command((const char *[]){"sss_override", "group-export",
+ SSS_BACKUP_GROUP_OVERRIDES, NULL});
if (ret != EOK) {
ERROR("Unable to export group overrides\n");
return ret;
@@ -158,8 +158,8 @@ static errno_t sssctl_restore(bool force_start, bool force_restart)
}
if (sssctl_backup_file_exists(SSS_BACKUP_USER_OVERRIDES)) {
- ret = sssctl_run_command("sss_override user-import "
- SSS_BACKUP_USER_OVERRIDES);
+ ret = sssctl_run_command((const char *[]){"sss_override", "user-import",
+ SSS_BACKUP_USER_OVERRIDES, NULL});
if (ret != EOK) {
ERROR("Unable to import user overrides\n");
return ret;
@@ -167,8 +167,8 @@ static errno_t sssctl_restore(bool force_start, bool force_restart)
}
if (sssctl_backup_file_exists(SSS_BACKUP_USER_OVERRIDES)) {
- ret = sssctl_run_command("sss_override group-import "
- SSS_BACKUP_GROUP_OVERRIDES);
+ ret = sssctl_run_command((const char *[]){"sss_override", "group-import",
+ SSS_BACKUP_GROUP_OVERRIDES, NULL});
if (ret != EOK) {
ERROR("Unable to import group overrides\n");
return ret;
@@ -296,40 +296,19 @@ errno_t sssctl_cache_expire(struct sss_cmdline *cmdline,
void *pvt)
{
errno_t ret;
- char *cmd_args = NULL;
- const char *cachecmd = SSS_CACHE;
- char *cmd = NULL;
- int i;
-
- if (cmdline->argc == 0) {
- ret = sssctl_run_command(cachecmd);
- goto done;
- }
- cmd_args = talloc_strdup(tool_ctx, "");
- if (cmd_args == NULL) {
- ret = ENOMEM;
- goto done;
+ const char **args = talloc_array_size(tool_ctx,
+ sizeof(char *),
+ cmdline->argc + 2);
+ if (!args) {
+ return ENOMEM;
}
+ memcpy(&args[1], cmdline->argv, sizeof(char *) * cmdline->argc);
+ args[0] = SSS_CACHE;
+ args[cmdline->argc + 1] = NULL;
- for (i = 0; i < cmdline->argc; i++) {
- cmd_args = talloc_strdup_append(cmd_args, cmdline->argv[i]);
- if (i != cmdline->argc - 1) {
- cmd_args = talloc_strdup_append(cmd_args, " ");
- }
- }
-
- cmd = talloc_asprintf(tool_ctx, "%s %s", cachecmd, cmd_args);
- if (cmd == NULL) {
- ret = ENOMEM;
- goto done;
- }
-
- ret = sssctl_run_command(cmd);
-
-done:
- talloc_free(cmd_args);
- talloc_free(cmd);
+ ret = sssctl_run_command(args);
+ talloc_free(args);
return ret;
}
diff --git a/src/tools/sssctl/sssctl_logs.c b/src/tools/sssctl/sssctl_logs.c
index 04a32bad8..ebb2c4571 100644
--- a/src/tools/sssctl/sssctl_logs.c
+++ b/src/tools/sssctl/sssctl_logs.c
@@ -31,6 +31,7 @@
#include <ldb.h>
#include <popt.h>
#include <stdio.h>
+#include <glob.h>
#include "util/util.h"
#include "tools/common/sss_process.h"
@@ -230,6 +231,7 @@ errno_t sssctl_logs_remove(struct sss_cmdline *cmdline,
{
struct sssctl_logs_opts opts = {0};
errno_t ret;
+ glob_t globbuf;
/* Parse command line. */
struct poptOption options[] = {
@@ -253,8 +255,20 @@ errno_t sssctl_logs_remove(struct sss_cmdline *cmdline,
sss_signal(SIGHUP);
} else {
+ globbuf.gl_offs = 4;
+ ret = glob(LOG_PATH"/*.log", GLOB_ERR|GLOB_DOOFFS, NULL, &globbuf);
+ if (ret != 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to expand log files list\n");
+ return ret;
+ }
+ globbuf.gl_pathv[0] = discard_const_p(char, "truncate");
+ globbuf.gl_pathv[1] = discard_const_p(char, "--no-create");
+ globbuf.gl_pathv[2] = discard_const_p(char, "--size");
+ globbuf.gl_pathv[3] = discard_const_p(char, "0");
+
PRINT("Truncating log files...\n");
- ret = sssctl_run_command("truncate --size 0 " LOG_FILES);
+ ret = sssctl_run_command((const char * const*)globbuf.gl_pathv);
+ globfree(&globbuf);
if (ret != EOK) {
ERROR("Unable to truncate log files\n");
return ret;
@@ -269,8 +283,8 @@ errno_t sssctl_logs_fetch(struct sss_cmdline *cmdline,
void *pvt)
{
const char *file;
- const char *cmd;
errno_t ret;
+ glob_t globbuf;
/* Parse command line. */
ret = sss_tool_popt_ex(cmdline, NULL, SSS_TOOL_OPT_OPTIONAL, NULL, NULL,
@@ -280,13 +294,19 @@ errno_t sssctl_logs_fetch(struct sss_cmdline *cmdline,
return ret;
}
- cmd = talloc_asprintf(tool_ctx, "tar -czf %s %s", file, LOG_FILES);
- if (cmd == NULL) {
- ERROR("Out of memory!");
+ globbuf.gl_offs = 3;
+ ret = glob(LOG_PATH"/*.log", GLOB_ERR|GLOB_DOOFFS, NULL, &globbuf);
+ if (ret != 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to expand log files list\n");
+ return ret;
}
+ globbuf.gl_pathv[0] = discard_const_p(char, "tar");
+ globbuf.gl_pathv[1] = discard_const_p(char, "-czf");
+ globbuf.gl_pathv[2] = discard_const_p(char, file);
PRINT("Archiving log files into %s...\n", file);
- ret = sssctl_run_command(cmd);
+ ret = sssctl_run_command((const char * const*)globbuf.gl_pathv);
+ globfree(&globbuf);
if (ret != EOK) {
ERROR("Unable to archive log files\n");
return ret;
--
2.25.1

10
sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-2.3.1-disable-nsupdate-realm.patch vendored
View File

@ -1,10 +0,0 @@
--- a/src/external/nsupdate.m4 2020-11-05 16:27:14.661566136 +0100
+++ b/src/external/nsupdate.m4 2020-11-05 16:27:30.060674381 +0100
@@ -9,7 +9,6 @@
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
- AC_MSG_ERROR([nsupdate does not support 'realm'])
fi
else

32
sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd-2.3.1-test_ca-Look-for-libsofthsm2.so-in-usr-libdir-sofths.patch vendored
View File

@ -1,32 +0,0 @@
From fc79d035ccc4c1a5da26bbd780aeb7e0a0afebf5 Mon Sep 17 00:00:00 2001
From: Matt Turner <mattst88@gmail.com>
Date: Fri, 14 Aug 2020 13:36:30 -0700
Subject: [PATCH] test_ca: Look for libsofthsm2.so in /usr/${libdir}/softhsm
too
Signed-off-by: Matt Turner <mattst88@gmail.com>
---
src/external/test_ca.m4 | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/external/test_ca.m4 b/src/external/test_ca.m4
index 4d45a5a16..d318789bc 100644
--- a/src/external/test_ca.m4
+++ b/src/external/test_ca.m4
@@ -33,9 +33,10 @@ AC_DEFUN([AM_CHECK_TEST_CA],
AM_CONDITIONAL([BUILD_TEST_CA], [test -x "$OPENSSL" -a -x "$SSH_KEYGEN" -a -x "$CERTUTIL" -a -x "$PK12UTIL"])
else
- for p in /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so; do
- if test -f "${p}"; then
- SOFTHSM2_PATH="${p}"
+ for p in /usr/lib{64,}/{softhsm,pkcs11} /usr/lib/x86_64-linux-gnu/softhsm; do
+ f="${p}/libsofthsm2.so"
+ if test -f "${f}"; then
+ SOFTHSM2_PATH="${f}"
break;
fi
done
--
2.26.2

10
sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd.service vendored
View File

@ -1,10 +0,0 @@
[Unit]
Description=System Security Services Daemon
After=nscd.service
[Service]
ExecStart=/usr/sbin/sssd -i
PIDFile=/run/sssd.pid
[Install]
WantedBy=multi-user.target

14
sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/tmpfiles.d/sssd.conf vendored
View File

@ -1,14 +0,0 @@
d /etc/sssd 0700 root root - -
C /etc/sssd/sssd.conf 0600 root root - /usr/share/sssd/sssd-example.conf
d /var/lib/sss - root root - -
d /var/lib/sss/deskprofile 0755 root root - -
d /var/lib/sss/db 0700 root root - -
d /var/lib/sss/gpo_cache 0755 root root - -
d /var/lib/sss/keytabs 0700 root root - -
d /var/lib/sss/mc 0700 root root - -
d /var/lib/sss/pipes - root root - -
d /var/lib/sss/pipes/private 0700 root root - -
d /var/lib/sss/pubconf 0700 root root - -
d /var/lib/sss/pubconf/krb5.include.d 0700 root root - -
d /var/lib/sss/secrets 0755 root root - -
d /var/log/sssd 0700 root root - -

