mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-09-25 23:51:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

net-nds/openldap: Sync with Gentoo

Browse Source 
It's from Gentoo commit 4af031a5382661f3b29dcad17dbfba32fa82ecbd.
This commit is contained in:
Flatcar Buildbot 2025-02-25 12:34:35 +01:00 committed by Krzesimir Nowak
parent 1db41a37cc
commit da87743f96
34 changed files with 88 additions and 8337 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
sdk_container/src/third_party/portage-stable/net-nds/openldap/Manifest vendored
View File

@ -1,8 +1,6 @@
DIST openldap-2.4.59.tgz 5886272 BLAKE2B a2a8bed1d2af97fd41d651668152fd4740871bc5a8abf4b50390839228af82ac103346b3500ae0f8dd31b708acabb30435b90cd48dfafe510e648df5150d96b8 SHA512 233459ab446da6e107a7fc4ecd5668d6b08c11a11359ee76449550393e8f586a29b59d7ae09a050a1fca4fcf388ea61438ef60831b3ae802d92c048365ae3968
DIST openldap-OPENLDAP_REL_ENG_2_5_14.tar.bz2 5024359 BLAKE2B ffdffbd47e76545c2dc2d433d290945ab6eebd910031a60249cd8f6eac24f67841098e61c7e57864428e20a183a46d36dac422bba8cf6f3596f97439875af96b SHA512 abd1e8bda0762500db028f283fe2da9480a419072927295d6f3e1448cae130592511f385a87585843cf88217417c90ef57174ca919cfcf163eb41642a72bb4e3
DIST openldap-OPENLDAP_REL_ENG_2_5_16.tar.bz2 5022608 BLAKE2B 829e416e3cf92d36df0d6642e44083f9b288ef9c3743a84aef3f03cdf7b08b21ea45231653a2659fe0da285ca47a346d336d02c8e0dda21f039fb9e49630262b SHA512 629b92e275b69a540b200e61165492a4706afdf7b15d21bfe2f1fd4c338ecf397ad0c918e36dcef54d1f0cede2f039a8f73d4735f00e892d64ce9a177d490a07
DIST openldap-OPENLDAP_REL_ENG_2_5_18.tar.bz2 5026131 BLAKE2B 0f1a00995bd880b3ee42c4de2c3a405ebb7969de253f4b3866eb46c1856b61539ed7e1133a1b11636efc1da1ed5fc6cae53da60b22ab31486518000d34ff6324 SHA512 77a84950c905d2a4bd25f93108eb79f1416689176531246f12b4c3f6e8e3fe689504cd3f9875142e9bf665306a622ac8fe7e6b39aa4be67099f0965a16634526
DIST openldap-OPENLDAP_REL_ENG_2_6_4.tar.bz2 5043227 BLAKE2B 9bec77dbace0e52d1607d9ac13a77349e7d0b8876aa81fa635893638d00db58ec6bf8412f11fd266bba0440887be1aa21eb4a876122152f7f6de9fd8f75b6b4c SHA512 bff11bf1ae125bcabbd307f6c4e1c102a8df6f1091f84f5e7053fdbaa89ccd6aa0c86cc8dcce4fb9b6ffd853b5f8d3c933733f5713aeb4d6a9d77ab145293b48
DIST openldap-OPENLDAP_REL_ENG_2_6_6.tar.bz2 5040213 BLAKE2B 2497b6698344674a9e8db5f2f2531541167065bb8ac9f512ecdb9349115140d5e83daef9b489e244eee08445de57599ddcfeeed71d4aab41edc58a3092910925 SHA512 3c235ff7b26f753afeb0176e95ecbf6a353bf76f00935c091323366bf97289f628d4d7b4ae3e2a31fe0797715d6c69e6704967dc79ccbae7add3023e226ad73b
DIST openldap-2.5.19.tgz 6458108 BLAKE2B f1cea685c6bc7691cb77b2a12be74b56d479bb152d4c97e87d2e0de8767d33a277557c3ca291928abb0b62d986fcd474969c9618fa499dd9202cdaac39b3b3ce SHA512 12838fd5ac93b18fabda14e8f55c59d1bba169a114c59ac81e621f09f407d87e8ef9244aae951d984b8c8971f4c907c385e57ead671ea0a434282f7d616358b9
DIST openldap-2.5.19.tgz.asc 833 BLAKE2B 3d56134d65de1ae7a2e4e7d4c44d5fd166fdca136f8580897fedb26dc195b0730dbb7502a6cbe1b8991857a725bedb0398e703d933166459b39d16265c143ff8 SHA512 d322a61f1872062f5594091455bd0d2ecbe1741db5852d4ee5c9c77b162c5ee0750de33dc56cd87b4bdbcc954121cebf2dd39eeedd9bdcc9b39821e44ceeff09
DIST openldap-2.6.9.tgz 6516669 BLAKE2B b86ee6cf275632a4c963d33c6ceb1a4eef4611a5e678e6369458c6b70d5251ee4d299a941c9a42241855996dc81b55c8aef09e92da46f19766e5501bf0355aba SHA512 d3f839d3cf1030caa410e54f968e9c0caf3bc371c06ea0f64cf3a6ece6d31013c9dbfb08a3a63ea9137a2062aa6edc6e0bc542b365fe4ad66608df4cdbe94a4e
DIST openldap-2.6.9.tgz.asc 833 BLAKE2B 781ecffc73d79829658e9796040e71245fbdd0cd6b68311318d9c9acc84694acd4c365806c1e08bfe137fd4f32ffca04d3ea2d2528a275eae7b3fb7df6475d79 SHA512 c5a477b69e14b6b951c4bd6bc124538d79bd0a6b321f37fec99483a8310c64db285993aafc9adebe7f252a67d198e0c5993e6c25156ee51c4311f4ae6ff53268
DIST openldap-OPENLDAP_REL_ENG_2_6_8.tar.bz2 5065637 BLAKE2B d55345c11bd8892a594c3f7114cd1368e017c2e29997da7a80bdd915308d498f62dfb5cc3a3360b50df78ef5f90a48a566a8ce3ace85ebf9aa6b288a37c4eff2 SHA512 556d1377afc73a84ee325c4d7bcc8446def936b67d3f07df4bd2a243ff30f268c5c0c298977482df1e1a86b2b7a0cd7846fc1f51d706748d39f67f5d621ccc04
DIST rfc2307bis.schema-20140524 12262 BLAKE2B 98031f49e9bde1e4821e637af3382364d8344ed7017649686a088070d96a632dffa6c661552352656b1b159c0fd962965580069a64c7f3d5bb6a3ed75f60fd99 SHA512 83b89a1deeefc8566b97e7e865b9b6d04541099cbdf719e24538a7d27d61b6209e87ab9003a9f140bd9afd018ec569e71721e3a24090e1902c8b6659d2ba103e

11
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.2.14-perlthreadsfix.patch vendored
View File

@ -1,11 +0,0 @@
--- a/servers/slapd/back-perl/Makefile.in
+++ b/servers/slapd/back-perl/Makefile.in
@@ -31,7 +31,7 @@
shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
-UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
+UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) `perl -MExtUtils::Embed -e ldopts`
LIBBASE = back_perl

10
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.11-libldap_r.patch vendored
View File

@ -1,10 +0,0 @@
--- a/servers/slapd/slapi/Makefile.in
+++ b/servers/slapd/slapi/Makefile.in
@@ -37,6 +37,7 @@
XLIBS = $(LIBRARY)
XXLIBS =
NT_LINK_LIBS = $(AC_LIBS)
+UNIX_LINK_LIBS = ../../../libraries/libldap_r/libldap_r.la $(LTHREAD_LIBS)
XINCPATH = -I$(srcdir)/.. -I$(srcdir)
XDEFS = $(MODULES_CPPFLAGS)

12
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.15-ppolicy.patch vendored
View File

@ -1,12 +0,0 @@
--- a/clients/tools/common.c
+++ b/clients/tools/common.c
@@ -1315,8 +1315,8 @@
int nsctrls = 0;
#ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
+ LDAPControl c;
if ( ppolicy ) {
- LDAPControl c;
c.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST;
c.ldctl_value.bv_val = NULL;
c.ldctl_value.bv_len = 0;

10
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.17-gcc44.patch vendored
View File

@ -1,10 +0,0 @@
--- a/contrib/ldapc++/src/SaslInteractionHandler.cpp
+++ b/contrib/ldapc++/src/SaslInteractionHandler.cpp
@@ -13,6 +13,7 @@
#include <termios.h>
#endif
+#include <stdio.h>
#include <string.h>
#include "SaslInteractionHandler.h"
#include "SaslInteraction.h"

11
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.28-gnutls-gcrypt.patch vendored
View File

@ -1,11 +0,0 @@
--- a/configure.in
+++ b/configure.in
@@ -1214,7 +1214,7 @@
ol_with_tls=gnutls
ol_link_tls=yes
- TLS_LIBS="-lgnutls"
+ TLS_LIBS="-lgnutls -lgcrypt"
AC_DEFINE(HAVE_GNUTLS, 1,
[define if you have GNUtls])

16
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.31-gcc47.patch vendored
View File

@ -1,16 +0,0 @@
Fix building with gcc-4.7
https://bugs.gentoo.org/show_bug.cgi?id=420959
http://www.openldap.org/its/index.cgi/Incoming?id=7304;page=16 #ITS 7304
Patch written by Kacper Kowalik <xarthisius@gentoo.org>
--- a/contrib/ldapc++/src/SaslInteractionHandler.cpp
+++ b/contrib/ldapc++/src/SaslInteractionHandler.cpp
@@ -16,6 +16,7 @@
#include <stdio.h>
#include <string.h>
+#include <unistd.h>
#include "SaslInteractionHandler.h"
#include "SaslInteraction.h"
#include "debug.h"

37
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.35-contrib-samba4.patch vendored
View File

@ -1,37 +0,0 @@
--- a/contrib/slapd-modules/samba4/Makefile
+++ b/contrib/slapd-modules/samba4/Makefile
@@ -20,7 +20,8 @@
LIBTOOL = $(LDAP_BUILD)/libtool
CC = gcc
-OPT = -g -O2 -Wall
+#OPT = -g -O2 -Wall
+OPT = -Wall
DEFS = -DSLAPD_OVER_RDNVAL=SLAPD_MOD_DYNAMIC \
-DSLAPD_OVER_PGUID=SLAPD_MOD_DYNAMIC \
-DSLAPD_OVER_VERNUM=SLAPD_MOD_DYNAMIC
@@ -41,20 +42,20 @@
.SUFFIXES: .c .o .lo
.c.lo:
- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $<
+ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(CFLAGS) $(DEFS) $(INCS) -c $<
all: $(PROGRAMS)
pguid.la: pguid.lo
- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \
+ $(LIBTOOL) --mode=link $(CC) $(OPT) $(CFLAGS) -version-info $(LTVER) \
-rpath $(moduledir) -module -o $@ $? $(LIBS)
rdnval.la: rdnval.lo
- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \
+ $(LIBTOOL) --mode=link $(CC) $(OPT) $(CFLAGS) -version-info $(LTVER) \
-rpath $(moduledir) -module -o $@ $? $(LIBS)
vernum.la: vernum.lo
- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \
+ $(LIBTOOL) --mode=link $(CC) $(OPT) $(CFLAGS) -version-info $(LTVER) \
-rpath $(moduledir) -module -o $@ $? $(LIBS)
clean:

47
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.35-contrib-smbk5pwd.patch vendored
View File

@ -1,47 +0,0 @@
--- a/contrib/slapd-modules/smbk5pwd/Makefile
+++ b/contrib/slapd-modules/smbk5pwd/Makefile
@@ -21,16 +21,23 @@
SSL_INC =
SSL_LIB = -lcrypto
-HEIMDAL_INC = -I/usr/heimdal/include
-HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv
+#HEIMDAL_INC = -I/usr/heimdal/include
+#HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv
+KRB5_INC = $(HEIMDAL_INC)
+KRB5_LIB = $(HEIMDAL_LIB) -lkrb5 -lkadm5srv
LIBTOOL = $(LDAP_BUILD)/libtool
CC = gcc
-OPT = -g -O2 -Wall
+#OPT = -g -O2 -Wall
+OPT = -Wall
# Omit DO_KRB5, DO_SAMBA or DO_SHADOW if you don't want to support it.
-DEFS = -DDO_KRB5 -DDO_SAMBA -DDO_SHADOW
-INCS = $(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC)
-LIBS = $(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_LIB)
+#DEFS = -DDO_KRB5 -DDO_SAMBA -DDO_SHADOW
+INCS = $(LDAP_INC) $(KRB5_INC) $(SSL_INC)
+ifneq (DDO_KRB5,$(findstring DDO_KRB5,$(DEFS)))
+ LIBS=$(LDAP_LIB) $(SSL_LIB)
+else
+ LIBS=$(LDAP_LIB) $(KRB5_LIB) $(SSL_LIB)
+endif
PROGRAMS = smbk5pwd.la
LTVER = 0:0:0
@@ -46,12 +53,12 @@
.SUFFIXES: .c .o .lo
.c.lo:
- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $<
+ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(CFLAGS) $(DEFS) $(INCS) -c $<
all: $(PROGRAMS)
smbk5pwd.la: smbk5pwd.lo
- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \
+ $(LIBTOOL) --mode=link $(CC) $(OPT) $(CFLAGS) -version-info $(LTVER) \
-rpath $(moduledir) -module -o $@ $? $(LIBS)
clean:

64
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.40-slapd-conf vendored
View File

@ -1,64 +0,0 @@
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /run/openldap/slapd.pid
argsfile /run/openldap/slapd.args
# Load dynamic backend modules:
###INSERTDYNAMICMODULESHERE###
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
database hdb
suffix "dc=my-domain,dc=com"
# <kbyte> <min>
checkpoint 32 30
rootdn "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/openldap-data
# Indices to maintain
index objectClass eq

136
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.42-mdb-unbundle.patch vendored
View File

@ -1,136 +0,0 @@
--- a/build/top.mk
+++ b/build/top.mk
@@ -160,6 +160,7 @@
LTHREAD_LIBS = @LTHREAD_LIBS@
BDB_LIBS = @BDB_LIBS@
+MDB_LIBS = @MDB_LIBS@
SLAPD_NDB_LIBS = @SLAPD_NDB_LIBS@
LDAP_LIBLBER_LA = $(LDAP_LIBDIR)/liblber/liblber.la
--- ./build/openldap.m4.orig
+++ ./build/openldap.m4
@@ -563,6 +563,38 @@
], [ol_cv_bdb_compat=yes], [ol_cv_bdb_compat=no])])
])
+dnl --------------------------------------------------------------------
+dnl Check for version compatility with back-mdb
+AC_DEFUN([OL_MDB_COMPAT],
+[AC_CACHE_CHECK([if LMDB version supported by MDB backends], [ol_cv_mdb_compat],[
+ AC_EGREP_CPP(__mdb_version_compat,[
+#include <lmdb.h>
+
+/* require 0.9.14 or later */
+#if MDB_VERSION_FULL >= 0x00000009000E
+ __mdb_version_compat
+#endif
+ ], [ol_cv_mdb_compat=yes], [ol_cv_mdb_compat=no])])
+])
+
+dnl
+dnl --------------------------------------------------------------------
+dnl Find any MDB
+AC_DEFUN([OL_MDB],
+[ol_cv_mdb=no
+AC_CHECK_HEADERS(lmdb.h)
+if test $ac_cv_header_lmdb_h = yes; then
+ OL_MDB_COMPAT
+
+ if test $ol_cv_mdb_compat != yes ; then
+ AC_MSG_ERROR([LMDB version incompatible with MDB backends])
+ fi
+
+ ol_cv_lib_mdb=-llmdb
+ ol_cv_mdb=yes
+fi
+])
+
dnl
dnl ====================================================================
dnl Check POSIX Thread version
--- a/servers/slapd/back-mdb/Makefile.in
+++ b/servers/slapd/back-mdb/Makefile.in
@@ -25,11 +25,10 @@
extended.lo operational.lo \
attr.lo index.lo key.lo filterindex.lo \
dn2entry.lo dn2id.lo id2entry.lo idl.lo \
- nextid.lo monitor.lo mdb.lo midl.lo
+ nextid.lo monitor.lo
LDAP_INCDIR= ../../../include
LDAP_LIBDIR= ../../../libraries
-MDB_SUBDIR = $(srcdir)/$(LDAP_LIBDIR)/liblmdb
BUILD_OPT = "--enable-mdb"
BUILD_MOD = @BUILD_MDB@
@@ -44,7 +43,7 @@
LIBBASE = back_mdb
-XINCPATH = -I.. -I$(srcdir)/.. -I$(MDB_SUBDIR)
+XINCPATH = -I.. -I$(srcdir)/..
XDEFS = $(MODULES_CPPFLAGS)
all-local-lib: ../.backend
@@ -52,11 +51,5 @@
../.backend: lib$(LIBBASE).a
@touch $@
-mdb.lo: $(MDB_SUBDIR)/mdb.c
- $(LTCOMPILE_MOD) $(MDB_SUBDIR)/mdb.c
-
-midl.lo: $(MDB_SUBDIR)/midl.c
- $(LTCOMPILE_MOD) $(MDB_SUBDIR)/midl.c
-
veryclean-local-lib: FORCE
$(RM) $(XXHEADERS) $(XXSRCS) .links
--- a/configure.in
+++ b/configure.in
@@ -519,6 +519,7 @@
dnl Initialize vars
LDAP_LIBS=
BDB_LIBS=
+MDB_LIBS=
SLAPD_NDB_LIBS=
SLAPD_NDB_INCS=
LTHREAD_LIBS=
@@ -1905,6 +1906,30 @@
fi
dnl ----------------------------------------------------------------
+ol_link_mdb=no
+
+if test $ol_enable_mdb != no; then
+ OL_MDB
+
+ if test $ol_cv_mdb = no ; then
+ AC_MSG_ERROR(MDB: LMDB not available)
+ fi
+
+ AC_DEFINE(HAVE_MDB,1,
+ [define this if LMDB is available])
+
+ dnl $ol_cv_lib_mdb should be yes or -llmdb
+ dnl (it could be no, but that would be an error
+ if test $ol_cv_lib_mdb != yes ; then
+ MDB_LIBS="$MDB_LIBS $ol_cv_lib_mdb"
+ fi
+
+ SLAPD_LIBS="$SLAPD_LIBS \$(MDB_LIBS)"
+
+ ol_link_mdb=yes
+fi
+
+dnl ----------------------------------------------------------------
if test $ol_enable_dynamic = yes && test $enable_shared = yes ; then
BUILD_LIBS_DYNAMIC=shared
@@ -3133,6 +3158,7 @@
AC_SUBST(LDAP_LIBS)
AC_SUBST(SLAPD_LIBS)
AC_SUBST(BDB_LIBS)
+AC_SUBST(MDB_LIBS)
AC_SUBST(SLAPD_NDB_LIBS)
AC_SUBST(SLAPD_NDB_INCS)
AC_SUBST(LTHREAD_LIBS)

109
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.45-fix-lmpasswd-gnutls-symbols.patch vendored
View File

@ -1,109 +0,0 @@
If GnuTLS is used, the lmpasswd module for USE=samba does not compile.
Forward-port an old Debian patch that upstream never applied.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
Signed-off-by: Steffen Hau <steffen@hauihau.de>
X-Gentoo-Bug: http://bugs.gentoo.org/show_bug.cgi?id=233633
X-Upstream-Bug: http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=4997
X-Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=245341
--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@@ -51,6 +51,26 @@ typedef unsigned char des_data_block[8];
typedef PK11Context *des_context[1];
#define DES_ENCRYPT CKA_ENCRYPT
+#elif defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
+# include <gcrypt.h>
+static int gcrypt_init = 0;
+
+typedef const void* des_key;
+typedef unsigned char DES_cblock[8];
+typedef DES_cblock des_data_block;
+typedef int DES_key_schedule; /* unused */
+typedef DES_key_schedule des_context; /* unused */
+#define des_failed(encrypted) 0
+#define des_finish(key, schedule)
+
+#define DES_set_key_unchecked( key, key_sched ) \
+ gcry_cipher_setkey( hd, key, 8 )
+
+#define DES_ecb_encrypt( input, output, key_sched, enc ) \
+ gcry_cipher_encrypt( hd, *output, 8, *input, 8 )
+
+#define DES_set_odd_parity( key ) do {} while(0)
+
#endif
#endif /* SLAPD_LMHASH */
@@ -651,7 +671,7 @@ static int chk_md5(
#ifdef SLAPD_LMHASH
-#if defined(HAVE_OPENSSL)
+#if defined(HAVE_OPENSSL) || defined(HAVE_GNUTLS_GNUTLS_H)
/*
* abstract away setting the parity.
@@ -841,6 +861,19 @@ static int chk_lanman(
des_data_block StdText = "KGS!@#$%";
des_data_block PasswordHash1, PasswordHash2;
char PasswordHash[33], storedPasswordHash[33];
+
+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
+ gcry_cipher_hd_t hd;
+
+ if ( !gcrypt_init ) {
+ gcry_check_version( GCRYPT_VERSION );
+ gcrypt_init = 1;
+ }
+
+ schedule = schedule; /* unused - avoid warning */
+
+ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 );
+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
for( i=0; i<cred->bv_len; i++) {
if(cred->bv_val[i] == '\0') {
@@ -883,6 +916,10 @@ static int chk_lanman(
strncpy( storedPasswordHash, passwd->bv_val, 32 );
storedPasswordHash[32] = '\0';
ldap_pvt_str2lower( storedPasswordHash );
+
+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
+ gcry_cipher_close( hd );
+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
return memcmp( PasswordHash, storedPasswordHash, 32) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
}
@@ -1138,6 +1175,19 @@ static int hash_lanman(
des_data_block PasswordHash1, PasswordHash2;
char PasswordHash[33];
+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
+ gcry_cipher_hd_t hd;
+
+ if ( !gcrypt_init ) {
+ gcry_check_version( GCRYPT_VERSION );
+ gcrypt_init = 1;
+ }
+
+ schedule = schedule; /* unused - avoid warning */
+
+ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 );
+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
+
for( i=0; i<passwd->bv_len; i++) {
if(passwd->bv_val[i] == '\0') {
return LUTIL_PASSWD_ERR; /* NUL character in password */
@@ -1168,6 +1218,10 @@ static int hash_lanman(
hash->bv_val = PasswordHash;
hash->bv_len = 32;
+
+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
+ gcry_cipher_close( hd );
+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
return pw_string( scheme, hash );
}

35
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.47-warnings.patch vendored
View File

@ -1,35 +0,0 @@
--- a/include/ldap.h
+++ b/include/ldap.h
@@ -2041,6 +2041,10 @@ LDAP_F( int )
ldap_is_ldapi_url LDAP_P((
LDAP_CONST char *url ));
+LDAP_F( int )
+ldap_is_ldapc_url LDAP_P((
+ LDAP_CONST char *url ));
+
LDAP_F( int )
ldap_url_parse LDAP_P((
LDAP_CONST char *url,
--- a/include/ldap_int_thread.h
+++ b/include/ldap_int_thread.h
@@ -33,7 +33,7 @@ LDAP_END_DECL
* definitions for POSIX Threads *
* *
**********************************/
-
+#define __USE_UNIX98
#include <pthread.h>
#ifdef HAVE_SCHED_H
#include <sched.h>
--- a/libraries/libldap/tls2.c
+++ b/libraries/libldap/tls2.c
@@ -76,6 +76,8 @@ static oid_name oids[] = {
#ifdef HAVE_TLS
+int ldap_pvt_tls_check_hostname( LDAP *ld, void *s, const char *name_in );
+
void
ldap_pvt_tls_ctx_free ( void *c )
{

60
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.59-atexit-fix.patch vendored
View File

@ -1,60 +0,0 @@
Port upstream commit 337455eb3a66176cc3f66d2c663a72cc7b4178bd to 2.4.59.
With 2.4.x, gentoo-infra saw crashes in nsscache during exit.
This patch was later reverted upstream because it was not portable to AIX And
was fixed in a different way in 2.5 & 2.6 releases.
original https://github.com/openldap/openldap/commit/337455eb3a66176cc3f66d2c663a72cc7b4178bd
revert: https://github.com/openldap/openldap/commit/5e13ef87a94491f9339dbca709db29e76741f1a9
AIX discussion: https://bugs.openldap.org/show_bug.cgi?id=10176
diff '--color=auto' -NuarwbB --exclude '*.rej' --exclude '*.orig' openldap-2.4.59.orig/libraries/libldap/init.c openldap-2.4.59/libraries/libldap/init.c
--- openldap-2.4.59.orig/libraries/libldap/init.c 2021-06-03 11:40:31.000000000 -0700
+++ openldap-2.4.59/libraries/libldap/init.c 2024-08-24 11:15:06.727326650 -0700
@@ -508,9 +508,6 @@
gopts->ldo_def_sasl_authcid = NULL;
}
#endif
-#ifdef HAVE_TLS
- ldap_int_tls_destroy( gopts );
-#endif
}
/*
diff '--color=auto' -NuarwbB --exclude '*.rej' --exclude '*.orig' openldap-2.4.59.orig/libraries/libldap/tls2.c openldap-2.4.59/libraries/libldap/tls2.c
--- openldap-2.4.59.orig/libraries/libldap/tls2.c 2024-08-24 11:14:46.910678897 -0700
+++ openldap-2.4.59/libraries/libldap/tls2.c 2024-08-24 11:15:38.103963402 -0700
@@ -155,6 +155,14 @@
tls_imp->ti_tls_destroy();
}
+static void
+ldap_exit_tls_destroy( void )
+{
+ struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();
+
+ ldap_int_tls_destroy( lo );
+}
+
/*
* Initialize a particular TLS implementation.
* Called once per implementation.
@@ -163,6 +171,7 @@
tls_init(tls_impl *impl )
{
static int tls_initialized = 0;
+ int rc;
if ( !tls_initialized++ ) {
#ifdef LDAP_R_COMPILE
@@ -175,7 +184,10 @@
#ifdef LDAP_R_COMPILE
impl->ti_thr_init();
#endif
- return impl->ti_tls_init();
+ rc = impl->ti_tls_init();
+
+ atexit( ldap_exit_tls_destroy );
+ return rc;
}
/*

41
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.59-implicit-function.patch vendored
View File

@ -1,41 +0,0 @@
--- openldap-2.4.59/servers/slapd/back-meta/conn.c 2021-06-03 11:40:31.000000000 -0700
+++ openldap-2.4.59/servers/slapd/back-meta/conn.c 2024-08-24 14:22:31.677357359 -0700
@@ -31,6 +31,7 @@
#define AVL_INTERNAL
#include "slap.h"
+#include "proto-slap.h"
#include "../back-ldap/back-ldap.h"
#include "back-meta.h"
--- openldap-2.4.59/servers/slapd/back-ldap/bind.c 2021-06-03 11:40:31.000000000 -0700
+++ openldap-2.4.59/servers/slapd/back-ldap/bind.c 2024-08-24 14:22:13.340701355 -0700
@@ -31,6 +31,7 @@
#define AVL_INTERNAL
#include "slap.h"
+#include "proto-slap.h"
#include "back-ldap.h"
#include "lutil.h"
#include "lutil_ldap.h"
--- openldap-2.4.59/servers/slapd/config.c 2021-06-03 11:40:31.000000000 -0700
+++ openldap-2.4.59/servers/slapd/config.c 2024-08-24 14:22:13.414034645 -0700
@@ -43,6 +43,7 @@
#endif
#include "slap.h"
+#include "proto-slap.h"
#ifdef LDAP_SLAPI
#include "slapi/slapi.h"
#endif
diff '--color=auto' -NuarwbB openldap-2.4.59.orig/servers/slapd/proto-slap.h openldap-2.4.59/servers/slapd/proto-slap.h
--- openldap-2.4.59.orig/servers/slapd/proto-slap.h 2024-08-24 14:31:02.304109181 -0700
+++ openldap-2.4.59/servers/slapd/proto-slap.h 2024-08-24 14:31:18.004121208 -0700
@@ -739,6 +739,7 @@
LDAP_SLAPD_F (int) bindconf_tls_set LDAP_P((
slap_bindconf *bc, LDAP *ld ));
LDAP_SLAPD_F (void) bindconf_free LDAP_P(( slap_bindconf *bc ));
+LDAP_SLAPD_F (void) slap_client_keepalive LDAP_P(( LDAP *ld, slap_keepalive *sk ));
LDAP_SLAPD_F (int) slap_client_connect LDAP_P(( LDAP **ldp, slap_bindconf *sb ));
LDAP_SLAPD_F (int) config_generic_wrapper LDAP_P(( Backend *be,
const char *fname, int lineno, int argc, char **argv ));

189
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.4.6-evolution-ntlm.patch vendored
View File

@ -1,189 +0,0 @@
--- a/include/ldap.h
+++ b/include/ldap.h
@@ -2461,5 +2461,26 @@ ldap_parse_deref_control LDAP_P((
LDAPControl **ctrls,
LDAPDerefRes **drp ));
+/*
+ * hacks for NTLM
+ */
+#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU)
+#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU)
+LDAP_F( int )
+ldap_ntlm_bind LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ ber_tag_t tag,
+ struct berval *cred,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp ));
+LDAP_F( int )
+ldap_parse_ntlm_bind_result LDAP_P((
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval *challenge));
+
+
LDAP_END_DECL
#endif /* _LDAP_H */
--- a/libraries/libldap/Makefile.in
+++ b/libraries/libldap/Makefile.in
@@ -20,7 +20,7 @@ PROGRAMS = apitest dntest ftest ltest ur
SRCS = bind.c open.c result.c error.c compare.c search.c \
controls.c messages.c references.c extended.c cyrus.c \
modify.c add.c modrdn.c delete.c abandon.c \
- sasl.c gssapi.c sbind.c unbind.c cancel.c \
+ sasl.c ntlm.c gssapi.c sbind.c unbind.c cancel.c \
filter.c free.c sort.c passwd.c whoami.c \
getdn.c getentry.c getattr.c getvalues.c addentry.c \
request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \
@@ -33,7 +33,7 @@ SRCS = bind.c open.c result.c error.c co
OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \
controls.lo messages.lo references.lo extended.lo cyrus.lo \
modify.lo add.lo modrdn.lo delete.lo abandon.lo \
- sasl.lo gssapi.lo sbind.lo unbind.lo cancel.lo \
+ sasl.lo ntlm.lo gssapi.lo sbind.lo unbind.lo cancel.lo \
filter.lo free.lo sort.lo passwd.lo whoami.lo \
getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \
--- /dev/null
+++ b/libraries/libldap/ntlm.c
@@ -0,0 +1,137 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */
+/*
+ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+/* Mostly copied from sasl.c */
+
+#include "portable.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/errno.h>
+
+#include "ldap-int.h"
+
+int
+ldap_ntlm_bind(
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ ber_tag_t tag,
+ struct berval *cred,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp )
+{
+ BerElement *ber;
+ int rc;
+ ber_int_t id;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( msgidp != NULL );
+
+ if( msgidp == NULL ) {
+ ld->ld_errno = LDAP_PARAM_ERROR;
+ return ld->ld_errno;
+ }
+
+ /* create a message to send */
+ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return ld->ld_errno;
+ }
+
+ assert( LBER_VALID( ber ) );
+
+ LDAP_NEXT_MSGID( ld, id );
+ rc = ber_printf( ber, "{it{istON}" /*}*/,
+ id, LDAP_REQ_BIND,
+ ld->ld_version, dn, tag,
+ cred );
+
+ /* Put Server Controls */
+ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+ /* send the message */
+ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id );
+
+ if(*msgidp < 0)
+ return ld->ld_errno;
+
+ return LDAP_SUCCESS;
+}
+
+int
+ldap_parse_ntlm_bind_result(
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval *challenge)
+{
+ ber_int_t errcode;
+ ber_tag_t tag;
+ BerElement *ber;
+ ber_len_t len;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( res != NULL );
+
+ if ( ld == NULL || res == NULL ) {
+ return LDAP_PARAM_ERROR;
+ }
+
+ if( res->lm_msgtype != LDAP_RES_BIND ) {
+ ld->ld_errno = LDAP_PARAM_ERROR;
+ return ld->ld_errno;
+ }
+
+ if ( ld->ld_error ) {
+ LDAP_FREE( ld->ld_error );
+ ld->ld_error = NULL;
+ }
+ if ( ld->ld_matched ) {
+ LDAP_FREE( ld->ld_matched );
+ ld->ld_matched = NULL;
+ }
+
+ /* parse results */
+
+ ber = ber_dup( res->lm_ber );
+
+ if( ber == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return ld->ld_errno;
+ }
+
+ tag = ber_scanf( ber, "{ioa" /*}*/,
+ &errcode, challenge, &ld->ld_error );
+ ber_free( ber, 0 );
+
+ if( tag == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return ld->ld_errno;
+ }
+
+ ld->ld_errno = errcode;
+
+ return( ld->ld_errno );
+}

12
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.5.19-gcc14-SDWORD-vs-SQLINTEGER.patch vendored Normal file
View File

@ -0,0 +1,12 @@
https://bugs.gentoo.org/938581#c5
--- a/servers/slapd/back-sql/sql-wrap.c
+++ b/servers/slapd/back-sql/sql-wrap.c
@@ -37,7 +37,7 @@ backsql_PrintErrors( SQLHENV henv, SQLHD
{
SQLCHAR msg[SQL_MAX_MESSAGE_LENGTH]; /* msg. buffer */
SQLCHAR state[SQL_SQLSTATE_SIZE]; /* statement buf. */
- SDWORD iSqlCode; /* return code */
+ SQLINTEGER iSqlCode; /* return code */
SWORD len = SQL_MAX_MESSAGE_LENGTH - 1; /* return length */
Debug( LDAP_DEBUG_TRACE, "Return code: %d\n", rc );

15
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.6.1-fix-missing-mapping.patch vendored
View File

@ -1,15 +0,0 @@
From 59e013602d7b1aa0d7da79d65367c9ec391b96f8 Mon Sep 17 00:00:00 2001
From: Simon Pichugin <spichugi@redhat.com>
Date: Wed, 3 Nov 2021 19:03:40 -0700
Subject: [PATCH] Fix missing mapping
--- a/libraries/liblber/lber.map
+++ b/libraries/liblber/lber.map
@@ -121,6 +121,7 @@ OPENLDAP_2.200
ber_sockbuf_io_fd;
ber_sockbuf_io_readahead;
ber_sockbuf_io_tcp;
+ ber_sockbuf_io_udp;
ber_sockbuf_remove_io;
ber_sos_dump;
ber_start;

234
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.6.4-clang16.patch vendored
View File

@ -1,234 +0,0 @@
https://git.openldap.org/openldap/openldap/-/merge_requests/605
From 83e2db9bf9fc2530a0ea6ca538a7732f6ad9de0e Mon Sep 17 00:00:00 2001
From: Sam James <sam@gentoo.org>
Date: Thu, 9 Feb 2023 23:17:53 +0000
Subject: [PATCH 1/3] build: fix compatibility with stricter C99 compilers
Fix the following warnings:
- -Wimplicit-int (fatal with Clang 16)
- -Wimplicit-function-declaration (fatal with Clang 16)
- -Wincompatible-function-pointer-types (fatal with Clang 16)
- -Wint-conversion (fatal with Clang 15)
- Old style prototypes (K&R, removed from C23)
These warnings-now-error led to misconfigurations and failure to build
OpenLDAP, as the tests used during configure caused the wrong results
to be emitted.
For more information, see LWN.net [0] or LLVM's Discourse [1], the Gentoo wiki [2],
or the (new) c-std-porting mailing list [3].
[0] https://lwn.net/Articles/913505/
[1] https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213
[2] https://wiki.gentoo.org/wiki/Modern_C_porting
[3] hosted at lists.linux.dev.
Bug: https://bugs.gentoo.org/871288
Signed-off-by: Sam James <sam@gentoo.org>
--- a/build/openldap.m4
+++ b/build/openldap.m4
@@ -154,6 +154,7 @@ fi
if test $ol_cv_header_stdc = yes; then
# /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
AC_RUN_IFELSE([AC_LANG_SOURCE([[#include <ctype.h>
+#include <stdlib.h>
#ifndef HAVE_EBCDIC
# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
@@ -360,9 +361,7 @@ AC_DEFUN([OL_PTHREAD_TEST_FUNCTION],[[
AC_DEFUN([OL_PTHREAD_TEST_PROGRAM],
[AC_LANG_SOURCE([OL_PTHREAD_TEST_INCLUDES
-int main(argc, argv)
- int argc;
- char **argv;
+int main(int argc, char **argv)
{
OL_PTHREAD_TEST_FUNCTION
}
@@ -484,7 +483,7 @@ AC_CACHE_CHECK([for compatible POSIX regex],ol_cv_c_posix_regex,[
#include <sys/types.h>
#include <regex.h>
static char *pattern, *string;
-main()
+int main(void)
{
int rc;
regex_t re;
@@ -511,7 +510,8 @@ AC_DEFUN([OL_C_UPPER_LOWER],
[AC_CACHE_CHECK([if toupper() requires islower()],ol_cv_c_upper_lower,[
AC_RUN_IFELSE([AC_LANG_SOURCE([[
#include <ctype.h>
-main()
+#include <stdlib.h>
+int main(void)
{
if ('C' == toupper('C'))
exit(0);
@@ -569,7 +569,7 @@ AC_DEFUN([OL_NONPOSIX_STRERROR_R],
]])],[ol_cv_nonposix_strerror_r=yes],[ol_cv_nonposix_strerror_r=no])
else
AC_RUN_IFELSE([AC_LANG_SOURCE([[
- main() {
+ int main(void) {
char buf[100];
buf[0] = 0;
strerror_r( 1, buf, sizeof buf );
--- a/configure.ac
+++ b/configure.ac
@@ -1017,7 +1017,11 @@ dnl ----------------------------------------------------------------
AC_CHECK_HEADERS( sys/epoll.h )
if test "${ac_cv_header_sys_epoll_h}" = yes; then
AC_MSG_CHECKING(for epoll system call)
- AC_RUN_IFELSE([AC_LANG_SOURCE([[int main(int argc, char **argv)
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[#include <stdlib.h>
+#ifdef HAVE_SYS_POLL_H
+#include <sys/epoll.h>
+#endif
+int main(int argc, char **argv)
{
int epfd = epoll_create(256);
exit (epfd == -1 ? 1 : 0);
@@ -1479,10 +1483,8 @@ pthread_rwlock_t rwlock;
dnl save the flags
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <pthread.h>
-#ifndef NULL
-#define NULL (void*)0
-#endif
-]], [[pthread_detach(NULL);]])],[ol_cv_func_pthread_detach=yes],[ol_cv_func_pthread_detach=no])
+pthread_t thread;
+]], [[pthread_detach(thread);]])],[ol_cv_func_pthread_detach=yes],[ol_cv_func_pthread_detach=no])
])
if test $ol_cv_func_pthread_detach = no ; then
@@ -1537,6 +1539,9 @@ dnl esac
AC_CACHE_CHECK([if select yields when using pthreads],
ol_cv_pthread_select_yields,[
AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#define _XOPEN_SOURCE 500 /* For pthread_setconcurrency() on glibc */
+#include <stdlib.h>
+#include <stdio.h>
#include <sys/types.h>
#include <sys/time.h>
#include <unistd.h>
@@ -1547,8 +1552,7 @@ dnl esac
static int fildes[2];
-static void *task(p)
- void *p;
+static void *task(void *p)
{
int i;
struct timeval tv;
@@ -1572,9 +1576,7 @@ static void *task(p)
exit(0); /* if we exit here, the select blocked the whole process */
}
-int main(argc, argv)
- int argc;
- char **argv;
+int main(int argc, char **argv)
{
pthread_t t;
--
GitLab
From 853d613f39ae9e8d7dad4492076959c2d80e38c1 Mon Sep 17 00:00:00 2001
From: Sam James <sam@gentoo.org>
Date: Thu, 9 Feb 2023 23:20:32 +0000
Subject: [PATCH 2/3] contrib: fix old-style K&R declarations
Removed in C23.
For more information, see LWN.net [0] or LLVM's Discourse [1], the Gentoo wiki [2],
or the (new) c-std-porting mailing list [3].
[0] https://lwn.net/Articles/913505/
[1] https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213
[2] https://wiki.gentoo.org/wiki/Modern_C_porting
[3] hosted at lists.linux.dev.
Signed-off-by: Sam James <sam@gentoo.org>
--- a/contrib/ldaptcl/tclAppInit.c
+++ b/contrib/ldaptcl/tclAppInit.c
@@ -45,9 +45,7 @@ EXTERN int Tcltest_Init _ANSI_ARGS_((Tcl_Interp *interp));
*/
int
-main(argc, argv)
- int argc; /* Number of command-line arguments. */
- char **argv; /* Values of command-line arguments. */
+main(int argc, char **argv)
{
#ifdef USE_TCLX
TclX_Main(argc, argv, Tcl_AppInit);
--- a/contrib/ldaptcl/tkAppInit.c
+++ b/contrib/ldaptcl/tkAppInit.c
@@ -37,16 +37,9 @@ int (*tclDummyMathPtr)() = matherr;
* This is the main program for the application.
*-----------------------------------------------------------------------------
*/
-#ifdef __cplusplus
int
main (int argc,
char **argv)
-#else
-int
-main (argc, argv)
- int argc;
- char **argv;
-#endif
{
#ifdef USE_TCLX
TkX_Main(argc, argv, Tcl_AppInit);
@@ -68,14 +61,8 @@ main (argc, argv)
* interp->result if an error occurs.
*-----------------------------------------------------------------------------
*/
-#ifdef __cplusplus
int
Tcl_AppInit (Tcl_Interp *interp)
-#else
-int
-Tcl_AppInit (interp)
- Tcl_Interp *interp;
-#endif
{
if (Tcl_Init (interp) == TCL_ERROR) {
return TCL_ERROR;
--
GitLab
From b4b3d026461b16f4f462e70225a5a0493647f0c8 Mon Sep 17 00:00:00 2001
From: Sam James <sam@gentoo.org>
Date: Thu, 9 Feb 2023 23:20:51 +0000
Subject: [PATCH 3/3] servers: fix -Wstrict-prototypes
For more information, see LWN.net [0] or LLVM's Discourse [1], the Gentoo wiki [2],
or the (new) c-std-porting mailing list [3].
[0] https://lwn.net/Articles/913505/
[1] https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213
[2] https://wiki.gentoo.org/wiki/Modern_C_porting
[3] hosted at lists.linux.dev.
Signed-off-by: Sam James <sam@gentoo.org>
--- a/servers/slapd/syslog.c
+++ b/servers/slapd/syslog.c
@@ -209,7 +209,7 @@ openlog(const char *ident, int logstat, int logfac)
}
void
-closelog()
+closelog(void)
{
(void)close(LogFile);
LogFile = -1;
--
GitLab

38
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.6.4-libressl.patch vendored
View File

@ -1,38 +0,0 @@
https://bugs.gentoo.org/903001
https://bugs.openldap.org/show_bug.cgi?id=10039
https://git.openldap.org/openldap/openldap/-/merge_requests/613
https://git.openldap.org/openldap/openldap/-/commit/cb73e60a49f85bf5207b2fd0f557013be29ac072
From cb73e60a49f85bf5207b2fd0f557013be29ac072 Mon Sep 17 00:00:00 2001
From: orbea <orbea@riseup.net>
Date: Wed, 12 Apr 2023 12:55:46 -0700
Subject: [PATCH] ITS#10039 Test for SSL_CTX_set_ciphersuites()
When configuring OpenLDAP using --with-tls=openssl with LibreSSL the
configure will fail to detect SSL_export_keyring_material_early() since
LibreSSL doesn't support this function yet. However OpenLDAP doesn't
actually use this function and only checks for it to ensure a modern
OpenSSL API is used. This can be easily solved by checking for an
equivalent modern OpenSSL function which both LibreSSL and OpenSSL both
support such as SSL_CTX_set_ciphersuites(). Doing this allows the build
and tests to succeed with modern LibreSSL versions. This was tested with
LibreSSL >= 3.6.
Bug: https://bugs.openldap.org/show_bug.cgi?id=10039
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 2cf28ef346..c4e2a905e2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1243,7 +1243,7 @@ if test $ol_with_tls = openssl || test $ol_with_tls = auto ; then
[#endif]])],
, [AC_MSG_FAILURE([OpenSSL 1.1.1 or newer required])])
- AC_CHECK_LIB(ssl, SSL_export_keying_material_early,
+ AC_CHECK_LIB(ssl, SSL_CTX_set_ciphersuites,
[have_openssl=yes], [have_openssl=no],
[-lcrypto])

42
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.6.6-fix-type-mismatch-lloadd.patch vendored
View File

@ -1,42 +0,0 @@
https://git.openldap.org/openldap/openldap/-/commit/de89b06b031537fb2d14a532d79f7b0772fc1700
From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
Date: Thu, 27 Jul 2023 11:19:20 +0100
Subject: [PATCH] ITS#10074 Fix type mismatches in lloadd
--- a/servers/lloadd/libevent_support.c
+++ b/servers/lloadd/libevent_support.c
@@ -131,6 +131,12 @@ lload_libevent_cond_timedwait(
return ldap_pvt_thread_cond_wait( cond, mutex );
}
+unsigned long
+lload_libevent_thread_self( void )
+{
+ return (unsigned long)ldap_pvt_thread_self();
+}
+
int
lload_libevent_init( void )
{
@@ -152,7 +158,7 @@ lload_libevent_init( void )
evthread_set_lock_callbacks( &cbs );
evthread_set_condition_callbacks( &cond_cbs );
- evthread_set_id_callback( ldap_pvt_thread_self );
+ evthread_set_id_callback( lload_libevent_thread_self );
return 0;
}
--- a/servers/lloadd/module_init.c
+++ b/servers/lloadd/module_init.c
@@ -151,7 +151,6 @@ lload_back_initialize( BackendInfo *bi )
{
bi->bi_flags = SLAP_BFLAG_STANDALONE;
bi->bi_open = lload_back_open;
- bi->bi_config = config_generic_wrapper;
bi->bi_pause = lload_pause_cb;
bi->bi_unpause = lload_unpause_cb;
bi->bi_close = lload_back_close;
--
GitLab

71
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/openldap-2.6.x-slapd-pointer-types.patch vendored
View File

@ -1,71 +0,0 @@
# https://git.openldap.org/openldap/openldap/-/commit/fb9e6a81bbee880549e7ec18f0a74ddddbd2d1ab.patch
From fb9e6a81bbee880549e7ec18f0a74ddddbd2d1ab Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Tue, 6 Feb 2024 21:38:24 -0500
Subject: [PATCH] ITS#10171 - Explicitly cast private values
Fixes issues with -Werror=incompatible-pointer-types
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
---
servers/slapd/config.c | 2 +-
servers/slapd/overlays/constraint.c | 2 +-
servers/slapd/overlays/dyngroup.c | 2 +-
servers/slapd/overlays/valsort.c | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/servers/slapd/config.c b/servers/slapd/config.c
index 80333f359c..987c862d91 100644
--- a/servers/slapd/config.c
+++ b/servers/slapd/config.c
@@ -151,7 +151,7 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) {
int rc, arg_user, arg_type, arg_syn, iarg;
unsigned uiarg;
long larg;
- size_t ularg;
+ unsigned long ularg;
ber_len_t barg;
if(Conf->arg_type == ARG_IGNORED) {
diff --git a/servers/slapd/overlays/constraint.c b/servers/slapd/overlays/constraint.c
index f939b37762..0d6156af4d 100644
--- a/servers/slapd/overlays/constraint.c
+++ b/servers/slapd/overlays/constraint.c
@@ -557,7 +557,7 @@ done:;
a2->restrict_filter = ap.restrict_filter;
a2->restrict_val = ap.restrict_val;
- for ( app = &on->on_bi.bi_private; *app; app = &(*app)->ap_next )
+ for ( app = (constraint **)&on->on_bi.bi_private; *app; app = &(*app)->ap_next )
/* Get to the end */ ;
a2->ap_next = *app;
diff --git a/servers/slapd/overlays/dyngroup.c b/servers/slapd/overlays/dyngroup.c
index 5d890d6650..e0e70af2d9 100644
--- a/servers/slapd/overlays/dyngroup.c
+++ b/servers/slapd/overlays/dyngroup.c
@@ -111,7 +111,7 @@ static int dgroup_cf( ConfigArgs *c )
*/
a2 = ch_malloc( sizeof(adpair) );
- for ( app = &on->on_bi.bi_private; *app; app = &(*app)->ap_next )
+ for ( app = (adpair **)&on->on_bi.bi_private; *app; app = &(*app)->ap_next )
/* Get to the end */ ;
a2->ap_mem = ap.ap_mem;
diff --git a/servers/slapd/overlays/valsort.c b/servers/slapd/overlays/valsort.c
index 3d998e2fcb..e251500d0b 100644
--- a/servers/slapd/overlays/valsort.c
+++ b/servers/slapd/overlays/valsort.c
@@ -201,7 +201,7 @@ valsort_cf_func(ConfigArgs *c) {
return(1);
}
- for ( vip = &on->on_bi.bi_private; *vip; vip = &(*vip)->vi_next )
+ for ( vip = (valsort_info **)&on->on_bi.bi_private; *vip; vip = &(*vip)->vi_next )
/* Get to the end */ ;
vi = ch_malloc( sizeof(valsort_info) );
--
GitLab

26
sdk_container/src/third_party/portage-stable/net-nds/openldap/files/slapd-confd-2.4.28-r1 vendored
View File

@ -1,26 +0,0 @@
# conf.d file for openldap
#
# To enable both the standard unciphered server and the ssl encrypted
# one uncomment this line or set any other server starting options
# you may desire.
# If you have multiple slapd instances per #376699, this will provide a default config
INSTANCE="openldap${SVCNAME#slapd}"
# If you use the classical configuration file:
OPTS_CONF="-f /etc/${INSTANCE}/slapd.conf"
# Uncomment this instead to use the new slapd.d configuration directory for openldap 2.3
#OPTS_CONF="-F /etc/${INSTANCE}/slapd.d"
# (the OPTS_CONF variable is also passed to slaptest during startup)
OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
# Optional connectionless LDAP:
#OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock cldap://'"
# If you change the above listen statement to bind on a specific IP for
# listening, you should ensure that interface is up here (change eth0 as
# needed).
#rc_need="net.eth0"
# Specify the kerberos keytab file
#KRB5_KTNAME=/etc/openldap/krb5-ldap.keytab

909
sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.4.59-r2.ebuild vendored
View File

@ -1,909 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
# Re cleanups:
# 2.5.x is an LTS release so we want to keep it for a while.
inherit autotools db-use flag-o-matic multilib multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
BIS_PN=rfc2307bis.schema
BIS_PV=20140524
BIS_P="${BIS_PN}-${BIS_PV}"
DESCRIPTION="LDAP suite of application and development tools"
HOMEPAGE="https://www.openldap.org/"
# upstream mirrors are mostly not working, using canonical URI
SRC_URI="
https://openldap.org/software/download/OpenLDAP/openldap-release/${P}.tgz
http://gpl.savoirfairelinux.net/pub/mirrors/openldap/openldap-release/${P}.tgz
http://repository.linagora.org/OpenLDAP/openldap-release/${P}.tgz
http://mirror.eu.oneandone.net/software/openldap/openldap-release/${P}.tgz
mirror://gentoo/${BIS_P}"
LICENSE="OPENLDAP GPL-2"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux"
IUSE_DAEMON="crypt samba tcpd experimental minimal"
IUSE_BACKEND="+berkdb"
IUSE_OVERLAY="overlays perl"
IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux static-libs test"
IUSE_CONTRIB="smbkrb5passwd kerberos kinit pbkdf2 sha2"
IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
REQUIRED_USE="cxx? ( sasl )
pbkdf2? ( ssl )
test? ( berkdb )
?? ( test minimal )
kerberos? ( ?? ( kinit smbkrb5passwd ) )"
RESTRICT="!test? ( test )"
# always list newer first
# Do not add any AGPL-3 BDB here!
# See bug 525110, comment 15.
# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build.
BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 4.8}"
BDB_PKGS=''
for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
# openssl is needed to generate lanman-passwords required by samba
COMMON_DEPEND="
ssl? (
!gnutls? (
>=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
)
gnutls? (
>=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
>=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}]
)
)
sasl? ( dev-libs/cyrus-sasl:= )
!minimal? (
dev-libs/libltdl
sys-fs/e2fsprogs
>=dev-db/lmdb-0.9.18:=
crypt? ( virtual/libcrypt:= )
tcpd? ( sys-apps/tcp-wrappers )
odbc? ( !iodbc? ( dev-db/unixODBC )
iodbc? ( dev-db/libiodbc ) )
perl? ( dev-lang/perl:=[-build(-)] )
samba? (
dev-libs/openssl:0=
)
berkdb? (
<sys-libs/db-6.0:=
|| ( ${BDB_PKGS} )
)
smbkrb5passwd? (
dev-libs/openssl:0=
kerberos? ( app-crypt/heimdal )
)
kerberos? (
virtual/krb5
kinit? ( !app-crypt/heimdal )
)
cxx? ( dev-libs/cyrus-sasl:= )
)
"
DEPEND="${COMMON_DEPEND}
sys-apps/groff
"
RDEPEND="${COMMON_DEPEND}
selinux? ( sec-policy/selinux-ldap )
"
# The user/group are only used for running daemons which are
# disabled in minimal builds, so elide the accounts too.
BDEPEND="!minimal? (
acct-group/ldap
acct-user/ldap
)
"
# for tracking versions
OPENLDAP_VERSIONTAG=".version-tag"
OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
MULTILIB_WRAPPED_HEADERS=(
# USE=cxx
/usr/include/LDAPAsynConnection.h
/usr/include/LDAPAttrType.h
/usr/include/LDAPAttribute.h
/usr/include/LDAPAttributeList.h
/usr/include/LDAPConnection.h
/usr/include/LDAPConstraints.h
/usr/include/LDAPControl.h
/usr/include/LDAPControlSet.h
/usr/include/LDAPEntry.h
/usr/include/LDAPEntryList.h
/usr/include/LDAPException.h
/usr/include/LDAPExtResult.h
/usr/include/LDAPMessage.h
/usr/include/LDAPMessageQueue.h
/usr/include/LDAPModList.h
/usr/include/LDAPModification.h
/usr/include/LDAPObjClass.h
/usr/include/LDAPRebind.h
/usr/include/LDAPRebindAuth.h
/usr/include/LDAPReferenceList.h
/usr/include/LDAPResult.h
/usr/include/LDAPSaslBindResult.h
/usr/include/LDAPSchema.h
/usr/include/LDAPSearchReference.h
/usr/include/LDAPSearchResult.h
/usr/include/LDAPSearchResults.h
/usr/include/LDAPUrl.h
/usr/include/LDAPUrlList.h
/usr/include/LdifReader.h
/usr/include/LdifWriter.h
/usr/include/SaslInteraction.h
/usr/include/SaslInteractionHandler.h
/usr/include/StringList.h
/usr/include/TlsOptions.h
)
PATCHES=(
"${FILESDIR}"/${PN}-2.4.17-gcc44.patch
"${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch
"${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
# bug #116045 - still present in 2.4.28
"${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
# bug #408077 - samba4
"${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
# bug #189817
"${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
# bug #233633
"${FILESDIR}"/${PN}-2.4.45-fix-lmpasswd-gnutls-symbols.patch
# bug #281495
"${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
# bug #294350
"${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
# unbreak /bin/sh -> dash
"${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
# bug #420959
"${FILESDIR}"/${PN}-2.4.31-gcc47.patch
# unbundle lmdb
"${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch
# fix some compiler warnings
"${FILESDIR}"/${PN}-2.4.47-warnings.patch
)
openldap_filecount() {
local dir="$1"
find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
}
openldap_find_versiontags() {
# scan for all datadirs
local openldap_datadirs=()
if [[ -f "${EROOT}"/etc/openldap/slapd.conf ]]; then
openldap_datadirs=( $(awk '{if($1 == "directory") print $2 }' "${EROOT}"/etc/openldap/slapd.conf) )
fi
openldap_datadirs+=( ${OPENLDAP_DEFAULTDIR_VERSIONTAG} )
einfo
einfo "Scanning datadir(s) from slapd.conf and"
einfo "the default installdir for Versiontags"
einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
einfo
# scan datadirs if we have a version tag
openldap_found_tag=0
have_files=0
for each in ${openldap_datadirs[@]} ; do
CURRENT_TAGDIR="${ROOT}$(sed "s:\/::" <<< ${each})"
CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
einfo "- Checking ${each}..."
if [[ -r "${CURRENT_TAG}" ]] ; then
# yey, we have one :)
einfo " Found Versiontag in ${each}"
source "${CURRENT_TAG}"
if [[ "${OLDPF}" == "" ]] ; then
eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
eerror "Please delete it"
eerror
die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
fi
OLD_MAJOR=$(ver_cut 2-3 ${OLDPF})
[[ "$(openldap_filecount ${CURRENT_TAGDIR})" -gt 0 ]] && have_files=1
# are we on the same branch?
if [[ "${OLD_MAJOR}" != "${PV:0:3}" ]] ; then
ewarn " Versiontag doesn't match current major release!"
if [[ "${have_files}" == "1" ]] ; then
eerror " Versiontag says other major and you (probably) have datafiles!"
echo
openldap_upgrade_howto
else
einfo " No real problem, seems there's no database."
fi
else
einfo " Versiontag is fine here :)"
fi
else
einfo " Non-tagged dir ${each}"
[[ "$(openldap_filecount ${each})" -gt 0 ]] && have_files=1
if [[ "${have_files}" == "1" ]] ; then
einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
echo
eerror
eerror "Your OpenLDAP Installation has a non tagged datadir that"
eerror "possibly contains a database at ${CURRENT_TAGDIR}"
eerror
eerror "Please export data if any entered and empty or remove"
eerror "the directory, installation has been stopped so you"
eerror "can take required action"
eerror
eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
eerror
openldap_upgrade_howto
die "Please move the datadir ${CURRENT_TAGDIR} away"
fi
fi
einfo
fi
done
[[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
# Now we must check for the major version of sys-libs/db linked against.
SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
| awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
if use berkdb; then
# find which one would be used
for bdb_slot in ${BDB_SLOTS} ; do
NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
[[ -n "${NEWVER}" ]] && break
done
fi
local fail=0
if [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
:
# Nothing wrong here.
elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was not built against"
eerror " any version of sys-libs/db, but the new one will build"
eerror " against ${NEWVER} and your database may be inaccessible."
echo
fail=1
elif [[ -n "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will not be"
eerror " built against any version and your database may be"
eerror " inaccessible."
echo
fail=1
elif [[ "${OLDVER}" != "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will build against"
eerror " ${NEWVER} and your database would be inaccessible."
echo
fail=1
fi
[[ "${fail}" == "1" ]] && openldap_upgrade_howto
fi
echo
einfo
einfo "All datadirs are fine, proceeding with merge now..."
einfo
}
openldap_upgrade_howto() {
local d l i
eerror
eerror "A (possible old) installation of OpenLDAP was detected,"
eerror "installation will not proceed for now."
eerror
eerror "As major version upgrades can corrupt your database,"
eerror "you need to dump your database and re-create it afterwards."
eerror
eerror "Additionally, rebuilding against different major versions of the"
eerror "sys-libs/db libraries will cause your database to be inaccessible."
eerror ""
d="$(date -u +%s)"
l="/root/ldapdump.${d}"
i="${l}.raw"
eerror " 1. /etc/init.d/slapd stop"
eerror " 2. slapcat -l ${i}"
eerror " 3. grep -E -v '^(entry|context)CSN:' <${i} >${l}"
eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
eerror " 5. emerge --update \=net-nds/${PF}"
eerror " 6. etc-update, and ensure that you apply the changes"
eerror " 7. slapadd -l ${l}"
eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
eerror " 9. /etc/init.d/slapd start"
eerror "10. check that your data is intact."
eerror "11. set up the new replication system."
eerror
if [[ "${FORCE_UPGRADE}" != "1" ]]; then
die "You need to upgrade your database first"
else
eerror "You have the magical FORCE_UPGRADE=1 in place."
eerror "Don't say you weren't warned about data loss."
fi
}
pkg_setup() {
if ! use sasl && use cxx ; then
die "To build the ldapc++ library you must emerge openldap with sasl support"
fi
# Bug #322787
if use minimal && ! has_version "net-nds/openldap" ; then
einfo "No datadir scan needed, openldap not installed"
elif use minimal && has_version 'net-nds/openldap[minimal]' ; then
einfo "Skipping scan for previous datadirs as requested by minimal useflag"
else
openldap_find_versiontags
fi
}
src_prepare() {
# ensure correct SLAPI path by default
sed -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
-i include/ldap_defaults.h || die
default
rm -r libraries/liblmdb || die
pushd build &>/dev/null || die "pushd build"
einfo "Making sure upstream build strip does not do stripping too early"
sed -i.orig \
-e '/^STRIP/s,-s,,g' \
top.mk || die "Failed to block stripping"
popd &>/dev/null || die
# wrong assumption that /bin/sh is /bin/bash
sed \
-e 's|/bin/sh|/bin/bash|g' \
-i tests/scripts/* || die "sed failed"
# Required for autoconf-2.70 #765043
sed 's@^AM_INIT_AUTOMAKE.*@AC_PROG_MAKE_SET@' -i configure.in || die
AT_NOEAUTOMAKE=yes eautoreconf
}
build_contrib_module() {
# <dir> <sources> <outputname>
pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
einfo "Compiling contrib-module: $3"
# Make sure it's uppercase
local define_name="$(LC_ALL=C tr '[:lower:]' '[:upper:]' <<< "SLAPD_OVER_${1}")"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-D${define_name}=SLAPD_MOD_DYNAMIC \
-I"${BUILD_DIR}"/include \
-I../../../include -I../../../servers/slapd ${CFLAGS} \
-o ${2%.c}.lo -c $2 || die "compiling $3 failed"
einfo "Linking contrib-module: $3"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o $3.la ${2%.c}.lo || die "linking $3 failed"
popd &>/dev/null || die
}
src_configure() {
# connectionless ldap per bug #342439
append-cppflags -DLDAP_CONNECTIONLESS
multilib-minimal_src_configure
}
multilib_src_configure() {
local myconf=()
use debug && myconf+=( $(use_enable debug) )
# ICU exists only in the configure, nowhere in the codebase, bug #510858
export ac_cv_header_unicode_utypes_h=no ol_cv_lib_icu=no
if ! use minimal && multilib_is_native_abi; then
local CPPFLAGS=${CPPFLAGS}
# re-enable serverside overlay chains per bug #296567
# see ldap docs chaper 12.3.1 for details
myconf+=( --enable-ldap )
# backends
myconf+=( --enable-slapd )
if use berkdb ; then
einfo "Using Berkeley DB for local backend"
myconf+=( --enable-bdb --enable-hdb )
DBINCLUDE=$(db_includedir ${BDB_SLOTS})
einfo "Using ${DBINCLUDE} for sys-libs/db version"
# We need to include the slotted db.h dir for FreeBSD
append-cppflags -I${DBINCLUDE}
else
myconf+=( --disable-bdb --disable-hdb )
fi
for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
myconf+=( --enable-${backend}=mod )
done
myconf+=( $(use_enable perl perl mod) )
myconf+=( $(use_enable odbc sql mod) )
if use odbc ; then
local odbc_lib="unixodbc"
if use iodbc ; then
odbc_lib="iodbc"
append-cppflags -I"${EPREFIX}"/usr/include/iodbc
fi
myconf+=( --with-odbc=${odbc_lib} )
fi
# slapd options
myconf+=(
$(use_enable crypt)
--disable-slp
$(use_enable samba lmpasswd)
$(use_enable syslog)
)
if use experimental ; then
myconf+=(
--enable-dynacl
--enable-aci=mod
)
fi
for option in aci cleartext modules rewrite rlookups slapi; do
myconf+=( --enable-${option} )
done
# slapd overlay options
# Compile-in the syncprov, the others as module
myconf+=( --enable-syncprov=yes )
use overlays && myconf+=( --enable-overlays=mod )
else
myconf+=(
--disable-backends
--disable-slapd
--disable-bdb
--disable-hdb
--disable-mdb
--disable-overlays
--disable-syslog
)
fi
# basic functionality stuff
myconf+=(
$(use_enable ipv6)
$(multilib_native_use_with sasl cyrus-sasl)
$(multilib_native_use_enable sasl spasswd)
$(use_enable tcpd wrappers)
)
# Some cross-compiling tests don't pan out well.
tc-is-cross-compiler && myconf+=(
--with-yielding-select=yes
)
local ssl_lib="no"
if use ssl || ( ! use minimal && use samba ) ; then
ssl_lib="openssl"
use gnutls && ssl_lib="gnutls"
fi
myconf+=( --with-tls=${ssl_lib} )
for basicflag in dynamic local proctitle shared; do
myconf+=( --enable-${basicflag} )
done
tc-export AR CC CXX
CONFIG_SHELL="/bin/sh" \
ECONF_SOURCE="${S}" \
STRIP=/bin/true \
econf \
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
$(use_enable static-libs static) \
"${myconf[@]}"
emake depend
}
src_configure_cxx() {
# This needs the libraries built by the first build run.
# So we have to run it AFTER the main build, not just after the main
# configure.
local myconf_ldapcpp=(
--with-ldap-includes="${S}"/include
)
mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
-L"${BUILD_DIR}"/libraries/libldap/.libs
append-cppflags -I"${BUILD_DIR}"/include
ECONF_SOURCE=${S}/contrib/ldapc++ \
econf "${myconf_ldapcpp[@]}" \
CC="${CC}" \
CXX="${CXX}"
popd &>/dev/null || die
}
multilib_src_compile() {
tc-export AR CC CXX
emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/sh
local lt="${BUILD_DIR}/libtool"
export echo="echo"
if ! use minimal && multilib_is_native_abi ; then
if use cxx ; then
einfo "Building contrib library: ldapc++"
src_configure_cxx
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
emake CC="${CC}" CXX="${CXX}"
popd &>/dev/null || die
fi
if use smbkrb5passwd ; then
einfo "Building contrib-module: smbk5pwd"
pushd "${S}/contrib/slapd-modules/smbk5pwd" &>/dev/null || die "pushd contrib/slapd-modules/smbk5pwd"
MY_DEFS="-DDO_SHADOW"
if use samba ; then
MY_DEFS="${MY_DEFS} -DDO_SAMBA"
MY_KRB5_INC=""
fi
if use kerberos ; then
MY_DEFS="${MY_DEFS} -DDO_KRB5"
MY_KRB5_INC="$(krb5-config --cflags)"
fi
emake \
DEFS="${MY_DEFS}" \
KRB5_INC="${MY_KRB5_INC}" \
LDAP_BUILD="${BUILD_DIR}" \
CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
if use overlays ; then
einfo "Building contrib-module: samba4"
pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4"
emake \
LDAP_BUILD="${BUILD_DIR}" \
CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
if use kerberos ; then
if use kinit ; then
build_contrib_module "kinit" "kinit.c" "kinit"
fi
pushd "${S}/contrib/slapd-modules/passwd" &>/dev/null || die "pushd contrib/slapd-modules/passwd"
einfo "Compiling contrib-module: pw-kerberos"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CFLAGS} \
$(krb5-config --cflags) \
-DHAVE_KRB5 \
-o kerberos.lo \
-c kerberos.c || die "compiling pw-kerberos failed"
einfo "Linking contrib-module: pw-kerberos"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-kerberos.la \
kerberos.lo || die "linking pw-kerberos failed"
popd &>/dev/null || die
fi
if use pbkdf2; then
pushd "${S}/contrib/slapd-modules/passwd/pbkdf2" &>/dev/null || die "pushd contrib/slapd-modules/passwd/pbkdf2"
einfo "Compiling contrib-module: pw-pbkdf2"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../../include \
${CFLAGS} \
-o pbkdf2.lo \
-c pw-pbkdf2.c || die "compiling pw-pbkdf2 failed"
einfo "Linking contrib-module: pw-pbkdf2"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-pbkdf2.la \
pbkdf2.lo || die "linking pw-pbkdf2 failed"
popd &>/dev/null || die
fi
if use sha2 ; then
pushd "${S}/contrib/slapd-modules/passwd/sha2" &>/dev/null || die "pushd contrib/slapd-modules/passwd/sha2"
einfo "Compiling contrib-module: pw-sha2"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../../include \
${CFLAGS} \
-o sha2.lo \
-c sha2.c || die "compiling pw-sha2 failed"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../../include \
${CFLAGS} \
-o slapd-sha2.lo \
-c slapd-sha2.c || die "compiling pw-sha2 failed"
einfo "Linking contrib-module: pw-sha2"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-sha2.la \
sha2.lo slapd-sha2.lo || die "linking pw-sha2 failed"
popd &>/dev/null || die
fi
# We could build pw-radius if GNURadius would install radlib.h
pushd "${S}/contrib/slapd-modules/passwd" &>/dev/null || die "pushd contrib/slapd-modules/passwd"
einfo "Compiling contrib-module: pw-netscape"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CFLAGS} \
-o netscape.lo \
-c netscape.c || die "compiling pw-netscape failed"
einfo "Linking contrib-module: pw-netscape"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-netscape.la \
netscape.lo || die "linking pw-netscape failed"
#build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
#build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
build_contrib_module "allop" "allop.c" "overlay-allop"
build_contrib_module "allowed" "allowed.c" "allowed"
build_contrib_module "autogroup" "autogroup.c" "autogroup"
build_contrib_module "cloak" "cloak.c" "cloak"
# build_contrib_module "comp_match" "comp_match.c" "comp_match"
# comp_match: really complex, adds new external deps, questionable demand
build_contrib_module "denyop" "denyop.c" "denyop-overlay"
build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
build_contrib_module "dupent" "dupent.c" "dupent"
build_contrib_module "lastbind" "lastbind.c" "lastbind"
# lastmod may not play well with other overlays
build_contrib_module "lastmod" "lastmod.c" "lastmod"
build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
#build_contrib_module "nops" "nops.c" "nops-overlay" https://bugs.gentoo.org/641576
#build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
build_contrib_module "trace" "trace.c" "trace"
popd &>/dev/null || die
# build slapi-plugins
pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
einfo "Building contrib-module: addrdnvalues plugin"
"${CC}" -shared \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CFLAGS} \
-fPIC \
${LDFLAGS} \
-o libaddrdnvalues-plugin.so \
addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
popd &>/dev/null || die
fi
}
multilib_src_test() {
if multilib_is_native_abi; then
cd tests || die
emake tests
fi
}
multilib_src_install() {
local lt="${BUILD_DIR}/libtool"
emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
if ! use minimal && multilib_is_native_abi; then
# openldap modules go here
# TODO: write some code to populate slapd.conf with moduleload statements
keepdir /usr/$(get_libdir)/openldap/openldap/
# initial data storage dir
keepdir /var/lib/openldap-data
use prefix || fowners ldap:ldap /var/lib/openldap-data
fperms 0700 /var/lib/openldap-data
echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
# use our config
rm "${ED}"/etc/openldap/slapd.conf
insinto /etc/openldap
newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
configfile="${ED}"/etc/openldap/slapd.conf
# populate with built backends
einfo "populate config with built backends"
for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
einfo "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
done
sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" \
-i "${configfile}"
use prefix || fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default || die
# install our own init scripts and systemd unit files
einfo "Install init scripts"
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
doinitd "${T}"/slapd
newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
einfo "Install systemd service"
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd.service > "${T}"/slapd.service || die
systemd_dounit "${T}"/slapd.service
systemd_install_serviced "${FILESDIR}"/slapd.service.conf
newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
# If built without SLP, we don't need to be before avahi
sed -i \
-e '/before/{s/avahi-daemon//g}' \
"${ED}"/etc/init.d/slapd \
|| die
if use cxx ; then
einfo "Install the ldapc++ library"
cd "${BUILD_DIR}/contrib/ldapc++" || die
emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
cd "${S}"/contrib/ldapc++ || die
newdoc README ldapc++-README
fi
if use smbkrb5passwd ; then
einfo "Install the smbk5pwd module"
cd "${S}/contrib/slapd-modules/smbk5pwd" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
newdoc README smbk5pwd-README
fi
if use overlays ; then
einfo "Install the samba4 module"
cd "${S}/contrib/slapd-modules/samba4" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="/usr/$(get_libdir)/openldap" install
newdoc README samba4-README
fi
einfo "Installing contrib modules"
cd "${S}/contrib/slapd-modules" || die
for l in */*.la */*/*.la; do
[[ -e ${l} ]] || continue
"${lt}" --mode=install cp ${l} \
"${ED}"/usr/$(get_libdir)/openldap/openldap || \
die "installing ${l} failed"
done
dodoc "${FILESDIR}"/DB_CONFIG.fast.example
docinto contrib
doman */*.5
#newdoc acl/README*
newdoc addpartial/README addpartial-README
newdoc allop/README allop-README
newdoc allowed/README allowed-README
newdoc autogroup/README autogroup-README
newdoc dsaschema/README dsaschema-README
newdoc passwd/README passwd-README
cd "${S}/contrib/slapi-plugins" || die
insinto /usr/$(get_libdir)/openldap/openldap
doins */*.so
docinto contrib
newdoc addrdnvalues/README addrdnvalues-README
insinto /etc/openldap/schema
newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
dosbin "${S}"/contrib/slapd-tools/statslog
newdoc "${S}"/contrib/slapd-tools/README README.statslog
fi
if ! use static-libs ; then
find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die
fi
}
multilib_src_install_all() {
dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
docinto rfc ; dodoc doc/rfc/*.txt
}
pkg_preinst() {
# keep old libs if any
preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
# bug 440470, only display the getting started help there was no openldap before,
# or we are going to a non-minimal build
! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
OPENLDAP_PRINT_MESSAGES=$((! $?))
}
pkg_postinst() {
if ! use minimal ; then
tmpfiles_process slapd.conf
# You cannot build SSL certificates during src_install that will make
# binary packages containing your SSL key, which is both a security risk
# and a misconfiguration if multiple machines use the same key and cert.
if use ssl; then
install_cert /etc/openldap/ssl/ldap
use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.*
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "add 'TLS_REQCERT allow' if you want to use them."
fi
if use prefix; then
# Warn about prefix issues with slapd
eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
eerror "to start up, and requires that certain files directories be owned by"
eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
eerror "directories, you will have to manually fix this yourself."
fi
# These lines force the permissions of various content to be correct
if [[ -d "${EROOT}"/var/run/openldap ]]; then
use prefix || { chown ldap:ldap "${EROOT}"/var/run/openldap || die; }
chmod 0755 "${EROOT}"/var/run/openldap || die
fi
use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default}
chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die
use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data
fi
if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
elog "Getting started using OpenLDAP? There is some documentation available:"
elog "Gentoo Guide to OpenLDAP Authentication"
elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
elog "---"
elog "An example file for tuning BDB backends with openldap is"
elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
fi
preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
}