29
sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/metadata.xml vendored
View File

@ -1,29 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>base-system@gentoo.org</email>
<name>Gentoo Base System</name>
</maintainer>
<maintainer type="person">
<email>alexxy@gentoo.org</email>
<name>Alexey Shvetsov</name>
</maintainer>
<use>
<flag name="acl"> Build and use the cifsidmap plugin</flag>
<flag name="autofs">Build helper to let <pkg>net-fs/autofs</pkg> use sssd provided information</flag>
<flag name="locator">Install sssd's Kerberos plugin</flag>
<flag name="man">Build man pages with <pkg>dev-libs/libxslt</pkg></flag>
<flag name="manpages">Build man pages with <pkg>dev-libs/libxslt</pkg></flag>
<flag name="netlink">Add support for netlink protocol via <pkg>dev-libs/libnl</pkg></flag>
<flag name="nfsv4">Add support for the nfsv4 idmapd plugin provided by <pkg>net-libs/libnfsidmap</pkg></flag>
<flag name="pac">Add Privileged Attribute Certificate Support for Kerberos</flag>
<flag name="ssh">Build helper to let <pkg>net-misc/openssh</pkg> use sssd provided information</flag>
<flag name="sudo">Build helper to let <pkg>app-admin/sudo</pkg> use sssd provided information</flag>
<flag name="valgrind">Depend on <pkg>dev-util/valgrind</pkg> for test suite</flag>
</use>
<upstream>
<remote-id type="cpe">cpe:/a:fedoraproject:sssd</remote-id>
<remote-id type="github">SSSD/sssd</remote-id>
</upstream>
</pkgmetadata>

309
sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-2.3.1-r6.ebuild vendored
View File

@ -1,309 +0,0 @@
# Flatcar modifications:
# - changed files/sssd.service
# - added files/tmpfiles.d/sssd.conf
# - other ebuild modifications marked below
#
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
PYTHON_COMPAT=( python3_{6..11} )
TMPFILES_OPTIONAL=1
inherit autotools flag-o-matic linux-info multilib-minimal python-single-r1 pam systemd toolchain-funcs tmpfiles
DESCRIPTION="System Security Services Daemon provides access to identity and authentication"
HOMEPAGE="https://github.com/SSSD/sssd"
SRC_URI="https://github.com/SSSD/sssd/releases/download/${PN}-${PV//./_}/${P}.tar.gz"
# Flatcar: stabilize arm64
KEYWORDS="amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc x86"
LICENSE="GPL-3"
SLOT="0"
IUSE="acl doc +locator +netlink nfsv4 nls +man pac python samba selinux sudo systemd test valgrind"
RESTRICT="!test? ( test )"
REQUIRED_USE="pac? ( samba )
python? ( ${PYTHON_REQUIRED_USE} )"
# Flatcar: do not force gssapi for >=net-dns/bind-9.9
# do not force winbind for net-fs/samba
DEPEND="
>=app-crypt/mit-krb5-1.10.3
app-crypt/p11-kit
>=dev-libs/ding-libs-0.2
dev-libs/glib:2
>=dev-libs/cyrus-sasl-2.1.25-r3[kerberos]
>=dev-libs/libpcre-8.30:=
>=dev-libs/popt-1.16
>=dev-libs/openssl-1.0.2:0=
>=net-dns/bind-9.9
>=net-dns/c-ares-1.7.4
>=net-nds/openldap-2.4.30[sasl]
>=sys-apps/dbus-1.6
>=sys-apps/keyutils-1.5:=
>=sys-libs/pam-0-r1[${MULTILIB_USEDEP}]
>=sys-libs/talloc-2.0.7
>=sys-libs/tdb-1.2.9
>=sys-libs/tevent-0.9.16
>=sys-libs/ldb-1.1.17-r1:=
virtual/libintl
locator? (
>=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}]
>=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}]
)
acl? ( net-fs/cifs-utils[acl] )
netlink? ( dev-libs/libnl:3 )
nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) )
nls? ( >=sys-devel/gettext-0.18 )
pac? (
app-crypt/mit-krb5[${MULTILIB_USEDEP}]
net-fs/samba
)
python? ( ${PYTHON_DEPS} )
samba? ( >=net-fs/samba-4.10.2 )
selinux? (
>=sys-libs/libselinux-2.1.9
>=sys-libs/libsemanage-2.1
)
systemd? (
dev-libs/jansson:0=
net-libs/http-parser:0=
net-misc/curl:0=
)
"
RDEPEND="${DEPEND}
>=sys-libs/glibc-2.17[nscd]
selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )
"
# Flatcar: require only autoconf:2.69
BDEPEND="
dev-build/autoconf:2.69
doc? ( app-doc/doxygen )
test? (
dev-libs/check
dev-libs/softhsm:2
dev-util/cmocka
net-libs/gnutls[pkcs11,tools]
sys-libs/libfaketime
sys-libs/nss_wrapper
sys-libs/pam_wrapper
sys-libs/uid_wrapper
valgrind? ( dev-util/valgrind )
)
man? (
app-text/docbook-xml-dtd:4.4
>=dev-libs/libxslt-1.1.26
nls? ( app-text/po4a )
)"
CONFIG_CHECK="~KEYS"
MULTILIB_WRAPPED_HEADERS=(
/usr/include/ipa_hbac.h
/usr/include/sss_idmap.h
/usr/include/sss_nss_idmap.h
# --with-ifp
/usr/include/sss_sifp.h
/usr/include/sss_sifp_dbus.h
# from 1.15.3
/usr/include/sss_certmap.h
)
PATCHES=(
"${FILESDIR}"/${P}-test_ca-Look-for-libsofthsm2.so-in-usr-libdir-sofths.patch
"${FILESDIR}"/${P}-disable-nsupdate-realm.patch
# Flatcar: add a patch for CVE-2021-3621
"${FILESDIR}"/${P}-CVE-2021-3621.patch
)
pkg_setup() {
linux-info_pkg_setup
}
src_prepare() {
sed -i 's:/var/run:/run:' \
"${S}"/src/examples/logrotate || die
default
eautoreconf
multilib_copy_sources
if use python && multilib_is_native_abi; then
python_setup
fi
}
src_configure() {
local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1)
multilib-minimal_src_configure
}
multilib_src_configure() {
local myconf=()
myconf+=(
--localstatedir="${EPREFIX}"/var
--with-pid-path="${EPREFIX}"/run
--with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd
--enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir)
--with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb
--with-db-path="${EPREFIX}"/var/lib/sss/db
--with-gpo-cache-path="${EPREFIX}"/var/lib/sss/gpo_cache
--with-pubconf-path="${EPREFIX}"/var/lib/sss/pubconf
--with-pipe-path="${EPREFIX}"/var/lib/sss/pipes
--with-mcache-path="${EPREFIX}"/var/lib/sss/mc
--with-secrets-db-path="${EPREFIX}"/var/lib/sss/secrets
--with-log-path="${EPREFIX}"/var/log/sssd
--with-os=gentoo
--with-nscd="${EPREFIX}"/usr/sbin/nscd
--with-unicode-lib="glib2"
--disable-rpath
# Flatcar: make nss lookups succeed when not running
--enable-sss-default-nss-plugin
# Flatcar: prevent cross-compilation error
# when autotools does not want to compile and run the test
$(use_with samba smb-idmap-interface-version=6)
#
--sbindir=/usr/sbin
--with-crypto="libcrypto"
--enable-local-provider
$(multilib_native_use_with systemd kcm)
$(multilib_native_use_with systemd secrets)
$(use_with samba)
--with-smb-idmap-interface-version=6
$(multilib_native_use_enable acl cifs-idmap-plugin)
$(multilib_native_use_with selinux)
$(multilib_native_use_with selinux semanage)
$(use_enable locator krb5-locator-plugin)
$(use_enable pac pac-responder)
$(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin)
$(use_enable nls)
$(multilib_native_use_with netlink libnl)
$(multilib_native_use_with man manpages)
$(multilib_native_use_with sudo)
$(multilib_native_with autofs)
$(multilib_native_with ssh)
$(use_enable valgrind)
--without-python2-bindings
$(multilib_native_use_with python python3-bindings)
)
# Annoyingly configure requires that you pick systemd XOR sysv
if use systemd; then
myconf+=(
--with-initscript="systemd"
--with-systemdunitdir=$(systemd_get_systemunitdir)
# Flatcar: Set the systemd system
# configuration directory explicitly through
# _systemd_get_dir, as it will do the right
# thing in cross-compilation environment.
--with-systemdconfdir=$(_systemd_get_dir systemdsystemconfdir /etc/systemd/system)
)
else
myconf+=(--with-initscript="sysv")
fi
if ! multilib_is_native_abi; then
# work-around all the libraries that are used for CLI and server
myconf+=(
{POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' '
# ldb headers are fine since native needs it
# ldb lib fails... but it does not seem to bother
{DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1,1_3}}_{CFLAGS,LIBS}=' '
{PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO,P11_KIT}_{CFLAGS,LIBS}=' '
{NDR_NBT,SMBCLIENT,NDR_KRB5PAC}_{CFLAGS,LIBS}=' '
# use native include path for dbus (needed for build)
DBUS_CFLAGS="${native_dbus_cflags}"
# non-pkgconfig checks
ac_cv_lib_ldap_ldap_search=yes
--without-secrets
--without-kcm
)
fi
# Flatcar: Apparently CPP is undefined, which breaks samba
# version detection.
tc-export CPP
econf "${myconf[@]}"
}
multilib_src_compile() {
if multilib_is_native_abi; then
# Flatcar: add runstatedir to make commands to avoid configure error
default runstatedir="${EPREFIX}"/run
use doc && emake docs
if use man || use nls; then
emake update-po
fi
else
emake libnss_sss.la pam_sss.la
use locator && emake sssd_krb5_locator_plugin.la
use pac && emake sssd_pac_plugin.la
fi
}
multilib_src_install() {
if multilib_is_native_abi; then
# Flatcar: add runstatedir, sysconfdir
emake -j1 DESTDIR="${D}" runstatedir="${EPREFIX}"/run \
sysconfdir="/usr/share" "${_at_args[@]}" install
if use python; then
python_optimize
python_fix_shebang "${ED}"
fi
else
# easier than playing with automake...
dopammod .libs/pam_sss.so
into /
dolib.so .libs/libnss_sss.so*
if use locator; then
exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5
doexe .libs/sssd_krb5_locator_plugin.so
fi
if use pac; then
exeinto /usr/$(get_libdir)/krb5/plugins/authdata
doexe .libs/sssd_pac_plugin.so
fi
fi
}
multilib_src_install_all() {
einstalldocs
find "${ED}" -type f -name '*.la' -delete || die
# Flatcar: store on /usr
insinto /usr/share/sssd
doins "${S}"/src/examples/sssd-example.conf
# Flatcar: delete, remove /var files taken care of by tmpfiles
# Flatcar: add tmpfile directive and remove /etc/rc.d
dotmpfiles "${FILESDIR}/tmpfiles.d/sssd.conf"
rm -rf "${D}/etc/rc.d"
# strip empty dirs
if ! use doc ; then
rm -r "${ED}"/usr/share/doc/"${PF}"/doc || die
rm -r "${ED}"/usr/share/doc/"${PF}"/{hbac,idmap,nss_idmap,sss_simpleifp}_doc || die
fi
rm -r "${ED}"/run || die
}
multilib_src_test() {
multilib_is_native_abi && emake check
}
pkg_postinst() {
elog "You must set up sssd.conf (default installed into /etc/sssd)"
elog "and (optionally) configuration in /etc/pam.d in order to use SSSD"
elog "features. Please see howto in https://sssd.io/docs/design_pages/smartcard_authentication_require.html"
}