936
sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.4.59-r3.ebuild vendored
View File

@ -1,936 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
# Re cleanups:
# 2.5.x is an LTS release so we want to keep it for a while.
inherit autotools db-use flag-o-matic multilib multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
BIS_PN=rfc2307bis.schema
BIS_PV=20140524
BIS_P="${BIS_PN}-${BIS_PV}"
DESCRIPTION="LDAP suite of application and development tools"
HOMEPAGE="https://www.openldap.org/"
# upstream mirrors are mostly not working, using canonical URI
SRC_URI="
https://openldap.org/software/download/OpenLDAP/openldap-release/${P}.tgz
http://gpl.savoirfairelinux.net/pub/mirrors/openldap/openldap-release/${P}.tgz
http://repository.linagora.org/OpenLDAP/openldap-release/${P}.tgz
http://mirror.eu.oneandone.net/software/openldap/openldap-release/${P}.tgz
mirror://gentoo/${BIS_P}"
LICENSE="OPENLDAP GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
IUSE_DAEMON="crypt samba tcpd experimental minimal"
IUSE_BACKEND="+berkdb"
IUSE_OVERLAY="overlays perl"
IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux static-libs test"
IUSE_CONTRIB="smbkrb5passwd kerberos kinit pbkdf2 sha2"
IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
REQUIRED_USE="cxx? ( sasl )
pbkdf2? ( ssl )
test? ( berkdb )
?? ( test minimal )
kerberos? ( ?? ( kinit smbkrb5passwd ) )"
RESTRICT="!test? ( test )"
# always list newer first
# Do not add any AGPL-3 BDB here!
# See bug 525110, comment 15.
# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build.
BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 4.8}"
BDB_PKGS=''
for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
# openssl is needed to generate lanman-passwords required by samba
COMMON_DEPEND="
ssl? (
!gnutls? (
>=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
)
gnutls? (
>=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
>=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}]
)
)
sasl? ( dev-libs/cyrus-sasl:= )
!minimal? (
dev-libs/libltdl
sys-fs/e2fsprogs
>=dev-db/lmdb-0.9.18:=
crypt? ( virtual/libcrypt:= )
tcpd? ( sys-apps/tcp-wrappers )
odbc? ( !iodbc? ( dev-db/unixODBC )
iodbc? ( dev-db/libiodbc ) )
perl? ( dev-lang/perl:=[-build(-)] )
samba? (
dev-libs/openssl:0=
)
berkdb? (
<sys-libs/db-6.0:=
|| ( ${BDB_PKGS} )
)
smbkrb5passwd? (
dev-libs/openssl:0=
kerberos? ( app-crypt/heimdal )
)
kerberos? (
virtual/krb5
kinit? ( !app-crypt/heimdal )
)
cxx? ( dev-libs/cyrus-sasl:= )
)
"
DEPEND="${COMMON_DEPEND}
sys-apps/groff
"
RDEPEND="${COMMON_DEPEND}
selinux? ( sec-policy/selinux-ldap )
"
# The user/group are only used for running daemons which are
# disabled in minimal builds, so elide the accounts too.
BDEPEND="!minimal? (
acct-group/ldap
acct-user/ldap
)
"
# for tracking versions
OPENLDAP_VERSIONTAG=".version-tag"
OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
MULTILIB_WRAPPED_HEADERS=(
# USE=cxx
/usr/include/LDAPAsynConnection.h
/usr/include/LDAPAttrType.h
/usr/include/LDAPAttribute.h
/usr/include/LDAPAttributeList.h
/usr/include/LDAPConnection.h
/usr/include/LDAPConstraints.h
/usr/include/LDAPControl.h
/usr/include/LDAPControlSet.h
/usr/include/LDAPEntry.h
/usr/include/LDAPEntryList.h
/usr/include/LDAPException.h
/usr/include/LDAPExtResult.h
/usr/include/LDAPMessage.h
/usr/include/LDAPMessageQueue.h
/usr/include/LDAPModList.h
/usr/include/LDAPModification.h
/usr/include/LDAPObjClass.h
/usr/include/LDAPRebind.h
/usr/include/LDAPRebindAuth.h
/usr/include/LDAPReferenceList.h
/usr/include/LDAPResult.h
/usr/include/LDAPSaslBindResult.h
/usr/include/LDAPSchema.h
/usr/include/LDAPSearchReference.h
/usr/include/LDAPSearchResult.h
/usr/include/LDAPSearchResults.h
/usr/include/LDAPUrl.h
/usr/include/LDAPUrlList.h
/usr/include/LdifReader.h
/usr/include/LdifWriter.h
/usr/include/SaslInteraction.h
/usr/include/SaslInteractionHandler.h
/usr/include/StringList.h
/usr/include/TlsOptions.h
)
PATCHES=(
"${FILESDIR}"/${PN}-2.4.17-gcc44.patch
"${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch
"${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
# bug #116045 - still present in 2.4.28
"${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
# bug #408077 - samba4
"${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
# bug #189817
"${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
# bug #233633
"${FILESDIR}"/${PN}-2.4.45-fix-lmpasswd-gnutls-symbols.patch
# bug #281495
"${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
# bug #294350
"${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
# unbreak /bin/sh -> dash
"${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
# bug #420959
"${FILESDIR}"/${PN}-2.4.31-gcc47.patch
# unbundle lmdb
"${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch
# fix some compiler warnings
"${FILESDIR}"/${PN}-2.4.47-warnings.patch
# Atexit segfault
"${FILESDIR}"/${PN}-2.4.59-atexit-fix.patch
# implicit function defs
"${FILESDIR}"/${PN}-2.6.1-cloak.patch
"${FILESDIR}"/${PN}-2.4.59-implicit-function.patch
)
openldap_filecount() {
local dir="$1"
find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
}
openldap_find_versiontags() {
# scan for all datadirs
local openldap_datadirs=()
if [[ -f "${EROOT}"/etc/openldap/slapd.conf ]]; then
openldap_datadirs=( $(awk '{if($1 == "directory") print $2 }' "${EROOT}"/etc/openldap/slapd.conf) )
fi
openldap_datadirs+=( ${OPENLDAP_DEFAULTDIR_VERSIONTAG} )
einfo
einfo "Scanning datadir(s) from slapd.conf and"
einfo "the default installdir for Versiontags"
einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
einfo
# scan datadirs if we have a version tag
openldap_found_tag=0
have_files=0
for each in ${openldap_datadirs[@]} ; do
CURRENT_TAGDIR="${ROOT}$(sed "s:\/::" <<< ${each})"
CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
einfo "- Checking ${each}..."
if [[ -r "${CURRENT_TAG}" ]] ; then
# yey, we have one :)
einfo " Found Versiontag in ${each}"
source "${CURRENT_TAG}"
if [[ "${OLDPF}" == "" ]] ; then
eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
eerror "Please delete it"
eerror
die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
fi
OLD_MAJOR=$(ver_cut 2-3 ${OLDPF})
[[ "$(openldap_filecount ${CURRENT_TAGDIR})" -gt 0 ]] && have_files=1
# are we on the same branch?
if [[ "${OLD_MAJOR}" != "${PV:0:3}" ]] ; then
ewarn " Versiontag doesn't match current major release!"
if [[ "${have_files}" == "1" ]] ; then
eerror " Versiontag says other major and you (probably) have datafiles!"
echo
openldap_upgrade_howto
else
einfo " No real problem, seems there's no database."
fi
else
einfo " Versiontag is fine here :)"
fi
else
einfo " Non-tagged dir ${each}"
[[ "$(openldap_filecount ${each})" -gt 0 ]] && have_files=1
if [[ "${have_files}" == "1" ]] ; then
einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
echo
eerror
eerror "Your OpenLDAP Installation has a non tagged datadir that"
eerror "possibly contains a database at ${CURRENT_TAGDIR}"
eerror
eerror "Please export data if any entered and empty or remove"
eerror "the directory, installation has been stopped so you"
eerror "can take required action"
eerror
eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
eerror
openldap_upgrade_howto
die "Please move the datadir ${CURRENT_TAGDIR} away"
fi
fi
einfo
fi
done
[[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
# Now we must check for the major version of sys-libs/db linked against.
SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
| awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
if use berkdb; then
# find which one would be used
for bdb_slot in ${BDB_SLOTS} ; do
NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
[[ -n "${NEWVER}" ]] && break
done
fi
local fail=0
if [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
:
# Nothing wrong here.
elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was not built against"
eerror " any version of sys-libs/db, but the new one will build"
eerror " against ${NEWVER} and your database may be inaccessible."
echo
fail=1
elif [[ -n "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will not be"
eerror " built against any version and your database may be"
eerror " inaccessible."
echo
fail=1
elif [[ "${OLDVER}" != "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will build against"
eerror " ${NEWVER} and your database would be inaccessible."
echo
fail=1
fi
[[ "${fail}" == "1" ]] && openldap_upgrade_howto
fi
echo
einfo
einfo "All datadirs are fine, proceeding with merge now..."
einfo
}
openldap_upgrade_howto() {
local d l i
eerror
eerror "A (possible old) installation of OpenLDAP was detected,"
eerror "installation will not proceed for now."
eerror
eerror "As major version upgrades can corrupt your database,"
eerror "you need to dump your database and re-create it afterwards."
eerror
eerror "Additionally, rebuilding against different major versions of the"
eerror "sys-libs/db libraries will cause your database to be inaccessible."
eerror ""
d="$(date -u +%s)"
l="/root/ldapdump.${d}"
i="${l}.raw"
eerror " 1. /etc/init.d/slapd stop"
eerror " 2. slapcat -l ${i}"
eerror " 3. grep -E -v '^(entry|context)CSN:' <${i} >${l}"
eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
eerror " 5. emerge --update \=net-nds/${PF}"
eerror " 6. etc-update, and ensure that you apply the changes"
eerror " 7. slapadd -l ${l}"
eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
eerror " 9. /etc/init.d/slapd start"
eerror "10. check that your data is intact."
eerror "11. set up the new replication system."
eerror
if [[ "${FORCE_UPGRADE}" != "1" ]]; then
die "You need to upgrade your database first"
else
eerror "You have the magical FORCE_UPGRADE=1 in place."
eerror "Don't say you weren't warned about data loss."
fi
}
pkg_setup() {
if ! use sasl && use cxx ; then
die "To build the ldapc++ library you must emerge openldap with sasl support"
fi
# Bug #322787
if use minimal && ! has_version "net-nds/openldap" ; then
einfo "No datadir scan needed, openldap not installed"
elif use minimal && has_version 'net-nds/openldap[minimal]' ; then
einfo "Skipping scan for previous datadirs as requested by minimal useflag"
else
openldap_find_versiontags
fi
}
src_prepare() {
# ensure correct SLAPI path by default
sed -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
-i include/ldap_defaults.h || die
default
rm -r libraries/liblmdb || die
pushd build &>/dev/null || die "pushd build"
einfo "Making sure upstream build strip does not do stripping too early"
sed -i.orig \
-e '/^STRIP/s,-s,,g' \
top.mk || die "Failed to block stripping"
popd &>/dev/null || die
# wrong assumption that /bin/sh is /bin/bash
sed \
-e 's|/bin/sh|/bin/bash|g' \
-i tests/scripts/* || die "sed failed"
if test -e configure.in -a ! -e configure.ac ; then
mv -f configure.in configure.ac
fi
# Required for autoconf-2.70 #765043
sed 's@^AM_INIT_AUTOMAKE.*@AC_PROG_MAKE_SET@' -i configure.ac || die
AT_NOEAUTOMAKE=yes eautoreconf
}
build_contrib_module() {
# <dir> <sources> <outputname>
pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
einfo "Compiling contrib-module: $3"
# Make sure it's uppercase
local define_name="$(LC_ALL=C tr '[:lower:]' '[:upper:]' <<< "SLAPD_OVER_${1}")"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-D${define_name}=SLAPD_MOD_DYNAMIC \
-I"${BUILD_DIR}"/include \
-I../../../include -I../../../servers/slapd ${CFLAGS} \
-o ${2%.c}.lo -c $2 || die "compiling $3 failed"
einfo "Linking contrib-module: $3"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o $3.la ${2%.c}.lo || die "linking $3 failed"
popd &>/dev/null || die
}
src_configure() {
if use experimental ; then
# connectionless ldap per bug #342439
# connectionless is a unsupported feature according to Howard Chu
# see https://bugs.openldap.org/show_bug.cgi?id=9739
# (see also bug #892009)
append-flags -DLDAP_CONNECTIONLESS
fi
# The configure scripts make some assumptions that aren't valid in newer GCC.
# https://bugs.gentoo.org/920380
append-flags $(test-flags-CC -Wno-error=implicit-int)
# conftest.c:113:16: error: passing argument 1 of 'pthread_detach' makes
# integer from pointer without a cast [-Wint-conversion]
append-flags $(test-flags-CC -Wno-error=int-conversion)
# error: passing argument 3 of ldap_bv2rdn from incompatible pointer type
# [-Wincompatible-pointer-types]
# expected char ** but argument is of type const char **
append-flags $(test-flags-CC -Wno-error=incompatible-pointer-types)
multilib-minimal_src_configure
}
multilib_src_configure() {
local myconf=()
use debug && myconf+=( $(use_enable debug) )
# ICU exists only in the configure, nowhere in the codebase, bug #510858
export ac_cv_header_unicode_utypes_h=no ol_cv_lib_icu=no
if ! use minimal && multilib_is_native_abi; then
local CPPFLAGS=${CPPFLAGS}
# re-enable serverside overlay chains per bug #296567
# see ldap docs chaper 12.3.1 for details
myconf+=( --enable-ldap )
# backends
myconf+=( --enable-slapd )
if use berkdb ; then
einfo "Using Berkeley DB for local backend"
myconf+=( --enable-bdb --enable-hdb )
DBINCLUDE=$(db_includedir ${BDB_SLOTS})
einfo "Using ${DBINCLUDE} for sys-libs/db version"
# We need to include the slotted db.h dir for FreeBSD
append-cppflags -I${DBINCLUDE}
else
myconf+=( --disable-bdb --disable-hdb )
fi
for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
myconf+=( --enable-${backend}=mod )
done
myconf+=( $(use_enable perl perl mod) )
myconf+=( $(use_enable odbc sql mod) )
if use odbc ; then
local odbc_lib="unixodbc"
if use iodbc ; then
odbc_lib="iodbc"
append-cppflags -I"${EPREFIX}"/usr/include/iodbc
fi
myconf+=( --with-odbc=${odbc_lib} )
fi
# slapd options
myconf+=(
$(use_enable crypt)
--disable-slp
$(use_enable samba lmpasswd)
$(use_enable syslog)
)
if use experimental ; then
myconf+=(
--enable-dynacl
--enable-aci=mod
)
fi
for option in aci cleartext modules rewrite rlookups slapi; do
myconf+=( --enable-${option} )
done
# slapd overlay options
# Compile-in the syncprov, the others as module
myconf+=( --enable-syncprov=yes )
use overlays && myconf+=( --enable-overlays=mod )
else
myconf+=(
--disable-backends
--disable-slapd
--disable-bdb
--disable-hdb
--disable-mdb
--disable-overlays
--disable-syslog
)
fi
# basic functionality stuff
myconf+=(
$(use_enable ipv6)
$(multilib_native_use_with sasl cyrus-sasl)
$(multilib_native_use_enable sasl spasswd)
$(use_enable tcpd wrappers)
)
# Some cross-compiling tests don't pan out well.
tc-is-cross-compiler && myconf+=(
--with-yielding-select=yes
)
local ssl_lib="no"
if use ssl || ( ! use minimal && use samba ) ; then
ssl_lib="openssl"
use gnutls && ssl_lib="gnutls"
fi
myconf+=( --with-tls=${ssl_lib} )
for basicflag in dynamic local proctitle shared; do
myconf+=( --enable-${basicflag} )
done
tc-export AR CC CXX
CONFIG_SHELL="/bin/sh" \
ECONF_SOURCE="${S}" \
STRIP=/bin/true \
econf \
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
$(use_enable static-libs static) \
"${myconf[@]}"
emake depend
}
src_configure_cxx() {
# This needs the libraries built by the first build run.
# So we have to run it AFTER the main build, not just after the main
# configure.
local myconf_ldapcpp=(
--with-ldap-includes="${S}"/include
)
mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
-L"${BUILD_DIR}"/libraries/libldap/.libs
append-cppflags -I"${BUILD_DIR}"/include
ECONF_SOURCE=${S}/contrib/ldapc++ \
econf "${myconf_ldapcpp[@]}" \
CC="${CC}" \
CXX="${CXX}"
popd &>/dev/null || die
}
multilib_src_compile() {
tc-export AR CC CXX
emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/sh
local lt="${BUILD_DIR}/libtool"
export echo="echo"
if ! use minimal && multilib_is_native_abi ; then
if use cxx ; then
einfo "Building contrib library: ldapc++"
src_configure_cxx
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
emake CC="${CC}" CXX="${CXX}"
popd &>/dev/null || die
fi
if use smbkrb5passwd ; then
einfo "Building contrib-module: smbk5pwd"
pushd "${S}/contrib/slapd-modules/smbk5pwd" &>/dev/null || die "pushd contrib/slapd-modules/smbk5pwd"
MY_DEFS="-DDO_SHADOW"
if use samba ; then
MY_DEFS="${MY_DEFS} -DDO_SAMBA"
MY_KRB5_INC=""
fi
if use kerberos ; then
MY_DEFS="${MY_DEFS} -DDO_KRB5"
MY_KRB5_INC="$(krb5-config --cflags)"
fi
emake \
DEFS="${MY_DEFS}" \
KRB5_INC="${MY_KRB5_INC}" \
LDAP_BUILD="${BUILD_DIR}" \
CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
if use overlays ; then
einfo "Building contrib-module: samba4"
pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4"
emake \
LDAP_BUILD="${BUILD_DIR}" \
CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
if use kerberos ; then
if use kinit ; then
build_contrib_module "kinit" "kinit.c" "kinit"
fi
pushd "${S}/contrib/slapd-modules/passwd" &>/dev/null || die "pushd contrib/slapd-modules/passwd"
einfo "Compiling contrib-module: pw-kerberos"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CFLAGS} \
$(krb5-config --cflags) \
-DHAVE_KRB5 \
-o kerberos.lo \
-c kerberos.c || die "compiling pw-kerberos failed"
einfo "Linking contrib-module: pw-kerberos"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-kerberos.la \
kerberos.lo || die "linking pw-kerberos failed"
popd &>/dev/null || die
fi
if use pbkdf2; then
pushd "${S}/contrib/slapd-modules/passwd/pbkdf2" &>/dev/null || die "pushd contrib/slapd-modules/passwd/pbkdf2"
einfo "Compiling contrib-module: pw-pbkdf2"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../../include \
${CFLAGS} \
-o pbkdf2.lo \
-c pw-pbkdf2.c || die "compiling pw-pbkdf2 failed"
einfo "Linking contrib-module: pw-pbkdf2"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-pbkdf2.la \
pbkdf2.lo || die "linking pw-pbkdf2 failed"
popd &>/dev/null || die
fi
if use sha2 ; then
pushd "${S}/contrib/slapd-modules/passwd/sha2" &>/dev/null || die "pushd contrib/slapd-modules/passwd/sha2"
einfo "Compiling contrib-module: pw-sha2"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../../include \
${CFLAGS} \
-o sha2.lo \
-c sha2.c || die "compiling pw-sha2 failed"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../../include \
${CFLAGS} \
-o slapd-sha2.lo \
-c slapd-sha2.c || die "compiling pw-sha2 failed"
einfo "Linking contrib-module: pw-sha2"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-sha2.la \
sha2.lo slapd-sha2.lo || die "linking pw-sha2 failed"
popd &>/dev/null || die
fi
# We could build pw-radius if GNURadius would install radlib.h
pushd "${S}/contrib/slapd-modules/passwd" &>/dev/null || die "pushd contrib/slapd-modules/passwd"
einfo "Compiling contrib-module: pw-netscape"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CFLAGS} \
-o netscape.lo \
-c netscape.c || die "compiling pw-netscape failed"
einfo "Linking contrib-module: pw-netscape"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
-o pw-netscape.la \
netscape.lo || die "linking pw-netscape failed"
#build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
#build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
build_contrib_module "allop" "allop.c" "overlay-allop"
build_contrib_module "allowed" "allowed.c" "allowed"
build_contrib_module "autogroup" "autogroup.c" "autogroup"
build_contrib_module "cloak" "cloak.c" "cloak"
# comp_match: really complex, adds new external deps, questionable demand
# build_contrib_module "comp_match" "comp_match.c" "comp_match"
build_contrib_module "denyop" "denyop.c" "denyop-overlay"
build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
build_contrib_module "dupent" "dupent.c" "dupent"
build_contrib_module "lastbind" "lastbind.c" "lastbind"
# lastmod may not play well with other overlays
build_contrib_module "lastmod" "lastmod.c" "lastmod"
build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
#build_contrib_module "nops" "nops.c" "nops-overlay" https://bugs.gentoo.org/641576
#build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
build_contrib_module "trace" "trace.c" "trace"
popd &>/dev/null || die
# build slapi-plugins
pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
einfo "Building contrib-module: addrdnvalues plugin"
"${CC}" -shared \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CFLAGS} \
-fPIC \
${LDFLAGS} \
-o libaddrdnvalues-plugin.so \
addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
popd &>/dev/null || die
fi
}
multilib_src_test() {
if multilib_is_native_abi; then
cd tests || die
emake tests
fi
}
multilib_src_install() {
local lt="${BUILD_DIR}/libtool"
emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
if ! use minimal && multilib_is_native_abi; then
# openldap modules go here
# TODO: write some code to populate slapd.conf with moduleload statements
keepdir /usr/$(get_libdir)/openldap/openldap/
# initial data storage dir
keepdir /var/lib/openldap-data
use prefix || fowners ldap:ldap /var/lib/openldap-data
fperms 0700 /var/lib/openldap-data
echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
# use our config
rm "${ED}"/etc/openldap/slapd.conf
insinto /etc/openldap
newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
configfile="${ED}"/etc/openldap/slapd.conf
# populate with built backends
einfo "populate config with built backends"
for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
einfo "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
done
sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" \
-i "${configfile}"
use prefix || fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default || die
# install our own init scripts and systemd unit files
einfo "Install init scripts"
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
doinitd "${T}"/slapd
newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
einfo "Install systemd service"
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd.service > "${T}"/slapd.service || die
systemd_dounit "${T}"/slapd.service
systemd_install_serviced "${FILESDIR}"/slapd.service.conf
newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
# If built without SLP, we don't need to be before avahi
sed -i \
-e '/before/{s/avahi-daemon//g}' \
"${ED}"/etc/init.d/slapd \
|| die
if use cxx ; then
einfo "Install the ldapc++ library"
cd "${BUILD_DIR}/contrib/ldapc++" || die
emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
cd "${S}"/contrib/ldapc++ || die
newdoc README ldapc++-README
fi
if use smbkrb5passwd ; then
einfo "Install the smbk5pwd module"
cd "${S}/contrib/slapd-modules/smbk5pwd" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
newdoc README smbk5pwd-README
fi
if use overlays ; then
einfo "Install the samba4 module"
cd "${S}/contrib/slapd-modules/samba4" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="/usr/$(get_libdir)/openldap" install
newdoc README samba4-README
fi
einfo "Installing contrib modules"
cd "${S}/contrib/slapd-modules" || die
for l in */*.la */*/*.la; do
[[ -e ${l} ]] || continue
"${lt}" --mode=install cp ${l} \
"${ED}"/usr/$(get_libdir)/openldap/openldap || \
die "installing ${l} failed"
done
dodoc "${FILESDIR}"/DB_CONFIG.fast.example
docinto contrib
doman */*.5
#newdoc acl/README*
newdoc addpartial/README addpartial-README
newdoc allop/README allop-README
newdoc allowed/README allowed-README
newdoc autogroup/README autogroup-README
newdoc dsaschema/README dsaschema-README
newdoc passwd/README passwd-README
cd "${S}/contrib/slapi-plugins" || die
insinto /usr/$(get_libdir)/openldap/openldap
doins */*.so
docinto contrib
newdoc addrdnvalues/README addrdnvalues-README
insinto /etc/openldap/schema
newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
dosbin "${S}"/contrib/slapd-tools/statslog
newdoc "${S}"/contrib/slapd-tools/README README.statslog
fi
if ! use static-libs ; then
find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die
fi
}
multilib_src_install_all() {
dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
docinto rfc ; dodoc doc/rfc/*.txt
}
pkg_preinst() {
# keep old libs if any
preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
# bug 440470, only display the getting started help there was no openldap before,
# or we are going to a non-minimal build
! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
OPENLDAP_PRINT_MESSAGES=$((! $?))
}
pkg_postinst() {
if ! use minimal ; then
tmpfiles_process slapd.conf
# You cannot build SSL certificates during src_install that will make
# binary packages containing your SSL key, which is both a security risk
# and a misconfiguration if multiple machines use the same key and cert.
if use ssl; then
install_cert /etc/openldap/ssl/ldap
use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.*
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "add 'TLS_REQCERT allow' if you want to use them."
fi
if use prefix; then
# Warn about prefix issues with slapd
eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
eerror "to start up, and requires that certain files directories be owned by"
eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
eerror "directories, you will have to manually fix this yourself."
fi
# These lines force the permissions of various content to be correct
if [[ -d "${EROOT}"/var/run/openldap ]]; then
use prefix || { chown ldap:ldap "${EROOT}"/var/run/openldap || die; }
chmod 0755 "${EROOT}"/var/run/openldap || die
fi
use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default}
chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die
use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data
fi
if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
elog "Getting started using OpenLDAP? There is some documentation available:"
elog "Gentoo Guide to OpenLDAP Authentication"
elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
elog "---"
elog "An example file for tuning BDB backends with openldap is"
elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
fi
preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
}

864
sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.5.14.ebuild vendored
View File

@ -1,864 +0,0 @@
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
# Re cleanups:
# 2.5.x is an LTS release so we want to keep it for a while.
inherit autotools flag-o-matic multilib multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
MY_PV="$(ver_rs 1-2 _)"
BIS_PN=rfc2307bis.schema
BIS_PV=20140524
BIS_P="${BIS_PN}-${BIS_PV}"
DESCRIPTION="LDAP suite of application and development tools"
HOMEPAGE="https://www.openldap.org/"
SRC_URI="
https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.bz2
mirror://gentoo/${BIS_P}
"
S="${WORKDIR}"/${PN}-OPENLDAP_REL_ENG_${MY_PV}
LICENSE="OPENLDAP GPL-2"
# Subslot added for bug #835654
SLOT="0/$(ver_cut 1-2)"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux"
IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd"
IUSE_OVERLAY="overlays perl autoca"
IUSE_OPTIONAL="debug gnutls iodbc ipv6 odbc sasl ssl selinux static-libs +syslog test"
IUSE_CONTRIB="kerberos kinit pbkdf2 sha2 smbkrb5passwd"
IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
IUSE="systemd ${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
REQUIRED_USE="cxx? ( sasl )
pbkdf2? ( ssl )
test? ( cleartext debug sasl )
autoca? ( !gnutls )
?? ( test minimal )
kerberos? ( ?? ( kinit smbkrb5passwd ) )"
RESTRICT="!test? ( test )"
SYSTEM_LMDB_VER=0.9.30
# openssl is needed to generate lanman-passwords required by samba
COMMON_DEPEND="
kernel_linux? ( sys-apps/util-linux )
ssl? (
!gnutls? (
>=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
)
gnutls? (
>=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
>=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}]
)
)
sasl? ( dev-libs/cyrus-sasl:= )
!minimal? (
dev-libs/libltdl
sys-fs/e2fsprogs
>=dev-db/lmdb-${SYSTEM_LMDB_VER}:=
argon2? ( app-crypt/argon2:= )
crypt? ( virtual/libcrypt:= )
tcpd? ( sys-apps/tcp-wrappers )
odbc? ( !iodbc? ( dev-db/unixODBC )
iodbc? ( dev-db/libiodbc ) )
perl? ( dev-lang/perl:=[-build(-)] )
samba? (
dev-libs/openssl:0=
)
smbkrb5passwd? (
dev-libs/openssl:0=
kerberos? ( app-crypt/heimdal )
)
kerberos? (
virtual/krb5
kinit? ( !app-crypt/heimdal )
)
)
"
DEPEND="${COMMON_DEPEND}
sys-apps/groff
"
RDEPEND="${COMMON_DEPEND}
selinux? ( sec-policy/selinux-ldap )
"
# The user/group are only used for running daemons which are
# disabled in minimal builds, so elide the accounts too.
BDEPEND="!minimal? (
acct-group/ldap
acct-user/ldap
)
"
# for tracking versions
OPENLDAP_VERSIONTAG=".version-tag"
OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
MULTILIB_WRAPPED_HEADERS=(
# USE=cxx
/usr/include/LDAPAsynConnection.h
/usr/include/LDAPAttrType.h
/usr/include/LDAPAttribute.h
/usr/include/LDAPAttributeList.h
/usr/include/LDAPConnection.h
/usr/include/LDAPConstraints.h
/usr/include/LDAPControl.h
/usr/include/LDAPControlSet.h
/usr/include/LDAPEntry.h
/usr/include/LDAPEntryList.h
/usr/include/LDAPException.h
/usr/include/LDAPExtResult.h
/usr/include/LDAPMessage.h
/usr/include/LDAPMessageQueue.h
/usr/include/LDAPModList.h
/usr/include/LDAPModification.h
/usr/include/LDAPObjClass.h
/usr/include/LDAPRebind.h
/usr/include/LDAPRebindAuth.h
/usr/include/LDAPReferenceList.h
/usr/include/LDAPResult.h
/usr/include/LDAPSaslBindResult.h
/usr/include/LDAPSchema.h
/usr/include/LDAPSearchReference.h
/usr/include/LDAPSearchResult.h
/usr/include/LDAPSearchResults.h
/usr/include/LDAPUrl.h
/usr/include/LDAPUrlList.h
/usr/include/LdifReader.h
/usr/include/LdifWriter.h
/usr/include/SaslInteraction.h
/usr/include/SaslInteractionHandler.h
/usr/include/StringList.h
/usr/include/TlsOptions.h
)
PATCHES=(
"${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
"${FILESDIR}"/${PN}-2.6.1-system-mdb.patch
"${FILESDIR}"/${PN}-2.6.1-cloak.patch
"${FILESDIR}"/${PN}-2.6.1-flags.patch
"${FILESDIR}"/${PN}-2.6.4-clang16.patch
"${FILESDIR}"/${PN}-2.6.4-libressl.patch #903001
)
openldap_filecount() {
local dir="$1"
find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
}
openldap_find_versiontags() {
# scan for all datadirs
local openldap_datadirs=()
if [[ -f "${EROOT}"/etc/openldap/slapd.conf ]]; then
openldap_datadirs=( $(awk '{if($1 == "directory") print $2 }' "${EROOT}"/etc/openldap/slapd.conf) )
fi
openldap_datadirs+=( ${OPENLDAP_DEFAULTDIR_VERSIONTAG} )
einfo
einfo "Scanning datadir(s) from slapd.conf and"
einfo "the default installdir for Versiontags"
einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
einfo
# scan datadirs if we have a version tag
openldap_found_tag=0
have_files=0
for each in ${openldap_datadirs[@]} ; do
CURRENT_TAGDIR="${EROOT}$(sed "s:\/::" <<< ${each})"
CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
einfo "- Checking ${each}..."
if [[ -r "${CURRENT_TAG}" ]] ; then
# yey, we have one :)
einfo " Found Versiontag in ${each}"
source "${CURRENT_TAG}"
if [[ "${OLDPF}" == "" ]] ; then
eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
eerror "Please delete it"
eerror
die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
fi
OLD_MAJOR=$(ver_cut 2-3 ${OLDPF})
[[ "$(openldap_filecount ${CURRENT_TAGDIR})" -gt 0 ]] && have_files=1
# are we on the same branch?
if [[ "${OLD_MAJOR}" != "${PV:0:3}" ]] ; then
ewarn " Versiontag doesn't match current major release!"
if [[ "${have_files}" == "1" ]] ; then
eerror " Versiontag says other major and you (probably) have datafiles!"
echo
openldap_upgrade_howto
else
einfo " No real problem, seems there's no database."
fi
else
einfo " Versiontag is fine here :)"
fi
else
einfo " Non-tagged dir ${each}"
[[ "$(openldap_filecount ${each})" -gt 0 ]] && have_files=1
if [[ "${have_files}" == "1" ]] ; then
einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
echo
eerror
eerror "Your OpenLDAP Installation has a non tagged datadir that"
eerror "possibly contains a database at ${CURRENT_TAGDIR}"
eerror
eerror "Please export data if any entered and empty or remove"
eerror "the directory, installation has been stopped so you"
eerror "can take required action"
eerror
eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
eerror
openldap_upgrade_howto
die "Please move the datadir ${CURRENT_TAGDIR} away"
fi
fi
einfo
fi
done
[[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
# Now we must check for the major version of sys-libs/db linked against.
# TODO: remove this as we dropped bdb support (gone upstream) in 2.6.1?
SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
| awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
local fail=0
# This will not cover detection of cn=Config based configuration, but
# it's hopefully good enough.
if grep -sq '^backend.*shell' "${EROOT}"/etc/openldap/slapd.conf; then
eerror " OpenLDAP >= 2.6.x has dropped support for Shell backend."
eerror " You will need to migrate per upstream's migration notes"
eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
eerror " Your existing database will not be accessible until it is"
eerror " converted away from backend shell!"
echo
fail=1
fi
if has_version "${CATEGORY}/${PN}[berkdb]" || grep -sq '^backend.*(bdb|hdb)' /etc/openldap/slapd.conf; then
eerror " OpenLDAP >= 2.5.x has dropped support for Berkeley DB."
eerror " You will need to migrate per upstream's migration notes"
eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
eerror " Your existing database will not be accessible until it is"
eerror " converted to mdb!"
echo
fail=1
elif [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
:
# Nothing wrong here.
elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was not built against"
eerror " any version of sys-libs/db, but the new one will build"
eerror " against ${NEWVER} and your database may be inaccessible."
echo
fail=1
elif [[ -n "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will not be"
eerror " built against any version and your database may be"
eerror " inaccessible."
echo
fail=1
elif [[ "${OLDVER}" != "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will build against"
eerror " ${NEWVER} and your database would be inaccessible."
echo
fail=1
fi
[[ "${fail}" == "1" ]] && openldap_upgrade_howto
fi
echo
einfo
einfo "All datadirs are fine, proceeding with merge now..."
einfo
}
openldap_upgrade_howto() {
local d l i
eerror
eerror "A (possible old) installation of OpenLDAP was detected,"
eerror "installation will not proceed for now."
eerror
eerror "As major version upgrades can corrupt your database,"
eerror "you need to dump your database and re-create it afterwards."
eerror
eerror "Additionally, rebuilding against different major versions of the"
eerror "sys-libs/db libraries will cause your database to be inaccessible."
eerror ""
d="$(date -u +%s)"
l="/root/ldapdump.${d}"
i="${l}.raw"
eerror " 1. /etc/init.d/slapd stop"
eerror " 2. slapcat -l ${i}"
eerror " 3. grep -E -v '^(entry|context)CSN:' <${i} >${l}"
eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
eerror " 5. emerge --update \=net-nds/${PF}"
eerror " 6. etc-update, and ensure that you apply the changes"
eerror " 7. slapadd -l ${l}"
eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
eerror " 9. /etc/init.d/slapd start"
eerror "10. Check that your data is intact."
eerror "11. Set up the new replication system."
eerror
if [[ "${FORCE_UPGRADE}" != "1" ]]; then
die "You need to upgrade your database first"
else
eerror "You have the magical FORCE_UPGRADE=1 in place."
eerror "Don't say you weren't warned about data loss."
fi
}
pkg_setup() {
if ! use sasl && use cxx ; then
die "To build the ldapc++ library you must emerge openldap with sasl support"
fi
# Bug #322787
if use minimal && ! has_version "net-nds/openldap" ; then
einfo "No datadir scan needed, openldap not installed"
elif use minimal && has_version 'net-nds/openldap[minimal]' ; then
einfo "Skipping scan for previous datadirs as requested by minimal useflag"
else
openldap_find_versiontags
fi
}
src_prepare() {
# The system copy of dev-db/lmdb must match the version that this copy
# of OpenLDAP shipped with! See bug #588792.
#
# Fish out MDB_VERSION_MAJOR/MDB_VERSION_MINOR/MDB_VERSION_PATCH from
# the bundled lmdb's header to find out the version.
local bundled_lmdb_version=$(
sed -En '/^#define MDB_VERSION_(MAJOR|MINOR|PATCH)(\s+)?/{s/[^0-9.]//gp}' \
libraries/liblmdb/lmdb.h || die
)
printf -v bundled_lmdb_version "%s." ${bundled_lmdb_version}
if [[ ${SYSTEM_LMDB_VER}. != ${bundled_lmdb_version} ]] ; then
eerror "Source lmdb version: ${bundled_lmdb_version}"
eerror "Ebuild lmdb version: ${SYSTEM_LMDB_VER}"
die "Ebuild needs to update SYSTEM_LMDB_VER!"
fi
rm -r libraries/liblmdb || die 'could not removed bundled lmdb directory'
local filename
for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do
iconv -f iso-8859-1 -t utf-8 "${filename}" > "${filename}.utf8"
mv "${filename}.utf8" "${filename}"
done
default
sed -i \
-e "s:\$(localstatedir)/run:${EPREFIX}/run:" \
-e '/MKDIR.*.(DESTDIR)\/run/d' \
-e '/MKDIR.*.(DESTDIR).*.(runstatedir)/d' \
servers/slapd/Makefile.in || die 'adjusting slapd Makefile.in failed'
pushd build &>/dev/null || die "pushd build"
einfo "Making sure upstream build strip does not do stripping too early"
sed -i.orig \
-e '/^STRIP/s,-s,,g' \
top.mk || die "Failed to remove too early stripping"
popd &>/dev/null || die
# Fails with OpenSSL 3, bug #848894
# https://bugs.openldap.org/show_bug.cgi?id=10009
rm tests/scripts/test076-authid-rewrite || die
eautoreconf
multilib_copy_sources
}
build_contrib_module() {
# <dir> [<target>]
pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
einfo "Compiling contrib-module: $1"
local target="${2:-all}"
emake \
LDAP_BUILD="${BUILD_DIR}" prefix="${EPREFIX}/usr" \
CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \
"${target}"
popd &>/dev/null || die
}
multilib_src_configure() {
# Optional Features
myconf+=(
--enable-option-checking
$(use_enable debug)
--enable-dynamic
$(use_enable syslog)
$(use_enable ipv6)
--enable-local
)
# Optional Packages
myconf+=(
--without-fetch
)
if use experimental ; then
# connectionless ldap per bug #342439
# connectionless is a unsupported feature according to Howard Chu
# see https://bugs.openldap.org/show_bug.cgi?id=9739
# (see also bug #892009)
append-flags -DLDAP_CONNECTIONLESS
fi
if ! use minimal && multilib_is_native_abi; then
# SLAPD (Standalone LDAP Daemon) Options
# overlay chaining requires '--enable-ldap' #296567
# see https://www.openldap.org/doc/admin26/overlays.html#Chaining
myconf+=(
--enable-ldap=yes
--enable-slapd
$(use_enable cleartext)
$(use_enable crypt)
$(multilib_native_use_enable sasl spasswd)
--disable-slp
$(use_enable tcpd wrappers)
)
if use experimental ; then
myconf+=(
--enable-dynacl
# ACI build as dynamic module not supported (yet)
--enable-aci=yes
)
fi
for option in modules rlookups slapi; do
myconf+=( --enable-${option} )
done
# static SLAPD backends
for backend in mdb; do
myconf+=( --enable-${backend}=yes )
done
# module SLAPD backends
for backend in asyncmeta dnssrv meta null passwd relay sock; do
# missing modules: wiredtiger (not available in portage)
myconf+=( --enable-${backend}=mod )
done
use perl && myconf+=( --enable-perl=mod )
if use odbc ; then
myconf+=( --enable-sql=mod )
if use iodbc ; then
myconf+=( --with-odbc="iodbc" )
append-cflags -I"${EPREFIX}"/usr/include/iodbc
else
myconf+=( --with-odbc="unixodbc" )
fi
fi
use overlays && myconf+=( --enable-overlays=mod )
use autoca && myconf+=( --enable-autoca=mod ) || myconf+=( --enable-autoca=no )
# compile-in the syncprov
myconf+=( --enable-syncprov=yes )
# SLAPD Password Module Options
myconf+=(
$(use_enable argon2)
)
# Optional Packages
myconf+=(
$(use_with systemd)
$(multilib_native_use_with sasl cyrus-sasl)
)
else
myconf+=(
--disable-backends
--disable-slapd
--disable-mdb
--disable-overlays
--disable-autoca
--disable-syslog
--without-systemd
)
fi
# Library Generation & Linking Options
myconf+=(
$(use_enable static-libs static)
--enable-shared
--enable-versioning
--with-pic
)
# some cross-compiling tests don't pan out well.
tc-is-cross-compiler && myconf+=(
--with-yielding-select=yes
)
local ssl_lib="no"
if use ssl || ( ! use minimal && use samba ) ; then
if use gnutls ; then
myconf+=( --with-tls="gnutls" )
else
# disable MD2 hash function
append-cflags -DOPENSSL_NO_MD2
myconf+=( --with-tls="openssl" )
fi
else
myconf+=( --with-tls="no" )
fi
tc-export AR CC CXX
ECONF_SOURCE="${S}" econf \
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
--localstatedir="${EPREFIX}"/var \
--runstatedir="${EPREFIX}"/run \
--sharedstatedir="${EPREFIX}"/var/lib \
"${myconf[@]}"
# argument '--runstatedir' seems to have no effect therefore this workaround
sed -i \
-e 's:^runstatedir=.*:runstatedir=${EPREFIX}/run:' \
configure contrib/ldapc++/configure contrib/ldaptcl/configure || die 'could not set runstatedir'
sed -i \
-e "s:/var/run/sasl2/mux:${EPREFIX}/run/sasl2/mux:" \
doc/guide/admin/security.sdf || die 'could not fix run path in doc'
emake depend
}
src_configure_cxx() {
# This needs the libraries built by the first build run.
# we have to run it AFTER the main build, not just after the main configure
local myconf_ldapcpp=(
--with-libldap="${E}/lib"
--with-ldap-includes="${S}/include"
)
mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die "could not create ${BUILD_DIR}/contrib/ldapc++ directory"
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
local LDFLAGS="${LDFLAGS}"
local CPPFLAGS="${CPPFLAGS}"
append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs -L"${BUILD_DIR}"/libraries/libldap/.libs
append-cppflags -I"${BUILD_DIR}"/include
ECONF_SOURCE="${S}"/contrib/ldapc++ econf "${myconf_ldapcpp[@]}"
popd &>/dev/null || die "popd contrib/ldapc++"
}
multilib_src_compile() {
tc-export AR CC CXX
emake CC="$(tc-getCC)" SHELL="${EPREFIX}"/bin/sh
if ! use minimal && multilib_is_native_abi ; then
if use cxx ; then
einfo "Building contrib library: ldapc++"
src_configure_cxx
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
emake
popd &>/dev/null || die
fi
if use smbkrb5passwd ; then
einfo "Building contrib-module: smbk5pwd"
pushd "${S}/contrib/slapd-modules/smbk5pwd" &>/dev/null || die "pushd contrib/slapd-modules/smbk5pwd"
MY_DEFS="-DDO_SHADOW"
if use samba ; then
MY_DEFS="${MY_DEFS} -DDO_SAMBA"
MY_KRB5_INC=""
fi
if use kerberos ; then
MY_DEFS="${MY_DEFS} -DDO_KRB5"
MY_KRB5_INC="$(krb5-config --cflags)"
fi
emake \
DEFS="${MY_DEFS}" \
KRB5_INC="${MY_KRB5_INC}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
if use overlays ; then
einfo "Building contrib-module: samba4"
pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4"
emake \
LDAP_BUILD="${BUILD_DIR}" \
CC="$(tc-getCC)" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
if use kerberos ; then
if use kinit ; then
build_contrib_module "kinit" "kinit.c" "kinit"
fi
build_contrib_module "passwd" "pw-kerberos.la"
fi
if use pbkdf2; then
build_contrib_module "passwd/pbkdf2"
fi
if use sha2 ; then
build_contrib_module "passwd/sha2"
fi
# We could build pw-radius if GNURadius would install radlib.h
build_contrib_module "passwd" "pw-netscape.la"
#build_contrib_module "acl" "posixgroup.la" # example code only
#build_contrib_module "acl" "gssacl.la" # example code only, also needs kerberos
build_contrib_module "addpartial"
build_contrib_module "allop"
build_contrib_module "allowed"
build_contrib_module "autogroup"
build_contrib_module "cloak"
# build_contrib_module "comp_match" # really complex, adds new external deps, questionable demand
build_contrib_module "denyop"
build_contrib_module "dsaschema"
build_contrib_module "dupent"
build_contrib_module "lastbind"
# lastmod may not play well with other overlays
build_contrib_module "lastmod"
build_contrib_module "noopsrch"
#build_contrib_module "nops" https://bugs.gentoo.org/641576
#build_contrib_module "nssov" RESO:LATER
build_contrib_module "trace"
# build slapi-plugins
pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
einfo "Building contrib-module: addrdnvalues plugin"
$(tc-getCC) -shared \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CPPFLAGS} \
${CFLAGS} \
-fPIC \
${LDFLAGS} \
-o libaddrdnvalues-plugin.so \
addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
popd &>/dev/null || die
fi
}
multilib_src_test() {
if multilib_is_native_abi; then
cd tests || die
pwd
# Increase various test timeouts/delays, bug #894012
# We can't just double everything as there's a cumulative effect.
export SLEEP0=2 # originally 1
export SLEEP1=10 # originally 7
export SLEEP2=20 # originally 15
export TIMEOUT=16 # originally 8
# emake test => runs only lloadd & mdb, in serial; skips ldif,sql,wt,regression
# emake partests => runs ALL of the tests in parallel
# wt/WiredTiger is not supported in Gentoo
TESTS=( lloadd mdb )
#TESTS+=( pldif ) # not done by default, so also exclude here
#use odbc && TESTS+=( psql ) # not done by default, so also exclude here
emake "${TESTS[@]}"
fi
}
multilib_src_install() {
emake CC="$(tc-getCC)" \
DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
if ! use minimal && multilib_is_native_abi; then
# openldap modules go here
# TODO: write some code to populate slapd.conf with moduleload statements
keepdir /usr/$(get_libdir)/openldap/openldap/
# initial data storage dir
keepdir /var/lib/openldap-data
use prefix || fowners ldap:ldap /var/lib/openldap-data
fperms 0700 /var/lib/openldap-data
echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
# use our config
rm "${ED}"/etc/openldap/slapd.conf
insinto /etc/openldap
newins "${FILESDIR}"/${PN}-2.6.3-slapd-conf slapd.conf
configfile="${ED}"/etc/openldap/slapd.conf
# populate with built backends
einfo "populate config with built backends"
for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
einfo "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
done
sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" \
-i "${configfile}"
use prefix || fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default || die
# install our own init scripts and systemd unit files
einfo "Install init scripts"
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
doinitd "${T}"/slapd
newconfd "${FILESDIR}"/slapd-confd-2.6.1 slapd
if use systemd; then
# The systemd unit uses Type=notify, so it is useless without USE=systemd
einfo "Install systemd service"
rm -rf "${ED}"/{,usr/}lib/systemd
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die
systemd_dounit "${T}"/slapd.service
systemd_install_serviced "${FILESDIR}"/slapd.service.conf
newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
fi
# if built without SLP, we don't need to be before avahi
sed -i \
-e '/before/{s/avahi-daemon//g}' \
"${ED}"/etc/init.d/slapd \
|| die
if use cxx ; then
einfo "Install the ldapc++ library"
cd "${BUILD_DIR}/contrib/ldapc++" || die
emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
cd "${S}"/contrib/ldapc++ || die
newdoc README ldapc++-README
fi
if use smbkrb5passwd ; then
einfo "Install the smbk5pwd module"
cd "${S}/contrib/slapd-modules/smbk5pwd" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
newdoc README smbk5pwd-README
fi
if use overlays ; then
einfo "Install the samba4 module"
cd "${S}/contrib/slapd-modules/samba4" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
newdoc README samba4-README
fi
einfo "Installing contrib modules"
cd "${S}/contrib/slapd-modules" || die
for l in */*.la */*/*.la; do
[[ -e ${l} ]] || continue
libtool --mode=install cp ${l} \
"${ED}"/usr/$(get_libdir)/openldap/openldap || \
die "installing ${l} failed"
done
dodoc "${FILESDIR}"/DB_CONFIG.fast.example
docinto contrib
doman */*.5
#newdoc acl/README*
newdoc addpartial/README addpartial-README
newdoc allop/README allop-README
newdoc allowed/README allowed-README
newdoc autogroup/README autogroup-README
newdoc dsaschema/README dsaschema-README
newdoc passwd/README passwd-README
cd "${S}/contrib/slapi-plugins" || die
insinto /usr/$(get_libdir)/openldap/openldap
doins */*.so
docinto contrib
newdoc addrdnvalues/README addrdnvalues-README
insinto /etc/openldap/schema
newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
dosbin "${S}"/contrib/slapd-tools/statslog
newdoc "${S}"/contrib/slapd-tools/README README.statslog
fi
if ! use static-libs ; then
find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die
fi
}
multilib_src_install_all() {
dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
docinto rfc ; dodoc doc/rfc/*.txt
}
pkg_preinst() {
# keep old libs if any
preserve_old_lib /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
# bug 440470, only display the getting started help there was no openldap before,
# or we are going to a non-minimal build
! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
OPENLDAP_PRINT_MESSAGES=$((! $?))
}
pkg_postinst() {
if ! use minimal ; then
if use systemd; then
tmpfiles_process slapd.conf
fi
# You cannot build SSL certificates during src_install that will make
# binary packages containing your SSL key, which is both a security risk
# and a misconfiguration if multiple machines use the same key and cert.
if use ssl; then
install_cert /etc/openldap/ssl/ldap
use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.*
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "add 'TLS_REQCERT allow' if you want to use them."
fi
if use prefix; then
# Warn about prefix issues with slapd
eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
eerror "to start up, and requires that certain files directories be owned by"
eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
eerror "directories, you will have to manually fix this yourself."
fi
# These lines force the permissions of various content to be correct
if [[ -d "${EROOT}"/var/run/openldap ]]; then
use prefix || { chown ldap:ldap "${EROOT}"/var/run/openldap || die; }
chmod 0755 "${EROOT}"/var/run/openldap || die
fi
use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default}
chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die
use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data
fi
if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
elog "Getting started using OpenLDAP? There is some documentation available:"
elog "Gentoo Guide to OpenLDAP Authentication"
elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
fi
preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
}

875
sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.5.18.ebuild vendored
View File