1
sdk_container/src/third_party/portage-stable/dev-libs/libpcre/Manifest vendored
View File

@ -1 +0,0 @@
DIST pcre-8.45.tar.bz2 1578809 BLAKE2B 3954e08cf3c67a5e2249bf72f8d4c1a90fe7a098fffa5a0a06d0d665d07899027cfd632eab2757fcf2b1b9b413a43d5c484c8e52d05b7ca113b3bbbc4dd3bb29 SHA512 91bff52eed4a2dfc3f3bfdc9c672b88e7e2ffcf3c4b121540af8a4ae8c1ce05178430aa6b8000658b9bb7b4252239357250890e20ceb84b79cdfcde05154061a

17
sdk_container/src/third_party/portage-stable/dev-libs/libpcre/files/libpcre-8.41-fix-stack-size-detection.patch vendored
View File

@ -1,17 +0,0 @@
https://bugs.exim.org/show_bug.cgi?id=2173#c4
--- a/pcre_exec.c
+++ b/pcre_exec.c
@@ -509,6 +509,12 @@
(e.g. stopped by repeated call or recursion limit)
*/
+#ifdef __GNUC__
+static int
+match(REGISTER PCRE_PUCHAR eptr, REGISTER const pcre_uchar *ecode,
+ PCRE_PUCHAR mstart, int offset_top, match_data *md, eptrblock *eptrb,
+ unsigned int rdepth) __attribute__((noinline,noclone));
+#endif
static int
match(REGISTER PCRE_PUCHAR eptr, REGISTER const pcre_uchar *ecode,
PCRE_PUCHAR mstart, int offset_top, match_data *md, eptrblock *eptrb,

18
sdk_container/src/third_party/portage-stable/dev-libs/libpcre/files/libpcre-8.45-fix-stack-size-detection.patch vendored
View File

@ -1,18 +0,0 @@
https://bugs.exim.org/show_bug.cgi?id=2173#c4
https://bugs.gentoo.org/910188
https://github.com/MariaDB/server/pull/2700
--- a/pcre_exec.c
+++ b/pcre_exec.c
@@ -509,6 +509,12 @@
(e.g. stopped by repeated call or recursion limit)
*/
+#ifdef __GNUC__
+static int
+match(REGISTER PCRE_PUCHAR eptr, REGISTER const pcre_uchar *ecode,
+ PCRE_PUCHAR mstart, int offset_top, match_data *md, eptrblock *eptrb,
+ unsigned int rdepth) __attribute__((optnone,noinline,noclone));
+#endif
static int
match(REGISTER PCRE_PUCHAR eptr, REGISTER const pcre_uchar *ecode,
PCRE_PUCHAR mstart, int offset_top, match_data *md, eptrblock *eptrb,

106
sdk_container/src/third_party/portage-stable/dev-libs/libpcre/libpcre-8.45-r2.ebuild vendored
View File

@ -1,106 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit libtool multilib-minimal preserve-libs usr-ldscript
DESCRIPTION="Perl-compatible regular expression library"
HOMEPAGE="http://www.pcre.org/"
MY_P="pcre-${PV/_rc/-RC}"
if [[ ${PV} != *_rc* ]] ; then
# Only the final releases are available here.
SRC_URI="
https://downloads.sourceforge.net/pcre/${MY_P}.tar.bz2
https://ftp.pcre.org/pub/pcre/${MY_P}.tar.bz2
ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/${MY_P}.tar.bz2
"
else
SRC_URI="ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/Testing/${MY_P}.tar.bz2"
fi
S="${WORKDIR}/${MY_P}"
LICENSE="BSD"
SLOT="3"
KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
IUSE="bzip2 +cxx +jit libedit pcre16 pcre32 +readline static-libs unicode valgrind zlib"
REQUIRED_USE="
readline? ( !libedit )
libedit? ( !readline )
"
RDEPEND="
bzip2? ( app-arch/bzip2 )
zlib? ( sys-libs/zlib )
libedit? ( dev-libs/libedit )
readline? ( sys-libs/readline:= )
"
DEPEND="
${RDEPEND}
valgrind? ( dev-debug/valgrind )
"
BDEPEND="virtual/pkgconfig"
MULTILIB_CHOST_TOOLS=(
/usr/bin/pcre-config
)
PATCHES=(
"${FILESDIR}"/${PN}-8.45-fix-stack-size-detection.patch
)
src_prepare() {
default
sed -i -e "s:-lpcre ::" libpcrecpp.pc.in || die
elibtoolize
}
multilib_src_configure() {
local myeconfargs=(
$(multilib_native_use_enable bzip2 pcregrep-libbz2)
$(use_enable cxx cpp)
$(use_enable jit)
$(use_enable jit pcregrep-jit)
$(use_enable pcre16)
$(use_enable pcre32)
$(multilib_native_use_enable libedit pcretest-libedit)
$(multilib_native_use_enable readline pcretest-libreadline)
$(use_enable static-libs static)
$(use_enable unicode utf)
$(use_enable unicode unicode-properties)
$(multilib_native_use_enable valgrind)
$(multilib_native_use_enable zlib pcregrep-libz)
--enable-pcre8
--enable-shared
)
ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
}
multilib_src_compile() {
emake V=1 $(multilib_is_native_abi || echo "bin_PROGRAMS=")
}
multilib_src_install() {
emake \
DESTDIR="${D}" \
$(multilib_is_native_abi || echo "bin_PROGRAMS= dist_html_DATA=") \
install
gen_usr_ldscript -a pcre
}
multilib_src_install_all() {
find "${ED}" -type f -name "*.la" -delete || die
}
pkg_preinst() {
preserve_old_lib /$(get_libdir)/libpcre.so.0
}
pkg_postinst() {
preserve_old_lib_notify /$(get_libdir)/libpcre.so.0
}

109
sdk_container/src/third_party/portage-stable/dev-libs/libpcre/libpcre-8.45-r3.ebuild vendored
View File