@ -1,875 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
# Re cleanups:
# 2.5.x is an LTS release so we want to keep it for a while.
inherit autotools flag-o-matic multilib multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
MY_PV="$(ver_rs 1-2 _)"
BIS_PN=rfc2307bis.schema
BIS_PV=20140524
BIS_P="${BIS_PN}-${BIS_PV}"
DESCRIPTION="LDAP suite of application and development tools"
HOMEPAGE="https://www.openldap.org/"
SRC_URI="
https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.bz2
mirror://gentoo/${BIS_P}
"
S="${WORKDIR}"/${PN}-OPENLDAP_REL_ENG_${MY_PV}
LICENSE="OPENLDAP GPL-2"
# Subslot added for bug #835654
SLOT="0/$(ver_cut 1-2)"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd"
IUSE_OVERLAY="overlays perl autoca"
IUSE_OPTIONAL="debug gnutls iodbc ipv6 odbc sasl ssl selinux static-libs +syslog test"
IUSE_CONTRIB="kerberos kinit pbkdf2 sha2 smbkrb5passwd"
IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
IUSE="systemd ${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
REQUIRED_USE="cxx? ( sasl )
pbkdf2? ( ssl )
test? ( cleartext debug sasl )
autoca? ( !gnutls )
?? ( test minimal )
kerberos? ( ?? ( kinit smbkrb5passwd ) )"
RESTRICT="!test? ( test )"
SYSTEM_LMDB_VER=0.9.33
# openssl is needed to generate lanman-passwords required by samba
COMMON_DEPEND="
kernel_linux? ( sys-apps/util-linux )
ssl? (
!gnutls? (
>=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
)
gnutls? (
>=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
>=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}]
)
)
sasl? ( dev-libs/cyrus-sasl:= )
!minimal? (
dev-libs/libltdl
sys-fs/e2fsprogs
>=dev-db/lmdb-${SYSTEM_LMDB_VER}:=
argon2? ( app-crypt/argon2:= )
crypt? ( virtual/libcrypt:= )
tcpd? ( sys-apps/tcp-wrappers )
odbc? ( !iodbc? ( dev-db/unixODBC )
iodbc? ( dev-db/libiodbc ) )
perl? ( dev-lang/perl:=[-build(-)] )
samba? (
dev-libs/openssl:0=
)
smbkrb5passwd? (
dev-libs/openssl:0=
kerberos? ( app-crypt/heimdal )
)
kerberos? (
virtual/krb5
kinit? ( !app-crypt/heimdal )
)
)
"
DEPEND="${COMMON_DEPEND}
sys-apps/groff
"
RDEPEND="${COMMON_DEPEND}
selinux? ( sec-policy/selinux-ldap )
"
# The user/group are only used for running daemons which are
# disabled in minimal builds, so elide the accounts too.
BDEPEND="!minimal? (
acct-group/ldap
acct-user/ldap
)
"
# for tracking versions
OPENLDAP_VERSIONTAG=".version-tag"
OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
MULTILIB_WRAPPED_HEADERS=(
# USE=cxx
/usr/include/LDAPAsynConnection.h
/usr/include/LDAPAttrType.h
/usr/include/LDAPAttribute.h
/usr/include/LDAPAttributeList.h
/usr/include/LDAPConnection.h
/usr/include/LDAPConstraints.h
/usr/include/LDAPControl.h
/usr/include/LDAPControlSet.h
/usr/include/LDAPEntry.h
/usr/include/LDAPEntryList.h
/usr/include/LDAPException.h
/usr/include/LDAPExtResult.h
/usr/include/LDAPMessage.h
/usr/include/LDAPMessageQueue.h
/usr/include/LDAPModList.h
/usr/include/LDAPModification.h
/usr/include/LDAPObjClass.h
/usr/include/LDAPRebind.h
/usr/include/LDAPRebindAuth.h
/usr/include/LDAPReferenceList.h
/usr/include/LDAPResult.h
/usr/include/LDAPSaslBindResult.h
/usr/include/LDAPSchema.h
/usr/include/LDAPSearchReference.h
/usr/include/LDAPSearchResult.h
/usr/include/LDAPSearchResults.h
/usr/include/LDAPUrl.h
/usr/include/LDAPUrlList.h
/usr/include/LdifReader.h
/usr/include/LdifWriter.h
/usr/include/SaslInteraction.h
/usr/include/SaslInteractionHandler.h
/usr/include/StringList.h
/usr/include/TlsOptions.h
)
PATCHES=(
"${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
"${FILESDIR}"/${PN}-2.6.1-system-mdb.patch
"${FILESDIR}"/${PN}-2.6.1-cloak.patch
"${FILESDIR}"/${PN}-2.6.1-flags.patch
"${FILESDIR}"/${PN}-2.6.x-gnutls-pointer-error.patch
#"${FILESDIR}"/${PN}-2.6.x-slapd-pointer-types.patch # needs backport
)
openldap_filecount() {
local dir="$1"
find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
}
openldap_find_versiontags() {
# scan for all datadirs
local openldap_datadirs=()
if [[ -f "${EROOT}"/etc/openldap/slapd.conf ]]; then
openldap_datadirs=( $(awk '{if($1 == "directory") print $2 }' "${EROOT}"/etc/openldap/slapd.conf) )
fi
openldap_datadirs+=( ${OPENLDAP_DEFAULTDIR_VERSIONTAG} )
einfo
einfo "Scanning datadir(s) from slapd.conf and"
einfo "the default installdir for Versiontags"
einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
einfo
# scan datadirs if we have a version tag
openldap_found_tag=0
have_files=0
for each in ${openldap_datadirs[@]} ; do
CURRENT_TAGDIR="${EROOT}$(sed "s:\/::" <<< ${each})"
CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
einfo "- Checking ${each}..."
if [[ -r "${CURRENT_TAG}" ]] ; then
# yey, we have one :)
einfo " Found Versiontag in ${each}"
source "${CURRENT_TAG}"
if [[ "${OLDPF}" == "" ]] ; then
eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
eerror "Please delete it"
eerror
die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
fi
OLD_MAJOR=$(ver_cut 2-3 ${OLDPF})
[[ "$(openldap_filecount ${CURRENT_TAGDIR})" -gt 0 ]] && have_files=1
# are we on the same branch?
if [[ "${OLD_MAJOR}" != "${PV:0:3}" ]] ; then
ewarn " Versiontag doesn't match current major release!"
if [[ "${have_files}" == "1" ]] ; then
eerror " Versiontag says other major and you (probably) have datafiles!"
echo
openldap_upgrade_howto
else
einfo " No real problem, seems there's no database."
fi
else
einfo " Versiontag is fine here :)"
fi
else
einfo " Non-tagged dir ${each}"
[[ "$(openldap_filecount ${each})" -gt 0 ]] && have_files=1
if [[ "${have_files}" == "1" ]] ; then
einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
echo
eerror
eerror "Your OpenLDAP Installation has a non tagged datadir that"
eerror "possibly contains a database at ${CURRENT_TAGDIR}"
eerror
eerror "Please export data if any entered and empty or remove"
eerror "the directory, installation has been stopped so you"
eerror "can take required action"
eerror
eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
eerror
openldap_upgrade_howto
die "Please move the datadir ${CURRENT_TAGDIR} away"
fi
fi
einfo
fi
done
[[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
# Now we must check for the major version of sys-libs/db linked against.
# TODO: remove this as we dropped bdb support (gone upstream) in 2.6.1?
SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
| awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
local fail=0
# This will not cover detection of cn=Config based configuration, but
# it's hopefully good enough.
if grep -sq '^backend.*shell' "${EROOT}"/etc/openldap/slapd.conf; then
eerror " OpenLDAP >= 2.6.x has dropped support for Shell backend."
eerror " You will need to migrate per upstream's migration notes"
eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
eerror " Your existing database will not be accessible until it is"
eerror " converted away from backend shell!"
echo
fail=1
fi
if has_version "${CATEGORY}/${PN}[berkdb]" || grep -sq '^backend.*(bdb|hdb)' /etc/openldap/slapd.conf; then
eerror " OpenLDAP >= 2.5.x has dropped support for Berkeley DB."
eerror " You will need to migrate per upstream's migration notes"
eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
eerror " Your existing database will not be accessible until it is"
eerror " converted to mdb!"
echo
fail=1
elif [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
:
# Nothing wrong here.
elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was not built against"
eerror " any version of sys-libs/db, but the new one will build"
eerror " against ${NEWVER} and your database may be inaccessible."
echo
fail=1
elif [[ -n "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will not be"
eerror " built against any version and your database may be"
eerror " inaccessible."
echo
fail=1
elif [[ "${OLDVER}" != "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will build against"
eerror " ${NEWVER} and your database would be inaccessible."
echo
fail=1
fi
[[ "${fail}" == "1" ]] && openldap_upgrade_howto
fi
echo
einfo
einfo "All datadirs are fine, proceeding with merge now..."
einfo
}
openldap_upgrade_howto() {
local d l i
eerror
eerror "A (possible old) installation of OpenLDAP was detected,"
eerror "installation will not proceed for now."
eerror
eerror "As major version upgrades can corrupt your database,"
eerror "you need to dump your database and re-create it afterwards."
eerror
eerror "Additionally, rebuilding against different major versions of the"
eerror "sys-libs/db libraries will cause your database to be inaccessible."
eerror ""
d="$(date -u +%s)"
l="/root/ldapdump.${d}"
i="${l}.raw"
eerror " 1. /etc/init.d/slapd stop"
eerror " 2. slapcat -l ${i}"
eerror " 3. grep -E -v '^(entry|context)CSN:' <${i} >${l}"
eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
eerror " 5. emerge --update \=net-nds/${PF}"
eerror " 6. etc-update, and ensure that you apply the changes"
eerror " 7. slapadd -l ${l}"
eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
eerror " 9. /etc/init.d/slapd start"
eerror "10. Check that your data is intact."
eerror "11. Set up the new replication system."
eerror
if [[ "${FORCE_UPGRADE}" != "1" ]]; then
die "You need to upgrade your database first"
else
eerror "You have the magical FORCE_UPGRADE=1 in place."
eerror "Don't say you weren't warned about data loss."
fi
}
pkg_setup() {
if ! use sasl && use cxx ; then
die "To build the ldapc++ library you must emerge openldap with sasl support"
fi
# Bug #322787
if use minimal && ! has_version "net-nds/openldap" ; then
einfo "No datadir scan needed, openldap not installed"
elif use minimal && has_version 'net-nds/openldap[minimal]' ; then
einfo "Skipping scan for previous datadirs as requested by minimal useflag"
else
openldap_find_versiontags
fi
}
src_prepare() {
# The system copy of dev-db/lmdb must match the version that this copy
# of OpenLDAP shipped with! See bug #588792.
#
# Fish out MDB_VERSION_MAJOR/MDB_VERSION_MINOR/MDB_VERSION_PATCH from
# the bundled lmdb's header to find out the version.
local bundled_lmdb_version=$(
sed -En '/^#define MDB_VERSION_(MAJOR|MINOR|PATCH)(\s+)?/{s/[^0-9.]//gp}' \
libraries/liblmdb/lmdb.h || die
)
printf -v bundled_lmdb_version "%s." ${bundled_lmdb_version}
if [[ ${SYSTEM_LMDB_VER}. != ${bundled_lmdb_version} ]] ; then
eerror "Source lmdb version: ${bundled_lmdb_version}"
eerror "Ebuild lmdb version: ${SYSTEM_LMDB_VER}"
die "Ebuild needs to update SYSTEM_LMDB_VER!"
fi
rm -r libraries/liblmdb || die 'could not removed bundled lmdb directory'
local filename
for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do
iconv -f iso-8859-1 -t utf-8 "${filename}" > "${filename}.utf8"
mv "${filename}.utf8" "${filename}"
done
default
sed -i \
-e "s:\$(localstatedir)/run:${EPREFIX}/run:" \
-e '/MKDIR.*.(DESTDIR)\/run/d' \
-e '/MKDIR.*.(DESTDIR).*.(runstatedir)/d' \
servers/slapd/Makefile.in || die 'adjusting slapd Makefile.in failed'
pushd build &>/dev/null || die "pushd build"
einfo "Making sure upstream build strip does not do stripping too early"
sed -i.orig \
-e '/^STRIP/s,-s,,g' \
top.mk || die "Failed to remove too early stripping"
popd &>/dev/null || die
# Fails with OpenSSL 3, bug #848894
# https://bugs.openldap.org/show_bug.cgi?id=10009
rm tests/scripts/test076-authid-rewrite || die
eautoreconf
multilib_copy_sources
}
build_contrib_module() {
# <dir> [<target>]
pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
einfo "Compiling contrib-module: $1"
local target="${2:-all}"
emake \
LDAP_BUILD="${BUILD_DIR}" prefix="${EPREFIX}/usr" \
CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \
"${target}"
popd &>/dev/null || die
}
multilib_src_configure() {
# Optional Features
myconf+=(
--enable-option-checking
$(use_enable debug)
--enable-dynamic
$(use_enable syslog)
$(use_enable ipv6)
--enable-local
)
# Optional Packages
myconf+=(
--without-fetch
)
# The configure scripts make some assumptions that aren't valid in newer GCC.
# https://bugs.gentoo.org/920380
append-flags $(test-flags-CC -Wno-error=implicit-int)
# conftest.c:113:16: error: passing argument 1 of 'pthread_detach' makes
# integer from pointer without a cast [-Wint-conversion]
append-flags $(test-flags-CC -Wno-error=int-conversion)
# error: passing argument 3 of ldap_bv2rdn from incompatible pointer type
# [-Wincompatible-pointer-types]
# expected char ** but argument is of type const char **
#append-flags $(test-flags-CC -Wno-error=incompatible-pointer-types)
if use experimental ; then
# connectionless ldap per bug #342439
# connectionless is a unsupported feature according to Howard Chu
# see https://bugs.openldap.org/show_bug.cgi?id=9739
# (see also bug #892009)
append-flags -DLDAP_CONNECTIONLESS
fi
if ! use minimal && multilib_is_native_abi; then
# SLAPD (Standalone LDAP Daemon) Options
# overlay chaining requires '--enable-ldap' #296567
# see https://www.openldap.org/doc/admin26/overlays.html#Chaining
myconf+=(
--enable-ldap=yes
--enable-slapd
$(use_enable cleartext)
$(use_enable crypt)
$(multilib_native_use_enable sasl spasswd)
--disable-slp
$(use_enable tcpd wrappers)
)
if use experimental ; then
myconf+=(
--enable-dynacl
# ACI build as dynamic module not supported (yet)
--enable-aci=yes
)
fi
for option in modules rlookups slapi; do
myconf+=( --enable-${option} )
done
# static SLAPD backends
for backend in mdb; do
myconf+=( --enable-${backend}=yes )
done
# module SLAPD backends
for backend in asyncmeta dnssrv meta null passwd relay sock; do
# missing modules: wiredtiger (not available in portage)
myconf+=( --enable-${backend}=mod )
done
use perl && myconf+=( --enable-perl=mod )
if use odbc ; then
myconf+=( --enable-sql=mod )
if use iodbc ; then
myconf+=( --with-odbc="iodbc" )
append-cflags -I"${EPREFIX}"/usr/include/iodbc
else
myconf+=( --with-odbc="unixodbc" )
fi
fi
use overlays && myconf+=( --enable-overlays=mod )
use autoca && myconf+=( --enable-autoca=mod ) || myconf+=( --enable-autoca=no )
# compile-in the syncprov
myconf+=( --enable-syncprov=yes )
# SLAPD Password Module Options
myconf+=(
$(use_enable argon2)
)
# Optional Packages
myconf+=(
$(use_with systemd)
$(multilib_native_use_with sasl cyrus-sasl)
)
else
myconf+=(
--disable-backends
--disable-slapd
--disable-mdb
--disable-overlays
--disable-autoca
--disable-syslog
--without-systemd
)
fi
# Library Generation & Linking Options
myconf+=(
$(use_enable static-libs static)
--enable-shared
--enable-versioning
--with-pic
)
# some cross-compiling tests don't pan out well.
tc-is-cross-compiler && myconf+=(
--with-yielding-select=yes
)
local ssl_lib="no"
if use ssl || ( ! use minimal && use samba ) ; then
if use gnutls ; then
myconf+=( --with-tls="gnutls" )
else
# disable MD2 hash function
append-cflags -DOPENSSL_NO_MD2
myconf+=( --with-tls="openssl" )
fi
else
myconf+=( --with-tls="no" )
fi
tc-export AR CC CXX
ECONF_SOURCE="${S}" econf \
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
--localstatedir="${EPREFIX}"/var \
--runstatedir="${EPREFIX}"/run \
--sharedstatedir="${EPREFIX}"/var/lib \
"${myconf[@]}"
# argument '--runstatedir' seems to have no effect therefore this workaround
sed -i \
-e 's:^runstatedir=.*:runstatedir=${EPREFIX}/run:' \
configure contrib/ldapc++/configure contrib/ldaptcl/configure || die 'could not set runstatedir'
sed -i \
-e "s:/var/run/sasl2/mux:${EPREFIX}/run/sasl2/mux:" \
doc/guide/admin/security.sdf || die 'could not fix run path in doc'
emake depend
}
src_configure_cxx() {
# This needs the libraries built by the first build run.
# we have to run it AFTER the main build, not just after the main configure
local myconf_ldapcpp=(
--with-libldap="${E}/lib"
--with-ldap-includes="${S}/include"
)
mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die "could not create ${BUILD_DIR}/contrib/ldapc++ directory"
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
local LDFLAGS="${LDFLAGS}"
local CPPFLAGS="${CPPFLAGS}"
append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs -L"${BUILD_DIR}"/libraries/libldap/.libs
append-cppflags -I"${BUILD_DIR}"/include
ECONF_SOURCE="${S}"/contrib/ldapc++ econf "${myconf_ldapcpp[@]}"
popd &>/dev/null || die "popd contrib/ldapc++"
}
multilib_src_compile() {
tc-export AR CC CXX
emake CC="$(tc-getCC)" SHELL="${EPREFIX}"/bin/sh
if ! use minimal && multilib_is_native_abi ; then
if use cxx ; then
einfo "Building contrib library: ldapc++"
src_configure_cxx
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
emake
popd &>/dev/null || die
fi
if use smbkrb5passwd ; then
einfo "Building contrib-module: smbk5pwd"
pushd "${S}/contrib/slapd-modules/smbk5pwd" &>/dev/null || die "pushd contrib/slapd-modules/smbk5pwd"
MY_DEFS="-DDO_SHADOW"
if use samba ; then
MY_DEFS="${MY_DEFS} -DDO_SAMBA"
MY_KRB5_INC=""
fi
if use kerberos ; then
MY_DEFS="${MY_DEFS} -DDO_KRB5"
MY_KRB5_INC="$(krb5-config --cflags)"
fi
emake \
DEFS="${MY_DEFS}" \
KRB5_INC="${MY_KRB5_INC}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
if use overlays ; then
einfo "Building contrib-module: samba4"
pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4"
emake \
LDAP_BUILD="${BUILD_DIR}" \
CC="$(tc-getCC)" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
if use kerberos ; then
if use kinit ; then
build_contrib_module "kinit" "kinit.c" "kinit"
fi
build_contrib_module "passwd" "pw-kerberos.la"
fi
if use pbkdf2; then
build_contrib_module "passwd/pbkdf2"
fi
if use sha2 ; then
build_contrib_module "passwd/sha2"
fi
# We could build pw-radius if GNURadius would install radlib.h
build_contrib_module "passwd" "pw-netscape.la"
#build_contrib_module "acl" "posixgroup.la" # example code only
#build_contrib_module "acl" "gssacl.la" # example code only, also needs kerberos
build_contrib_module "addpartial"
build_contrib_module "allop"
build_contrib_module "allowed"
build_contrib_module "autogroup"
build_contrib_module "cloak"
# build_contrib_module "comp_match" # really complex, adds new external deps, questionable demand
build_contrib_module "denyop"
build_contrib_module "dsaschema"
build_contrib_module "dupent"
build_contrib_module "lastbind"
# lastmod may not play well with other overlays
build_contrib_module "lastmod"
build_contrib_module "noopsrch"
#build_contrib_module "nops" https://bugs.gentoo.org/641576
#build_contrib_module "nssov" RESO:LATER
build_contrib_module "trace"
# build slapi-plugins
pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
einfo "Building contrib-module: addrdnvalues plugin"
$(tc-getCC) -shared \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CPPFLAGS} \
${CFLAGS} \
-fPIC \
${LDFLAGS} \
-o libaddrdnvalues-plugin.so \
addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
popd &>/dev/null || die
fi
}
multilib_src_test() {
if multilib_is_native_abi; then
cd tests || die
pwd
# Increase various test timeouts/delays, bug #894012
# We can't just double everything as there's a cumulative effect.
export SLEEP0=2 # originally 1
export SLEEP1=10 # originally 7
export SLEEP2=20 # originally 15
export TIMEOUT=16 # originally 8
# emake test => runs only lloadd & mdb, in serial; skips ldif,sql,wt,regression
# emake partests => runs ALL of the tests in parallel
# wt/WiredTiger is not supported in Gentoo
TESTS=( lloadd mdb )
#TESTS+=( pldif ) # not done by default, so also exclude here
#use odbc && TESTS+=( psql ) # not done by default, so also exclude here
emake -Onone "${TESTS[@]}"
fi
}
multilib_src_install() {
emake CC="$(tc-getCC)" \
DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
if ! use minimal && multilib_is_native_abi; then
# openldap modules go here
# TODO: write some code to populate slapd.conf with moduleload statements
keepdir /usr/$(get_libdir)/openldap/openldap/
# initial data storage dir
keepdir /var/lib/openldap-data
use prefix || fowners ldap:ldap /var/lib/openldap-data
fperms 0700 /var/lib/openldap-data
echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
# use our config
rm "${ED}"/etc/openldap/slapd.conf
insinto /etc/openldap
newins "${FILESDIR}"/${PN}-2.6.3-slapd-conf slapd.conf
configfile="${ED}"/etc/openldap/slapd.conf
# populate with built backends
einfo "populate config with built backends"
for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
einfo "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
done
sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" \
-i "${configfile}"
use prefix || fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default || die
# install our own init scripts and systemd unit files
einfo "Install init scripts"
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
doinitd "${T}"/slapd
newconfd "${FILESDIR}"/slapd-confd-2.6.1 slapd
if use systemd; then
# The systemd unit uses Type=notify, so it is useless without USE=systemd
einfo "Install systemd service"
rm -rf "${ED}"/{,usr/}lib/systemd
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die
systemd_dounit "${T}"/slapd.service
systemd_install_serviced "${FILESDIR}"/slapd.service.conf
newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
fi
# if built without SLP, we don't need to be before avahi
sed -i \
-e '/before/{s/avahi-daemon//g}' \
"${ED}"/etc/init.d/slapd \
|| die
if use cxx ; then
einfo "Install the ldapc++ library"
cd "${BUILD_DIR}/contrib/ldapc++" || die
emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
cd "${S}"/contrib/ldapc++ || die
newdoc README ldapc++-README
fi
if use smbkrb5passwd ; then
einfo "Install the smbk5pwd module"
cd "${S}/contrib/slapd-modules/smbk5pwd" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
newdoc README smbk5pwd-README
fi
if use overlays ; then
einfo "Install the samba4 module"
cd "${S}/contrib/slapd-modules/samba4" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
newdoc README samba4-README
fi
einfo "Installing contrib modules"
cd "${S}/contrib/slapd-modules" || die
for l in */*.la */*/*.la; do
[[ -e ${l} ]] || continue
libtool --mode=install cp ${l} \
"${ED}"/usr/$(get_libdir)/openldap/openldap || \
die "installing ${l} failed"
done
dodoc "${FILESDIR}"/DB_CONFIG.fast.example
docinto contrib
doman */*.5
#newdoc acl/README*
newdoc addpartial/README addpartial-README
newdoc allop/README allop-README
newdoc allowed/README allowed-README
newdoc autogroup/README autogroup-README
newdoc dsaschema/README dsaschema-README
newdoc passwd/README passwd-README
cd "${S}/contrib/slapi-plugins" || die
insinto /usr/$(get_libdir)/openldap/openldap
doins */*.so
docinto contrib
newdoc addrdnvalues/README addrdnvalues-README
insinto /etc/openldap/schema
newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
dosbin "${S}"/contrib/slapd-tools/statslog
newdoc "${S}"/contrib/slapd-tools/README README.statslog
fi
if ! use static-libs ; then
find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die
fi
}
multilib_src_install_all() {
dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
docinto rfc ; dodoc doc/rfc/*.txt
}
pkg_preinst() {
# keep old libs if any
preserve_old_lib /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
# bug 440470, only display the getting started help there was no openldap before,
# or we are going to a non-minimal build
! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
OPENLDAP_PRINT_MESSAGES=$((! $?))
}
pkg_postinst() {
if ! use minimal ; then
if use systemd; then
tmpfiles_process slapd.conf
fi
# You cannot build SSL certificates during src_install that will make
# binary packages containing your SSL key, which is both a security risk
# and a misconfiguration if multiple machines use the same key and cert.
if use ssl; then
install_cert /etc/openldap/ssl/ldap
use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.*
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "add 'TLS_REQCERT allow' if you want to use them."
fi
if use prefix; then
# Warn about prefix issues with slapd
eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
eerror "to start up, and requires that certain files directories be owned by"
eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
eerror "directories, you will have to manually fix this yourself."
fi
# These lines force the permissions of various content to be correct
if [[ -d "${EROOT}"/var/run/openldap ]]; then
use prefix || { chown ldap:ldap "${EROOT}"/var/run/openldap || die; }
chmod 0755 "${EROOT}"/var/run/openldap || die
fi
use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default}
chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die
use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data
fi
if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
elog "Getting started using OpenLDAP? There is some documentation available:"
elog "Gentoo Guide to OpenLDAP Authentication"
elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
fi
preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
}

72
sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.5.16.ebuild → sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.5.19.ebuild vendored
View File

@ -1,12 +1,13 @@
# Copyright 1999-2023 Gentoo Authors
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
EAPI=8
# Re cleanups:
# 2.5.x is an LTS release so we want to keep it for a while.
inherit autotools flag-o-matic multilib multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
inherit autotools flag-o-matic multilib multilib-minimal preserve-libs
inherit ssl-cert toolchain-funcs systemd tmpfiles verify-sig
MY_PV="$(ver_rs 1-2 _)"
@ -17,15 +18,16 @@ BIS_P="${BIS_PN}-${BIS_PV}"
DESCRIPTION="LDAP suite of application and development tools"
HOMEPAGE="https://www.openldap.org/"
SRC_URI="
https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.bz2
https://openldap.org/software/download/OpenLDAP/${PN}-release/${P}.tgz
mirror://gentoo/${BIS_P}
verify-sig? ( https://openldap.org/software/download/OpenLDAP/${PN}-release/${P}.tgz.asc )
"
S="${WORKDIR}"/${PN}-OPENLDAP_REL_ENG_${MY_PV}
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openldap.asc
LICENSE="OPENLDAP GPL-2"
# Subslot added for bug #835654
SLOT="0/$(ver_cut 1-2)"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux"
IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd"
IUSE_OVERLAY="overlays perl autoca"
@ -33,15 +35,17 @@ IUSE_OPTIONAL="debug gnutls iodbc ipv6 odbc sasl ssl selinux static-libs +syslog
IUSE_CONTRIB="kerberos kinit pbkdf2 sha2 smbkrb5passwd"
IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
IUSE="systemd ${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
REQUIRED_USE="cxx? ( sasl )
REQUIRED_USE="
cxx? ( sasl )
pbkdf2? ( ssl )
test? ( cleartext debug sasl )
test? ( cleartext sasl debug )
autoca? ( !gnutls )
?? ( test minimal )
kerberos? ( ?? ( kinit smbkrb5passwd ) )"
kerberos? ( ?? ( kinit smbkrb5passwd ) )
"
RESTRICT="!test? ( test )"
SYSTEM_LMDB_VER=0.9.31
SYSTEM_LMDB_VER=0.9.33
# openssl is needed to generate lanman-passwords required by samba
COMMON_DEPEND="
kernel_linux? ( sys-apps/util-linux )
@ -78,19 +82,23 @@ COMMON_DEPEND="
)
)
"
DEPEND="${COMMON_DEPEND}
DEPEND="
${COMMON_DEPEND}
sys-apps/groff
"
RDEPEND="${COMMON_DEPEND}
RDEPEND="
${COMMON_DEPEND}
selinux? ( sec-policy/selinux-ldap )
"
# The user/group are only used for running daemons which are
# disabled in minimal builds, so elide the accounts too.
BDEPEND="!minimal? (
BDEPEND="
!minimal? (
acct-group/ldap
acct-user/ldap
)
)
verify-sig? ( >=sec-keys/openpgp-keys-openldap-20201216 )
"
# for tracking versions
@ -140,6 +148,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-2.6.1-system-mdb.patch
"${FILESDIR}"/${PN}-2.6.1-cloak.patch
"${FILESDIR}"/${PN}-2.6.1-flags.patch
"${FILESDIR}"/${PN}-2.5.19-gcc14-SDWORD-vs-SQLINTEGER.patch
)
openldap_filecount() {
@ -331,6 +340,12 @@ pkg_setup() {
fi
}
src_unpack() {
use verify-sig &&
verify-sig_verify_detached "${DISTDIR}"/${P}.tgz{,.asc}
default
}
src_prepare() {
# The system copy of dev-db/lmdb must match the version that this copy
# of OpenLDAP shipped with! See bug #588792.
@ -386,8 +401,10 @@ build_contrib_module() {
einfo "Compiling contrib-module: $1"
local target="${2:-all}"
emake \
LDAP_BUILD="${BUILD_DIR}" prefix="${EPREFIX}/usr" \
CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \
CC="${CC}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \
prefix="${EPREFIX}/usr" \
"${target}"
popd &>/dev/null || die
}
@ -519,7 +536,8 @@ multilib_src_configure() {
tc-export AR CC CXX
ECONF_SOURCE="${S}" econf \
ECONF_SOURCE="${S}" \
econf \
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
--localstatedir="${EPREFIX}"/var \
--runstatedir="${EPREFIX}"/run \
@ -555,13 +573,17 @@ src_configure_cxx() {
append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs -L"${BUILD_DIR}"/libraries/libldap/.libs
append-cppflags -I"${BUILD_DIR}"/include
ECONF_SOURCE="${S}"/contrib/ldapc++ econf "${myconf_ldapcpp[@]}"
ECONF_SOURCE="${S}"/contrib/ldapc++ \
econf \
"${myconf_ldapcpp[@]}"
popd &>/dev/null || die "popd contrib/ldapc++"
}
multilib_src_compile() {
tc-export AR CC CXX
emake CC="$(tc-getCC)" SHELL="${EPREFIX}"/bin/sh
emake \
CC="$(tc-getCC)" \
SHELL="${EPREFIX}"/bin/sh
if ! use minimal && multilib_is_native_abi ; then
if use cxx ; then
@ -599,8 +621,9 @@ multilib_src_compile() {
pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4"
emake \
CC="$(tc-getCC)" \
LDAP_BUILD="${BUILD_DIR}" \
CC="$(tc-getCC)" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
@ -680,8 +703,11 @@ multilib_src_test() {
}
multilib_src_install() {
emake CC="$(tc-getCC)" \
DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
emake \
CC="$(tc-getCC)" \
DESTDIR="${D}" \
SHELL="${EPREFIX}"/bin/sh \
install
if ! use minimal && multilib_is_native_abi; then
# openldap modules go here
@ -710,7 +736,7 @@ multilib_src_install() {
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
done
sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" \
-i "${configfile}"
-i "${configfile}" || die
use prefix || fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default || die

867
sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.6.4-r3.ebuild vendored
View File

@ -1,867 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
# Re cleanups:
# 2.5.x is an LTS release so we want to keep it for a while.
inherit autotools flag-o-matic multilib multilib-minimal preserve-libs
inherit ssl-cert toolchain-funcs systemd tmpfiles
MY_PV="$(ver_rs 1-2 _)"
BIS_PN=rfc2307bis.schema
BIS_PV=20140524
BIS_P="${BIS_PN}-${BIS_PV}"
DESCRIPTION="LDAP suite of application and development tools"
HOMEPAGE="https://www.openldap.org/"
SRC_URI="
https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.bz2
mirror://gentoo/${BIS_P}
"
S="${WORKDIR}"/${PN}-OPENLDAP_REL_ENG_${MY_PV}
LICENSE="OPENLDAP GPL-2"
# Subslot added for bug #835654
SLOT="0/$(ver_cut 1-2)"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux"
IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd"
IUSE_OVERLAY="overlays perl autoca"
IUSE_OPTIONAL="debug gnutls iodbc odbc sasl ssl selinux static-libs +syslog test"
IUSE_CONTRIB="kerberos kinit pbkdf2 sha2 smbkrb5passwd"
IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
IUSE="systemd ${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
REQUIRED_USE="cxx? ( sasl )
pbkdf2? ( ssl )
test? ( cleartext sasl )
autoca? ( !gnutls )
?? ( test minimal )
kerberos? ( ?? ( kinit smbkrb5passwd ) )"
RESTRICT="!test? ( test )"
SYSTEM_LMDB_VER=0.9.30
# openssl is needed to generate lanman-passwords required by samba
COMMON_DEPEND="
kernel_linux? ( sys-apps/util-linux )
ssl? (
!gnutls? (
>=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
)
gnutls? (
>=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
>=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}]
)
)
sasl? ( dev-libs/cyrus-sasl:= )
!minimal? (
dev-libs/libevent:=
dev-libs/libltdl
sys-fs/e2fsprogs
>=dev-db/lmdb-${SYSTEM_LMDB_VER}:=
argon2? ( app-crypt/argon2:= )
crypt? ( virtual/libcrypt:= )
tcpd? ( sys-apps/tcp-wrappers )
odbc? ( !iodbc? ( dev-db/unixODBC )
iodbc? ( dev-db/libiodbc ) )
perl? ( dev-lang/perl:=[-build(-)] )
samba? (
dev-libs/openssl:0=
)
smbkrb5passwd? (
dev-libs/openssl:0=
kerberos? ( app-crypt/heimdal )
)
kerberos? (
virtual/krb5
kinit? ( !app-crypt/heimdal )
)
)
"
DEPEND="${COMMON_DEPEND}
sys-apps/groff
"
RDEPEND="${COMMON_DEPEND}
selinux? ( sec-policy/selinux-ldap )
"
# The user/group are only used for running daemons which are
# disabled in minimal builds, so elide the accounts too.
BDEPEND="!minimal? (
acct-group/ldap
acct-user/ldap
)
"
# for tracking versions
OPENLDAP_VERSIONTAG=".version-tag"
OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
MULTILIB_WRAPPED_HEADERS=(
# USE=cxx
/usr/include/LDAPAsynConnection.h
/usr/include/LDAPAttrType.h
/usr/include/LDAPAttribute.h
/usr/include/LDAPAttributeList.h
/usr/include/LDAPConnection.h
/usr/include/LDAPConstraints.h
/usr/include/LDAPControl.h
/usr/include/LDAPControlSet.h
/usr/include/LDAPEntry.h
/usr/include/LDAPEntryList.h
/usr/include/LDAPException.h
/usr/include/LDAPExtResult.h
/usr/include/LDAPMessage.h
/usr/include/LDAPMessageQueue.h
/usr/include/LDAPModList.h
/usr/include/LDAPModification.h
/usr/include/LDAPObjClass.h
/usr/include/LDAPRebind.h
/usr/include/LDAPRebindAuth.h
/usr/include/LDAPReferenceList.h
/usr/include/LDAPResult.h
/usr/include/LDAPSaslBindResult.h
/usr/include/LDAPSchema.h
/usr/include/LDAPSearchReference.h
/usr/include/LDAPSearchResult.h
/usr/include/LDAPSearchResults.h
/usr/include/LDAPUrl.h
/usr/include/LDAPUrlList.h
/usr/include/LdifReader.h
/usr/include/LdifWriter.h
/usr/include/SaslInteraction.h
/usr/include/SaslInteractionHandler.h
/usr/include/StringList.h
/usr/include/TlsOptions.h
)
PATCHES=(
"${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
"${FILESDIR}"/${PN}-2.6.1-system-mdb.patch
"${FILESDIR}"/${PN}-2.6.1-cloak.patch
"${FILESDIR}"/${PN}-2.6.1-flags.patch
"${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch
"${FILESDIR}"/${PN}-2.6.4-clang16.patch
"${FILESDIR}"/${PN}-2.6.4-libressl.patch #903001
)
openldap_filecount() {
local dir="$1"
find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
}
openldap_find_versiontags() {
# scan for all datadirs
local openldap_datadirs=()
if [[ -f "${EROOT}"/etc/openldap/slapd.conf ]]; then
openldap_datadirs=( $(awk '{if($1 == "directory") print $2 }' "${EROOT}"/etc/openldap/slapd.conf) )
fi
openldap_datadirs+=( ${OPENLDAP_DEFAULTDIR_VERSIONTAG} )
einfo
einfo "Scanning datadir(s) from slapd.conf and"
einfo "the default installdir for Versiontags"
einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
einfo
# scan datadirs if we have a version tag
openldap_found_tag=0
have_files=0
for each in ${openldap_datadirs[@]} ; do
CURRENT_TAGDIR="${EROOT}$(sed "s:\/::" <<< ${each})"
CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
einfo "- Checking ${each}..."
if [[ -r "${CURRENT_TAG}" ]] ; then
# yey, we have one :)
einfo " Found Versiontag in ${each}"
source "${CURRENT_TAG}"
if [[ "${OLDPF}" == "" ]] ; then
eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
eerror "Please delete it"
eerror
die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
fi
OLD_MAJOR=$(ver_cut 2-3 ${OLDPF})
[[ "$(openldap_filecount ${CURRENT_TAGDIR})" -gt 0 ]] && have_files=1
# are we on the same branch?
if [[ "${OLD_MAJOR}" != "${PV:0:3}" ]] ; then
ewarn " Versiontag doesn't match current major release!"
if [[ "${have_files}" == "1" ]] ; then
eerror " Versiontag says other major and you (probably) have datafiles!"
echo
openldap_upgrade_howto
else
einfo " No real problem, seems there's no database."
fi
else
einfo " Versiontag is fine here :)"
fi
else
einfo " Non-tagged dir ${each}"
[[ "$(openldap_filecount ${each})" -gt 0 ]] && have_files=1
if [[ "${have_files}" == "1" ]] ; then
einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
echo
eerror
eerror "Your OpenLDAP Installation has a non tagged datadir that"
eerror "possibly contains a database at ${CURRENT_TAGDIR}"
eerror
eerror "Please export data if any entered and empty or remove"
eerror "the directory, installation has been stopped so you"
eerror "can take required action"
eerror
eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
eerror
openldap_upgrade_howto
die "Please move the datadir ${CURRENT_TAGDIR} away"
fi
fi
einfo
fi
done
[[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
# Now we must check for the major version of sys-libs/db linked against.
# TODO: remove this as we dropped bdb support (gone upstream) in 2.6.1?
SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
| awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
local fail=0
# This will not cover detection of cn=Config based configuration, but
# it's hopefully good enough.
if grep -sq '^backend.*shell' "${EROOT}"/etc/openldap/slapd.conf; then
eerror " OpenLDAP >= 2.5.x has dropped support for Shell backend."
eerror " You will need to migrate per upstream's migration notes"
eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
eerror " Your existing database will not be accessible until it is"
eerror " converted away from backend shell!"
echo
fail=1
fi
if has_version "${CATEGORY}/${PN}[berkdb]" || grep -sq '^backend.*(bdb|hdb)' /etc/openldap/slapd.conf; then
eerror " OpenLDAP >= 2.5.x has dropped support for Berkeley DB."
eerror " You will need to migrate per upstream's migration notes"
eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
eerror " Your existing database will not be accessible until it is"
eerror " converted to mdb!"
echo
fail=1
elif [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
:
# Nothing wrong here.
elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was not built against"
eerror " any version of sys-libs/db, but the new one will build"
eerror " against ${NEWVER} and your database may be inaccessible."
echo
fail=1
elif [[ -n "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will not be"
eerror " built against any version and your database may be"
eerror " inaccessible."
echo
fail=1
elif [[ "${OLDVER}" != "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will build against"
eerror " ${NEWVER} and your database would be inaccessible."
echo
fail=1
fi
[[ "${fail}" == "1" ]] && openldap_upgrade_howto
fi
echo
einfo
einfo "All datadirs are fine, proceeding with merge now..."
einfo
}
openldap_upgrade_howto() {
local d l i
eerror
eerror "A (possible old) installation of OpenLDAP was detected,"
eerror "installation will not proceed for now."
eerror
eerror "As major version upgrades can corrupt your database,"
eerror "you need to dump your database and re-create it afterwards."
eerror
eerror "Additionally, rebuilding against different major versions of the"
eerror "sys-libs/db libraries will cause your database to be inaccessible."
eerror ""
d="$(date -u +%s)"
l="/root/ldapdump.${d}"
i="${l}.raw"
eerror " 1. /etc/init.d/slapd stop"
eerror " 2. slapcat -l ${i}"
eerror " 3. grep -E -v '^(entry|context)CSN:' <${i} >${l}"
eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
eerror " 5. emerge --update \=net-nds/${PF}"
eerror " 6. etc-update, and ensure that you apply the changes"
eerror " 7. slapadd -l ${l}"
eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
eerror " 9. /etc/init.d/slapd start"
eerror "10. Check that your data is intact."
eerror "11. Set up the new replication system."
eerror
if [[ "${FORCE_UPGRADE}" != "1" ]]; then
die "You need to upgrade your database first"
else
eerror "You have the magical FORCE_UPGRADE=1 in place."
eerror "Don't say you weren't warned about data loss."
fi
}
pkg_setup() {
if ! use sasl && use cxx ; then
die "To build the ldapc++ library you must emerge openldap with sasl support"
fi
# Bug #322787
if use minimal && ! has_version "net-nds/openldap" ; then
einfo "No datadir scan needed, openldap not installed"
elif use minimal && has_version 'net-nds/openldap[minimal]' ; then
einfo "Skipping scan for previous datadirs as requested by minimal useflag"
else
openldap_find_versiontags
fi
}
src_prepare() {
# The system copy of dev-db/lmdb must match the version that this copy
# of OpenLDAP shipped with! See bug #588792.
#
# Fish out MDB_VERSION_MAJOR/MDB_VERSION_MINOR/MDB_VERSION_PATCH from
# the bundled lmdb's header to find out the version.
local bundled_lmdb_version=$(sed -En '/^#define MDB_VERSION_(MAJOR|MINOR|PATCH)(\s+)?/{s/[^0-9.]//gp}' \
libraries/liblmdb/lmdb.h || die)
printf -v bundled_lmdb_version "%s." ${bundled_lmdb_version}
if [[ ${SYSTEM_LMDB_VER}. != ${bundled_lmdb_version} ]] ; then
eerror "Source lmdb version: ${bundled_lmdb_version}"
eerror "Ebuild lmdb version: ${SYSTEM_LMDB_VER}"
die "Ebuild needs to update SYSTEM_LMDB_VER!"
fi
rm -r libraries/liblmdb || die 'could not removed bundled lmdb directory'
local filename
for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do
iconv -f iso-8859-1 -t utf-8 "${filename}" > "${filename}.utf8"
mv "${filename}.utf8" "${filename}"
done
default
sed -i \
-e "s:\$(localstatedir)/run:${EPREFIX}/run:" \
-e '/MKDIR.*.(DESTDIR)\/run/d' \
servers/slapd/Makefile.in || die 'adjusting slapd Makefile.in failed'
pushd build &>/dev/null || die "pushd build"
einfo "Making sure upstream build strip does not do stripping too early"
sed -i.orig \
-e '/^STRIP/s,-s,,g' \
top.mk || die "Failed to remove too early stripping"
popd &>/dev/null || die
# Fails with OpenSSL 3, bug #848894
# https://bugs.openldap.org/show_bug.cgi?id=10009
rm tests/scripts/test076-authid-rewrite || die
eautoreconf
multilib_copy_sources
}
build_contrib_module() {
# <dir> [<target>]
pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
einfo "Compiling contrib-module: $1"
local target="${2:-all}"
emake \
LDAP_BUILD="${BUILD_DIR}" prefix="${EPREFIX}/usr" \
CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \
"${target}"
popd &>/dev/null || die
}
multilib_src_configure() {
# Optional Features
myconf+=(
--enable-option-checking
$(use_enable debug)
--enable-dynamic
$(use_enable syslog)
--enable-ipv6
--enable-local
)
# Optional Packages
myconf+=(
--without-fetch
$(multilib_native_use_with sasl cyrus-sasl)
)
if use experimental ; then
# connectionless ldap per bug #342439
# connectionless is a unsupported feature according to Howard Chu
# see https://bugs.openldap.org/show_bug.cgi?id=9739
# (see also bug #892009)
append-flags -DLDAP_CONNECTIONLESS
fi
if ! use minimal && multilib_is_native_abi; then
# SLAPD (Standalone LDAP Daemon) Options
# overlay chaining requires '--enable-ldap' #296567
# see https://www.openldap.org/doc/admin26/overlays.html#Chaining
myconf+=(
--enable-ldap=yes
--enable-slapd
$(use_enable cleartext)
$(use_enable crypt)
$(multilib_native_use_enable sasl spasswd)
--disable-slp
$(use_enable tcpd wrappers)
)
if use experimental ; then
myconf+=(
--enable-dynacl
# ACI build as dynamic module not supported (yet)
--enable-aci=yes
)
fi
for option in modules rlookups slapi; do
myconf+=( --enable-${option} )
done
# static SLAPD backends
for backend in mdb; do
myconf+=( --enable-${backend}=yes )
done
# module SLAPD backends
for backend in asyncmeta dnssrv meta null passwd relay sock; do
# missing modules: wiredtiger (not available in portage)
myconf+=( --enable-${backend}=mod )
done
use perl && myconf+=( --enable-perl=mod )
if use odbc ; then
myconf+=( --enable-sql=mod )
if use iodbc ; then
myconf+=( --with-odbc="iodbc" )
append-cflags -I"${EPREFIX}"/usr/include/iodbc
else
myconf+=( --with-odbc="unixodbc" )
fi
fi
use overlays && myconf+=( --enable-overlays=mod )
use autoca && myconf+=( --enable-autoca=mod ) || myconf+=( --enable-autoca=no )
# compile-in the syncprov
myconf+=( --enable-syncprov=yes )
# Build the standalone load balancer (lloadd) - also available as a slapd module; --enable-balancer=mod
myconf+=( --enable-balancer=yes )
# SLAPD Password Module Options
myconf+=(
$(use_enable argon2)
)
# Optional Packages
myconf+=(
$(use_with systemd)
)
else
myconf+=(
--disable-backends
--disable-slapd
--disable-mdb
--disable-overlays
--disable-autoca
--disable-syslog
--without-systemd
)
fi
# Library Generation & Linking Options
myconf+=(
$(use_enable static-libs static)
--enable-shared
--enable-versioning
--with-pic
)
# some cross-compiling tests don't pan out well.
tc-is-cross-compiler && myconf+=(
--with-yielding-select=yes
)
local ssl_lib="no"
if use ssl || ( ! use minimal && use samba ) ; then
if use gnutls ; then
myconf+=( --with-tls="gnutls" )
else
# disable MD2 hash function
append-cflags -DOPENSSL_NO_MD2
myconf+=( --with-tls="openssl" )
fi
else
myconf+=( --with-tls="no" )
fi
tc-export AR CC CXX
ECONF_SOURCE="${S}" econf \
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
--localstatedir="${EPREFIX}"/var \
--runstatedir="${EPREFIX}"/run \
--sharedstatedir="${EPREFIX}"/var/lib \
"${myconf[@]}"
# argument '--runstatedir' seems to have no effect therefore this workaround
sed -i \
-e 's:^runstatedir=.*:runstatedir=${EPREFIX}/run:' \
configure contrib/ldapc++/configure contrib/ldaptcl/configure || die 'could not set runstatedir'
sed -i \
-e "s:/var/run/sasl2/mux:${EPREFIX}/run/sasl2/mux:" \
doc/guide/admin/security.sdf || die 'could not fix run path in doc'
emake depend
}
src_configure_cxx() {
# This needs the libraries built by the first build run.
# we have to run it AFTER the main build, not just after the main configure
local myconf_ldapcpp=(
--with-libldap="${E}/lib"
--with-ldap-includes="${S}/include"
)
mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die "could not create ${BUILD_DIR}/contrib/ldapc++ directory"
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
local LDFLAGS="${LDFLAGS}"
local CPPFLAGS="${CPPFLAGS}"
append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs -L"${BUILD_DIR}"/libraries/libldap/.libs
append-cppflags -I"${BUILD_DIR}"/include
ECONF_SOURCE="${S}"/contrib/ldapc++ econf "${myconf_ldapcpp[@]}"
popd &>/dev/null || die "popd contrib/ldapc++"
}
multilib_src_compile() {
tc-export AR CC CXX
emake CC="$(tc-getCC)" SHELL="${EPREFIX}"/bin/sh
if ! use minimal && multilib_is_native_abi ; then
if use cxx ; then
einfo "Building contrib library: ldapc++"
src_configure_cxx
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
emake
popd &>/dev/null || die
fi
if use smbkrb5passwd ; then
einfo "Building contrib-module: smbk5pwd"
pushd "${S}/contrib/slapd-modules/smbk5pwd" &>/dev/null || die "pushd contrib/slapd-modules/smbk5pwd"
MY_DEFS="-DDO_SHADOW"
if use samba ; then
MY_DEFS="${MY_DEFS} -DDO_SAMBA"
MY_KRB5_INC=""
fi
if use kerberos ; then
MY_DEFS="${MY_DEFS} -DDO_KRB5"
MY_KRB5_INC="$(krb5-config --cflags)"
fi
emake \
DEFS="${MY_DEFS}" \
KRB5_INC="${MY_KRB5_INC}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
if use overlays ; then
einfo "Building contrib-module: samba4"
pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4"
emake \
LDAP_BUILD="${BUILD_DIR}" \
CC="$(tc-getCC)" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
if use kerberos ; then
if use kinit ; then
build_contrib_module "kinit" "kinit.c" "kinit"
fi
build_contrib_module "passwd" "pw-kerberos.la"
fi
if use pbkdf2; then
build_contrib_module "passwd/pbkdf2"
fi
if use sha2 ; then
build_contrib_module "passwd/sha2"
fi
# We could build pw-radius if GNURadius would install radlib.h
build_contrib_module "passwd" "pw-netscape.la"
#build_contrib_module "acl" "posixgroup.la" # example code only
#build_contrib_module "acl" "gssacl.la" # example code only, also needs kerberos
build_contrib_module "addpartial"
build_contrib_module "allop"
build_contrib_module "allowed"
build_contrib_module "autogroup"
build_contrib_module "cloak"
# build_contrib_module "comp_match" # really complex, adds new external deps, questionable demand
build_contrib_module "denyop"
build_contrib_module "dsaschema"
build_contrib_module "dupent"
build_contrib_module "lastbind"
# lastmod may not play well with other overlays
build_contrib_module "lastmod"
build_contrib_module "noopsrch"
#build_contrib_module "nops" https://bugs.gentoo.org/641576
#build_contrib_module "nssov" RESO:LATER
build_contrib_module "trace"
# build slapi-plugins
pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
einfo "Building contrib-module: addrdnvalues plugin"
$(tc-getCC) -shared \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CPPFLAGS} \
${CFLAGS} \
-fPIC \
${LDFLAGS} \
-o libaddrdnvalues-plugin.so \
addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
popd &>/dev/null || die
fi
}
multilib_src_test() {
if multilib_is_native_abi; then
cd tests || die
pwd
# Increase various test timeouts/delays, bug #894012
# We can't just double everything as there's a cumulative effect.
export SLEEP0=2 # originally 1
export SLEEP1=10 # originally 7
export SLEEP2=20 # originally 15
export TIMEOUT=16 # originally 8
# emake test => runs only lloadd & mdb, in serial; skips ldif,sql,wt,regression
# emake partests => runs ALL of the tests in parallel
# wt/WiredTiger is not supported in Gentoo
TESTS=( plloadd pmdb )
#TESTS+=( pldif ) # not done by default, so also exclude here
#use odbc && TESTS+=( psql ) # not done by default, so also exclude here
emake "${TESTS[@]}"
fi
}
multilib_src_install() {
emake CC="$(tc-getCC)" \
DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
if ! use minimal && multilib_is_native_abi; then
# openldap modules go here
# TODO: write some code to populate slapd.conf with moduleload statements
keepdir /usr/$(get_libdir)/openldap/openldap/
# initial data storage dir
keepdir /var/lib/openldap-data
use prefix || fowners ldap:ldap /var/lib/openldap-data
fperms 0700 /var/lib/openldap-data
echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
# use our config
rm "${ED}"/etc/openldap/slapd.conf
insinto /etc/openldap
newins "${FILESDIR}"/${PN}-2.6.3-slapd-conf slapd.conf
configfile="${ED}"/etc/openldap/slapd.conf
# populate with built backends
einfo "populate config with built backends"
for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
einfo "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
done
sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" \
-i "${configfile}" || die
use prefix || fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default || die
# install our own init scripts and systemd unit files
einfo "Install init scripts"
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
doinitd "${T}"/slapd
newconfd "${FILESDIR}"/slapd-confd-2.6.1 slapd
if use systemd; then
# The systemd unit uses Type=notify, so it is useless without USE=systemd
einfo "Install systemd service"
rm -rf "${ED}"/{,usr/}lib/systemd
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die
systemd_dounit "${T}"/slapd.service
systemd_install_serviced "${FILESDIR}"/slapd.service.conf
newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
fi
# if built without SLP, we don't need to be before avahi
sed -i \
-e '/before/{s/avahi-daemon//g}' \
"${ED}"/etc/init.d/slapd \
|| die
if use cxx ; then
einfo "Install the ldapc++ library"
cd "${BUILD_DIR}/contrib/ldapc++" || die
emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
cd "${S}"/contrib/ldapc++ || die
newdoc README ldapc++-README
fi
if use smbkrb5passwd ; then
einfo "Install the smbk5pwd module"
cd "${S}/contrib/slapd-modules/smbk5pwd" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
newdoc README smbk5pwd-README
fi
if use overlays ; then
einfo "Install the samba4 module"
cd "${S}/contrib/slapd-modules/samba4" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
newdoc README samba4-README
fi
einfo "Installing contrib modules"
cd "${S}/contrib/slapd-modules" || die
for l in */*.la */*/*.la; do
[[ -e ${l} ]] || continue
libtool --mode=install cp ${l} \
"${ED}"/usr/$(get_libdir)/openldap/openldap || \
die "installing ${l} failed"
done
dodoc "${FILESDIR}"/DB_CONFIG.fast.example
docinto contrib
doman */*.5
#newdoc acl/README*
newdoc addpartial/README addpartial-README
newdoc allop/README allop-README
newdoc allowed/README allowed-README
newdoc autogroup/README autogroup-README
newdoc dsaschema/README dsaschema-README
newdoc passwd/README passwd-README
cd "${S}/contrib/slapi-plugins" || die
insinto /usr/$(get_libdir)/openldap/openldap
doins */*.so
docinto contrib
newdoc addrdnvalues/README addrdnvalues-README
insinto /etc/openldap/schema
newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
dosbin "${S}"/contrib/slapd-tools/statslog
newdoc "${S}"/contrib/slapd-tools/README README.statslog
fi
if ! use static-libs ; then
find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die
fi
}
multilib_src_install_all() {
dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
docinto rfc ; dodoc doc/rfc/*.txt
}
pkg_preinst() {
# keep old libs if any
preserve_old_lib /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
# bug 440470, only display the getting started help there was no openldap before,
# or we are going to a non-minimal build
! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
OPENLDAP_PRINT_MESSAGES=$((! $?))
}
pkg_postinst() {
if ! use minimal ; then
if use systemd; then
tmpfiles_process slapd.conf
fi
# You cannot build SSL certificates during src_install that will make
# binary packages containing your SSL key, which is both a security risk
# and a misconfiguration if multiple machines use the same key and cert.
if use ssl; then
install_cert /etc/openldap/ssl/ldap
use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.*
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "add 'TLS_REQCERT allow' if you want to use them."
fi
if use prefix; then
# Warn about prefix issues with slapd
eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
eerror "to start up, and requires that certain files directories be owned by"
eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
eerror "directories, you will have to manually fix this yourself."
fi
# These lines force the permissions of various content to be correct
if [[ -d "${EROOT}"/var/run/openldap ]]; then
use prefix || { chown ldap:ldap "${EROOT}"/var/run/openldap || die; }
chmod 0755 "${EROOT}"/var/run/openldap || die
fi
use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default}
chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die
use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data
fi
if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
elog "Getting started using OpenLDAP? There is some documentation available:"
elog "Gentoo Guide to OpenLDAP Authentication"
elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
fi
preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
}

870
sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.6.4-r4.ebuild vendored
View File

@ -1,870 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
# Re cleanups:
# 2.5.x is an LTS release so we want to keep it for a while.
inherit autotools flag-o-matic multilib multilib-minimal preserve-libs
inherit ssl-cert toolchain-funcs systemd tmpfiles
MY_PV="$(ver_rs 1-2 _)"
BIS_PN=rfc2307bis.schema
BIS_PV=20140524
BIS_P="${BIS_PN}-${BIS_PV}"
DESCRIPTION="LDAP suite of application and development tools"
HOMEPAGE="https://www.openldap.org/"
SRC_URI="
https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.bz2
mirror://gentoo/${BIS_P}
"
S="${WORKDIR}"/${PN}-OPENLDAP_REL_ENG_${MY_PV}
LICENSE="OPENLDAP GPL-2"
# Subslot added for bug #835654
SLOT="0/$(ver_cut 1-2)"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd"
IUSE_OVERLAY="overlays perl autoca"
IUSE_OPTIONAL="debug gnutls iodbc odbc sasl ssl selinux static-libs +syslog test"
IUSE_CONTRIB="kerberos kinit pbkdf2 sha2 smbkrb5passwd"
IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
IUSE="systemd ${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
REQUIRED_USE="cxx? ( sasl )
pbkdf2? ( ssl )
test? ( cleartext sasl debug )
autoca? ( !gnutls )
?? ( test minimal )
kerberos? ( ?? ( kinit smbkrb5passwd ) )"
RESTRICT="!test? ( test )"
SYSTEM_LMDB_VER=0.9.30
# openssl is needed to generate lanman-passwords required by samba
COMMON_DEPEND="
kernel_linux? ( sys-apps/util-linux )
ssl? (
!gnutls? (
>=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
)
gnutls? (
>=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
>=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}]
)
)
sasl? ( dev-libs/cyrus-sasl:= )
!minimal? (
dev-libs/libevent:=
dev-libs/libltdl
sys-fs/e2fsprogs
>=dev-db/lmdb-${SYSTEM_LMDB_VER}:=
argon2? ( app-crypt/argon2:= )
crypt? ( virtual/libcrypt:= )
tcpd? ( sys-apps/tcp-wrappers )
odbc? ( !iodbc? ( dev-db/unixODBC )
iodbc? ( dev-db/libiodbc ) )
perl? ( dev-lang/perl:=[-build(-)] )
samba? (
dev-libs/openssl:0=
)
smbkrb5passwd? (
dev-libs/openssl:0=
kerberos? ( app-crypt/heimdal )
)
kerberos? (
virtual/krb5
kinit? ( !app-crypt/heimdal )
)
)
"
DEPEND="${COMMON_DEPEND}
sys-apps/groff
"
RDEPEND="${COMMON_DEPEND}
selinux? ( sec-policy/selinux-ldap )
"
# The user/group are only used for running daemons which are
# disabled in minimal builds, so elide the accounts too.
BDEPEND="!minimal? (
acct-group/ldap
acct-user/ldap
)
"
# for tracking versions
OPENLDAP_VERSIONTAG=".version-tag"
OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
MULTILIB_WRAPPED_HEADERS=(
# USE=cxx
/usr/include/LDAPAsynConnection.h
/usr/include/LDAPAttrType.h
/usr/include/LDAPAttribute.h
/usr/include/LDAPAttributeList.h
/usr/include/LDAPConnection.h
/usr/include/LDAPConstraints.h
/usr/include/LDAPControl.h
/usr/include/LDAPControlSet.h
/usr/include/LDAPEntry.h
/usr/include/LDAPEntryList.h
/usr/include/LDAPException.h
/usr/include/LDAPExtResult.h
/usr/include/LDAPMessage.h
/usr/include/LDAPMessageQueue.h
/usr/include/LDAPModList.h
/usr/include/LDAPModification.h
/usr/include/LDAPObjClass.h
/usr/include/LDAPRebind.h
/usr/include/LDAPRebindAuth.h
/usr/include/LDAPReferenceList.h
/usr/include/LDAPResult.h
/usr/include/LDAPSaslBindResult.h
/usr/include/LDAPSchema.h
/usr/include/LDAPSearchReference.h
/usr/include/LDAPSearchResult.h
/usr/include/LDAPSearchResults.h
/usr/include/LDAPUrl.h
/usr/include/LDAPUrlList.h
/usr/include/LdifReader.h
/usr/include/LdifWriter.h
/usr/include/SaslInteraction.h
/usr/include/SaslInteractionHandler.h
/usr/include/StringList.h
/usr/include/TlsOptions.h
)
PATCHES=(
"${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
"${FILESDIR}"/${PN}-2.6.1-system-mdb.patch
"${FILESDIR}"/${PN}-2.6.1-cloak.patch
"${FILESDIR}"/${PN}-2.6.1-flags.patch
"${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.v2.patch
"${FILESDIR}"/${PN}-2.6.4-clang16.patch
"${FILESDIR}"/${PN}-2.6.4-libressl.patch #903001
)
openldap_filecount() {
local dir="$1"
find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
}
openldap_find_versiontags() {
# scan for all datadirs
local openldap_datadirs=()
if [[ -f "${EROOT}"/etc/openldap/slapd.conf ]]; then
openldap_datadirs=( $(awk '{if($1 == "directory") print $2 }' "${EROOT}"/etc/openldap/slapd.conf) )
fi
openldap_datadirs+=( ${OPENLDAP_DEFAULTDIR_VERSIONTAG} )
einfo
einfo "Scanning datadir(s) from slapd.conf and"
einfo "the default installdir for Versiontags"
einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
einfo
# scan datadirs if we have a version tag
openldap_found_tag=0
have_files=0
for each in ${openldap_datadirs[@]} ; do
CURRENT_TAGDIR="${EROOT}$(sed "s:\/::" <<< ${each})"
CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
einfo "- Checking ${each}..."
if [[ -r "${CURRENT_TAG}" ]] ; then
# yey, we have one :)
einfo " Found Versiontag in ${each}"
source "${CURRENT_TAG}"
if [[ "${OLDPF}" == "" ]] ; then
eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
eerror "Please delete it"
eerror
die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
fi
OLD_MAJOR=$(ver_cut 2-3 ${OLDPF})
[[ "$(openldap_filecount ${CURRENT_TAGDIR})" -gt 0 ]] && have_files=1
# are we on the same branch?
if [[ "${OLD_MAJOR}" != "${PV:0:3}" ]] ; then
ewarn " Versiontag doesn't match current major release!"
if [[ "${have_files}" == "1" ]] ; then
eerror " Versiontag says other major and you (probably) have datafiles!"
echo
openldap_upgrade_howto
else
einfo " No real problem, seems there's no database."
fi
else
einfo " Versiontag is fine here :)"
fi
else
einfo " Non-tagged dir ${each}"
[[ "$(openldap_filecount ${each})" -gt 0 ]] && have_files=1
if [[ "${have_files}" == "1" ]] ; then
einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
echo
eerror
eerror "Your OpenLDAP Installation has a non tagged datadir that"
eerror "possibly contains a database at ${CURRENT_TAGDIR}"
eerror
eerror "Please export data if any entered and empty or remove"
eerror "the directory, installation has been stopped so you"
eerror "can take required action"
eerror
eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
eerror
openldap_upgrade_howto
die "Please move the datadir ${CURRENT_TAGDIR} away"
fi
fi
einfo
fi
done
[[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
# Now we must check for the major version of sys-libs/db linked against.
# TODO: remove this as we dropped bdb support (gone upstream) in 2.6.1?
SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
| awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
local fail=0
# This will not cover detection of cn=Config based configuration, but
# it's hopefully good enough.
if grep -sq '^backend.*shell' "${EROOT}"/etc/openldap/slapd.conf; then
eerror " OpenLDAP >= 2.5.x has dropped support for Shell backend."
eerror " You will need to migrate per upstream's migration notes"
eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
eerror " Your existing database will not be accessible until it is"
eerror " converted away from backend shell!"
echo
fail=1
fi
if has_version "${CATEGORY}/${PN}[berkdb]" || grep -sq '^backend.*(bdb|hdb)' /etc/openldap/slapd.conf; then
eerror " OpenLDAP >= 2.5.x has dropped support for Berkeley DB."
eerror " You will need to migrate per upstream's migration notes"
eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
eerror " Your existing database will not be accessible until it is"
eerror " converted to mdb!"
echo
fail=1
elif [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
:
# Nothing wrong here.
elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was not built against"
eerror " any version of sys-libs/db, but the new one will build"
eerror " against ${NEWVER} and your database may be inaccessible."
echo
fail=1
elif [[ -n "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will not be"
eerror " built against any version and your database may be"
eerror " inaccessible."
echo
fail=1
elif [[ "${OLDVER}" != "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will build against"
eerror " ${NEWVER} and your database would be inaccessible."
echo
fail=1
fi
[[ "${fail}" == "1" ]] && openldap_upgrade_howto
fi
echo
einfo
einfo "All datadirs are fine, proceeding with merge now..."
einfo
}
openldap_upgrade_howto() {
local d l i
eerror
eerror "A (possible old) installation of OpenLDAP was detected,"
eerror "installation will not proceed for now."
eerror
eerror "As major version upgrades can corrupt your database,"
eerror "you need to dump your database and re-create it afterwards."
eerror
eerror "Additionally, rebuilding against different major versions of the"
eerror "sys-libs/db libraries will cause your database to be inaccessible."
eerror ""
d="$(date -u +%s)"
l="/root/ldapdump.${d}"
i="${l}.raw"
eerror " 1. /etc/init.d/slapd stop"
eerror " 2. slapcat -l ${i}"
eerror " 3. grep -E -v '^(entry|context)CSN:' <${i} >${l}"
eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
eerror " 5. emerge --update \=net-nds/${PF}"
eerror " 6. etc-update, and ensure that you apply the changes"
eerror " 7. slapadd -l ${l}"
eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
eerror " 9. /etc/init.d/slapd start"
eerror "10. Check that your data is intact."
eerror "11. Set up the new replication system."
eerror
if [[ "${FORCE_UPGRADE}" != "1" ]]; then
die "You need to upgrade your database first"
else
eerror "You have the magical FORCE_UPGRADE=1 in place."
eerror "Don't say you weren't warned about data loss."
fi
}
pkg_setup() {
if ! use sasl && use cxx ; then
die "To build the ldapc++ library you must emerge openldap with sasl support"
fi
# Bug #322787
if use minimal && ! has_version "net-nds/openldap" ; then
einfo "No datadir scan needed, openldap not installed"
elif use minimal && has_version 'net-nds/openldap[minimal]' ; then
einfo "Skipping scan for previous datadirs as requested by minimal useflag"
else
openldap_find_versiontags
fi
}
src_prepare() {
# The system copy of dev-db/lmdb must match the version that this copy
# of OpenLDAP shipped with! See bug #588792.
#
# Fish out MDB_VERSION_MAJOR/MDB_VERSION_MINOR/MDB_VERSION_PATCH from
# the bundled lmdb's header to find out the version.
local bundled_lmdb_version=$(sed -En '/^#define MDB_VERSION_(MAJOR|MINOR|PATCH)(\s+)?/{s/[^0-9.]//gp}' \
libraries/liblmdb/lmdb.h || die)
printf -v bundled_lmdb_version "%s." ${bundled_lmdb_version}
if [[ ${SYSTEM_LMDB_VER}. != ${bundled_lmdb_version} ]] ; then
eerror "Source lmdb version: ${bundled_lmdb_version}"
eerror "Ebuild lmdb version: ${SYSTEM_LMDB_VER}"
die "Ebuild needs to update SYSTEM_LMDB_VER!"
fi
rm -r libraries/liblmdb || die 'could not removed bundled lmdb directory'
local filename
for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do
iconv -f iso-8859-1 -t utf-8 "${filename}" > "${filename}.utf8"
mv "${filename}.utf8" "${filename}"
done
default
sed -i \
-e "s:\$(localstatedir)/run:${EPREFIX}/run:" \
-e '/MKDIR.*.(DESTDIR)\/run/d' \
servers/slapd/Makefile.in || die 'adjusting slapd Makefile.in failed'
pushd build &>/dev/null || die "pushd build"
einfo "Making sure upstream build strip does not do stripping too early"
sed -i.orig \
-e '/^STRIP/s,-s,,g' \
top.mk || die "Failed to remove too early stripping"
popd &>/dev/null || die
# Fails with OpenSSL 3, bug #848894
# https://bugs.openldap.org/show_bug.cgi?id=10009
rm tests/scripts/test076-authid-rewrite || die
eautoreconf
multilib_copy_sources
}
build_contrib_module() {
# <dir> [<target>]
pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
einfo "Compiling contrib-module: $1"
local target="${2:-all}"
emake \
LDAP_BUILD="${BUILD_DIR}" prefix="${EPREFIX}/usr" \
CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \
"${target}"
popd &>/dev/null || die
}
multilib_src_configure() {
# Workaround for bug #923334, #938553, #946816
append-ldflags $(test-flags-CCLD -Wl,--undefined-version)
# Optional Features
myconf+=(
--enable-option-checking
$(use_enable debug)
--enable-dynamic
$(use_enable syslog)
--enable-ipv6
--enable-local
)
# Optional Packages
myconf+=(
--without-fetch
$(multilib_native_use_with sasl cyrus-sasl)
)
if use experimental ; then
# connectionless ldap per bug #342439
# connectionless is a unsupported feature according to Howard Chu
# see https://bugs.openldap.org/show_bug.cgi?id=9739
# (see also bug #892009)
append-flags -DLDAP_CONNECTIONLESS
fi
if ! use minimal && multilib_is_native_abi; then
# SLAPD (Standalone LDAP Daemon) Options
# overlay chaining requires '--enable-ldap' #296567
# see https://www.openldap.org/doc/admin26/overlays.html#Chaining
myconf+=(
--enable-ldap=yes
--enable-slapd
$(use_enable cleartext)
$(use_enable crypt)
$(multilib_native_use_enable sasl spasswd)
--disable-slp
$(use_enable tcpd wrappers)
)
if use experimental ; then
myconf+=(
--enable-dynacl
# ACI build as dynamic module not supported (yet)
--enable-aci=yes
)
fi
for option in modules rlookups slapi; do
myconf+=( --enable-${option} )
done
# static SLAPD backends
for backend in mdb; do
myconf+=( --enable-${backend}=yes )
done
# module SLAPD backends
for backend in asyncmeta dnssrv meta null passwd relay sock; do
# missing modules: wiredtiger (not available in portage)
myconf+=( --enable-${backend}=mod )
done
use perl && myconf+=( --enable-perl=mod )
if use odbc ; then
myconf+=( --enable-sql=mod )
if use iodbc ; then
myconf+=( --with-odbc="iodbc" )
append-cflags -I"${EPREFIX}"/usr/include/iodbc
else
myconf+=( --with-odbc="unixodbc" )
fi
fi
use overlays && myconf+=( --enable-overlays=mod )
use autoca && myconf+=( --enable-autoca=mod ) || myconf+=( --enable-autoca=no )
# compile-in the syncprov
myconf+=( --enable-syncprov=yes )
# Build the standalone load balancer (lloadd) - also available as a slapd module; --enable-balancer=mod
myconf+=( --enable-balancer=yes )
# SLAPD Password Module Options
myconf+=(
$(use_enable argon2)
)
# Optional Packages
myconf+=(
$(use_with systemd)
)
else
myconf+=(
--disable-backends
--disable-slapd
--disable-mdb
--disable-overlays
--disable-autoca
--disable-syslog
--without-systemd
)
fi
# Library Generation & Linking Options
myconf+=(
$(use_enable static-libs static)
--enable-shared
--enable-versioning
--with-pic
)
# some cross-compiling tests don't pan out well.
tc-is-cross-compiler && myconf+=(
--with-yielding-select=yes
)
local ssl_lib="no"
if use ssl || ( ! use minimal && use samba ) ; then
if use gnutls ; then
myconf+=( --with-tls="gnutls" )
else
# disable MD2 hash function
append-cflags -DOPENSSL_NO_MD2
myconf+=( --with-tls="openssl" )
fi
else
myconf+=( --with-tls="no" )
fi
tc-export AR CC CXX
ECONF_SOURCE="${S}" econf \
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
--localstatedir="${EPREFIX}"/var \
--runstatedir="${EPREFIX}"/run \
--sharedstatedir="${EPREFIX}"/var/lib \
"${myconf[@]}"
# argument '--runstatedir' seems to have no effect therefore this workaround
sed -i \
-e 's:^runstatedir=.*:runstatedir=${EPREFIX}/run:' \
configure contrib/ldapc++/configure contrib/ldaptcl/configure || die 'could not set runstatedir'
sed -i \
-e "s:/var/run/sasl2/mux:${EPREFIX}/run/sasl2/mux:" \
doc/guide/admin/security.sdf || die 'could not fix run path in doc'
emake depend
}
src_configure_cxx() {
# This needs the libraries built by the first build run.
# we have to run it AFTER the main build, not just after the main configure
local myconf_ldapcpp=(
--with-libldap="${E}/lib"
--with-ldap-includes="${S}/include"
)
mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die "could not create ${BUILD_DIR}/contrib/ldapc++ directory"
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
local LDFLAGS="${LDFLAGS}"
local CPPFLAGS="${CPPFLAGS}"
append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs -L"${BUILD_DIR}"/libraries/libldap/.libs
append-cppflags -I"${BUILD_DIR}"/include
ECONF_SOURCE="${S}"/contrib/ldapc++ econf "${myconf_ldapcpp[@]}"
popd &>/dev/null || die "popd contrib/ldapc++"
}
multilib_src_compile() {
tc-export AR CC CXX
emake CC="$(tc-getCC)" SHELL="${EPREFIX}"/bin/sh
if ! use minimal && multilib_is_native_abi ; then
if use cxx ; then
einfo "Building contrib library: ldapc++"
src_configure_cxx
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
emake
popd &>/dev/null || die
fi
if use smbkrb5passwd ; then
einfo "Building contrib-module: smbk5pwd"
pushd "${S}/contrib/slapd-modules/smbk5pwd" &>/dev/null || die "pushd contrib/slapd-modules/smbk5pwd"
MY_DEFS="-DDO_SHADOW"
if use samba ; then
MY_DEFS="${MY_DEFS} -DDO_SAMBA"
MY_KRB5_INC=""
fi
if use kerberos ; then
MY_DEFS="${MY_DEFS} -DDO_KRB5"
MY_KRB5_INC="$(krb5-config --cflags)"
fi
emake \
DEFS="${MY_DEFS}" \
KRB5_INC="${MY_KRB5_INC}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
if use overlays ; then
einfo "Building contrib-module: samba4"
pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4"
emake \
LDAP_BUILD="${BUILD_DIR}" \
CC="$(tc-getCC)" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
if use kerberos ; then
if use kinit ; then
build_contrib_module "kinit" "kinit.c" "kinit"
fi
build_contrib_module "passwd" "pw-kerberos.la"
fi
if use pbkdf2; then
build_contrib_module "passwd/pbkdf2"
fi
if use sha2 ; then
build_contrib_module "passwd/sha2"
fi
# We could build pw-radius if GNURadius would install radlib.h
build_contrib_module "passwd" "pw-netscape.la"
#build_contrib_module "acl" "posixgroup.la" # example code only
#build_contrib_module "acl" "gssacl.la" # example code only, also needs kerberos
build_contrib_module "addpartial"
build_contrib_module "allop"
build_contrib_module "allowed"
build_contrib_module "autogroup"
build_contrib_module "cloak"
# build_contrib_module "comp_match" # really complex, adds new external deps, questionable demand
build_contrib_module "denyop"
build_contrib_module "dsaschema"
build_contrib_module "dupent"
build_contrib_module "lastbind"
# lastmod may not play well with other overlays
build_contrib_module "lastmod"
build_contrib_module "noopsrch"
#build_contrib_module "nops" https://bugs.gentoo.org/641576
#build_contrib_module "nssov" RESO:LATER
build_contrib_module "trace"
# build slapi-plugins
pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
einfo "Building contrib-module: addrdnvalues plugin"
$(tc-getCC) -shared \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CPPFLAGS} \
${CFLAGS} \
-fPIC \
${LDFLAGS} \
-o libaddrdnvalues-plugin.so \
addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
popd &>/dev/null || die
fi
}
multilib_src_test() {
if multilib_is_native_abi; then
cd tests || die
pwd
# Increase various test timeouts/delays, bug #894012
# We can't just double everything as there's a cumulative effect.
export SLEEP0=2 # originally 1
export SLEEP1=10 # originally 7
export SLEEP2=20 # originally 15
export TIMEOUT=16 # originally 8
# emake test => runs only lloadd & mdb, in serial; skips ldif,sql,wt,regression
# emake partests => runs ALL of the tests in parallel
# wt/WiredTiger is not supported in Gentoo
TESTS=( plloadd pmdb )
#TESTS+=( pldif ) # not done by default, so also exclude here
#use odbc && TESTS+=( psql ) # not done by default, so also exclude here
emake "${TESTS[@]}"
fi
}
multilib_src_install() {
emake CC="$(tc-getCC)" \
DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
if ! use minimal && multilib_is_native_abi; then
# openldap modules go here
# TODO: write some code to populate slapd.conf with moduleload statements
keepdir /usr/$(get_libdir)/openldap/openldap/
# initial data storage dir
keepdir /var/lib/openldap-data
use prefix || fowners ldap:ldap /var/lib/openldap-data
fperms 0700 /var/lib/openldap-data
echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
# use our config
rm "${ED}"/etc/openldap/slapd.conf
insinto /etc/openldap
newins "${FILESDIR}"/${PN}-2.6.3-slapd-conf slapd.conf
configfile="${ED}"/etc/openldap/slapd.conf
# populate with built backends
einfo "populate config with built backends"
for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
einfo "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
done
sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" \
-i "${configfile}" || die
use prefix || fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default || die
# install our own init scripts and systemd unit files
einfo "Install init scripts"
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
doinitd "${T}"/slapd
newconfd "${FILESDIR}"/slapd-confd-2.6.1 slapd
if use systemd; then
# The systemd unit uses Type=notify, so it is useless without USE=systemd
einfo "Install systemd service"
rm -rf "${ED}"/{,usr/}lib/systemd
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die
systemd_dounit "${T}"/slapd.service
systemd_install_serviced "${FILESDIR}"/slapd.service.conf
newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
fi
# if built without SLP, we don't need to be before avahi
sed -i \
-e '/before/{s/avahi-daemon//g}' \
"${ED}"/etc/init.d/slapd \
|| die
if use cxx ; then
einfo "Install the ldapc++ library"
cd "${BUILD_DIR}/contrib/ldapc++" || die
emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
cd "${S}"/contrib/ldapc++ || die
newdoc README ldapc++-README
fi
if use smbkrb5passwd ; then
einfo "Install the smbk5pwd module"
cd "${S}/contrib/slapd-modules/smbk5pwd" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
newdoc README smbk5pwd-README
fi
if use overlays ; then
einfo "Install the samba4 module"
cd "${S}/contrib/slapd-modules/samba4" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
newdoc README samba4-README
fi
einfo "Installing contrib modules"
cd "${S}/contrib/slapd-modules" || die
for l in */*.la */*/*.la; do
[[ -e ${l} ]] || continue
libtool --mode=install cp ${l} \
"${ED}"/usr/$(get_libdir)/openldap/openldap || \
die "installing ${l} failed"
done
dodoc "${FILESDIR}"/DB_CONFIG.fast.example
docinto contrib
doman */*.5
#newdoc acl/README*
newdoc addpartial/README addpartial-README
newdoc allop/README allop-README
newdoc allowed/README allowed-README
newdoc autogroup/README autogroup-README
newdoc dsaschema/README dsaschema-README
newdoc passwd/README passwd-README
cd "${S}/contrib/slapi-plugins" || die
insinto /usr/$(get_libdir)/openldap/openldap
doins */*.so
docinto contrib
newdoc addrdnvalues/README addrdnvalues-README
insinto /etc/openldap/schema
newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
dosbin "${S}"/contrib/slapd-tools/statslog
newdoc "${S}"/contrib/slapd-tools/README README.statslog
fi
if ! use static-libs ; then
find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die
fi
}
multilib_src_install_all() {
dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
docinto rfc ; dodoc doc/rfc/*.txt
}
pkg_preinst() {
# keep old libs if any
preserve_old_lib /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
# bug 440470, only display the getting started help there was no openldap before,
# or we are going to a non-minimal build
! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
OPENLDAP_PRINT_MESSAGES=$((! $?))
}
pkg_postinst() {
if ! use minimal ; then
if use systemd; then
tmpfiles_process slapd.conf
fi
# You cannot build SSL certificates during src_install that will make
# binary packages containing your SSL key, which is both a security risk
# and a misconfiguration if multiple machines use the same key and cert.
if use ssl; then
install_cert /etc/openldap/ssl/ldap
use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.*
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "add 'TLS_REQCERT allow' if you want to use them."
fi
if use prefix; then
# Warn about prefix issues with slapd
eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
eerror "to start up, and requires that certain files directories be owned by"
eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
eerror "directories, you will have to manually fix this yourself."
fi
# These lines force the permissions of various content to be correct
if [[ -d "${EROOT}"/var/run/openldap ]]; then
use prefix || { chown ldap:ldap "${EROOT}"/var/run/openldap || die; }
chmod 0755 "${EROOT}"/var/run/openldap || die
fi
use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default}
chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die
use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data
fi
if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
elog "Getting started using OpenLDAP? There is some documentation available:"
elog "Gentoo Guide to OpenLDAP Authentication"
elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
fi
preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
}