@ -1,109 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit autotools multilib-minimal preserve-libs
DESCRIPTION="Perl-compatible regular expression library"
HOMEPAGE="http://www.pcre.org/"
MY_P="pcre-${PV/_rc/-RC}"
if [[ ${PV} != *_rc* ]] ; then
# Only the final releases are available here.
SRC_URI="
https://downloads.sourceforge.net/pcre/${MY_P}.tar.bz2
https://ftp.pcre.org/pub/pcre/${MY_P}.tar.bz2
ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/${MY_P}.tar.bz2
"
else
SRC_URI="ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/Testing/${MY_P}.tar.bz2"
fi
S="${WORKDIR}/${MY_P}"
LICENSE="BSD"
SLOT="3"
KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
IUSE="bzip2 +cxx +jit libedit pcre16 pcre32 +readline static-libs unicode valgrind zlib"
REQUIRED_USE="
readline? ( !libedit )
libedit? ( !readline )
"
RDEPEND="
bzip2? ( app-arch/bzip2 )
zlib? ( sys-libs/zlib )
libedit? ( dev-libs/libedit )
readline? ( sys-libs/readline:= )
"
DEPEND="
${RDEPEND}
valgrind? ( dev-debug/valgrind )
"
BDEPEND="virtual/pkgconfig"
MULTILIB_CHOST_TOOLS=(
/usr/bin/pcre-config
)
PATCHES=(
"${FILESDIR}"/${PN}-8.45-fix-stack-size-detection.patch
)
src_prepare() {
default
sed -i -e "s:-lpcre ::" libpcrecpp.pc.in || die
# We do a full autoreconf because:
# - the software is end of life and never getting new dist tarballs
# - it uses a frankensteined "2.4.6.42-b88ce-dirty" libtool, which
# means elibtoolize can't find patches to apply
eautoreconf
}
multilib_src_configure() {
local myeconfargs=(
$(multilib_native_use_enable bzip2 pcregrep-libbz2)
$(use_enable cxx cpp)
$(use_enable jit)
$(use_enable jit pcregrep-jit)
$(use_enable pcre16)
$(use_enable pcre32)
$(multilib_native_use_enable libedit pcretest-libedit)
$(multilib_native_use_enable readline pcretest-libreadline)
$(use_enable static-libs static)
$(use_enable unicode utf)
$(use_enable unicode unicode-properties)
$(multilib_native_use_enable valgrind)
$(multilib_native_use_enable zlib pcregrep-libz)
--enable-pcre8
--enable-shared
)
ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
}
multilib_src_compile() {
emake V=1 $(multilib_is_native_abi || echo "bin_PROGRAMS=")
}
multilib_src_install() {
emake \
DESTDIR="${D}" \
$(multilib_is_native_abi || echo "bin_PROGRAMS= dist_html_DATA=") \
install
}
multilib_src_install_all() {
find "${ED}" -type f -name "*.la" -delete || die
}
pkg_preinst() {
preserve_old_lib /$(get_libdir)/libpcre.so.0
}
pkg_postinst() {
preserve_old_lib_notify /$(get_libdir)/libpcre.so.0
}

29
sdk_container/src/third_party/portage-stable/dev-libs/libpcre/metadata.xml vendored
View File

@ -1,29 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>base-system@gentoo.org</email>
<name>Gentoo Base System</name>
</maintainer>
<use>
<flag name="bzip2">
Add support for pcregrep command to search within
bzip2-compressed files (via <pkg>app-arch/bzip2</pkg>).
</flag>
<flag name="pcre16">Build PCRE library for 16 bit characters (e.g. UTF-16).</flag>
<flag name="pcre32">Build PCRE library for 32 bit characters (e.g. UTF-32).</flag>
<flag name="readline">
Add support for command line editing to pcretest, through
<pkg>sys-libs/readline</pkg>.
</flag>
<flag name="zlib">
Add support for pcregrep command to search within
gzip-compressed files (via <pkg>sys-libs/zlib</pkg>).
</flag>
</use>
<upstream>
<bugs-to>https://bugs.exim.org/describecomponents.cgi?product=PCRE</bugs-to>
<remote-id type="cpe">cpe:/a:pcre:pcre</remote-id>
<remote-id type="sourceforge">pcre</remote-id>
</upstream>
</pkgmetadata>

4
sdk_container/src/third_party/portage-stable/net-dns/bind-tools/Manifest vendored Normal file
View File

@ -0,0 +1,4 @@
DIST bind-9.16.48.tar.xz 5131176 BLAKE2B 4a503b45df412c435cb0f75b54ee1270140cccce7ecc159cdf3e0e3cbd3c0a0866b7472782f20aacf130f57df12d20a102ac6979498138ce00a2655806d003e7 SHA512 83829a5045e2a29dd2b491d3ab72b545f5664023fcd4aa205a44dbb7bcc5c737b4466c0d73f124b8d88fd33c56776871a07dde1ba0530d43eec8e7304a08d353
DIST bind-9.16.48.tar.xz.asc 833 BLAKE2B 740ed58863ed3a7dee6ada4edd03cad5378ea0aa53cd6f071ca1911bb2d6b285ed292f32846790d42b97e8d9bb72588f1cd30c4e10557ac1e9f1df545923a9b1 SHA512 7bd813b5ab6f9677fc4ef21e0c3930f6319fa6c49d6869570794bc28212fe8935b72f9f217cfce692a2dec9ec29994f345d1b1145cef1ca976c5361f6ce0f75d
DIST bind-9.16.50.tar.xz 5134620 BLAKE2B 0464d1e246d0a5c39e20faf733b7f4ee21d192cc0ccce5bba2a22ae4303c82005ccfb319fe2da51872c7258852a747984d7327c70dec08414ab2d194c412199b SHA512 7627e0606ac389343046fa9d1ca789ed732b3c8d99e83ba6f59593f816cebc0b2ebd319c2812ac1f604c68f5115bbc281d432036c0d31bbe489ee2d678374213
DIST bind-9.16.50.tar.xz.asc 833 BLAKE2B 7eabf67b96d1fc94ec096adf1b4d075c370b603b7225522fe5b97d04c519f68f017fe0ccaf7ddeff029d17c0b4c3932a09f009376553f987671ba21f6b9cdb7d SHA512 0650ad5d55da2d9fe848d68aa59b16998b781152209ebcaabaea68144dab75ff9f4cfcceaa87a6b6da4f2f98fcf6f9eddd16d19ddf958fef242d93da03516dbc

170
sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.48.ebuild vendored Normal file
View File

@ -0,0 +1,170 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/isc.asc
inherit autotools flag-o-matic multiprocessing toolchain-funcs verify-sig
MY_PN=${PN//-tools}
MY_PV=${PV/_p/-P}
MY_PV=${MY_PV/_rc/rc}
MY_P="${MY_PN}-${MY_PV}"
DESCRIPTION="bind tools: dig, nslookup, host, nsupdate, dnssec-keygen"
HOMEPAGE="https://www.isc.org/software/bind https://gitlab.isc.org/isc-projects/bind9"
SRC_URI="
https://downloads.isc.org/isc/bind9/${PV}/${MY_P}.tar.xz
verify-sig? ( https://downloads.isc.org/isc/bind9/${PV}/${MY_P}.tar.xz.asc )
"
S="${WORKDIR}/${MY_P}"
LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
IUSE="+caps doc gssapi idn libedit readline test xml"
# no PKCS11 currently as it requires OpenSSL to be patched, also see bug #409687
RESTRICT="!test? ( test )"
# libuv lower bound should be the highest value seen at
# https://gitlab.isc.org/isc-projects/bind9/-/blob/bind-9.16/lib/isc/netmgr/netmgr.c?ref_type=heads#L244
# to avoid issues with matching stable/testing, etc
RDEPEND="
>=dev-libs/libuv-1.42.0:=
dev-libs/openssl:=
caps? ( sys-libs/libcap )
xml? ( dev-libs/libxml2 )
idn? ( net-dns/libidn2:= )
gssapi? ( virtual/krb5 )
libedit? ( dev-libs/libedit )
!libedit? (
readline? ( sys-libs/readline:= )
)
"
DEPEND="${RDEPEND}"
# sphinx required for man-page and html creation
BDEPEND="
virtual/pkgconfig
doc? ( dev-python/sphinx )
test? (
dev-util/cmocka
dev-util/kyua
)
verify-sig? ( sec-keys/openpgp-keys-isc )
"
src_prepare() {
default
# Do not disable thread local storage on Solaris, it works with our
# toolchain, and it breaks further configure checks
sed -i -e '/LDFLAGS=/s/-zrelax=transtls//' configure.ac configure || die
# Slow tests
sed -i "s/{name='mem_test'}/{name='mem_test',timeout=900}/" "lib/isc/tests/Kyuafile" || die
sed -i "s/{name='timer_test'}/{name='timer_test',timeout=900}/" "lib/isc/tests/Kyuafile" || die
# Conditionally broken
use sparc && ( sed -i "/{name='netmgr_test'}/d" "lib/isc/tests/Kyuafile" || die )
# bug #220361
rm aclocal.m4 || die
rm -rf libtool.m4/ || die
eautoreconf
}
src_configure() {
local myeconfargs=(
# localstatedir for nsupdate -l, bug #395785
--localstatedir="${EPREFIX}"/var
--without-python
--without-libjson
--without-zlib
--without-lmdb
--without-maxminddb
--disable-geoip
--with-openssl="${ESYSROOT}"/usr
$(use_with idn libidn2 "${ESYSROOT}"/usr)
$(use_with xml libxml2)
$(use_with gssapi)
$(use_with readline)
$(use_enable caps linux-caps)
AR="$(type -P $(tc-getAR))"
)
# bug #607400
if use libedit ; then
myeconfargs+=( --with-readline=-ledit )
elif use readline ; then
myeconfargs+=( --with-readline=-lreadline )
else
myeconfargs+=( --without-readline )
fi
# bug #344029
append-cflags "-DDIG_SIGCHASE"
append-ldflags "-L${ESYSROOT}/usr/$(get_libdir)"
# to expose CMSG_* macros from sys/sockets.h
[[ ${CHOST} == *-solaris* ]] && append-cflags "-D_XOPEN_SOURCE=600"
tc-export BUILD_CC
econf "${myeconfargs[@]}"
# bug #151839
echo '#undef SO_BSDCOMPAT' >> config.h || die
}
src_compile() {
local AR="$(tc-getAR)"
emake AR="${AR}" -C lib/
emake AR="${AR}" -C bin/delv/
emake AR="${AR}" -C bin/dig/
emake AR="${AR}" -C bin/nsupdate/
emake AR="${AR}" -C bin/dnssec/
emake -C doc/man/ man $(usev doc)
}
src_test() {
# system tests ('emake test') require network configuration for IPs etc
# so we run the unit tests instead.
TEST_PARALLEL_JOBS="$(makeopts_jobs)" emake -Onone unit
}
src_install() {
local man_dir="${S}/doc/man"
local html_dir="${man_dir}/_build/html"
dodoc README CHANGES
cd "${S}"/bin/delv || die
dobin delv
doman ${man_dir}/delv.1
cd "${S}"/bin/dig || die
dobin dig host nslookup
doman ${man_dir}/{dig,host,nslookup}.1
cd "${S}"/bin/nsupdate || die
dobin nsupdate
doman ${man_dir}/nsupdate.1
if use doc; then
docinto html
dodoc ${html_dir}/nsupdate.html
fi
cd "${S}"/bin/dnssec || die
local tool
for tool in dsfromkey importkey keyfromlabel keygen \
revoke settime signzone verify; do
dobin dnssec-"${tool}"
doman ${man_dir}/dnssec-"${tool}".8
if use doc; then
docinto html
dodoc ${html_dir}/dnssec-"${tool}".html
fi
done
}