874
sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.6.6-r2.ebuild vendored
View File

@ -1,874 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
# Re cleanups:
# 2.5.x is an LTS release so we want to keep it for a while.
inherit autotools flag-o-matic multilib multilib-minimal preserve-libs
inherit ssl-cert toolchain-funcs systemd tmpfiles
MY_PV="$(ver_rs 1-2 _)"
BIS_PN=rfc2307bis.schema
BIS_PV=20140524
BIS_P="${BIS_PN}-${BIS_PV}"
DESCRIPTION="LDAP suite of application and development tools"
HOMEPAGE="https://www.openldap.org/"
SRC_URI="
https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.bz2
mirror://gentoo/${BIS_P}
"
S="${WORKDIR}"/${PN}-OPENLDAP_REL_ENG_${MY_PV}
LICENSE="OPENLDAP GPL-2"
# Subslot added for bug #835654
SLOT="0/$(ver_cut 1-2)"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux"
IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd"
IUSE_OVERLAY="overlays perl autoca"
IUSE_OPTIONAL="debug gnutls iodbc odbc sasl ssl selinux static-libs +syslog test"
IUSE_CONTRIB="kerberos kinit pbkdf2 sha2 smbkrb5passwd"
IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
IUSE="systemd ${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
REQUIRED_USE="
cxx? ( sasl )
pbkdf2? ( ssl )
test? ( cleartext sasl debug )
autoca? ( !gnutls )
?? ( test minimal )
kerberos? ( ?? ( kinit smbkrb5passwd ) )
"
RESTRICT="!test? ( test )"
SYSTEM_LMDB_VER=0.9.31
# openssl is needed to generate lanman-passwords required by samba
COMMON_DEPEND="
kernel_linux? ( sys-apps/util-linux )
ssl? (
!gnutls? (
>=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
)
gnutls? (
>=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
>=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}]
)
)
sasl? ( dev-libs/cyrus-sasl:= )
!minimal? (
dev-libs/libevent:=
dev-libs/libltdl
sys-fs/e2fsprogs
>=dev-db/lmdb-${SYSTEM_LMDB_VER}:=
argon2? ( app-crypt/argon2:= )
crypt? ( virtual/libcrypt:= )
tcpd? ( sys-apps/tcp-wrappers )
odbc? ( !iodbc? ( dev-db/unixODBC )
iodbc? ( dev-db/libiodbc ) )
perl? ( dev-lang/perl:=[-build(-)] )
samba? (
dev-libs/openssl:0=
)
smbkrb5passwd? (
dev-libs/openssl:0=
kerberos? ( app-crypt/heimdal )
)
kerberos? (
virtual/krb5
kinit? ( !app-crypt/heimdal )
)
)
"
DEPEND="
${COMMON_DEPEND}
sys-apps/groff
"
RDEPEND="
${COMMON_DEPEND}
selinux? ( sec-policy/selinux-ldap )
"
# The user/group are only used for running daemons which are
# disabled in minimal builds, so elide the accounts too.
BDEPEND="
!minimal? (
acct-group/ldap
acct-user/ldap
)
"
# for tracking versions
OPENLDAP_VERSIONTAG=".version-tag"
OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
MULTILIB_WRAPPED_HEADERS=(
# USE=cxx
/usr/include/LDAPAsynConnection.h
/usr/include/LDAPAttrType.h
/usr/include/LDAPAttribute.h
/usr/include/LDAPAttributeList.h
/usr/include/LDAPConnection.h
/usr/include/LDAPConstraints.h
/usr/include/LDAPControl.h
/usr/include/LDAPControlSet.h
/usr/include/LDAPEntry.h
/usr/include/LDAPEntryList.h
/usr/include/LDAPException.h
/usr/include/LDAPExtResult.h
/usr/include/LDAPMessage.h
/usr/include/LDAPMessageQueue.h
/usr/include/LDAPModList.h
/usr/include/LDAPModification.h
/usr/include/LDAPObjClass.h
/usr/include/LDAPRebind.h
/usr/include/LDAPRebindAuth.h
/usr/include/LDAPReferenceList.h
/usr/include/LDAPResult.h
/usr/include/LDAPSaslBindResult.h
/usr/include/LDAPSchema.h
/usr/include/LDAPSearchReference.h
/usr/include/LDAPSearchResult.h
/usr/include/LDAPSearchResults.h
/usr/include/LDAPUrl.h
/usr/include/LDAPUrlList.h
/usr/include/LdifReader.h
/usr/include/LdifWriter.h
/usr/include/SaslInteraction.h
/usr/include/SaslInteractionHandler.h
/usr/include/StringList.h
/usr/include/TlsOptions.h
)
PATCHES=(
"${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
"${FILESDIR}"/${PN}-2.6.1-system-mdb.patch
"${FILESDIR}"/${PN}-2.6.1-cloak.patch
"${FILESDIR}"/${PN}-2.6.1-flags.patch
"${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch
"${FILESDIR}"/${PN}-2.6.6-fix-type-mismatch-lloadd.patch
"${FILESDIR}"/${PN}-2.6.x-gnutls-pointer-error.patch
"${FILESDIR}"/${PN}-2.6.x-slapd-pointer-types.patch
)
openldap_filecount() {
local dir="$1"
find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
}
openldap_find_versiontags() {
# scan for all datadirs
local openldap_datadirs=()
if [[ -f "${EROOT}"/etc/openldap/slapd.conf ]]; then
openldap_datadirs=( $(awk '{if($1 == "directory") print $2 }' "${EROOT}"/etc/openldap/slapd.conf) )
fi
openldap_datadirs+=( ${OPENLDAP_DEFAULTDIR_VERSIONTAG} )
einfo
einfo "Scanning datadir(s) from slapd.conf and"
einfo "the default installdir for Versiontags"
einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
einfo
# scan datadirs if we have a version tag
openldap_found_tag=0
have_files=0
for each in ${openldap_datadirs[@]} ; do
CURRENT_TAGDIR="${EROOT}$(sed "s:\/::" <<< ${each})"
CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
einfo "- Checking ${each}..."
if [[ -r "${CURRENT_TAG}" ]] ; then
# yey, we have one :)
einfo " Found Versiontag in ${each}"
source "${CURRENT_TAG}"
if [[ "${OLDPF}" == "" ]] ; then
eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
eerror "Please delete it"
eerror
die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
fi
OLD_MAJOR=$(ver_cut 2-3 ${OLDPF})
[[ "$(openldap_filecount ${CURRENT_TAGDIR})" -gt 0 ]] && have_files=1
# are we on the same branch?
if [[ "${OLD_MAJOR}" != "${PV:0:3}" ]] ; then
ewarn " Versiontag doesn't match current major release!"
if [[ "${have_files}" == "1" ]] ; then
eerror " Versiontag says other major and you (probably) have datafiles!"
echo
openldap_upgrade_howto
else
einfo " No real problem, seems there's no database."
fi
else
einfo " Versiontag is fine here :)"
fi
else
einfo " Non-tagged dir ${each}"
[[ "$(openldap_filecount ${each})" -gt 0 ]] && have_files=1
if [[ "${have_files}" == "1" ]] ; then
einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
echo
eerror
eerror "Your OpenLDAP Installation has a non tagged datadir that"
eerror "possibly contains a database at ${CURRENT_TAGDIR}"
eerror
eerror "Please export data if any entered and empty or remove"
eerror "the directory, installation has been stopped so you"
eerror "can take required action"
eerror
eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
eerror
openldap_upgrade_howto
die "Please move the datadir ${CURRENT_TAGDIR} away"
fi
fi
einfo
fi
done
[[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
# Now we must check for the major version of sys-libs/db linked against.
# TODO: remove this as we dropped bdb support (gone upstream) in 2.6.1?
SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
| awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
local fail=0
# This will not cover detection of cn=Config based configuration, but
# it's hopefully good enough.
if grep -sq '^backend.*shell' "${EROOT}"/etc/openldap/slapd.conf; then
eerror " OpenLDAP >= 2.5.x has dropped support for Shell backend."
eerror " You will need to migrate per upstream's migration notes"
eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
eerror " Your existing database will not be accessible until it is"
eerror " converted away from backend shell!"
echo
fail=1
fi
if has_version "${CATEGORY}/${PN}[berkdb]" || grep -sq '^backend.*(bdb|hdb)' /etc/openldap/slapd.conf; then
eerror " OpenLDAP >= 2.5.x has dropped support for Berkeley DB."
eerror " You will need to migrate per upstream's migration notes"
eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
eerror " Your existing database will not be accessible until it is"
eerror " converted to mdb!"
echo
fail=1
elif [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
:
# Nothing wrong here.
elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was not built against"
eerror " any version of sys-libs/db, but the new one will build"
eerror " against ${NEWVER} and your database may be inaccessible."
echo
fail=1
elif [[ -n "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will not be"
eerror " built against any version and your database may be"
eerror " inaccessible."
echo
fail=1
elif [[ "${OLDVER}" != "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will build against"
eerror " ${NEWVER} and your database would be inaccessible."
echo
fail=1
fi
[[ "${fail}" == "1" ]] && openldap_upgrade_howto
fi
echo
einfo
einfo "All datadirs are fine, proceeding with merge now..."
einfo
}
openldap_upgrade_howto() {
local d l i
eerror
eerror "A (possible old) installation of OpenLDAP was detected,"
eerror "installation will not proceed for now."
eerror
eerror "As major version upgrades can corrupt your database,"
eerror "you need to dump your database and re-create it afterwards."
eerror
eerror "Additionally, rebuilding against different major versions of the"
eerror "sys-libs/db libraries will cause your database to be inaccessible."
eerror ""
d="$(date -u +%s)"
l="/root/ldapdump.${d}"
i="${l}.raw"
eerror " 1. /etc/init.d/slapd stop"
eerror " 2. slapcat -l ${i}"
eerror " 3. grep -E -v '^(entry|context)CSN:' <${i} >${l}"
eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
eerror " 5. emerge --update \=net-nds/${PF}"
eerror " 6. etc-update, and ensure that you apply the changes"
eerror " 7. slapadd -l ${l}"
eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
eerror " 9. /etc/init.d/slapd start"
eerror "10. Check that your data is intact."
eerror "11. Set up the new replication system."
eerror
if [[ "${FORCE_UPGRADE}" != "1" ]]; then
die "You need to upgrade your database first"
else
eerror "You have the magical FORCE_UPGRADE=1 in place."
eerror "Don't say you weren't warned about data loss."
fi
}
pkg_setup() {
if ! use sasl && use cxx ; then
die "To build the ldapc++ library you must emerge openldap with sasl support"
fi
# Bug #322787
if use minimal && ! has_version "net-nds/openldap" ; then
einfo "No datadir scan needed, openldap not installed"
elif use minimal && has_version 'net-nds/openldap[minimal]' ; then
einfo "Skipping scan for previous datadirs as requested by minimal useflag"
else
openldap_find_versiontags
fi
}
src_prepare() {
# The system copy of dev-db/lmdb must match the version that this copy
# of OpenLDAP shipped with! See bug #588792.
#
# Fish out MDB_VERSION_MAJOR/MDB_VERSION_MINOR/MDB_VERSION_PATCH from
# the bundled lmdb's header to find out the version.
local bundled_lmdb_version=$(sed -En '/^#define MDB_VERSION_(MAJOR|MINOR|PATCH)(\s+)?/{s/[^0-9.]//gp}' \
libraries/liblmdb/lmdb.h || die)
printf -v bundled_lmdb_version "%s." ${bundled_lmdb_version}
if [[ ${SYSTEM_LMDB_VER}. != ${bundled_lmdb_version} ]] ; then
eerror "Source lmdb version: ${bundled_lmdb_version}"
eerror "Ebuild lmdb version: ${SYSTEM_LMDB_VER}"
die "Ebuild needs to update SYSTEM_LMDB_VER!"
fi
rm -r libraries/liblmdb || die 'could not removed bundled lmdb directory'
local filename
for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do
iconv -f iso-8859-1 -t utf-8 "${filename}" > "${filename}.utf8"
mv "${filename}.utf8" "${filename}"
done
default
sed -i \
-e "s:\$(localstatedir)/run:${EPREFIX}/run:" \
-e '/MKDIR.*.(DESTDIR)\/run/d' \
servers/slapd/Makefile.in || die 'adjusting slapd Makefile.in failed'
pushd build &>/dev/null || die "pushd build"
einfo "Making sure upstream build strip does not do stripping too early"
sed -i.orig \
-e '/^STRIP/s,-s,,g' \
top.mk || die "Failed to remove too early stripping"
popd &>/dev/null || die
# Fails with OpenSSL 3, bug #848894
# https://bugs.openldap.org/show_bug.cgi?id=10009
rm tests/scripts/test076-authid-rewrite || die
eautoreconf
multilib_copy_sources
}
build_contrib_module() {
# <dir> [<target>]
pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
einfo "Compiling contrib-module: $1"
local target="${2:-all}"
emake \
LDAP_BUILD="${BUILD_DIR}" prefix="${EPREFIX}/usr" \
CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \
"${target}"
popd &>/dev/null || die
}
multilib_src_configure() {
# Optional Features
myconf+=(
--enable-option-checking
$(use_enable debug)
--enable-dynamic
$(use_enable syslog)
--enable-ipv6
--enable-local
)
# Optional Packages
myconf+=(
--without-fetch
$(multilib_native_use_with sasl cyrus-sasl)
)
if use experimental ; then
# connectionless ldap per bug #342439
# connectionless is a unsupported feature according to Howard Chu
# see https://bugs.openldap.org/show_bug.cgi?id=9739
# (see also bug #892009)
append-flags -DLDAP_CONNECTIONLESS
fi
if ! use minimal && multilib_is_native_abi; then
# SLAPD (Standalone LDAP Daemon) Options
# overlay chaining requires '--enable-ldap' #296567
# see https://www.openldap.org/doc/admin26/overlays.html#Chaining
myconf+=(
--enable-ldap=yes
--enable-slapd
$(use_enable cleartext)
$(use_enable crypt)
$(multilib_native_use_enable sasl spasswd)
--disable-slp
$(use_enable tcpd wrappers)
)
if use experimental ; then
myconf+=(
--enable-dynacl
# ACI build as dynamic module not supported (yet)
--enable-aci=yes
)
fi
for option in modules rlookups slapi; do
myconf+=( --enable-${option} )
done
# static SLAPD backends
for backend in mdb; do
myconf+=( --enable-${backend}=yes )
done
# module SLAPD backends
for backend in asyncmeta dnssrv meta null passwd relay sock; do
# missing modules: wiredtiger (not available in portage)
myconf+=( --enable-${backend}=mod )
done
use perl && myconf+=( --enable-perl=mod )
if use odbc ; then
myconf+=( --enable-sql=mod )
if use iodbc ; then
myconf+=( --with-odbc="iodbc" )
append-cflags -I"${EPREFIX}"/usr/include/iodbc
else
myconf+=( --with-odbc="unixodbc" )
fi
fi
use overlays && myconf+=( --enable-overlays=mod )
use autoca && myconf+=( --enable-autoca=mod ) || myconf+=( --enable-autoca=no )
# compile-in the syncprov
myconf+=( --enable-syncprov=yes )
# Build the standalone load balancer (lloadd) - also available as a slapd module; --enable-balancer=mod
myconf+=( --enable-balancer=yes )
# SLAPD Password Module Options
myconf+=(
$(use_enable argon2)
)
# Optional Packages
myconf+=(
$(use_with systemd)
)
else
myconf+=(
--disable-backends
--disable-slapd
--disable-mdb
--disable-overlays
--disable-autoca
--disable-syslog
--without-systemd
)
fi
# Library Generation & Linking Options
myconf+=(
$(use_enable static-libs static)
--enable-shared
--enable-versioning
--with-pic
)
# some cross-compiling tests don't pan out well.
tc-is-cross-compiler && myconf+=(
--with-yielding-select=yes
)
local ssl_lib="no"
if use ssl || ( ! use minimal && use samba ) ; then
if use gnutls ; then
myconf+=( --with-tls="gnutls" )
else
# disable MD2 hash function
append-cflags -DOPENSSL_NO_MD2
myconf+=( --with-tls="openssl" )
fi
else
myconf+=( --with-tls="no" )
fi
tc-export AR CC CXX
ECONF_SOURCE="${S}" econf \
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
--localstatedir="${EPREFIX}"/var \
--runstatedir="${EPREFIX}"/run \
--sharedstatedir="${EPREFIX}"/var/lib \
"${myconf[@]}"
# argument '--runstatedir' seems to have no effect therefore this workaround
sed -i \
-e 's:^runstatedir=.*:runstatedir=${EPREFIX}/run:' \
configure contrib/ldapc++/configure contrib/ldaptcl/configure || die 'could not set runstatedir'
sed -i \
-e "s:/var/run/sasl2/mux:${EPREFIX}/run/sasl2/mux:" \
doc/guide/admin/security.sdf || die 'could not fix run path in doc'
emake depend
}
src_configure_cxx() {
# This needs the libraries built by the first build run.
# we have to run it AFTER the main build, not just after the main configure
local myconf_ldapcpp=(
--with-libldap="${E}/lib"
--with-ldap-includes="${S}/include"
)
mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die "could not create ${BUILD_DIR}/contrib/ldapc++ directory"
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
local LDFLAGS="${LDFLAGS}"
local CPPFLAGS="${CPPFLAGS}"
append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs -L"${BUILD_DIR}"/libraries/libldap/.libs
append-cppflags -I"${BUILD_DIR}"/include
ECONF_SOURCE="${S}"/contrib/ldapc++ econf "${myconf_ldapcpp[@]}"
popd &>/dev/null || die "popd contrib/ldapc++"
}
multilib_src_compile() {
tc-export AR CC CXX
emake CC="$(tc-getCC)" SHELL="${EPREFIX}"/bin/sh
if ! use minimal && multilib_is_native_abi ; then
if use cxx ; then
einfo "Building contrib library: ldapc++"
src_configure_cxx
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
emake
popd &>/dev/null || die
fi
if use smbkrb5passwd ; then
einfo "Building contrib-module: smbk5pwd"
pushd "${S}/contrib/slapd-modules/smbk5pwd" &>/dev/null || die "pushd contrib/slapd-modules/smbk5pwd"
MY_DEFS="-DDO_SHADOW"
if use samba ; then
MY_DEFS="${MY_DEFS} -DDO_SAMBA"
MY_KRB5_INC=""
fi
if use kerberos ; then
MY_DEFS="${MY_DEFS} -DDO_KRB5"
MY_KRB5_INC="$(krb5-config --cflags)"
fi
emake \
DEFS="${MY_DEFS}" \
KRB5_INC="${MY_KRB5_INC}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
if use overlays ; then
einfo "Building contrib-module: samba4"
pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4"
emake \
LDAP_BUILD="${BUILD_DIR}" \
CC="$(tc-getCC)" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
if use kerberos ; then
if use kinit ; then
build_contrib_module "kinit" "kinit.c" "kinit"
fi
build_contrib_module "passwd" "pw-kerberos.la"
fi
if use pbkdf2; then
build_contrib_module "passwd/pbkdf2"
fi
if use sha2 ; then
build_contrib_module "passwd/sha2"
fi
# We could build pw-radius if GNURadius would install radlib.h
build_contrib_module "passwd" "pw-netscape.la"
#build_contrib_module "acl" "posixgroup.la" # example code only
#build_contrib_module "acl" "gssacl.la" # example code only, also needs kerberos
build_contrib_module "addpartial"
build_contrib_module "allop"
build_contrib_module "allowed"
build_contrib_module "autogroup"
build_contrib_module "cloak"
# build_contrib_module "comp_match" # really complex, adds new external deps, questionable demand
build_contrib_module "denyop"
build_contrib_module "dsaschema"
build_contrib_module "dupent"
build_contrib_module "lastbind"
# lastmod may not play well with other overlays
build_contrib_module "lastmod"
build_contrib_module "noopsrch"
#build_contrib_module "nops" https://bugs.gentoo.org/641576
#build_contrib_module "nssov" RESO:LATER
build_contrib_module "trace"
# build slapi-plugins
pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
einfo "Building contrib-module: addrdnvalues plugin"
$(tc-getCC) -shared \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CPPFLAGS} \
${CFLAGS} \
-fPIC \
${LDFLAGS} \
-o libaddrdnvalues-plugin.so \
addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
popd &>/dev/null || die
fi
}
multilib_src_test() {
if multilib_is_native_abi; then
cd tests || die
pwd
# Increase various test timeouts/delays, bug #894012
# We can't just double everything as there's a cumulative effect.
export SLEEP0=2 # originally 1
export SLEEP1=10 # originally 7
export SLEEP2=20 # originally 15
export TIMEOUT=16 # originally 8
# emake test => runs only lloadd & mdb, in serial; skips ldif,sql,wt,regression
# emake partests => runs ALL of the tests in parallel
# wt/WiredTiger is not supported in Gentoo
TESTS=( plloadd pmdb )
#TESTS+=( pldif ) # not done by default, so also exclude here
#use odbc && TESTS+=( psql ) # not done by default, so also exclude here
emake -Onone "${TESTS[@]}"
fi
}
multilib_src_install() {
emake CC="$(tc-getCC)" \
DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
if ! use minimal && multilib_is_native_abi; then
# openldap modules go here
# TODO: write some code to populate slapd.conf with moduleload statements
keepdir /usr/$(get_libdir)/openldap/openldap/
# initial data storage dir
keepdir /var/lib/openldap-data
use prefix || fowners ldap:ldap /var/lib/openldap-data
fperms 0700 /var/lib/openldap-data
echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
# use our config
rm "${ED}"/etc/openldap/slapd.conf
insinto /etc/openldap
newins "${FILESDIR}"/${PN}-2.6.3-slapd-conf slapd.conf
configfile="${ED}"/etc/openldap/slapd.conf
# populate with built backends
einfo "populate config with built backends"
for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
einfo "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
done
sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" \
-i "${configfile}" || die
use prefix || fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default || die
# install our own init scripts and systemd unit files
einfo "Install init scripts"
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
doinitd "${T}"/slapd
newconfd "${FILESDIR}"/slapd-confd-2.6.1 slapd
if use systemd; then
# The systemd unit uses Type=notify, so it is useless without USE=systemd
einfo "Install systemd service"
rm -rf "${ED}"/{,usr/}lib/systemd
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die
systemd_dounit "${T}"/slapd.service
systemd_install_serviced "${FILESDIR}"/slapd.service.conf
newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
fi
# if built without SLP, we don't need to be before avahi
sed -i \
-e '/before/{s/avahi-daemon//g}' \
"${ED}"/etc/init.d/slapd \
|| die
if use cxx ; then
einfo "Install the ldapc++ library"
cd "${BUILD_DIR}/contrib/ldapc++" || die
emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
cd "${S}"/contrib/ldapc++ || die
newdoc README ldapc++-README
fi
if use smbkrb5passwd ; then
einfo "Install the smbk5pwd module"
cd "${S}/contrib/slapd-modules/smbk5pwd" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
newdoc README smbk5pwd-README
fi
if use overlays ; then
einfo "Install the samba4 module"
cd "${S}/contrib/slapd-modules/samba4" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
newdoc README samba4-README
fi
einfo "Installing contrib modules"
cd "${S}/contrib/slapd-modules" || die
for l in */*.la */*/*.la; do
[[ -e ${l} ]] || continue
libtool --mode=install cp ${l} \
"${ED}"/usr/$(get_libdir)/openldap/openldap || \
die "installing ${l} failed"
done
dodoc "${FILESDIR}"/DB_CONFIG.fast.example
docinto contrib
doman */*.5
#newdoc acl/README*
newdoc addpartial/README addpartial-README
newdoc allop/README allop-README
newdoc allowed/README allowed-README
newdoc autogroup/README autogroup-README
newdoc dsaschema/README dsaschema-README
newdoc passwd/README passwd-README
cd "${S}/contrib/slapi-plugins" || die
insinto /usr/$(get_libdir)/openldap/openldap
doins */*.so
docinto contrib
newdoc addrdnvalues/README addrdnvalues-README
insinto /etc/openldap/schema
newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
dosbin "${S}"/contrib/slapd-tools/statslog
newdoc "${S}"/contrib/slapd-tools/README README.statslog
fi
if ! use static-libs ; then
find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die
fi
}
multilib_src_install_all() {
dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
docinto rfc ; dodoc doc/rfc/*.txt
rmdir -p "${D}"/var/openldap-lloadd # Created but not used by any part of current codebase.
}
pkg_preinst() {
# keep old libs if any
preserve_old_lib /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
# bug 440470, only display the getting started help there was no openldap before,
# or we are going to a non-minimal build
! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
OPENLDAP_PRINT_MESSAGES=$((! $?))
}
pkg_postinst() {
if ! use minimal ; then
if use systemd; then
tmpfiles_process slapd.conf
fi
# You cannot build SSL certificates during src_install that will make
# binary packages containing your SSL key, which is both a security risk
# and a misconfiguration if multiple machines use the same key and cert.
if use ssl; then
install_cert /etc/openldap/ssl/ldap
use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.*
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "add 'TLS_REQCERT allow' if you want to use them."
fi
if use prefix; then
# Warn about prefix issues with slapd
eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
eerror "to start up, and requires that certain files directories be owned by"
eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
eerror "directories, you will have to manually fix this yourself."
fi
# These lines force the permissions of various content to be correct
if [[ -d "${EROOT}"/var/run/openldap ]]; then
use prefix || { chown ldap:ldap "${EROOT}"/var/run/openldap || die; }
chmod 0755 "${EROOT}"/var/run/openldap || die
fi
use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default}
chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die
use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data
fi
if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
elog "Getting started using OpenLDAP? There is some documentation available:"
elog "Gentoo Guide to OpenLDAP Authentication"
elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
fi
preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
}