170
sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.16.50.ebuild vendored Normal file
View File

@ -0,0 +1,170 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/isc.asc
inherit autotools flag-o-matic multiprocessing toolchain-funcs verify-sig
MY_PN=${PN//-tools}
MY_PV=${PV/_p/-P}
MY_PV=${MY_PV/_rc/rc}
MY_P="${MY_PN}-${MY_PV}"
DESCRIPTION="bind tools: dig, nslookup, host, nsupdate, dnssec-keygen"
HOMEPAGE="https://www.isc.org/software/bind https://gitlab.isc.org/isc-projects/bind9"
SRC_URI="
https://downloads.isc.org/isc/bind9/${PV}/${MY_P}.tar.xz
verify-sig? ( https://downloads.isc.org/isc/bind9/${PV}/${MY_P}.tar.xz.asc )
"
S="${WORKDIR}/${MY_P}"
LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
SLOT="0"
KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
IUSE="+caps doc gssapi idn libedit readline test xml"
# no PKCS11 currently as it requires OpenSSL to be patched, also see bug #409687
RESTRICT="!test? ( test )"
# libuv lower bound should be the highest value seen at
# https://gitlab.isc.org/isc-projects/bind9/-/blob/bind-9.16/lib/isc/netmgr/netmgr.c?ref_type=heads#L244
# to avoid issues with matching stable/testing, etc
RDEPEND="
>=dev-libs/libuv-1.42.0:=
dev-libs/openssl:=
caps? ( sys-libs/libcap )
xml? ( dev-libs/libxml2 )
idn? ( net-dns/libidn2:= )
gssapi? ( virtual/krb5 )
libedit? ( dev-libs/libedit )
!libedit? (
readline? ( sys-libs/readline:= )
)
"
DEPEND="${RDEPEND}"
# sphinx required for man-page and html creation
BDEPEND="
virtual/pkgconfig
doc? ( dev-python/sphinx )
test? (
dev-util/cmocka
dev-util/kyua
)
verify-sig? ( sec-keys/openpgp-keys-isc )
"
src_prepare() {
default
# Do not disable thread local storage on Solaris, it works with our
# toolchain, and it breaks further configure checks
sed -i -e '/LDFLAGS=/s/-zrelax=transtls//' configure.ac configure || die
# Slow tests
sed -i "s/{name='mem_test'}/{name='mem_test',timeout=900}/" "lib/isc/tests/Kyuafile" || die
sed -i "s/{name='timer_test'}/{name='timer_test',timeout=900}/" "lib/isc/tests/Kyuafile" || die
# Conditionally broken
use sparc && ( sed -i "/{name='netmgr_test'}/d" "lib/isc/tests/Kyuafile" || die )
# bug #220361
rm aclocal.m4 || die
rm -rf libtool.m4/ || die
eautoreconf
}
src_configure() {
local myeconfargs=(
# localstatedir for nsupdate -l, bug #395785
--localstatedir="${EPREFIX}"/var
--without-python
--without-libjson
--without-zlib
--without-lmdb
--without-maxminddb
--disable-geoip
--with-openssl="${ESYSROOT}"/usr
$(use_with idn libidn2 "${ESYSROOT}"/usr)
$(use_with xml libxml2)
$(use_with gssapi)
$(use_with readline)
$(use_enable caps linux-caps)
AR="$(type -P $(tc-getAR))"
)
# bug #607400
if use libedit ; then
myeconfargs+=( --with-readline=-ledit )
elif use readline ; then
myeconfargs+=( --with-readline=-lreadline )
else
myeconfargs+=( --without-readline )
fi
# bug #344029
append-cflags "-DDIG_SIGCHASE"
append-ldflags "-L${ESYSROOT}/usr/$(get_libdir)"
# to expose CMSG_* macros from sys/sockets.h
[[ ${CHOST} == *-solaris* ]] && append-cflags "-D_XOPEN_SOURCE=600"
tc-export BUILD_CC
econf "${myeconfargs[@]}"
# bug #151839
echo '#undef SO_BSDCOMPAT' >> config.h || die
}
src_compile() {
local AR="$(tc-getAR)"
emake AR="${AR}" -C lib/
emake AR="${AR}" -C bin/delv/
emake AR="${AR}" -C bin/dig/
emake AR="${AR}" -C bin/nsupdate/
emake AR="${AR}" -C bin/dnssec/
emake -C doc/man/ man $(usev doc)
}
src_test() {
# system tests ('emake test') require network configuration for IPs etc
# so we run the unit tests instead.
TEST_PARALLEL_JOBS="$(makeopts_jobs)" emake -Onone unit
}
src_install() {
local man_dir="${S}/doc/man"
local html_dir="${man_dir}/_build/html"
dodoc README CHANGES
cd "${S}"/bin/delv || die
dobin delv
doman ${man_dir}/delv.1
cd "${S}"/bin/dig || die
dobin dig host nslookup
doman ${man_dir}/{dig,host,nslookup}.1
cd "${S}"/bin/nsupdate || die
dobin nsupdate
doman ${man_dir}/nsupdate.1
if use doc; then
docinto html
dodoc ${html_dir}/nsupdate.html
fi
cd "${S}"/bin/dnssec || die
local tool
for tool in dsfromkey importkey keyfromlabel keygen \
revoke settime signzone verify; do
dobin dnssec-"${tool}"
doman ${man_dir}/dnssec-"${tool}".8
if use doc; then
docinto html
dodoc ${html_dir}/dnssec-"${tool}".html
fi
done
}

26
sdk_container/src/third_party/portage-stable/net-dns/bind-tools/bind-tools-9.18.0.ebuild vendored Normal file
View File

@ -0,0 +1,26 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
DESCRIPTION="bind tools: dig, nslookup, host, nsupdate, dnssec-keygen"
HOMEPAGE="https://www.isc.org/software/bind https://gitlab.isc.org/isc-projects/bind9"
LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
SLOT="0"
KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
IUSE="+caps doc gssapi idn libedit readline xml"
RDEPEND=">=net-dns/bind-9.18.0[caps?,doc?,gssapi?,idn?,xml?]"
pkg_postinst() {
ewarn "net-dns/bind-tools is now merged into net-dns/bind and"
ewarn "net-dns/bind-tools serves as a dummy package until it is"
ewarn "eventually removed. The split was already a maintenance burden"
ewarn "because of lack of build system support for it, but this became"
ewarn "more severe with >=9.18.0."
ewarn ""
ewarn "Please run the following commands:"
ewarn "* emerge --deselect net-dns/bind-tools"
ewarn "* emerge --noreplace net-dns/bind instead"
}

9
sdk_container/src/third_party/portage-stable/net-libs/http-parser/metadata.xml → sdk_container/src/third_party/portage-stable/net-dns/bind-tools/metadata.xml vendored
View File

@ -2,10 +2,13 @@
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> <!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata> <pkgmetadata>
<maintainer type="person"> <maintainer type="person">
<email>mgorny@gentoo.org</email> <email>chutzpah@gentoo.org</email>
<name>Michał Górny</name> <name>Patrick McLean</name>
</maintainer> </maintainer>
<use>
<flag name="gssapi">Enable gssapi support</flag>
</use>
<upstream> <upstream>
<remote-id type="github">nodejs/http-parser</remote-id> <remote-id type="cpe">cpe:/a:isc:bind</remote-id>
</upstream> </upstream>
</pkgmetadata> </pkgmetadata>

1
sdk_container/src/third_party/portage-stable/net-libs/http-parser/Manifest vendored
View File

@ -1 +0,0 @@
DIST http-parser-2.9.4.tar.gz 52056 BLAKE2B 988ebc3f3e1a7d53ed4147dac2e09c4d6021bb1a287990d83130c24e9fee01a3123b4c5ad9e1b86c0f123248484dae272010aa1f3ebd3bd4574d8407ede94e62 SHA512 b45df7b94d1c51079d44687d0a7f901f44faae51df4e84c7e3fe38f130c2d809d0e7c2a146c57b3723e60732aededc246bf44eadb10a95b710963d641f9fe7cd

20
sdk_container/src/third_party/portage-stable/net-libs/http-parser/files/http-parser-2.9.4-non-x86-test.patch vendored
View File

@ -1,20 +0,0 @@
diff --git a/test.c b/test.c
index 53a3163..49c4b7a 100644
--- a/test.c
+++ b/test.c
@@ -4343,7 +4343,13 @@ main (void)
printf("http_parser v%u.%u.%u (0x%06lx)\n", major, minor, patch, version);
printf("sizeof(http_parser) = %u\n", (unsigned int)sizeof(http_parser));
- assert(sizeof(http_parser) == 4 + 4 + 8 + 2 + 2 + 4 + sizeof(void *));
+
+#if defined(__i386__) || defined(__x86_64__)
+ /* Should be 32 on both 32 bits and 64 bits x86 because of struct padding,
+ * see https://github.com/nodejs/http-parser/issues/507.
+ */
+ assert(sizeof(http_parser) == 24 + sizeof(void*));
+#endif
//// API
test_preserve_data();

38
sdk_container/src/third_party/portage-stable/net-libs/http-parser/http-parser-2.9.4-r2.ebuild vendored
View File

@ -1,38 +0,0 @@
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit toolchain-funcs
DESCRIPTION="HTTP request/response parser for C"
HOMEPAGE="https://github.com/nodejs/http-parser"
SRC_URI="https://github.com/nodejs/http-parser/archive/v${PV}.tar.gz -> ${P}.tar.gz"
LICENSE="MIT"
# 2.9.4 restored ABI compatibility with 2.9.0 but since we failed
# to set subslot in 2.9.3, we want to provoke another rebuild
SLOT="0/2.9.4"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x64-macos ~x64-solaris"
PATCHES=(
"${FILESDIR}"/${P}-non-x86-test.patch
)
src_configure() {
tc-export CC AR
}
src_compile() {
emake PREFIX="${EPREFIX}/usr" LIBDIR="${EPREFIX}/usr/$(get_libdir)" CFLAGS_FAST="${CFLAGS}" library
}
src_test() {
emake CFLAGS_DEBUG="${CFLAGS}" CFLAGS_FAST="${CFLAGS}" test
}
src_install() {
emake DESTDIR="${D}" PREFIX="${EPREFIX}/usr" LIBDIR="${EPREFIX}/usr/$(get_libdir)" install
einstalldocs
}

1
sdk_container/src/third_party/portage-stable/sys-auth/sssd/Manifest vendored Normal file
View File

@ -0,0 +1 @@
DIST sssd-2.9.5.tar.gz 8001964 BLAKE2B e9c839e58fbeac9e8cba83b726f075c5db6ce85059546d745672c222b594f4aa26ad103f0eb3a8ff9e2b364c3502fb93c639fe9e621fefd6fecd2319f5cb499a SHA512 d219f12ffc75af233f0e4ffc62c0442acc6da3cd94ed4eab7102a78821af5257c8e4ba0d06b2c99c08e06502f8d0d0bcc80540d63823dbe0f52eb0432ae7e14d

12
sdk_container/src/third_party/portage-stable/sys-auth/sssd/files/sssd-2.8.2-krb5_pw_locked.patch vendored Normal file
View File

@ -0,0 +1,12 @@
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index a1c0b36..207c010 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -1037,6 +1037,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
case ERR_ACCOUNT_LOCKED:
state->pam_status = PAM_PERM_DENIED;
state->dp_err = DP_ERR_OK;
+ state->pd->account_locked = true;
ret = EOK;
goto done;

19
sdk_container/src/third_party/portage-stable/sys-auth/sssd/files/sssd-2.9.1-conditional-python-install.patch vendored Normal file
View File

@ -0,0 +1,19 @@
diff --git a/src/tools/analyzer/Makefile.am b/src/tools/analyzer/Makefile.am
index b40043d04..dce6b9d36 100644
--- a/src/tools/analyzer/Makefile.am
+++ b/src/tools/analyzer/Makefile.am
@@ -5,7 +5,9 @@ dist_sss_analyze_python_SCRIPTS = \
$(NULL)
pkgpythondir = $(python3dir)/sssd
+modulesdir = $(pkgpythondir)/modules
+if BUILD_PYTHON_BINDINGS
dist_pkgpython_DATA = \
__init__.py \
source_files.py \
@@ -20,3 +22,4 @@ dist_modules_DATA = \
modules/__init__.py \
modules/request.py \
$(NULL)
+endif

0
sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd.conf → sdk_container/src/third_party/portage-stable/sys-auth/sssd/files/sssd.conf vendored
View File

29
sdk_container/src/third_party/portage-stable/sys-auth/sssd/metadata.xml vendored Normal file
View File

@ -0,0 +1,29 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>base-system@gentoo.org</email>
<name>Gentoo Base System</name>
</maintainer>
<maintainer type="person" proxied="yes">
<email>salah.coronya@gmail.com</email>
<name>Christopher Byrne</name>
</maintainer>
<maintainer type="project" proxied="proxy">
<email>proxy-maint@gentoo.org</email>
<name>Proxy Maintainers</name>
</maintainer>
<use>
<flag name="acl"> Build and use the cifsidmap plugin</flag>
<flag name="netlink">Add support for netlink protocol via <pkg>dev-libs/libnl</pkg></flag>
<flag name="nfsv4">Add support for the nfsv4 idmapd plugin provided by <pkg>net-fs/nfs-utils</pkg></flag>
<flag name="samba">Add Privileged Attribute Certificate Support for Kerberos</flag>
<flag name="subid">Support subordinate uid and gid ranges in FreeIPA</flag>
<flag name="sudo">Build helper to let <pkg>app-admin/sudo</pkg> use sssd provided information</flag>
<flag name="systemtap">Enable SystemTap/DTrace tracing</flag>
</use>
<upstream>
<remote-id type="cpe">cpe:/a:fedoraproject:sssd</remote-id>
<remote-id type="github">SSSD/sssd</remote-id>
</upstream>
</pkgmetadata>

335
sdk_container/src/third_party/portage-stable/sys-auth/sssd/sssd-2.9.5-r2.ebuild vendored Normal file
View File