877
sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.6.6-r3.ebuild vendored
View File

@ -1,877 +0,0 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
# Re cleanups:
# 2.5.x is an LTS release so we want to keep it for a while.
inherit autotools flag-o-matic multilib multilib-minimal preserve-libs
inherit ssl-cert toolchain-funcs systemd tmpfiles
MY_PV="$(ver_rs 1-2 _)"
BIS_PN=rfc2307bis.schema
BIS_PV=20140524
BIS_P="${BIS_PN}-${BIS_PV}"
DESCRIPTION="LDAP suite of application and development tools"
HOMEPAGE="https://www.openldap.org/"
SRC_URI="
https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.bz2
mirror://gentoo/${BIS_P}
"
S="${WORKDIR}"/${PN}-OPENLDAP_REL_ENG_${MY_PV}
LICENSE="OPENLDAP GPL-2"
# Subslot added for bug #835654
SLOT="0/$(ver_cut 1-2)"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd"
IUSE_OVERLAY="overlays perl autoca"
IUSE_OPTIONAL="debug gnutls iodbc odbc sasl ssl selinux static-libs +syslog test"
IUSE_CONTRIB="kerberos kinit pbkdf2 sha2 smbkrb5passwd"
IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
IUSE="systemd ${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
REQUIRED_USE="
cxx? ( sasl )
pbkdf2? ( ssl )
test? ( cleartext sasl )
autoca? ( !gnutls )
?? ( test minimal )
kerberos? ( ?? ( kinit smbkrb5passwd ) )
"
RESTRICT="!test? ( test )"
SYSTEM_LMDB_VER=0.9.31
# openssl is needed to generate lanman-passwords required by samba
COMMON_DEPEND="
kernel_linux? ( sys-apps/util-linux )
ssl? (
!gnutls? (
>=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
)
gnutls? (
>=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
>=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}]
)
)
sasl? ( dev-libs/cyrus-sasl:= )
!minimal? (
dev-libs/libevent:=
dev-libs/libltdl
sys-fs/e2fsprogs
>=dev-db/lmdb-${SYSTEM_LMDB_VER}:=
argon2? ( app-crypt/argon2:= )
crypt? ( virtual/libcrypt:= )
tcpd? ( sys-apps/tcp-wrappers )
odbc? ( !iodbc? ( dev-db/unixODBC )
iodbc? ( dev-db/libiodbc ) )
perl? ( dev-lang/perl:=[-build(-)] )
samba? (
dev-libs/openssl:0=
)
smbkrb5passwd? (
dev-libs/openssl:0=
kerberos? ( app-crypt/heimdal )
)
kerberos? (
virtual/krb5
kinit? ( !app-crypt/heimdal )
)
)
"
DEPEND="
${COMMON_DEPEND}
sys-apps/groff
"
RDEPEND="
${COMMON_DEPEND}
selinux? ( sec-policy/selinux-ldap )
"
# The user/group are only used for running daemons which are
# disabled in minimal builds, so elide the accounts too.
BDEPEND="
!minimal? (
acct-group/ldap
acct-user/ldap
)
"
# for tracking versions
OPENLDAP_VERSIONTAG=".version-tag"
OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
MULTILIB_WRAPPED_HEADERS=(
# USE=cxx
/usr/include/LDAPAsynConnection.h
/usr/include/LDAPAttrType.h
/usr/include/LDAPAttribute.h
/usr/include/LDAPAttributeList.h
/usr/include/LDAPConnection.h
/usr/include/LDAPConstraints.h
/usr/include/LDAPControl.h
/usr/include/LDAPControlSet.h
/usr/include/LDAPEntry.h
/usr/include/LDAPEntryList.h
/usr/include/LDAPException.h
/usr/include/LDAPExtResult.h
/usr/include/LDAPMessage.h
/usr/include/LDAPMessageQueue.h
/usr/include/LDAPModList.h
/usr/include/LDAPModification.h
/usr/include/LDAPObjClass.h
/usr/include/LDAPRebind.h
/usr/include/LDAPRebindAuth.h
/usr/include/LDAPReferenceList.h
/usr/include/LDAPResult.h
/usr/include/LDAPSaslBindResult.h
/usr/include/LDAPSchema.h
/usr/include/LDAPSearchReference.h
/usr/include/LDAPSearchResult.h
/usr/include/LDAPSearchResults.h
/usr/include/LDAPUrl.h
/usr/include/LDAPUrlList.h
/usr/include/LdifReader.h
/usr/include/LdifWriter.h
/usr/include/SaslInteraction.h
/usr/include/SaslInteractionHandler.h
/usr/include/StringList.h
/usr/include/TlsOptions.h
)
PATCHES=(
"${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
"${FILESDIR}"/${PN}-2.6.1-system-mdb.patch
"${FILESDIR}"/${PN}-2.6.1-cloak.patch
"${FILESDIR}"/${PN}-2.6.1-flags.patch
"${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.v2.patch
"${FILESDIR}"/${PN}-2.6.6-fix-type-mismatch-lloadd.patch
"${FILESDIR}"/${PN}-2.6.x-gnutls-pointer-error.patch
"${FILESDIR}"/${PN}-2.6.x-slapd-pointer-types.patch
)
openldap_filecount() {
local dir="$1"
find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
}
openldap_find_versiontags() {
# scan for all datadirs
local openldap_datadirs=()
if [[ -f "${EROOT}"/etc/openldap/slapd.conf ]]; then
openldap_datadirs=( $(awk '{if($1 == "directory") print $2 }' "${EROOT}"/etc/openldap/slapd.conf) )
fi
openldap_datadirs+=( ${OPENLDAP_DEFAULTDIR_VERSIONTAG} )
einfo
einfo "Scanning datadir(s) from slapd.conf and"
einfo "the default installdir for Versiontags"
einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
einfo
# scan datadirs if we have a version tag
openldap_found_tag=0
have_files=0
for each in ${openldap_datadirs[@]} ; do
CURRENT_TAGDIR="${EROOT}$(sed "s:\/::" <<< ${each})"
CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
einfo "- Checking ${each}..."
if [[ -r "${CURRENT_TAG}" ]] ; then
# yey, we have one :)
einfo " Found Versiontag in ${each}"
source "${CURRENT_TAG}"
if [[ "${OLDPF}" == "" ]] ; then
eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
eerror "Please delete it"
eerror
die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
fi
OLD_MAJOR=$(ver_cut 2-3 ${OLDPF})
[[ "$(openldap_filecount ${CURRENT_TAGDIR})" -gt 0 ]] && have_files=1
# are we on the same branch?
if [[ "${OLD_MAJOR}" != "${PV:0:3}" ]] ; then
ewarn " Versiontag doesn't match current major release!"
if [[ "${have_files}" == "1" ]] ; then
eerror " Versiontag says other major and you (probably) have datafiles!"
echo
openldap_upgrade_howto
else
einfo " No real problem, seems there's no database."
fi
else
einfo " Versiontag is fine here :)"
fi
else
einfo " Non-tagged dir ${each}"
[[ "$(openldap_filecount ${each})" -gt 0 ]] && have_files=1
if [[ "${have_files}" == "1" ]] ; then
einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
echo
eerror
eerror "Your OpenLDAP Installation has a non tagged datadir that"
eerror "possibly contains a database at ${CURRENT_TAGDIR}"
eerror
eerror "Please export data if any entered and empty or remove"
eerror "the directory, installation has been stopped so you"
eerror "can take required action"
eerror
eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
eerror
openldap_upgrade_howto
die "Please move the datadir ${CURRENT_TAGDIR} away"
fi
fi
einfo
fi
done
[[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
# Now we must check for the major version of sys-libs/db linked against.
# TODO: remove this as we dropped bdb support (gone upstream) in 2.6.1?
SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
| awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
local fail=0
# This will not cover detection of cn=Config based configuration, but
# it's hopefully good enough.
if grep -sq '^backend.*shell' "${EROOT}"/etc/openldap/slapd.conf; then
eerror " OpenLDAP >= 2.5.x has dropped support for Shell backend."
eerror " You will need to migrate per upstream's migration notes"
eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
eerror " Your existing database will not be accessible until it is"
eerror " converted away from backend shell!"
echo
fail=1
fi
if has_version "${CATEGORY}/${PN}[berkdb]" || grep -sq '^backend.*(bdb|hdb)' /etc/openldap/slapd.conf; then
eerror " OpenLDAP >= 2.5.x has dropped support for Berkeley DB."
eerror " You will need to migrate per upstream's migration notes"
eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
eerror " Your existing database will not be accessible until it is"
eerror " converted to mdb!"
echo
fail=1
elif [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
:
# Nothing wrong here.
elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was not built against"
eerror " any version of sys-libs/db, but the new one will build"
eerror " against ${NEWVER} and your database may be inaccessible."
echo
fail=1
elif [[ -n "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will not be"
eerror " built against any version and your database may be"
eerror " inaccessible."
echo
fail=1
elif [[ "${OLDVER}" != "${NEWVER}" ]]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will build against"
eerror " ${NEWVER} and your database would be inaccessible."
echo
fail=1
fi
[[ "${fail}" == "1" ]] && openldap_upgrade_howto
fi
echo
einfo
einfo "All datadirs are fine, proceeding with merge now..."
einfo
}
openldap_upgrade_howto() {
local d l i
eerror
eerror "A (possible old) installation of OpenLDAP was detected,"
eerror "installation will not proceed for now."
eerror
eerror "As major version upgrades can corrupt your database,"
eerror "you need to dump your database and re-create it afterwards."
eerror
eerror "Additionally, rebuilding against different major versions of the"
eerror "sys-libs/db libraries will cause your database to be inaccessible."
eerror ""
d="$(date -u +%s)"
l="/root/ldapdump.${d}"
i="${l}.raw"
eerror " 1. /etc/init.d/slapd stop"
eerror " 2. slapcat -l ${i}"
eerror " 3. grep -E -v '^(entry|context)CSN:' <${i} >${l}"
eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
eerror " 5. emerge --update \=net-nds/${PF}"
eerror " 6. etc-update, and ensure that you apply the changes"
eerror " 7. slapadd -l ${l}"
eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
eerror " 9. /etc/init.d/slapd start"
eerror "10. Check that your data is intact."
eerror "11. Set up the new replication system."
eerror
if [[ "${FORCE_UPGRADE}" != "1" ]]; then
die "You need to upgrade your database first"
else
eerror "You have the magical FORCE_UPGRADE=1 in place."
eerror "Don't say you weren't warned about data loss."
fi
}
pkg_setup() {
if ! use sasl && use cxx ; then
die "To build the ldapc++ library you must emerge openldap with sasl support"
fi
# Bug #322787
if use minimal && ! has_version "net-nds/openldap" ; then
einfo "No datadir scan needed, openldap not installed"
elif use minimal && has_version 'net-nds/openldap[minimal]' ; then
einfo "Skipping scan for previous datadirs as requested by minimal useflag"
else
openldap_find_versiontags
fi
}
src_prepare() {
# The system copy of dev-db/lmdb must match the version that this copy
# of OpenLDAP shipped with! See bug #588792.
#
# Fish out MDB_VERSION_MAJOR/MDB_VERSION_MINOR/MDB_VERSION_PATCH from
# the bundled lmdb's header to find out the version.
local bundled_lmdb_version=$(sed -En '/^#define MDB_VERSION_(MAJOR|MINOR|PATCH)(\s+)?/{s/[^0-9.]//gp}' \
libraries/liblmdb/lmdb.h || die)
printf -v bundled_lmdb_version "%s." ${bundled_lmdb_version}
if [[ ${SYSTEM_LMDB_VER}. != ${bundled_lmdb_version} ]] ; then
eerror "Source lmdb version: ${bundled_lmdb_version}"
eerror "Ebuild lmdb version: ${SYSTEM_LMDB_VER}"
die "Ebuild needs to update SYSTEM_LMDB_VER!"
fi
rm -r libraries/liblmdb || die 'could not removed bundled lmdb directory'
local filename
for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do
iconv -f iso-8859-1 -t utf-8 "${filename}" > "${filename}.utf8"
mv "${filename}.utf8" "${filename}"
done
default
sed -i \
-e "s:\$(localstatedir)/run:${EPREFIX}/run:" \
-e '/MKDIR.*.(DESTDIR)\/run/d' \
servers/slapd/Makefile.in || die 'adjusting slapd Makefile.in failed'
pushd build &>/dev/null || die "pushd build"
einfo "Making sure upstream build strip does not do stripping too early"
sed -i.orig \
-e '/^STRIP/s,-s,,g' \
top.mk || die "Failed to remove too early stripping"
popd &>/dev/null || die
# Fails with OpenSSL 3, bug #848894
# https://bugs.openldap.org/show_bug.cgi?id=10009
rm tests/scripts/test076-authid-rewrite || die
eautoreconf
multilib_copy_sources
}
build_contrib_module() {
# <dir> [<target>]
pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
einfo "Compiling contrib-module: $1"
local target="${2:-all}"
emake \
LDAP_BUILD="${BUILD_DIR}" prefix="${EPREFIX}/usr" \
CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \
"${target}"
popd &>/dev/null || die
}
multilib_src_configure() {
# Workaround for bug #923334, #938553, #946816
append-ldflags $(test-flags-CCLD -Wl,--undefined-version)
# Optional Features
myconf+=(
--enable-option-checking
$(use_enable debug)
--enable-dynamic
$(use_enable syslog)
--enable-ipv6
--enable-local
)
# Optional Packages
myconf+=(
--without-fetch
$(multilib_native_use_with sasl cyrus-sasl)
)
if use experimental ; then
# connectionless ldap per bug #342439
# connectionless is a unsupported feature according to Howard Chu
# see https://bugs.openldap.org/show_bug.cgi?id=9739
# (see also bug #892009)
append-flags -DLDAP_CONNECTIONLESS
fi
if ! use minimal && multilib_is_native_abi; then
# SLAPD (Standalone LDAP Daemon) Options
# overlay chaining requires '--enable-ldap' #296567
# see https://www.openldap.org/doc/admin26/overlays.html#Chaining
myconf+=(
--enable-ldap=yes
--enable-slapd
$(use_enable cleartext)
$(use_enable crypt)
$(multilib_native_use_enable sasl spasswd)
--disable-slp
$(use_enable tcpd wrappers)
)
if use experimental ; then
myconf+=(
--enable-dynacl
# ACI build as dynamic module not supported (yet)
--enable-aci=yes
)
fi
for option in modules rlookups slapi; do
myconf+=( --enable-${option} )
done
# static SLAPD backends
for backend in mdb; do
myconf+=( --enable-${backend}=yes )
done
# module SLAPD backends
for backend in asyncmeta dnssrv meta null passwd relay sock; do
# missing modules: wiredtiger (not available in portage)
myconf+=( --enable-${backend}=mod )
done
use perl && myconf+=( --enable-perl=mod )
if use odbc ; then
myconf+=( --enable-sql=mod )
if use iodbc ; then
myconf+=( --with-odbc="iodbc" )
append-cflags -I"${EPREFIX}"/usr/include/iodbc
else
myconf+=( --with-odbc="unixodbc" )
fi
fi
use overlays && myconf+=( --enable-overlays=mod )
use autoca && myconf+=( --enable-autoca=mod ) || myconf+=( --enable-autoca=no )
# compile-in the syncprov
myconf+=( --enable-syncprov=yes )
# Build the standalone load balancer (lloadd) - also available as a slapd module; --enable-balancer=mod
myconf+=( --enable-balancer=yes )
# SLAPD Password Module Options
myconf+=(
$(use_enable argon2)
)
# Optional Packages
myconf+=(
$(use_with systemd)
)
else
myconf+=(
--disable-backends
--disable-slapd
--disable-mdb
--disable-overlays
--disable-autoca
--disable-syslog
--without-systemd
)
fi
# Library Generation & Linking Options
myconf+=(
$(use_enable static-libs static)
--enable-shared
--enable-versioning
--with-pic
)
# some cross-compiling tests don't pan out well.
tc-is-cross-compiler && myconf+=(
--with-yielding-select=yes
)
local ssl_lib="no"
if use ssl || ( ! use minimal && use samba ) ; then
if use gnutls ; then
myconf+=( --with-tls="gnutls" )
else
# disable MD2 hash function
append-cflags -DOPENSSL_NO_MD2
myconf+=( --with-tls="openssl" )
fi
else
myconf+=( --with-tls="no" )
fi
tc-export AR CC CXX
ECONF_SOURCE="${S}" econf \
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
--localstatedir="${EPREFIX}"/var \
--runstatedir="${EPREFIX}"/run \
--sharedstatedir="${EPREFIX}"/var/lib \
"${myconf[@]}"
# argument '--runstatedir' seems to have no effect therefore this workaround
sed -i \
-e 's:^runstatedir=.*:runstatedir=${EPREFIX}/run:' \
configure contrib/ldapc++/configure contrib/ldaptcl/configure || die 'could not set runstatedir'
sed -i \
-e "s:/var/run/sasl2/mux:${EPREFIX}/run/sasl2/mux:" \
doc/guide/admin/security.sdf || die 'could not fix run path in doc'
emake depend
}
src_configure_cxx() {
# This needs the libraries built by the first build run.
# we have to run it AFTER the main build, not just after the main configure
local myconf_ldapcpp=(
--with-libldap="${E}/lib"
--with-ldap-includes="${S}/include"
)
mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die "could not create ${BUILD_DIR}/contrib/ldapc++ directory"
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
local LDFLAGS="${LDFLAGS}"
local CPPFLAGS="${CPPFLAGS}"
append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs -L"${BUILD_DIR}"/libraries/libldap/.libs
append-cppflags -I"${BUILD_DIR}"/include
ECONF_SOURCE="${S}"/contrib/ldapc++ econf "${myconf_ldapcpp[@]}"
popd &>/dev/null || die "popd contrib/ldapc++"
}
multilib_src_compile() {
tc-export AR CC CXX
emake CC="$(tc-getCC)" SHELL="${EPREFIX}"/bin/sh
if ! use minimal && multilib_is_native_abi ; then
if use cxx ; then
einfo "Building contrib library: ldapc++"
src_configure_cxx
pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
emake
popd &>/dev/null || die
fi
if use smbkrb5passwd ; then
einfo "Building contrib-module: smbk5pwd"
pushd "${S}/contrib/slapd-modules/smbk5pwd" &>/dev/null || die "pushd contrib/slapd-modules/smbk5pwd"
MY_DEFS="-DDO_SHADOW"
if use samba ; then
MY_DEFS="${MY_DEFS} -DDO_SAMBA"
MY_KRB5_INC=""
fi
if use kerberos ; then
MY_DEFS="${MY_DEFS} -DDO_KRB5"
MY_KRB5_INC="$(krb5-config --cflags)"
fi
emake \
DEFS="${MY_DEFS}" \
KRB5_INC="${MY_KRB5_INC}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
if use overlays ; then
einfo "Building contrib-module: samba4"
pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4"
emake \
LDAP_BUILD="${BUILD_DIR}" \
CC="$(tc-getCC)" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
popd &>/dev/null || die
fi
if use kerberos ; then
if use kinit ; then
build_contrib_module "kinit" "kinit.c" "kinit"
fi
build_contrib_module "passwd" "pw-kerberos.la"
fi
if use pbkdf2; then
build_contrib_module "passwd/pbkdf2"
fi
if use sha2 ; then
build_contrib_module "passwd/sha2"
fi
# We could build pw-radius if GNURadius would install radlib.h
build_contrib_module "passwd" "pw-netscape.la"
#build_contrib_module "acl" "posixgroup.la" # example code only
#build_contrib_module "acl" "gssacl.la" # example code only, also needs kerberos
build_contrib_module "addpartial"
build_contrib_module "allop"
build_contrib_module "allowed"
build_contrib_module "autogroup"
build_contrib_module "cloak"
# build_contrib_module "comp_match" # really complex, adds new external deps, questionable demand
build_contrib_module "denyop"
build_contrib_module "dsaschema"
build_contrib_module "dupent"
build_contrib_module "lastbind"
# lastmod may not play well with other overlays
build_contrib_module "lastmod"
build_contrib_module "noopsrch"
#build_contrib_module "nops" https://bugs.gentoo.org/641576
#build_contrib_module "nssov" RESO:LATER
build_contrib_module "trace"
# build slapi-plugins
pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
einfo "Building contrib-module: addrdnvalues plugin"
$(tc-getCC) -shared \
-I"${BUILD_DIR}"/include \
-I../../../include \
${CPPFLAGS} \
${CFLAGS} \
-fPIC \
${LDFLAGS} \
-o libaddrdnvalues-plugin.so \
addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
popd &>/dev/null || die
fi
}
multilib_src_test() {
if multilib_is_native_abi; then
cd tests || die
pwd
# Increase various test timeouts/delays, bug #894012
# We can't just double everything as there's a cumulative effect.
export SLEEP0=2 # originally 1
export SLEEP1=10 # originally 7
export SLEEP2=20 # originally 15
export TIMEOUT=16 # originally 8
# emake test => runs only lloadd & mdb, in serial; skips ldif,sql,wt,regression
# emake partests => runs ALL of the tests in parallel
# wt/WiredTiger is not supported in Gentoo
TESTS=( plloadd pmdb )
#TESTS+=( pldif ) # not done by default, so also exclude here
#use odbc && TESTS+=( psql ) # not done by default, so also exclude here
emake -Onone "${TESTS[@]}"
fi
}
multilib_src_install() {
emake CC="$(tc-getCC)" \
DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
if ! use minimal && multilib_is_native_abi; then
# openldap modules go here
# TODO: write some code to populate slapd.conf with moduleload statements
keepdir /usr/$(get_libdir)/openldap/openldap/
# initial data storage dir
keepdir /var/lib/openldap-data
use prefix || fowners ldap:ldap /var/lib/openldap-data
fperms 0700 /var/lib/openldap-data
echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
# use our config
rm "${ED}"/etc/openldap/slapd.conf
insinto /etc/openldap
newins "${FILESDIR}"/${PN}-2.6.3-slapd-conf slapd.conf
configfile="${ED}"/etc/openldap/slapd.conf
# populate with built backends
einfo "populate config with built backends"
for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
einfo "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
done
sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" \
-i "${configfile}" || die
use prefix || fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default || die
# install our own init scripts and systemd unit files
einfo "Install init scripts"
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
doinitd "${T}"/slapd
newconfd "${FILESDIR}"/slapd-confd-2.6.1 slapd
if use systemd; then
# The systemd unit uses Type=notify, so it is useless without USE=systemd
einfo "Install systemd service"
rm -rf "${ED}"/{,usr/}lib/systemd
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die
systemd_dounit "${T}"/slapd.service
systemd_install_serviced "${FILESDIR}"/slapd.service.conf
newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
fi
# if built without SLP, we don't need to be before avahi
sed -i \
-e '/before/{s/avahi-daemon//g}' \
"${ED}"/etc/init.d/slapd \
|| die
if use cxx ; then
einfo "Install the ldapc++ library"
cd "${BUILD_DIR}/contrib/ldapc++" || die
emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
cd "${S}"/contrib/ldapc++ || die
newdoc README ldapc++-README
fi
if use smbkrb5passwd ; then
einfo "Install the smbk5pwd module"
cd "${S}/contrib/slapd-modules/smbk5pwd" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
newdoc README smbk5pwd-README
fi
if use overlays ; then
einfo "Install the samba4 module"
cd "${S}/contrib/slapd-modules/samba4" || die
emake DESTDIR="${D}" \
LDAP_BUILD="${BUILD_DIR}" \
libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
newdoc README samba4-README
fi
einfo "Installing contrib modules"
cd "${S}/contrib/slapd-modules" || die
for l in */*.la */*/*.la; do
[[ -e ${l} ]] || continue
libtool --mode=install cp ${l} \
"${ED}"/usr/$(get_libdir)/openldap/openldap || \
die "installing ${l} failed"
done
dodoc "${FILESDIR}"/DB_CONFIG.fast.example
docinto contrib
doman */*.5
#newdoc acl/README*
newdoc addpartial/README addpartial-README
newdoc allop/README allop-README
newdoc allowed/README allowed-README
newdoc autogroup/README autogroup-README
newdoc dsaschema/README dsaschema-README
newdoc passwd/README passwd-README
cd "${S}/contrib/slapi-plugins" || die
insinto /usr/$(get_libdir)/openldap/openldap
doins */*.so
docinto contrib
newdoc addrdnvalues/README addrdnvalues-README
insinto /etc/openldap/schema
newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
dosbin "${S}"/contrib/slapd-tools/statslog
newdoc "${S}"/contrib/slapd-tools/README README.statslog
fi
if ! use static-libs ; then
find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die
fi
}
multilib_src_install_all() {
dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
docinto rfc ; dodoc doc/rfc/*.txt
rmdir -p "${D}"/var/openldap-lloadd # Created but not used by any part of current codebase.
}
pkg_preinst() {
# keep old libs if any
preserve_old_lib /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
# bug 440470, only display the getting started help there was no openldap before,
# or we are going to a non-minimal build
! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
OPENLDAP_PRINT_MESSAGES=$((! $?))
}
pkg_postinst() {
if ! use minimal ; then
if use systemd; then
tmpfiles_process slapd.conf
fi
# You cannot build SSL certificates during src_install that will make
# binary packages containing your SSL key, which is both a security risk
# and a misconfiguration if multiple machines use the same key and cert.
if use ssl; then
install_cert /etc/openldap/ssl/ldap
use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.*
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "add 'TLS_REQCERT allow' if you want to use them."
fi
if use prefix; then
# Warn about prefix issues with slapd
eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
eerror "to start up, and requires that certain files directories be owned by"
eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
eerror "directories, you will have to manually fix this yourself."
fi
# These lines force the permissions of various content to be correct
if [[ -d "${EROOT}"/var/run/openldap ]]; then
use prefix || { chown ldap:ldap "${EROOT}"/var/run/openldap || die; }
chmod 0755 "${EROOT}"/var/run/openldap || die
fi
use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default}
chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die
use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data
fi
if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
elog "Getting started using OpenLDAP? There is some documentation available:"
elog "Gentoo Guide to OpenLDAP Authentication"
elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
fi
preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
}

11
sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.6.8-r1.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2024 Gentoo Authors
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@ -26,7 +26,7 @@ S="${WORKDIR}"/${PN}-OPENLDAP_REL_ENG_${MY_PV}
LICENSE="OPENLDAP GPL-2"
# Subslot added for bug #835654
SLOT="0/$(ver_cut 1-2)"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux"
IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd"
IUSE_OVERLAY="overlays perl autoca"
@ -148,9 +148,8 @@ PATCHES=(
"${FILESDIR}"/${PN}-2.6.1-cloak.patch
"${FILESDIR}"/${PN}-2.6.1-flags.patch
"${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.v2.patch
#"${FILESDIR}"/${PN}-2.6.6-fix-type-mismatch-lloadd.patch
"${FILESDIR}"/${PN}-2.6.x-gnutls-pointer-error.patch
#"${FILESDIR}"/${PN}-2.6.x-slapd-pointer-types.patch # included upstream
"${FILESDIR}"/${PN}-2.5.19-gcc14-SDWORD-vs-SQLINTEGER.patch
)
openldap_filecount() {
@ -423,10 +422,6 @@ multilib_src_configure() {
$(multilib_native_use_with sasl cyrus-sasl)
)
# error: passing argument 3 of ldap_bv2rdn from incompatible pointer type [-Wincompatible-pointer-types]
# expected char ** but argument is of type const char **
#append-flags $(test-flags-CC -Wno-error=incompatible-pointer-types)
if use experimental ; then
# connectionless ldap per bug #342439
# connectionless is a unsupported feature according to Howard Chu

34
sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.6.8.ebuild → sdk_container/src/third_party/portage-stable/net-nds/openldap/openldap-2.6.9.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2024 Gentoo Authors
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@ -7,7 +7,7 @@ EAPI=8
# 2.5.x is an LTS release so we want to keep it for a while.
inherit autotools flag-o-matic multilib multilib-minimal preserve-libs
inherit ssl-cert toolchain-funcs systemd tmpfiles
inherit ssl-cert toolchain-funcs systemd tmpfiles verify-sig
MY_PV="$(ver_rs 1-2 _)"
@ -18,15 +18,17 @@ BIS_P="${BIS_PN}-${BIS_PV}"
DESCRIPTION="LDAP suite of application and development tools"
HOMEPAGE="https://www.openldap.org/"
SRC_URI="
https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.bz2
https://openldap.org/software/download/OpenLDAP/${PN}-release/${P}.tgz
mirror://gentoo/${BIS_P}
verify-sig? ( https://openldap.org/software/download/OpenLDAP/${PN}-release/${P}.tgz.asc )
"
S="${WORKDIR}"/${PN}-OPENLDAP_REL_ENG_${MY_PV}
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openldap.asc
#S="${WORKDIR}"/${P}
LICENSE="OPENLDAP GPL-2"
# Subslot added for bug #835654
SLOT="0/$(ver_cut 1-2)"
KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~loong ~mips ~ppc ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd"
IUSE_OVERLAY="overlays perl autoca"
@ -37,7 +39,7 @@ IUSE="systemd ${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${
REQUIRED_USE="
cxx? ( sasl )
pbkdf2? ( ssl )
test? ( cleartext sasl )
test? ( cleartext sasl debug )
autoca? ( !gnutls )
?? ( test minimal )
kerberos? ( ?? ( kinit smbkrb5passwd ) )
@ -98,6 +100,7 @@ BDEPEND="
acct-group/ldap
acct-user/ldap
)
verify-sig? ( >=sec-keys/openpgp-keys-openldap-20201216 )
"
# for tracking versions
@ -147,10 +150,8 @@ PATCHES=(
"${FILESDIR}"/${PN}-2.6.1-system-mdb.patch
"${FILESDIR}"/${PN}-2.6.1-cloak.patch
"${FILESDIR}"/${PN}-2.6.1-flags.patch
"${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch
#"${FILESDIR}"/${PN}-2.6.6-fix-type-mismatch-lloadd.patch
"${FILESDIR}"/${PN}-2.6.x-gnutls-pointer-error.patch
#"${FILESDIR}"/${PN}-2.6.x-slapd-pointer-types.patch # included upstream
"${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.v2.patch
"${FILESDIR}"/${PN}-2.5.19-gcc14-SDWORD-vs-SQLINTEGER.patch
)
openldap_filecount() {
@ -342,6 +343,12 @@ pkg_setup() {
fi
}
src_unpack() {
use verify-sig &&
verify-sig_verify_detached "${DISTDIR}"/${P}.tgz{,.asc}
default
}
src_prepare() {
# The system copy of dev-db/lmdb must match the version that this copy
# of OpenLDAP shipped with! See bug #588792.
@ -404,6 +411,9 @@ build_contrib_module() {
}
multilib_src_configure() {
# Workaround for bug #923334, #938553, #946816
append-ldflags $(test-flags-CCLD -Wl,--undefined-version)
# Optional Features
myconf+=(
--enable-option-checking
@ -420,10 +430,6 @@ multilib_src_configure() {
$(multilib_native_use_with sasl cyrus-sasl)
)
# error: passing argument 3 of ldap_bv2rdn from incompatible pointer type [-Wincompatible-pointer-types]
# expected char ** but argument is of type const char **
#append-flags $(test-flags-CC -Wno-error=incompatible-pointer-types)
if use experimental ; then
# connectionless ldap per bug #342439
# connectionless is a unsupported feature according to Howard Chu