@ -0,0 +1,335 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PLOCALES="ca de es fr ja ko pt_BR ru sv tr uk"
PLOCALES_BIN="${PLOCALES} bg cs eu fi hu id it ka nb nl pl pt tg zh_TW zh_CN"
PLOCALE_BACKUP="sv"
PYTHON_COMPAT=( python3_{10..12} )
inherit autotools linux-info multilib-minimal optfeature plocale \
python-single-r1 pam systemd toolchain-funcs
DESCRIPTION="System Security Services Daemon provides access to identity and authentication"
HOMEPAGE="https://github.com/SSSD/sssd"
if [[ ${PV} != 9999 ]]; then
SRC_URI="https://github.com/SSSD/sssd/releases/download/${PV}/${P}.tar.gz"
KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
else
inherit git-r3
EGIT_REPO_URI="https://github.com/SSSD/sssd.git"
EGIT_BRANCH="master"
fi
LICENSE="GPL-3"
SLOT="0"
IUSE="acl doc +netlink nfsv4 nls +man python samba selinux subid sudo systemd systemtap test"
REQUIRED_USE="
python? ( ${PYTHON_REQUIRED_USE} )
test? ( sudo )"
RESTRICT="!test? ( test )"
DEPEND="
>=app-crypt/mit-krb5-1.19.1[${MULTILIB_USEDEP}]
app-crypt/p11-kit
>=dev-libs/ding-libs-0.2
>=dev-libs/cyrus-sasl-2.1.25-r3[kerberos]
dev-libs/jansson:=
dev-libs/libpcre2:=
dev-libs/libunistring:=[${MULTILIB_USEDEP}]
>=dev-libs/popt-1.16
>=dev-libs/openssl-1.0.2:=
>=net-dns/bind-tools-9.9[gssapi]
>=net-dns/c-ares-1.10.0-r1:=[${MULTILIB_USEDEP}]
>=net-nds/openldap-2.4.30:=[sasl,experimental]
>=sys-apps/dbus-1.6
>=sys-apps/keyutils-1.5:=
>=sys-libs/pam-0-r1[${MULTILIB_USEDEP}]
>=sys-libs/talloc-2.0.7
>=sys-libs/tdb-1.2.9
>=sys-libs/tevent-0.9.16
virtual/ldb:=
virtual/libintl
acl? ( net-fs/cifs-utils[acl] )
netlink? ( dev-libs/libnl:3 )
nfsv4? ( >=net-fs/nfs-utils-2.3.1-r2 )
nls? ( >=sys-devel/gettext-0.18 )
python? (
${PYTHON_DEPS}
systemd? (
$(python_gen_cond_dep '
dev-python/python-systemd[${PYTHON_USEDEP}]
')
)
)
samba? ( >=net-fs/samba-4.10.2[winbind] )
selinux? (
>=sys-libs/libselinux-2.1.9
>=sys-libs/libsemanage-2.1
)
subid? ( >=sys-apps/shadow-4.9 )
systemd? (
sys-apps/systemd:=
sys-apps/util-linux
)
systemtap? ( dev-debug/systemtap )"
RDEPEND="${DEPEND}
selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )"
BDEPEND="
virtual/pkgconfig
${PYTHON_DEPS}
doc? ( app-text/doxygen )
man? (
app-text/docbook-xml-dtd:4.4
>=dev-libs/libxslt-1.1.26
nls? ( app-text/po4a )
)
nls? ( sys-devel/gettext )
test? (
dev-libs/check
dev-libs/softhsm:2
dev-util/cmocka
net-libs/gnutls[pkcs11,tools]
sys-libs/libfaketime
sys-libs/nss_wrapper
sys-libs/pam_wrapper
sys-libs/uid_wrapper
)
"
CONFIG_CHECK="~KEYS"
PATCHES=(
"${FILESDIR}/${PN}-2.8.2-krb5_pw_locked.patch"
"${FILESDIR}/${PN}-2.9.1-conditional-python-install.patch"
)
MULTILIB_WRAPPED_HEADERS=(
/usr/include/ipa_hbac.h
/usr/include/sss_idmap.h
/usr/include/sss_nss_idmap.h
# --with-ifp
/usr/include/sss_sifp.h
/usr/include/sss_sifp_dbus.h
# from 1.15.3
/usr/include/sss_certmap.h
)
pkg_setup() {
linux-info_pkg_setup
python-single-r1_pkg_setup
}
src_prepare() {
default
plocale_get_locales > src/man/po/LINGUAS || die
sed -i \
-e "/_langs]/ s/ .*//" \
src/man/po/po4a.cfg \
|| die
enable_locale() {
local locale=${1}
sed -i \
-e "/_langs]/ s/$/ ${locale}/" \
src/man/po/po4a.cfg \
|| die
}
plocale_for_each_locale enable_locale
PLOCALES="${PLOCALES_BIN}"
plocale_get_locales > po/LINGUAS || die
sed -i \
-e 's:/var/run:/run:' \
src/examples/logrotate \
|| die
# disable flaky test, see https://github.com/SSSD/sssd/issues/5631
sed -i \
-e '/^\s*pam-srv-tests[ \\]*$/d' \
Makefile.am \
|| die
eautoreconf
multilib_copy_sources
}
src_configure() {
local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1 || die)
# Workaround for bug #938302
if use systemtap && has_version "dev-debug/systemtap[-dtrace-symlink(+)]" ; then
export DTRACE="${BROOT}"/usr/bin/stap-dtrace
fi
multilib-minimal_src_configure
}
multilib_src_configure() {
local myconf=()
myconf+=(
--libexecdir="${EPREFIX}"/usr/libexec
--localstatedir="${EPREFIX}"/var
--runstatedir="${EPREFIX}"/run
--sbindir="${EPREFIX}"/usr/sbin
--with-pid-path="${EPREFIX}"/run
--with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd
--enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir)
--with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb
--with-db-path="${EPREFIX}"/var/lib/sss/db
--with-gpo-cache-path="${EPREFIX}"/var/lib/sss/gpo_cache
--with-pubconf-path="${EPREFIX}"/var/lib/sss/pubconf
--with-pipe-path="${EPREFIX}"/var/lib/sss/pipes
--with-mcache-path="${EPREFIX}"/var/lib/sss/mc
--with-secrets-db-path="${EPREFIX}"/var/lib/sss/secrets
--with-log-path="${EPREFIX}"/var/log/sssd
--with-kcm
--enable-kcm-renewal
--with-os=gentoo
--disable-rpath
--disable-static
# Valgrind is only used for tests
--disable-valgrind
$(use_with samba)
--with-smb-idmap-interface-version=6
$(multilib_native_use_enable acl cifs-idmap-plugin)
$(multilib_native_use_with selinux)
$(multilib_native_use_with selinux semanage)
--enable-krb5-locator-plugin
$(use_enable samba pac-responder)
$(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin)
$(use_enable nls)
$(multilib_native_use_with netlink libnl)
$(multilib_native_use_with man manpages)
$(multilib_native_use_with sudo)
$(multilib_native_with autofs)
$(multilib_native_with ssh)
--without-oidc-child
--without-passkey
$(use_with subid)
$(use_enable systemtap)
--without-python2-bindings
$(multilib_native_use_with python python3-bindings)
# Annoyingly configure requires that you pick systemd XOR sysv
--with-initscript=$(usex systemd systemd sysv)
KRB5_CONFIG="${ESYSROOT}"/usr/bin/krb5-config
# Needed for Samba 4.21
CPPFLAGS="${CPPFLAGS} -I${ESYSROOT}/usr/include/samba-4.0"
)
use systemd && myconf+=(
--with-systemdunitdir=$(systemd_get_systemunitdir)
)
if ! multilib_is_native_abi; then
# work-around all the libraries that are used for CLI and server
myconf+=(
{POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' '
# ldb headers are fine since native needs it
# ldb lib fails... but it does not seem to bother
{DHASH,UNISTRING,INI_CONFIG_V{0,1,1_1,1_3}}_{CFLAGS,LIBS}=' '
{PCRE,CARES,SYSTEMD_LOGIN,SASL,DBUS,CRYPTO,P11_KIT}_{CFLAGS,LIBS}=' '
{NDR_NBT,SAMBA_UTIL,SMBCLIENT,NDR_KRB5PAC,JANSSON}_{CFLAGS,LIBS}=' '
# use native include path for dbus (needed for build)
DBUS_CFLAGS="${native_dbus_cflags}"
# non-pkgconfig checks
ac_cv_lib_ldap_ldap_search=yes
--without-kcm
--without-manpages
)
fi
econf "${myconf[@]}"
}
multilib_src_compile() {
if multilib_is_native_abi; then
default
use doc && emake docs
else
emake libnss_sss.la pam_sss.la pam_sss_gss.la
emake sssd_krb5_locator_plugin.la
use samba && emake sssd_pac_plugin.la
fi
}
multilib_src_test() {
if multilib_is_native_abi; then
local -x CK_TIMEOUT_MULTIPLIER=10
emake check VERBOSE=yes
fi
}
multilib_src_install() {
if multilib_is_native_abi; then
emake -j1 DESTDIR="${D}" install
if use python; then
python_fix_shebang "${ED}"
python_optimize
fi
else
# easier than playing with automake...
dopammod .libs/pam_sss.so
dopammod .libs/pam_sss_gss.so
into /
dolib.so .libs/libnss_sss.so*
exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5
doexe .libs/sssd_krb5_locator_plugin.so
if use samba; then
exeinto /usr/$(get_libdir)/krb5/plugins/authdata
doexe .libs/sssd_pac_plugin.so
fi
fi
}
multilib_src_install_all() {
einstalldocs
insinto /etc/sssd
insopts -m600
doins src/examples/sssd-example.conf
insinto /etc/logrotate.d
insopts -m644
newins src/examples/logrotate sssd
newconfd "${FILESDIR}"/sssd.conf sssd
keepdir /var/lib/sss/db
keepdir /var/lib/sss/deskprofile
keepdir /var/lib/sss/gpo_cache
keepdir /var/lib/sss/keytabs
keepdir /var/lib/sss/mc
keepdir /var/lib/sss/pipes/private
keepdir /var/lib/sss/pubconf/krb5.include.d
keepdir /var/lib/sss/secrets
keepdir /var/log/sssd
# strip empty dirs
if ! use doc; then
rm -r "${ED}"/usr/share/doc/"${PF}"/doc || die
rm -r "${ED}"/usr/share/doc/"${PF}"/{hbac,idmap,nss_idmap}_doc || die
fi
rm -r "${ED}"/run || die
find "${ED}" -type f -name '*.la' -delete || die
}
pkg_postinst() {
elog "You must set up sssd.conf (default installed into /etc/sssd)"
elog "and (optionally) configuration in /etc/pam.d in order to use SSSD"
elog "features."
optfeature "Kerberos keytab renew (see krb5_renew_interval)" app-crypt/adcli
}

333
sdk_container/src/third_party/portage-stable/sys-auth/sssd/sssd-2.9.5.ebuild vendored Normal file
View File

@ -0,0 +1,333 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PLOCALES="ca de es fr ja ko pt_BR ru sv tr uk"
PLOCALES_BIN="${PLOCALES} bg cs eu fi hu id it ka nb nl pl pt tg zh_TW zh_CN"
PLOCALE_BACKUP="sv"
PYTHON_COMPAT=( python3_{10..12} )
inherit autotools linux-info multilib-minimal optfeature plocale \
python-single-r1 pam systemd toolchain-funcs
DESCRIPTION="System Security Services Daemon provides access to identity and authentication"
HOMEPAGE="https://github.com/SSSD/sssd"
if [[ ${PV} != 9999 ]]; then
SRC_URI="https://github.com/SSSD/sssd/releases/download/${PV}/${P}.tar.gz"
KEYWORDS="amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc x86"
else
inherit git-r3
EGIT_REPO_URI="https://github.com/SSSD/sssd.git"
EGIT_BRANCH="master"
fi
LICENSE="GPL-3"
SLOT="0"
IUSE="acl doc +netlink nfsv4 nls +man python samba selinux subid sudo systemd systemtap test"
REQUIRED_USE="
python? ( ${PYTHON_REQUIRED_USE} )
test? ( sudo )"
RESTRICT="!test? ( test )"
DEPEND="
>=app-crypt/mit-krb5-1.19.1[${MULTILIB_USEDEP}]
app-crypt/p11-kit
>=dev-libs/ding-libs-0.2
>=dev-libs/cyrus-sasl-2.1.25-r3[kerberos]
dev-libs/jansson:=
dev-libs/libpcre2:=
dev-libs/libunistring:=
>=dev-libs/popt-1.16
>=dev-libs/openssl-1.0.2:=
>=net-dns/bind-tools-9.9[gssapi]
>=net-dns/c-ares-1.10.0-r1:=[${MULTILIB_USEDEP}]
>=net-nds/openldap-2.4.30:=[sasl,experimental]
>=sys-apps/dbus-1.6
>=sys-apps/keyutils-1.5:=
>=sys-libs/pam-0-r1[${MULTILIB_USEDEP}]
>=sys-libs/talloc-2.0.7
>=sys-libs/tdb-1.2.9
>=sys-libs/tevent-0.9.16
>=sys-libs/ldb-1.1.17-r1:=
virtual/libintl
acl? ( net-fs/cifs-utils[acl] )
netlink? ( dev-libs/libnl:3 )
nfsv4? ( >=net-fs/nfs-utils-2.3.1-r2 )
nls? ( >=sys-devel/gettext-0.18 )
python? (
${PYTHON_DEPS}
systemd? (
$(python_gen_cond_dep '
dev-python/python-systemd[${PYTHON_USEDEP}]
')
)
)
samba? ( >=net-fs/samba-4.10.2[winbind] )
selinux? (
>=sys-libs/libselinux-2.1.9
>=sys-libs/libsemanage-2.1
)
subid? ( >=sys-apps/shadow-4.9 )
systemd? (
sys-apps/systemd:=
sys-apps/util-linux
)
systemtap? ( dev-debug/systemtap )"
RDEPEND="${DEPEND}
selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )"
BDEPEND="
virtual/pkgconfig
${PYTHON_DEPS}
doc? ( app-text/doxygen )
man? (
app-text/docbook-xml-dtd:4.4
>=dev-libs/libxslt-1.1.26
nls? ( app-text/po4a )
)
nls? ( sys-devel/gettext )
test? (
dev-libs/check
dev-libs/softhsm:2
dev-util/cmocka
net-libs/gnutls[pkcs11,tools]
sys-libs/libfaketime
sys-libs/nss_wrapper
sys-libs/pam_wrapper
sys-libs/uid_wrapper
)
"
CONFIG_CHECK="~KEYS"
PATCHES=(
"${FILESDIR}/${PN}-2.8.2-krb5_pw_locked.patch"
"${FILESDIR}/${PN}-2.9.1-conditional-python-install.patch"
)
MULTILIB_WRAPPED_HEADERS=(
/usr/include/ipa_hbac.h
/usr/include/sss_idmap.h
/usr/include/sss_nss_idmap.h
# --with-ifp
/usr/include/sss_sifp.h
/usr/include/sss_sifp_dbus.h
# from 1.15.3
/usr/include/sss_certmap.h
)
pkg_setup() {
linux-info_pkg_setup
python-single-r1_pkg_setup
}
src_prepare() {
default
plocale_get_locales > src/man/po/LINGUAS || die
sed -i \
-e "/_langs]/ s/ .*//" \
src/man/po/po4a.cfg \
|| die
enable_locale() {
local locale=${1}
sed -i \
-e "/_langs]/ s/$/ ${locale}/" \
src/man/po/po4a.cfg \
|| die
}
plocale_for_each_locale enable_locale
PLOCALES="${PLOCALES_BIN}"
plocale_get_locales > po/LINGUAS || die
sed -i \
-e 's:/var/run:/run:' \
src/examples/logrotate \
|| die
# disable flaky test, see https://github.com/SSSD/sssd/issues/5631
sed -i \
-e '/^\s*pam-srv-tests[ \\]*$/d' \
Makefile.am \
|| die
eautoreconf
multilib_copy_sources
}
src_configure() {
local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1 || die)
# Workaround for bug #938302
if use systemtap && has_version "dev-debug/systemtap[-dtrace-symlink(+)]" ; then
export DTRACE="${BROOT}"/usr/bin/stap-dtrace
fi
multilib-minimal_src_configure
}
multilib_src_configure() {
local myconf=()
myconf+=(
--libexecdir="${EPREFIX}"/usr/libexec
--localstatedir="${EPREFIX}"/var
--runstatedir="${EPREFIX}"/run
--sbindir="${EPREFIX}"/usr/sbin
--with-pid-path="${EPREFIX}"/run
--with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd
--enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir)
--with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb
--with-db-path="${EPREFIX}"/var/lib/sss/db
--with-gpo-cache-path="${EPREFIX}"/var/lib/sss/gpo_cache
--with-pubconf-path="${EPREFIX}"/var/lib/sss/pubconf
--with-pipe-path="${EPREFIX}"/var/lib/sss/pipes
--with-mcache-path="${EPREFIX}"/var/lib/sss/mc
--with-secrets-db-path="${EPREFIX}"/var/lib/sss/secrets
--with-log-path="${EPREFIX}"/var/log/sssd
--with-kcm
--enable-kcm-renewal
--with-os=gentoo
--disable-rpath
--disable-static
# Valgrind is only used for tests
--disable-valgrind
$(use_with samba)
--with-smb-idmap-interface-version=6
$(multilib_native_use_enable acl cifs-idmap-plugin)
$(multilib_native_use_with selinux)
$(multilib_native_use_with selinux semanage)
--enable-krb5-locator-plugin
$(use_enable samba pac-responder)
$(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin)
$(use_enable nls)
$(multilib_native_use_with netlink libnl)
$(multilib_native_use_with man manpages)
$(multilib_native_use_with sudo)
$(multilib_native_with autofs)
$(multilib_native_with ssh)
--without-oidc-child
--without-passkey
$(use_with subid)
$(use_enable systemtap)
--without-python2-bindings
$(multilib_native_use_with python python3-bindings)
# Annoyingly configure requires that you pick systemd XOR sysv
--with-initscript=$(usex systemd systemd sysv)
KRB5_CONFIG="${ESYSROOT}"/usr/bin/krb5-config
)
use systemd && myconf+=(
--with-systemdunitdir=$(systemd_get_systemunitdir)
)
if ! multilib_is_native_abi; then
# work-around all the libraries that are used for CLI and server
myconf+=(
{POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' '
# ldb headers are fine since native needs it
# ldb lib fails... but it does not seem to bother
{DHASH,UNISTRING,INI_CONFIG_V{0,1,1_1,1_3}}_{CFLAGS,LIBS}=' '
{PCRE,CARES,SYSTEMD_LOGIN,SASL,DBUS,CRYPTO,P11_KIT}_{CFLAGS,LIBS}=' '
{NDR_NBT,SAMBA_UTIL,SMBCLIENT,NDR_KRB5PAC,JANSSON}_{CFLAGS,LIBS}=' '
# use native include path for dbus (needed for build)
DBUS_CFLAGS="${native_dbus_cflags}"
# non-pkgconfig checks
ac_cv_lib_ldap_ldap_search=yes
--without-kcm
--without-manpages
)
fi
econf "${myconf[@]}"
}
multilib_src_compile() {
if multilib_is_native_abi; then
default
use doc && emake docs
else
emake libnss_sss.la pam_sss.la pam_sss_gss.la
emake sssd_krb5_locator_plugin.la
use samba && emake sssd_pac_plugin.la
fi
}
multilib_src_test() {
if multilib_is_native_abi; then
local -x CK_TIMEOUT_MULTIPLIER=10
emake check VERBOSE=yes
fi
}
multilib_src_install() {
if multilib_is_native_abi; then
emake -j1 DESTDIR="${D}" install
if use python; then
python_fix_shebang "${ED}"
python_optimize
fi
else
# easier than playing with automake...
dopammod .libs/pam_sss.so
dopammod .libs/pam_sss_gss.so
into /
dolib.so .libs/libnss_sss.so*
exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5
doexe .libs/sssd_krb5_locator_plugin.so
if use samba; then
exeinto /usr/$(get_libdir)/krb5/plugins/authdata
doexe .libs/sssd_pac_plugin.so
fi
fi
}
multilib_src_install_all() {
einstalldocs
insinto /etc/sssd
insopts -m600
doins src/examples/sssd-example.conf
insinto /etc/logrotate.d
insopts -m644
newins src/examples/logrotate sssd
newconfd "${FILESDIR}"/sssd.conf sssd
keepdir /var/lib/sss/db
keepdir /var/lib/sss/deskprofile
keepdir /var/lib/sss/gpo_cache
keepdir /var/lib/sss/keytabs
keepdir /var/lib/sss/mc
keepdir /var/lib/sss/pipes/private
keepdir /var/lib/sss/pubconf/krb5.include.d
keepdir /var/lib/sss/secrets
keepdir /var/log/sssd
# strip empty dirs
if ! use doc; then
rm -r "${ED}"/usr/share/doc/"${PF}"/doc || die
rm -r "${ED}"/usr/share/doc/"${PF}"/{hbac,idmap,nss_idmap}_doc || die
fi
rm -r "${ED}"/run || die
find "${ED}" -type f -name '*.la' -delete || die
}
pkg_postinst() {
elog "You must set up sssd.conf (default installed into /etc/sssd)"
elog "and (optionally) configuration in /etc/pam.d in order to use SSSD"
elog "features."
optfeature "Kerberos keytab renew (see krb5_renew_interval)" app-crypt/adcli
}